IOC Radar
IPMediumSignal 54/100

45.135.194.34

Location
GermanyGermany
Langen, Hesse
ASN
AS51396
Pfcloud UG
First Seen
Apr 27, 2025
Last Seen
Jun 7, 2026
Apr 27
First Seen
415d ago
Jun 7
Last Seen
9d ago
26
Reports
source reports
54%
Confidence
medium
12/91
VirusTotal
detections
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

94 techniques

Network Information

CountryDEGermany
RegionLangen, Hesse
ASNAS51396
OrganizationPfcloud UG

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports54% confidence
26
Source reports
54%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney honeypotapacheaptattackblacklist candidateblacklist ipbotnetbotnet activitybotnet activity detectedbotnetsbrute forcebrute force attackbrute force attemptbrute_forcec2c2 communicationc2 servercastleratcertchlg urlcommand and controlcommand injectioncommunication protocolcommunication technologiescompromised credentialscompromised hostsconnected devicesconpot activityconpot honeypotcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscross-site scriptingcvedata exfiltrationdata theftdatabase access attemptdatabase attackdatabase probedatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attacksdvremmenhtal loadereuropeeurope/asiaevasionevasion techniquesexploitexploit attemptexploit kit activityexploited hostexploitsfake claude codefortiguard labsfortiguard webfour-faith routerftpftp brute forcegermanyhackingheralding activityhoneytrap activityhoneytrap honeypothttp access attempthttp ddoshttp scannerhttp scanninghttpsics securityindicatorindustrial control systemsindustrial iotingress tool transferinitial accessinitial compromiseinitial infectioninjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipphoney activityipphoney honeypotipsips signaturelamplamp activitylamp exploitation attemptslinuxlinux malwarelog4jloginmalicious activitymalicious linksmalicious network activitymalicious payloadmalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware loader activitymirai botnetmobile carriersmobile networksnetherlandsnetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenorth americaoperating systemoperation ghostmailpassword attackspayload deliverypayload downloadpersistence mechanismsphishingphishing attackpossible botnet activitypotential intrusionprocess injectionprocess terminationprotocol exploitationproxyproxy protocolratreconnaissancereconnaissance activityremote accessremote access attemptremote code executionremote command executionremote service exploitationremote service interactionremote servicesresearchedrouterscanscannerscanning activityscripting attacksscripting languagesecurity operationssecurity policyserviceservice enumerationservice exploitationservice probingsftp access attemptsftp activitysftp attacksftp attemptsshell uploadsmart devicessocial engineeringspamssh attackssh monitoringt1005t1016t1021t1021.001t1021.002t1021.004t1027t1027.002t1027.004t1033t1036t1036.005t1036.007t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069t1069.001t1071t1071.001t1071.004t1076t1078t1078.004t1082t1083t1087t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1199t1203t1204t1204.001t1204.002t1210t1485t1486t1496t1497t1497.001t1497.003t1498t1499.001t1499.002t1499.003t1543t1546t1547t1547.001t1562t1563t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.001t1571t1572t1573t1573.001t1583t1588.002t1589t1592t1595t1595.001t1595.002t1595.003tannertanner activitytcp ddostcp protocolteamtelecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontpotcetraffic mimicrytrojan malwareturkeyudp ddosunauthorized accessunited statesunk_nightowlupnpus ip addressvalid accountsvulnerabilitiesvulnerability scanweb application attackweb application exploitationweb application scanweb application scanningweb attackweb developmentweb exploitationweb securityweb serverweb server attackweb shellweb trafficxmrigxor encoding

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
26
Reports
First seenApr 27, 2025
Last seenJun 7, 2026
GeolocationDE
CountryGermany
LocationLangen, Hesse
ASNAS51396
OrgPfcloud UG
Coords51.2993, 9.4910
Proxy

VirusTotal

12/ 91vendors flagged
13% detection rateJun 8, 2026

WHOIS

raw
inetnum: 45.135.194.0 - 45.135.194.255 netname: PFCLOUD-NET org: ORG-PU39-RIPE country: DE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: mnt-de-xsserver-1 created: 2025-01-26T11:42:47Z last-modified: 2025-01-26T11:42:47Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 45.135.194.0/24 origin: AS51396 mnt-by: mnt-de-xsserver-1 created: 2025-01-26T11:42:15Z last-modified: 2025-01-26T11:42:15Z source: RIPE
references
https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 26 threat reports