IPMediumSignal 55/100

`45.84.107.172`

Location

Sweden

Sundbyberg, Stockholm County

ASN

AS214503

R0CKET-CLOUD

First Seen

Jan 20, 2025

Last Seen

Jun 5, 2026

Jan 20

First Seen

501d ago

Jun 5

Last Seen

today

Reports

source reports

55%

Confidence

medium

Found in 40 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

55%

Signal Score

55 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

118 techniques

Network Information

Country

Sweden

RegionSundbyberg, Stockholm County

ASNAS214503

OrganizationR0CKET-CLOUD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

40 reports55% confidence

Source reports

55%

Confidence score

Category tags

abuseabuseipdbaccess controlactive scanactive scanningadb attackadbhoney activityadbhoney honeypotand injection attemptsandroid device attacksanonymity network abuseanonymization networkanonymization network trafficanonymization_network_originanonymization_service_trafficanonymous proxiesantarcticaapacheapache attackerapi servicesapplication layer protocolaptaqasaasiaattachment phishingattackattack sourceattacker infrastructureattacker ipattacker ip addressesattacker ip: confirmedattacker ip: detectedattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication_bypassauto-blockedauto-generatedauto-updatedauto_blockedautomated activityautomated attackautomated attack attemptsautomated attacksautomated collectionautomated emailautomated feedautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botbase64base64 encodingbde scorebde score 80becblacklisted ipblock listblocked-ipsblocklist_allblog spambotnetbotnet activitybotnet c2botnet indicatorsbrand weaponizationbrazilbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk emailc2c2 addressesc2 communicationc2 infrastructurec2 servercanadachinachina mobilecisco asacisco asa targetedcisco asa targetingcisco devicecisco device targetedcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescivil servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise assessmentcompromise attemptcompromised credentialscompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorscompromised ip addresscompromised systemconpot activityconpot honeypotcontent deliverycowriecowrie activitycowrie honeypotcowrie honeypot detectioncowrie interactionscowrie logscowrie ssh attackcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-abusecredential-accesscredential-stuffingcredential_accesscredential_access_attemptscredential_guessingcredential_stuffingcross-site scriptingcryptocurrencycryptocurrency threatscryptojackingctacyber threatsdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata manipulationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackddos reflectionde ipsdecoy systemdenial of servicedenial-of-servicedenmarkdevice managementdionaeadionaea activitydionaea capturedionaea honeypotdionaea interactionsdionaea logsdistributed attacksdnsdns attackdugganusa threat intelligenceelasticpot honeypotelasticsearch monitoringelectronic health recordsemailencryptionenterprise networkingenumerationeuropeeurope/asiaexit nodeexit node threatexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal attackexternal threatfailed authenticationfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfinancefinancial servicesfinlandfireholfirewall eventfr ipsfrancefraud ordersftpftp attacksftp brute forceftp brute-forceftp protocolftp_attemptsftp_brute_forcegeo-distributed attackgeo-diverse ipsgeographic origingermanygithubgovernment technologyhackinghashhealth care and social assistancehealth information technologyhealthcare information systemsheralding activityhigh bde scorehigh risk scorehk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshong konghospital managementhttp attackhttp brute forcehttp exploitationhttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicelandicmpicsics securityics/scada attacksidentity & access exploitationimapimap attackindiaindicatorindicatorsindicators of compromiseindicators_of_compromiseindonesiaindustrial control systemsinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial-accessinitial-access-attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinjection vulnerabilitiesinput sanitization failureinternet-facingintrusion detectioniociocsiocs:ip addressesiot securityiot targetediot/ics attackip-addressip-addressesipphoney honeypotipv4ipv4 addressipv4_addressirelandis ipsisp-reputationit infrastructureitalyja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjapankorea, republic oflamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlateral movementlcialiechtensteinlinuxlinux serverslinux systemslinux-server-attacklinux_serverslithuanialocal governmentlogin attacklogin attemptlogin failurelouisiana honeypot datamailoney activitymailoney honeypotmailoney interactionmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious domainmalicious domainsmalicious emailmalicious email trafficmalicious hashesmalicious ip activitymalicious ipsmalicious linksmalicious login attemptsmalicious network activitymalicious network trafficmalicious payload attemptmalicious probemalicious sftp activitymalicious sftp trafficmalicious softwaremalicious ssh activitymalicious ssh trafficmalicious trafficmalicious urlsmalicious-ipmalicious-login-attemptsmalwaremalware activitymalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware urlsmedical servicesmexicomitre-attackmobile threatmodbus attacksmonthlymultiple countriesmultiple countries originmultiple geographic originsmultiple injection attacksmultiple sqlmultiple xssnetherlandsnetworknetwork activitynetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_attacknetwork_devicenetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnorth americanorwayoceaniaopen proxyopenctiopenphish feedopenphish iocopportunistic attackos command injectionp0fp0f os fingerprintingp0f signaturespasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpatient carepattern-32pattern-38payment fraudperimeter devicespgp signphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsping of deathpolandport-scanport-scanningpossible credential reusepossible credential stuffingpossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential lateral movementpotential malicious activitypotential malware distributionpotential malware uploadpotential threatpotential vulnerability exploitationprice requestprice request scamprobing and exploitationprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol: emailprotocol: sftpprotocol: sshprotocol_scanningproxyproxy ipspublic administrationpublic infrastructurepublic policypublicly accessible infrastructureransomwarerdp attacksrdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis exploitationredis honeypotredishoneypotregulatory agenciesremote accessremote access attacksremote access attemptremote access attemptsremote code executionremote loginremote serviceremote service exploitationremote servicesremote_accessresearchedresidential proxyresource hijackingreverse sshromaniarussias7comm attacksscams & fraudscannerscanner detectionscannersscanning activityschedule themescheduled task abusescripting attacksscripting languagesesecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer communicationsentrypeer detectionsentrypeer interactionsserbiaserver exploitationservice enumerationservice scanservice scanningservice: lampsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptssftp probingsftp-attacksingaporesip attackssip brute forcesip scansip scanningsloveniasmb attackssmb brute forcesmb exploitationsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth americaspainspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsql-injectionsshssh attackssh attacksssh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatesssl-enrichmentssl/tls enrichmentssl_certificate_iocssl_enrichmentsslblsslblackliststealcstixstix 2.1stix feedstix-2.1supply chain attacksupply-chainsurface websuricata alertsuricata alertssuspicious-udpswedensyn scansystem discoveryt-pott1003t1003.001t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1033t1036.006t1040t1041t1046t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1070.004t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1090t1090 proxyt1090.002t1102t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1140t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1202t1203t1204t1204.001t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.003t1547.001t1555t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1573.002t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.002t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner detectiontanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcp protocoltcp scantcp scanningteam cymrutelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstftpthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_intelthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestpottraffic analysisudp port scanudp scanunattributed threat actorunattributed_threat_activityunauthenticated accessunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesuntrusted dataurlhausus abuseus nonevalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpn trafficvulnerability scanvulnerability-scanningweb apisweb app attackweb application attackweb application attacksweb application exploitationweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploit attemptweb exploitationweb hostingweb infrastructureweb protocolsweb securityweb server attacksweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-vulnerabilityweb_applicationweb_attackswetransfer abuse

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

24h

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

55%

Confidence

Reports

First seenJan 20, 2025

Last seenJun 5, 2026

GeolocationSE

CountrySweden

LocationSundbyberg, Stockholm County

ASNAS214503

OrgR0CKET-CLOUD

Coords51.2993, 9.4910

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 45.84.107.0 - 45.84.107.255 netname: R0CKET-CLOUD-2 country: EU admin-c: NA8786-RIPE tech-c: NA8786-RIPE status: ASSIGNED PA mnt-by: MNT-QUXLABS created: 2024-08-08T08:19:19Z last-modified: 2024-08-08T08:19:19Z source: RIPE geofeed: https://as203038.net/geofeed.csv role: QuxLabs AB NOC address: QuxLabs AB address: c/o Helioworks address: Sundbybergs Torg 1 address: 172 67 Sundbyberg address: Sweden nic-hdl: NA8786-RIPE mnt-by: MNT-QUXLABS created: 2024-04-29T07:40:19Z last-modified: 2024-08-08T15:47:49Z source: RIPE # Filtered route: 45.84.107.0/24 origin: AS214503 mnt-by: MNT-QUXLABS created: 2024-08-08T08:25:10Z last-modified: 2024-08-08T08:25:10Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-21/, https://redpiranha.net, Injection attempts-2024-12-07 11_10_20.677.csv, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`45.84.107.172`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy