IPMediumSignal 44/100

`45.66.35.21`

Location

Netherlands

Amsterdam, NH

ASN

AS61125

Sabotage LLC

First Seen

Nov 21, 2023

Last Seen

Jun 9, 2026

Nov 21

First Seen

931d ago

Jun 9

Last Seen

yesterday

Reports

source reports

44%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

44%

Signal Score

44 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Network Information

Country

Netherlands

RegionAmsterdam, NH

ASNAS61125

OrganizationSabotage LLC

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

28 reports44% confidence

Source reports

44%

Confidence score

Category tags

abuseabuseipdbaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapple security bypassapplication layer protocolas path poisoningattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated feedautomated network attacksautomated_attackbad reputationbad web botbgpbotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute-forcebrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercisco devicecommand & controlcommand and controlcommunication protocolcommunication technologiescompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorscore network compromisecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcymtdarkforumsdata encryptiondata exfiltrationdata interceptiondata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksedge infrastructure exploitencryptionenterprise networkingenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexecutable fileexit nodeexploitationexploitation activityexploited hostexternal threatfailed login attemptsfattfeedfeed-harvestfeodofeodo trackerfilefinlandfireholfirmware attackfranceftpftp brute forceftp_attemptsftp_brute_forcegeofencing malwaregermanyhackinghashhoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkidentity & access exploitationidmsa abuseindicatorindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinter-as route manipulationinternet of thingsintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjtag exploitationlamplateral movementlateral network movementlogin attemptmailoney honeypotmalicious activitymalicious domainmalicious domainsmalicious filemalicious hashesmalicious ipsmalicious linksmalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanualmirai botnetmobile carriersmobile networksmssqlnemucodnetherlandsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenlnorth americaoceaniaopen proxyopenphish feedopenphish iocp0fpassword attackpassword attackspdfpersistence mechanismphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspmic manipulationpolandpossible credential stuffingpotential botnet activityprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy serverproxy serversransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingrouting protocolscscannerscanning activitysecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetservice discoveryservice enumerationservice scanservice scanningseychellessftp attacksmb brute forcesmtpsmtp brute forcesocial engineeringsoftware developmentsophisticated firmware persistencespamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropssh attackssh monitoringssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsupply chain attacksupply chain compromisesuspected malicious activitysyn scansystem accesst-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1113t1133t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1542.001t1542.005t1550t1563t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1571t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-actor:unattributedthreat-intelthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtier-1 network vulnerabilitytls fingerprinttortor activitytor exittor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestpotudp scanunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorurlhausvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb application attackweb exploitweb exploitationweb hostingweb securityweb spamweb traffic

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

44%

Confidence

Reports

First seenNov 21, 2023

Last seenJun 9, 2026

GeolocationNL

CountryNetherlands

LocationAmsterdam, NH

ASNAS61125

OrgSabotage LLC

Coords52.3591, 4.7930

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 45.66.35.0 - 45.66.35.255 netname: SABOTAGE country: SC admin-c: ACRO28603-RIPE tech-c: ACRO28603-RIPE status: ASSIGNED PA org: ORG-SABO2-RIPE mnt-by: mnt-nl-spectre-1 created: 2019-08-23T21:49:49Z last-modified: 2021-01-11T08:50:11Z source: RIPE organisation: ORG-SABO2-RIPE org-name: SABOTAGE LLC country: US org-type: OTHER address: KEURENPLEIN 41 A1848 1069CD AMSTERDAM abuse-c: ACRO28603-RIPE mnt-ref: mnt-nl-spectre-1 mnt-by: mnt-nl-spectre-1 created: 2019-11-27T23:19:34Z last-modified: 2022-12-01T17:25:06Z source: RIPE # Filtered role: SABOTAGE NOC address: KEURENPLEIN 41, BOX A1848, 1069CD, AMSTERDAM, THE NETHERLANDS abuse-mailbox: [email protected] nic-hdl: ACRO28603-RIPE mnt-by: mnt-nl-spectre-1 created: 2019-11-27T23:18:16Z last-modified: 2022-06-03T16:00:53Z source: RIPE # Filtered route: 45.66.35.0/24 origin: AS61125 mnt-by: mnt-nl-spectre-1 created: 2021-06-24T13:55:39Z last-modified: 2021-06-24T13:55:39Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/platformbuilds/Tor-IP-Addresses/refs/heads/master/tor-exit-nodes.lst, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://iplists.firehol.org/?ipset=tor_exits, Exit_Nodes.csv, https://metrics.torproject.org/rs.html#toprelays, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

`45.66.35.21`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy