IPMediumSignal 65/100

`45.84.107.174`

Location

Antarctica

Sundbyberg, Unknown

ASN

AS214503

R0CKET-CLOUD

First Seen

Apr 26, 2025

Last Seen

Jun 5, 2026

Apr 26

First Seen

413d ago

Jun 5

Last Seen

8d ago

Reports

source reports

65%

Confidence

medium

Found in 41 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

111 techniques

Network Information

Country

Antarctica

RegionSundbyberg, Unknown

ASNAS214503

OrganizationR0CKET-CLOUD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

41 reports65% confidence

Source reports

65%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotandroid device attacksanonymity network abuseanonymization networkanonymization network trafficanonymization_network_originanonymization_service_trafficanonymous proxiesantarcticaanti-phishingapacheapache attackerapi servicesapplication layer protocolaptasaasiaattackattack sourceattack source ipattacker ipattacker ip: confirmedattacker ipsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication brute forceauthentication failureauthentication_bypassauto-blockedauto-generatedauto-updatedauto_blockedautomated attackautomated attack attemptsautomated attacksautomated collectionautomated feedautomated threatautomated threatsautomated-attackautomated_attackautomated_attacksbad reputationbad web botbde score 80bde score: 80blocked-ipsblocklist_allblog spambooterbotnetbotnet activitybotnet c2botnet indicatorsbrand weaponizationbrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercanadachinacisco asacisco asa targetedcisco asa targetingcisco devicecisco device attackcisco device targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescisco_exploitcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication channelcommunication protocolcompromise assessmentcompromised credentialscompromised hostcompromised host attemptcompromised host indicatorscompromised infrastructurecompromised infrastructure indicatorsconpot activityconpot honeypotcontent deliverycowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh honeypotcowrie_attackcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_guessingcredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threatsdarkforumsdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedenmarkdevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea logsdistributed attacksdnsdns attackdugganusa threat intelelasticpot honeypotelasticsearch monitoringelectronic health recordsencryptionenterprise networkingenumerationeuropeeurope/asiaexit nodeexit node threatexploitexploit attemptexploit attemptsexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsfailed loginfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinancefinancial servicesfinlandfireholfirewall eventfranceftpftp attacksftp brute forceftp brute-forceftp protocolftp_attemptsftp_brute_forcegeographic distributiongeoipgermanygithubglobal threat landscapehackinghashhealth care and social assistancehealth information technologyhealthcare information systemsheralding activityhigh bde scorehigh threat scorehoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshong konghospital managementhttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp-floodhttp/shttpsicelandicmpicsics securityics/scada attacksidentity & access exploitationimapimap attackindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facinginternet-facing serviceintrusion detectioniociocsiocs: 50 ipsiot securityiot targetediot/ics attackipv4ipv4 addressipv4 attacksipv4_addressirelandisp-reputationit infrastructureitalyja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjapankill-chain exploitationkill-chain reconnaissancekorea, republic ofl7-ddoslamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlamp_exploitlateral movementlcialiechtensteinlinux serverslinux systemslinux-server-attacklinux_server_attackslinux_serverslithuanialogin attacklogin attemptlogin failurelouisiana honeypot datalow-riskmailmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious communicationmalicious domainmalicious domainsmalicious file transfermalicious hashesmalicious ip activitymalicious ipsmalicious linksmalicious login attemptsmalicious network activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious urlsmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware urlsmalware_activitymedical servicesmexicomitre-attackmobile threatmod securitymodbus attacksmonthlymssqlmultiple countriesnetherlandsnetworknetwork activitynetwork anomaliesnetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork threatnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_attacknetwork_devicenetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnorth americanorwayoceaniaopen proxyopencanaryopenphish feedopenphish iocopportunistic attackos command injectionosintp0fp0f signaturespassword attackpassword attackspassword sprayingpatient carepattern-32pattern-38perimeter devicesphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsping of deathpolandport-scanningpossible brute forcepossible credential stuffingpossible malware distributionpossible malware propagationpossible mirai variantpossible port scanningpossible reconnaissancepossible vulnerability exploitationpotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential lateral movementpotential malicious activitypotential threat actorprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol_scanningproxyproxy ipsransomwareraspberry-pirdp attacksrdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote access attemptsremote serviceremote service exploitationremote servicesremote_accessresearchedresidential proxyresource hijackingromaniarussias7comm attacksscannerscannersscanning activityscripting attackssesecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer exploitationsentrypeer honeypotsentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp enumerationsftp exploit attemptsftp exploitation attemptssftp probingsftp-attacksftp_attacksingaporesip attackssip brute forcesip scansip scanningsip_attacksmb attackssmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth americaspainspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsshssh attackssh attacksssh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessh_bruteforcessl blacklistssl certificatessl certificate enrichmentssl certificatesssl-enrichmentssl/tls enrichmentssl_certificate_iocssl_enrichmentsslblsslblackliststealcstixstix 2.1stix feedstix-2.1supply chain attacksupply-chainsuricata alertssuspicious-udpswedensyn scansystem accesst-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1036.006t1040t1041t1046t1047t1048t1053t1053.005t1055t1055.001t1055.002t1055.004t1055.011t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.004t1083t1090t1090 proxyt1090.002t1102t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1140t1187t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1505.002t1547.001t1555t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1573.002t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytanner honeypottanner interactionstargeting databasetcp protocoltcp scantcp scanningteam cymrutelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcetelnet_attemptstftpthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_intelthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestpottpotcetraffic analysisudp port scanudp scanukraineunattributed threat actorunattributed_threat_activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunknown threat actorurlhausvalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpn trafficvulnerability scanweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb protocolsweb securityweb server attacksweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb_applicationweb_attackweb_attacks

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenApr 26, 2025

Last seenJun 5, 2026

GeolocationAQ

CountryAntarctica

LocationSundbyberg, Unknown

ASNAS214503

OrgR0CKET-CLOUD

Coords-72.0114, 2.5350

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 45.84.107.0 - 45.84.107.255 netname: R0CKET-CLOUD-2 country: EU admin-c: NA8786-RIPE tech-c: NA8786-RIPE status: ASSIGNED PA mnt-by: MNT-QUXLABS created: 2024-08-08T08:19:19Z last-modified: 2024-08-08T08:19:19Z source: RIPE geofeed: https://as203038.net/geofeed.csv role: QuxLabs AB NOC address: QuxLabs AB address: c/o Helioworks address: Sundbybergs Torg 1 address: 172 67 Sundbyberg address: Sweden nic-hdl: NA8786-RIPE mnt-by: MNT-QUXLABS created: 2024-04-29T07:40:19Z last-modified: 2024-08-08T15:47:49Z source: RIPE # Filtered route: 45.84.107.0/24 origin: AS214503 mnt-by: MNT-QUXLABS created: 2024-08-08T08:25:10Z last-modified: 2024-08-08T08:25:10Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-21/, https://redpiranha.net, https://check.torproject.org/torbulkexitlist

`45.84.107.174`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy