IOC Radar
IPMediumSignal 47/100

45.148.10.80

Location
RomaniaRomania
Amsterdam, NH
ASN
AS48090
Techoff SRV Limited
First Seen
Aug 14, 2023
Last Seen
Jun 4, 2026
Aug 14
First Seen
1034d ago
Jun 4
Last Seen
9d ago
21
Reports
source reports
47%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

127 techniques

Network Information

CountryRORomania
RegionAmsterdam, NH
ASNAS48090
OrganizationTechoff SRV Limited

IP Category

Proxy
Proxy server

Feed Intelligence Summary

21 reports47% confidence
21
Source reports
47%
Confidence score
Category tags
#supportsitewebsiteabuse #rootcertificatefailure #cryptographicf50 ip addresses50_iocs80+ bde scoreabnormal network behaviorabuseabuseipdbaccess attemptaccess attemptsaccess controlactive scanactive scanningadbhoney alertsadbhoney honeypotadversary infrastructureafricaalibabaalibaba cloudalibaba cloud attacksalibaba cloud ipalibaba infrastructureand brazilandorraanomalous activityanomalous behavioranomalous network behavioranomalous network behaviouranomaly detectionapacheapache attackerapple security bypassapplication layer attackapplication layer protocolapplication layer protocolsapplication reconnaissanceaptapt activityapt candidateapt indicatorsargentinaas path poisoningasiaasp.net reflective loaderasyncratattackattack campaignattack campaignsattack originattack originating ipsattack sourceattack vectorattack-infrastructureattack-vectoraustraliaauthentication attackauthentication attacksauthentication attemptsauto blockedauto blocked ipauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityauto-updatedauto_blockedautomated analysisautomated attackautomated attack attemptsautomated attacksautomated blockingautomated collectionautomated scanningautomated threatautomated threat blockingautomated threatsautomated-blockingbad actor scorebad data exposurebad reputationbad web botbangladeshbangladesh ipsbankingbde 80bde 80+bde analysisbde scorebde score 80bde score 80+bde score analysisbde score highbde score thresholdbde score: 80bde score: highbde: 80bde:80bde_80bde_score_80behavioral detectionbehavioral detection energybelgiumbgpbig data analysisblacklisted ipblacklisted ipsblocked ipblocked-ipsblocklist_allblog spambolivarian republic ofbotnetbotnet activitybotnet communicationbr ip addressesbr_ip_activitybrand weaponizationbrazilbrazil ipbrazil ip addressesbrazil ipsbrazil originbrazil origin ipsbrazil originating ipbrazil originating trafficbrazilian ipsbrazilian originbroad-spectrum malicious activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute-forcebrute-force-attackbrute_forcebrute_force_attackbruteforcebulgariabulletproof hostingc&cc2c2 activityc2 channelc2 communicationc2 indicatorsc2 infrastructurec2 servercambodiacanadachinachina aptchina based attackschina ip addresseschina ipschina originchina origin ipschina originating ipchina originating ipschina originating trafficchina related activitychina-based activitychina-based infrastructurechina-based threat actorchina-based threat actorschina-linked activitychina-related activitychinese threat actorsciscocisco attackcisco devicecisco device targetingclosecloud infrastructurecloud services abusecms detectioncn ipcn ip addressescn ipscn origincnc communicationcobaltstrikecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication channelcommunication obfuscationcommunication possible c2communication protocolcommunication protocolscommunication technologiescompromise assessmentcompromise attemptcompromise indicatorcompromise indicatorscompromised credentialscompromised endpointcompromised hostcompromised host communicationcompromised hostscompromised hosts potentialcompromised infrastructurecompromised ipscompromised systemcompromised system detectioncompromised systemscompromised_infrastructureconnection attemptsconnection refusedconpotconpot honeypotcoordinated attackcoordinated attack campaigncore network compromisecowriecowrie activitycowrie attackcowrie honeypotcowrie ssh attackscowrie ssh honeypotcrawlercredential accesscredential attackcredential compromisecredential dumpingcredential harvestingcredential stealercredential stuffingcredential theftcredential-stuffingcredential_accesscredit card servicescryptocurrencycryptocurrency threatscryptojackingcyber threat activitycyber threat intelligencecyber threatscymtdata encryptiondata encryption standarddata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exploitationdata harvestingdata interceptiondata serializationdata store exposuredata theftdatabase attackdatabase securitydcratddosddos activityddos attackddos attack activityddos attacksddos attemptddos preparationde ipde ip addressde ip addressesde ipsde originde_ip_activitydecoy systemdenial of servicedenmarkdetection timestampdevice managementdigital oceandionaeadionaea activitydionaea attackdionaea capturedionaea detectiondionaea honeypotdionaea malware collectiondirectory bruteforcingdirectory traversaldistributed attackdistributed attacksdll injectiondmzhostdnsdns attackdominican republicdosdugganusa threat inteldugganusa threat intelligenceedge communicationedge infrastructure exploitegress trafficelectronic health recordsemailemerging attack patternsemerging threatemerging threatsencoded command stringsencrypted channelencryptionendpoint detectionenterprise networkingenumerationestoniaeu cyber policieseuropeeurope/asiaeuropean ipeuropean ip addresseseuropean ipseuropean nationseuropean origineuropean origin ipseuropean originating ipevasion techniquesevasive tacticsexecutable fileexfiltrationexfiltration attemptexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation strategiesexploited hostexternal attackexternal attackersexternal communicationexternal ipexternal network scansexternal remote servicesexternal scanningexternal threatextortionfattfilefinancefinance and insurancefinancial servicesfinancial technologyfinlandfirmware attackfr activityfr ipfr ip addressfr ip addressesfr ipsfr originfr_ip_activityfranceftpftp attemptftp brute forceftp brute-forceftp protocolgeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-distributed threatgeo-diverse attackgeo-diverse ipsgeo-ip analysisgeo-ip attackgeo-located threatgeo-located threat sourcegeo-located threatsgeo-locationgeofencing malwaregeographic anomalygeographic anomaly detectiongeographic attributiongeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic source: brgeographic source: brazilgeographic source: chinageographic source: cngeographic source: degeographic source: francegeographic source: germanygeographic source: icelandgeographic source: indonesiageographic source: japangeographic source: netherlandsgeographic source: polandgeographic source: sggeographic source: singaporegeographic source: usgeographic spreadgeographic targetinggeographical distributiongeographical spreadgeographically distributedgeographically distributed ipsgeographically diversegeographically diverse attackgeographically diverse attackersgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse sourcesgeographically diverse threatsgeoipgeolocated attackgeolocated attack sourcegeolocated ipsgeolocated threatgeolocated threatsgermanygermany-based activitygermany-based ipgithubglobal activityglobal attackglobal attack campaignglobal attack originglobal attack sourcesglobal distributionglobal ip threatglobal ipsglobal threatglobal threat activityglobal threat actorsglobal threat landscapeglobal threat vectorsgreat britainhackinghealth care and social assistancehealth information technologyhealthcare information systemsheralding attackheralding behaviorhigh abuse scorehigh bdehigh bde scorehigh behavioral scorehigh confidencehigh confidence indicatorhigh confidence indicatorshigh confidence iochigh confidence iocshigh confidence threathigh riskhigh risk iphigh risk ipshigh risk scorehigh severityhigh suspicion levelhigh threat levelhigh threat potentialhigh threat scorehigh volume traffichigh-risk ip activityhigh-risk ipshigh-risk regionhigh_bdehk iphk ipshoneytrap honeypothong konghospital managementhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanninghttps-servicehwrn nameservericelandiceland ip addressesiceland ipsiceland originating ipiceland originating trafficics securityics/scada protocolsidentity & access exploitationidmsa abuseimapindiaindicatorindicator-of-compromiseindicators of compromiseindonesiaindonesia ip addressesindonesia ipsindonesia originindonesia originating ipindonesia originating trafficindonesian ipsindustrial control systemsinformation gatheringinformation technologyinfostealerinitial accessinitial access attemptsinitial-access-attemptinitial_accessinjection activityinjection attacksinter-as route manipulationinternational activityinternational ipsinternational threatinternational trafficinternet of thingsinternet-facingintrusion attemptintrusion detectioniociocsiocs identifiediocs: 50iocs: 50 ipsiocs: ip addressesiocs:ip addressiocs:ip addressesiot botnetiot securityiot/ics attackip-blocklistipv4ipv6iraqirelandis ipis ip addressesis ipsisp-reputationisraelit infrastructureitalyjapanjapan ipjapan ip addressesjapan ipsjapan originjapan origin ipsjapan originating ipjapan originating trafficjapanese ipsjordanjp ipjp ip addressesjp ipsjtag exploitationkenyaknown malicious ispsknown threat actorsknown threat regionskoreakorea, republic ofkr ipkr ipskyrgyzstanlamplamp attacklamp exploitation attemptslamp stack targetinglarge-scale scanninglateral movementlateral movement attemptslateral movement detectionlateral movement investigationlateral movement potentiallateral network movementlatvialazaruslfiliechtensteinlithuanialoaderlog analysislogin attemptslte trialluxembourgmailoney honeypotmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious communicationmalicious filemalicious indicatorsmalicious infrastructuremalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ipsmalicious ispmalicious network activitymalicious network communicationmalicious network trafficmalicious originmalicious powershell activitymalicious sip activitymalicious softwaremalicious sourcemalicious sslmalicious trafficmalicious-ip-addressmalicious-trafficmalspammalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware detectionmalware distributionmalware distribution attemptsmalware hostingmalware indicatorsmalware infectionmalware propagationmalware trafficmedical servicesmexicomexico ip addressesmexico ipsmirai botnetmitre-attackmixed-ip-domainmobilemobile carriersmobile networksmobile securitymoroccomozimsi installermulti-country activitymulti-country attackmulti-country originmulti-country originating trafficmulti-nationalmulti-national attackmulti-national originmulti-originmulti-origin attackmulti-regionmulti-regionalmulti-regional activitymulti-regional attackmulti-vector attackmultiple attack originsmultiple countriesmultiple countries originmultiple countries originatingmultiple geographic locationsmultiple geographic originsmultiple geolocationmultiple geolocation originsmultiple geolocation sourcesmultiple origin countriesmultiple origin ipsmultiple origin pointsmultiple originsmultiple protocolsmultiple regionsmultiple source ipsmultiple_countriesnation-state activitynemucodnetherlandsnetherlands based activitynetherlands based ipsnetherlands ip addressesnetherlands ipsnetherlands originating ipnetherlands originating trafficnetworknetwork accessnetwork activitynetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attack indicatorsnetwork attacksnetwork behaviornetwork behavior analysisnetwork communicationnetwork communication anomalynetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork layer attacknetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scan detectednetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork threatnetwork threat detectionnetwork trafficnetwork traffic analysisnetwork traffic monitoringnetwork vulnerabilitynetwork vulnerability exploitationnetwork-intrusionnetwork-reconnaissancenetwork_enumerationnetwork_trafficnetwork_traffic_analysisnew zealandnlnl activitynl ip addressnl ip addressesnl originnl sourcenl trafficnl_ip_activityno known c2non-standard portnorth americanorwayobserved communicationoceaniaopen proxyoriginating countries: broriginating iporiginating ipsotx pulseoutbound trafficowaspp0fpanamapassword attackpassword attackspassword crackingpatient carepattern-32pattern-38payment processingpdfpersistence mechanismphishingphishing attackphishing trappl ip addressespl_ip_activitypmic manipulationpolandpoland ip addressespoland ipspoland originating ippoland originating trafficpolicepolish originport-scanningportscanpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2possible c2 activitypossible c2 communicationpossible c2 infrastructurepossible compromisepossible credential accesspossible data exfiltrationpossible exploit activitypossible intrusionpossible lateral movementpossible malicious activitypossible malwarepossible malware activitypossible malware beaconingpossible malware distributionpossible malware infectionpossible port scanningpossible reconnaissancepossible scanningpossible threat actorspossible threat infrastructurepossible vulnerability exploitationpotential aptpotential apt activitypotential attackpotential attack originpotential backdoorpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential c2 communicationpotential china originpotential compromisepotential coordinationpotential credential accesspotential data breachpotential data collectionpotential data exfiltrationpotential evasionpotential exploitpotential exploit activitypotential exploit attemptspotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptpotential intrusion attemptspotential lateral movementpotential malicious activitypotential malicious communicationpotential malwarepotential malware activitypotential malware communicationpotential malware distributionpotential malware infectionpotential network attackpotential network intrusionpotential network reconnaissancepotential reconnaissancepotential reconnaissance activitypotential russia originpotential scan activitypotential scanningpotential targeted attackpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability exploitationpreparatory activitiesprobingprocess id 2356process id 2812process injectionprotocol exploitationproxyproxy detectionpublic-facing applicationpublic-facing application exploitpumpransomwarerdp protocolrdp-protocolreconnaissancereconnaissance activityredis honeypotredishoneypotregional securityremcos trojanremote accessremote access abuseremote access attemptsremote access toolsremote servicesrepublic ofreputation parasitismreputation-based blockingresearchedresidential proxyresource developmentresource hijackingrfiroromaniarouting protocolru ip addressru originrussiarussia ipsrussian federationrussian ipsrussian threat actorssaudi arabiascams & fraudscannerscannersscanningscanning activityscripted attacksscripting attacksse ip addressesse_ip_activitysecurity monitoringsecurity operationssecurity policyself-signedsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionserbiaserver exploitationserviceservice discoveryservice scanservice scanningsftpsftp access attemptssftp activitysftp attacksftp attemptsg_ip_activityshell accesssingaporesingapore ipsingapore ip addressessingapore ipssingapore origin ipssingapore originating ipsingapore originating trafficsingapore-based activitysipsip brute forcesip scanningsloveniasmb enumerationsmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsomaliasophisticated firmware persistencesouth africasouth americasouth koreaspainspamspynoonsshssh attackssh monitoringssh protocolssh-protocolsslssl certificatessl certificate analysisssl certificate enrichmentssl enrichmentssl-certificate-analysisssl-enrichmentssl-tls-analysisssl/tlsssl/tls enrichmentssl_certificate_iocssl_enrichmentssrfstate-sponsored activitystealcsteamstix 2.1stix feedstix-2.1supply chain attacksupply chain compromisesupply-chainsuspected botnet activitysuspected compromisesuspected intrusionsuspected malicious activitysuspected malwaresuspected scanning activitysuspected threat actorsswedensymmetric cryptographysyrian arab republicsystem accesssystem discoverysystem disruptiont1001t1003t1003 credential dumpingt1003.001t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1024t1027t1036t1036.006t1040t1041t1043t1046t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1060t1064t1068t1071t1071 indicatorst1071.001t1071.002t1071.003t1071.004t1071.005t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1090t1090 connection proxyt1090.001t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1133t1140t1187t1189t1190t1195.002t1199t1203t1204t1204.002t1210t1219t1486t1490t1495.001t1496t1497t1499t1499.001t1499.002t1499.003t1505.004t1542.001t1542.005t1547t1547.001t1550t1550.002t1555t1555.003t1563t1564.001t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1583.006t1585t1586t1588t1589t1590t1590.005t1592t1595t1595.001t1595.002t1595.003t1598taiwantannertanner attacktanner http honeypottargeting databasetcp protocoltcp scanteam cymrutechofftechoff srv limitedtelecom servicestelecommunicationstelnet threattencenttencent attackstencent ipthailandthreat actorthreat actor activitythreat actor indicatorsthreat actor infrastructurethreat actor zonethreat actorsthreat detectionthreat feedthreat hostingthreat hosting ispsthreat indicatorthreat indicatorsthreat intelligencethreat intelligence feedthreat monitoringthreat preventionthreat sourcethreat-intelthreat-intelligencethreat-intelligence-feedthreat_inteltier-1 network vulnerabilitytor nodetpottpotcetraffic analysistraffic anomaliestraffic anomalytraffic anomaly detectiontraffic monitoringturkeyudp scanukraineunattributed threatunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptsunidentified c2 frameworksunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipsunited states originunknown c2unknown threat actorunusual network activityunusual network trafficunusual traffic patternsurlhausus activityus ip addressus ip addressesus originus origin ipsus originating ipus-based activityus-based ipus_ip_activityusa originuzbekistanvalid accountsvenezuela, bolivarian republic ofverizon basebandverizon ltevigilance recommendedvoipvoip attackvoip systemsvulnerability scanwealth managementweb app attackweb application attackweb application fingerprintingweb attackweb attacksweb brute forceweb crawlerweb exploitweb exploitationweb hostingweb protocolsweb scannerweb serversweb spamweb trafficwebscanwebscannerweekwixxsszimbabwe

