IPMediumSignal 70/100

`45.84.107.74`

Location

Sweden

Sundbyberg, Stockholm County

ASN

AS214503

R0CKET-CLOUD

First Seen

Jan 19, 2025

Last Seen

Jun 17, 2026

Jan 19

First Seen

522d ago

Jun 17

Last Seen

9d ago

Reports

source reports

70%

Confidence

medium

Found in 42 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

70%

Signal Score

70 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

106 techniques

Network Information

Country

Sweden

RegionSundbyberg, Stockholm County

ASNAS214503

OrganizationR0CKET-CLOUD

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

42 reports70% confidence

Source reports

70%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningadb attackadbhoney activityadbhoney honeypotand injection attemptsandroid device attacksanonymity network abuseanonymization networkanonymization network trafficanonymization_network_originanonymization_service_trafficanonymous proxiesantarcticaapacheapache attackerapi servicesapplication layer protocolaptaqasaasiaasp.net core vulnerabilityattachment phishingattackattack sourceattack source ipattack_patternattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypass attemptauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated collectionautomated emailautomated feedautomated multi-vector probingautomated threatautomated-attackautomated_attackautomated_attacksazure resource hijackingbad reputationbad web botbase64base64 encodingbecblock listblocklist_allblog spambotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk emailc2c2 addressesc2 communicationc2 infrastructurec2 servercertificate authority compromisechecks-user-inputchinachina mobilecisco asacisco asa targetedcisco brute forcecisco devicecisco device attackcisco device exploitationcisco device probingcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_devicescloud infrastructurecode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised host indicatorscompromised infrastructure indicatorsconpot activityconpot honeypotconpot ics probingcontent deliverycowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential phishingcredential stuffingcredential theftcredential-stuffingcredential_accesscredential_access_attemptscredential_guessingcredential_stuffingcredentialsctadarkforumsdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase exploitation attemptsdatabase probingdatabase securityddosddos attackddos reflectiondecoy systemdenial of servicedetect-debug-environmentdevice compromise attemptsdevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdistributed attacksdnsdns attackelasticpot activityelasticpot exploitationelasticpot honeypotelasticsearch monitoringemailencryptionendpoint scanningenterprise networkingenumerationeuropeexecutable fileexit nodeexit node threatexploitexploit attemptexploit attemptsexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal access attemptsexternal remote servicesexternal threatfailed authenticationfattfatt signaturesfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefinlandfireholfirewall eventfranceftpftp attacksftp brute forceftp brute-forceftp_attemptsftp_brute_forcegermanyhackinghashheralding activityheralding probinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshong konghttphttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicmpicsics securityics/scada attacksidentity & access exploitationimapimap attackindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial-accessinitial-access-attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facingintrusion detectioniociocsiot securityiot targetediot/ics attackip-addressip-addressesipphoney activityipphoney honeypotipphoney print exploitsipv4ipv4 addressipv4_addressit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjsonkestrel request smugglingkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlcialinux serverslinux systemslinux systems targetedlinux-server-attacklinux-server-attackslinux_serverslogin attacklogin attemptlogin failurelong-sleepslow-riskmailmailoney activitymailoney email harvestingmailoney honeypotmailoney interactionmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious domainmalicious domainsmalicious emailmalicious email trafficmalicious file transfermalicious hashesmalicious ipmalicious ip activitymalicious ipsmalicious linksmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious sftp activitymalicious sftp trafficmalicious softwaremalicious ssh activitymalicious ssh trafficmalicious trafficmalicious urlsmalicious-activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware propagationmalware scanningmalware urlsmispmobile threatmod securitymodbus attacksmonthlymysqlnetworknetwork activitynetwork attacksnetwork device attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-attacknetwork-based attack attemptsnetwork-reconnaissancenetwork_attacknetwork_devicenetwork_indicatorsnetwork_reconnaissancenetwork_service_exploitationnorth americaoceaniaopen proxyopenctiopenphish feedopenphish iocopportunistic attackos command injectionosintoverlayp0fp0f signaturespasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpassword-guessingpassword_guessingpayment fraudpeexeperimeter devicespgp signphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlsphpping of deathpolandport-scanport-scanningportscanpossible credential reusepossible credential stuffingpossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpotential botnet activitypotential credential compromisepotential exploitpotential lateral movementpotential malicious activitypotential reconnaissancepotential vulnerability exploitationprice requestprice request scamprocess injectionprotocol exploitationprotocol scanningprotocol-abuseprotocol: emailprotocol: sftpprotocol: sshprotocol_scanningproxyproxy ipspublicly accessible infrastructureransomwarerdp attacksrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityredis exploitationredis honeypotredishoneypotremote accessremote access attemptremote loginremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingreverse sshs7comm attacksscams & fraudscannerscannersscanning activityschedule themescheduled task abusescripting attacksscripting languagesesecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer communicationsentrypeer detectionsentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningservice-scanservice: lampsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptssftp port scansftp probingsftp-attackshell access attemptssignedsingaporesip attackssip brute forcesip port scansip scansip scanningsmb attackssmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsqlsql injectionsql injection attemptssql-injectionsshssh attackssh attacksssh bruteforcessh monitoringssh port scanssh-brute-forcessh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsurface websuricata alertssuspicious-udpswedensyn scansystem accesst-pott1003t1003.001t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1090t1090 proxyt1090.002t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1136t1187t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1552.001t1555t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1590t1590.001t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner detectiontanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forcetelnet_attemptstextthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-intelthreat_activitythreat_actor_activitythreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_exit_nodetorexittorexitnodestpottpotcetraffic analysisudp port scanudp scanunattributed threat actorunattributed_threat_activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesurlhausus abuseus nonevalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpn trafficvulnerability scanvulnerability-scanvultrweb apisweb app attackweb application attackweb application attacksweb application exploitationweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitweb exploit attemptweb exploitationweb hostingweb infrastructureweb securityweb server attacksweb service scanningweb servicesweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb_applicationweb_attackswetransfer abusewindows

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

70%

Confidence

Reports

First seenJan 19, 2025

Last seenJun 17, 2026

GeolocationSE

CountrySweden

LocationSundbyberg, Stockholm County

ASNAS214503

OrgR0CKET-CLOUD

Coords51.2993, 9.4910

ProxyVPN

VirusTotal

Not checked

WHOIS

description: Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw: inetnum: 45.84.107.0 - 45.84.107.255 netname: R0CKET-CLOUD-2 country: EU admin-c: NA8786-RIPE tech-c: NA8786-RIPE status: ASSIGNED PA mnt-by: MNT-QUXLABS created: 2024-08-08T08:19:19Z last-modified: 2024-08-08T08:19:19Z source: RIPE geofeed: https://as203038.net/geofeed.csv role: QuxLabs AB NOC address: QuxLabs AB address: c/o Helioworks address: Sundbybergs Torg 1 address: 172 67 Sundbyberg address: Sweden nic-hdl: NA8786-RIPE mnt-by: MNT-QUXLABS created: 2024-04-29T07:40:19Z last-modified: 2024-08-08T15:47:49Z source: RIPE # Filtered route: 45.84.107.0/24 origin: AS214503 mnt-by: MNT-QUXLABS created: 2024-08-08T08:25:10Z last-modified: 2024-08-08T08:25:10Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://redpiranha.net, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-21/, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`45.84.107.74`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey