IOC Radar
IPMediumSignal 60/100

45.84.107.54

Location
SwedenSweden
Sundbyberg, Stockholm County
ASN
AS214503
R0CKET-CLOUD
First Seen
Mar 24, 2025
Last Seen
Jun 5, 2026
Mar 24
First Seen
439d ago
Jun 5
Last Seen
yesterday
37
Reports
source reports
60%
Confidence
medium
Found in 37 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

101 techniques

Network Information

CountrySESweden
RegionSundbyberg, Stockholm County
ASNAS214503
OrganizationR0CKET-CLOUD

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

37 reports60% confidence
37
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount enumerationactive scanactive scanningadb attacksadbhoney activityadbhoney honeypotandroid device attacksanonymity network abuseanonymization networkanonymization network trafficanonymization_network_originanonymization_service_trafficanonymous proxiesantarcticaapacheapache attackerapi servicesapplication layer protocolaptasaasiaattackattack sourceattack_patternattacker ipattacker ip: confirmedattacker ipsattacker-ipaustraliaauthbypassauthenticationauthentication abuseauthentication attackauthentication attemptauthentication bypass attemptauthentication_bypassauthorization bypassautomated attackautomated attacksautomated feedautomated threatautomated-attackautomated_attackautomated_attacksbad reputationbad web botbankingblocklist_allblog spambotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute-force-attackbrute_forcebrute_force_attackbruteforcec2c2 addressesc2 communicationc2 infrastructurec2 servercisco asacisco asa targetingcisco devicecisco device attackcisco device attackscisco device exploitationcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised credentials attemptcompromised hostcompromised host attemptcompromised host indicatorscompromised infrastructure indicatorsconnected devicesconpot activityconpot honeypotconpot ics probingcontent deliverycowriecowrie activitycowrie datacowrie honeypotcowrie honeypot detectioncowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_guessingcredential_stuffingcredentialscredit card servicescvecve exploitcve exploitationdarkforumsdata encryptiondata exfiltrationdata exfiltration attemptsdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase scanningdatabase securityddosddos attackddos reflectiondecoy systemdenial of servicedevice managementdictionary attackdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea logsdionaea malware samplesdirectory traversaldistributed attacksdnsdns attackelasticpot activityelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexit nodeexit node threatexploitexploit attemptexploit attemptsexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexploitsexport-to-otxexternal access attemptsexternal threatfail2ban triggeredfailed authenticationfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinancefinance and insurancefinancial servicesfinancial technologyfinlandfireholfirewall eventfrancefraud ordersftpftp attacksftp brute forceftp brute-forceftp protocolftp scanningftp_attemptsftp_brute_forcegermanyget request abusehackinghashheralding activityhoneynet connecthoneypot 24h activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpicsics securityics/scada attacksidentity & access exploitationimapimap attackindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsindustrial iotinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinput validation bypassinternet facinginternet of thingsinternet-facingintrusion detectioniociocsiot analyticsiot applicationsiot attacksiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipphoney print exploitsipv4ipv4 addressipv4 attacksipv4_addressit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server targetinglamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlateral movementlinuxlinux serverslinux systemslinux systems targetedlinux-server-attacklinux_serverslogin attacklogin attemptlogin attemptslouisiana honeypot datalow-riskmailoney activitymailoney email harvestingmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious domainmalicious domainsmalicious emailmalicious file transfermalicious hashesmalicious hostmalicious ip activitymalicious ipsmalicious linksmalicious login attemptmalicious login attemptsmalicious network activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious urlsmalicious-activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware download attemptsmalware indicatorsmalware propagationmalware propagation attemptmalware scanningmalware urlsmispmobile threatmodbus attacksmonthlymssqlmssql brute forcenetworknetwork activitynetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork servicesnetwork trafficnetwork-based attack attemptsnetwork-devicesnetwork_attacknetwork_devicenetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnorth americaoceaniaopen port detectionopen proxyopenctiopenphish feedopenphish iocopportunistic attackos command injectionosintp0fp0f signaturespassword attackpassword attackspassword-guessingpath traversalpayment processingperimeter devicesphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsping of deathpolandport-scanningpossible credential reusepossible credential stuffingpossible malware distributionpossible malware propagationpossible reconnaissancepossible vulnerability exploitationpost request abusepotential botnet activitypotential compromisepotential credential compromisepotential exploitpotential exploit activitypotential intrusionpotential malicious activityprivilege escalationprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol_scanningproxyproxy ipsransomwarerdp attacksrdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis honeypotremote accessremote access attemptremote access attemptsremote code executionremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingreverse sshs7comm attacksscams & fraudscannerscannersscanning activityscripting attackssesecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer exploitationsentrypeer honeypotsentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp enumerationsftp exploit attemptsftp exploitation attemptsftp exploitation attemptssftp scansftp-attacksip attackssip brute forcesip scansip scanningsmart devicessmb attackssmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsql injectionsql injection attemptssshssh attackssh attacksssh bruteforcessh monitoringssh protocolssh-brute-forcessh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsuricata alertssuspicious-udpswedensyn scansystem compromiset-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1090t1090 proxyt1090.002t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1555t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertanner activitytanner honeypottanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstftpthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestpottpotcetraffic analysisudp scanunattributed threat actorunattributed_threat_activityunauthenticated accessunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunsecured protocol usageurlhaususer executionvalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpn trafficvulnerability scanvulnerability-scanningwealth managementweb apisweb app attackweb application attackweb application attacksweb application exploitationweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploit attemptweb exploitationweb hostingweb infrastructureweb protocolsweb scannerweb securityweb serverweb server attackweb server attacksweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serversweb_applicationweb_attacks

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
37
Reports
First seenMar 24, 2025
Last seenJun 5, 2026
GeolocationSE
CountrySweden
LocationSundbyberg, Stockholm County
ASNAS214503
OrgR0CKET-CLOUD
Coords51.2993, 9.4910
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 45.84.107.0 - 45.84.107.255 netname: R0CKET-CLOUD-2 country: EU admin-c: NA8786-RIPE tech-c: NA8786-RIPE status: ASSIGNED PA mnt-by: MNT-QUXLABS created: 2024-08-08T08:19:19Z last-modified: 2024-08-08T08:19:19Z source: RIPE geofeed: https://as203038.net/geofeed.csv role: QuxLabs AB NOC address: QuxLabs AB address: c/o Helioworks address: Sundbybergs Torg 1 address: 172 67 Sundbyberg address: Sweden nic-hdl: NA8786-RIPE mnt-by: MNT-QUXLABS created: 2024-04-29T07:40:19Z last-modified: 2024-08-08T15:47:49Z source: RIPE # Filtered route: 45.84.107.0/24 origin: AS214503 mnt-by: MNT-QUXLABS created: 2024-08-08T08:25:10Z last-modified: 2024-08-08T08:25:10Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-21/, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 day ago
Appeared in 37 threat reports