IPMediumSignal 58/100

`45.148.10.247`

Location

Romania

Amsterdam, North Holland

ASN

AS48090

Techoff SRV Limited

First Seen

Dec 17, 2021

Last Seen

Jun 4, 2026

Dec 17

First Seen

1637d ago

Jun 4

Last Seen

7d ago

Reports

source reports

58%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

58%

Signal Score

58 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

69 techniques

Network Information

Country

Romania

RegionAmsterdam, North Holland

ASNAS48090

OrganizationTechoff SRV Limited

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

30 reports58% confidence

Source reports

58%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive scanactive scanningadbhoney honeypotafricaandorraapacheapi keyapplication layer protocolaptasiaasyncratattackaustraliaauthentication failuresautomated attackautomated attacksautomated threatautomated_attackbad reputationbad web botbankingbelgiumblacklist activityblacklist checkblacklist ipblacklist ip detectionblacklisted ipblocklist_allblog spambotnetbotnet activitybotnet_activitybrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2 communicationc2_communicationcanadachinacisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescoinminercommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised credentialscompromised hostcompromised systemconpot activityconpot honeypotcowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredit card servicescryptocurrencycryptominerscryptominingcvedark crystaldata encryptiondata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securitydatabase service attacksdcratddosddos attackddos attacksdecoy systemdefault companydenial of servicedenmarkdevice managementdhcpdhcp discoverydhcp reconnaissancedhcp scanningdictionary attackdionaea activitydionaea attacksdionaea honeypotdirectory service attacksdirectory traversaldistributed attacksdnsdns attackelasticpot honeypotelasticsearchelasticsearch brute forceelasticsearch monitoringelasticsearch reconnaissanceelasticsearch scanningencryptionenterprise networkingenterprise securityenumerationeuropeeurope/asiaexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploited hostexploitsexternal access attemptsfailed login attemptsfattfin scanfinancefinancial servicesfinancial technologyfirstfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanyget requestgraph summarygroupedhackinghoneytrap honeypothong konghttp scannerhttp scanninghttp/shttpsicelandics securityidentity & access exploitationimapimap brute forceinbound scanindiaindicatorindicators of compromiseindustrial control systemsinfected-ipinformation gatheringinformation technologyinfostealerinitial accessinitial_accessinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facinginternet-facing serviceinternet_wide_scanintrusion detectioniociocsiocs_analysisiot botnetiot securityiot targetediot/ics attackiot_threatsipv4ipv4 addressesipv4_indicatorsirelandisraelit infrastructureitalyjapanjoinkaijikorea, republic oflamplamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability scanlateral movementldapldap brute forceldap enumerationliechtensteinlinux serverslinux systemslinux_server_attackslinux_threatslithuanialoaderlogin attemptsluxembourgmailoney activitymailoney honeypotmalicious activitymalicious ip addressesmalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionmalware downloadmalware_activitymalware_campaignmalware_loadermemcached reconnaissancememcached scanningmexicomirai botnetmixed-ip-domainmoroccomozimssqlmssql brute forcemysql brute forcenetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service attacksnetwork service scanningnetwork servicesnlnorth americanorwayntpntp amplificationntp amplification attemptntp scanningnull scanoceaniaopen proxyopenctioracleoracle brute forcep0fpassword attackpassword attackspatch managementpayment processingphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible credential reusepossible malware distributionpost requestpostgres brute forcepostgresql brute forcepotential malicious activitypotential vulnerability assessmentprocess injectionprotocol exploitationproxyproxy protocolqhoneypot detectionransomwarereconnaissancereconnaissance activityredis brute forceredis honeypotremote accessremote access trojanremote servicesremote_access_trojanresearchedresource hijackingromaniarussiarussian federationscams & fraudscanscannerscannersscanning activityscripting attackssecurity policysensor-taggedsentrypeer botnetserver exploitationservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp attacksftp attackssftp attemptsingaporesip attackssip brute forcesip scansip scanningsmb brute forcesmb scanningsmtpsmtp enumerationsmtp probingsnmp reconnaissancesocial engineeringsocks5socks5 proxy activitysocks5 proxy detectionsoftware developmentsoftware vulnerabilitiessouth americaspainspamsql injectionsshssh attackssh monitoringstealersteamsteam abuseswedensyn scant1016t1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195.001t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566 - phishingt1566.001t1566.002t1566.003t1566.004t1573t1573.002t1584t1587t1590t1590.002t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp/80telecommunicationstelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat preventionthreat-inteltor nodetpottycoonudp port scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited arab emiratesunited kingdomunited statesunknown threat actoruzbekistanvalue avnc protocolvnc reconnaissancevoipvoip attackvpnvpn ipvulnerability scanwealth managementwebweb app attackweb application attackweb application scanweb application scanningweb attackweb attacksweb exploitationweb scannerweb serverweb server probingweb shellweb spamweb trafficweb_attackwebshellweekwhois lookupswindows_threatsxmas scanxss

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

58%

Confidence

Reports

First seenDec 17, 2021

Last seenJun 4, 2026

GeolocationRO

CountryRomania

LocationAmsterdam, North Holland

ASNAS48090

OrgTechoff SRV Limited

Coords52.3759, 4.8975

ProxyVPN

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 4 years ago · Last seen 7 days ago

Appeared in 30 threat reports