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
21
Reports
First seenAug 14, 2023
Last seenJun 4, 2026
GeolocationRO
CountryRomania
LocationAmsterdam, NH
ASNAS48090
OrgTechoff SRV Limited
Coords52.3716, 4.8883
Proxy

VirusTotal

Not checked

WHOIS

description
AbuseIPDB 100% | NL | TECHOFF SRV LIMITED
raw
inetnum: 45.148.10.0 - 45.148.10.255 org: ORG-TSL73-RIPE mnt-domains: TECHOFF-MNT mnt-domains: TECHOFF-MNT netname: DMZHOST descr: country: AD admin-c: AD18161-RIPE tech-c: AD18161-RIPE status: ASSIGNED PA mnt-by: TECHOFF-MNT created: 2019-09-02T15:08:45Z last-modified: 2024-11-21T09:43:56Z source: RIPE organisation: ORG-TSL73-RIPE org-name: TECHOFF SRV LIMITED country: GB org-type: OTHER address: 35 Firs Avenue, London N11 3NE abuse-c: AD18161-RIPE mnt-ref: TECHOFF-MNT mnt-ref: MNT-NETERRA mnt-by: TECHOFF-MNT created: 2024-11-20T13:01:40Z last-modified: 2024-11-26T15:22:33Z source: RIPE # Filtered role: ABUSE DEP address: 35 Firs Avenue, London N11 3NE abuse-mailbox: [email protected] nic-hdl: AD18161-RIPE mnt-by: TECHOFF-MNT created: 2024-11-20T13:00:28Z last-modified: 2024-11-21T09:45:52Z source: RIPE # Filtered route: 45.148.10.0/24 origin: AS48090 mnt-by: TECHOFF-MNT created: 2019-09-05T14:32:45Z last-modified: 2024-11-21T09:44:13Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://any.run/malware-trends/, https://urlhaus.abuse.ch/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 21 threat reports