Dashboard›🇸🇪 Sweden›45.84.107.74

THREAT REPORT

IP Threat Report
45.84.107.74

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-27 06:21:22

First seen: 2026-02-21 03:07:22

Last seen: 2026-03-07 15:00:04

Geolocation & Classification

IP Address

45.84.107.74

Type

Hosting

Country

🇸🇪 Sweden

City

Sundbyberg

ISP

QuxLabs AB

Organization

R0CKET-CLOUD

Autonomous System

AS214503 QuxLabs AB

Hit Count

Detection Signatures

Signature	Description	Points
Form spam: too_fast	Spam/malware keywords in request content	+0
Form spam: latin_name	Spam/malware keywords in request content	+0
UA bot: Go-http-client	Known bot/crawler User-Agent detected	+40
Danger medium hits: 1	Medium-risk: admin panels, config files	+10
404 ratio >= 60%	Majority of requests returned 404 — enumeration	+25
POST requests present	Behavioral anomaly detected by automated analysis	+8

Σ = 83

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-02-21 03:07:22

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Form spam: too_fast, Form spam: latin_name, UA bot: Go-http-client (+40)

2026-03-07 15:00:04

Last malicious request observed

Total score reached: 83/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

QuxLabs AB

AS214503 · 🇸🇪 Sweden

Recommendations

Actions taken & recommended

IP 45.84.107.74 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Other malicious IPs detected in the same /24 subnet — consider blocking 45.84.107.0/24
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

📧 Content Abuse Prevention

IP 45.84.107.74 is flooding forms with spam. Implement time-based tokens and block IPs submitting more than 5 forms per hour.

🤖 User-Agent Anomaly Defense

IP 45.84.107.74 shows suspicious UA behavior. Block empty User-Agent requests. Implement JavaScript-based bot detection for sensitive endpoints.

🔎 Directory Scan Defense

IP 45.84.107.74 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.

Neighbors in 45.84.107.0/24

Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.

45.84.107.47

Score: 95 · Hits: 271

45.84.107.182

Score: 83 · Hits: 500

45.84.107.172

Score: 83 · Hits: 225

45.84.107.198

Score: 73 · Hits: 561

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (1)

Port	Service	Risk	Description
443	HTTPS	Low	HTTPS web server — encrypted web traffic

Hostnames: exit-07.tor.r0cket.net

PTR: exit-07.tor.r0cket.net

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

45.84.107.74 has been assigned a threat score of 83/100 (Critical). This places it in the critical threat category. Immediate blocking is strongly advised across all network perimeters.

The following attack categories were identified:

User-Agent AnomalyPath Enumeration

📊 Threat Analysis

Our monitoring infrastructure has identified 45.84.107.74, geolocated to Sundbyberg, Sweden, operating on the network of QuxLabs AB, as a source of suspicious network activity. Over a period of 14 days, this IP generated 10 malicious requests, averaging approximately 0.7 requests per day. Operating from datacenter infrastructure, this IP is typical of addresses used in organized attack operations. Cloud and VPS providers are commonly exploited as launching platforms for automated scanning. Two attack patterns were identified (User-Agent Anomaly and Path Enumeration), suggesting a semi-automated campaign that targets multiple vulnerabilities. Our records show 110 malicious IPs originating from Sweden, positioning it as a significant contributor to global threat activity. The score of 83/100 indicates a confirmed malicious actor. Network-level blocking is appropriate.

This IP belongs to a hosting or data center provider. Malicious traffic from hosting infrastructure often originates from compromised VPS instances, rented servers used for scanning campaigns, or abused free-tier cloud accounts. Hosting providers typically respond to abuse reports within 24-72 hours.

Related Threats

🇸🇪 Top threats from Sweden

74.241.249.229 (340)91.92.42.63 (300)91.92.42.120 (300)51.107.182.56 (280)20.91.197.150 (280)View all →

🏢 Same network: AS214503

45.84.107.47 (95)45.84.107.182 (83)45.84.107.172 (83)45.84.107.54 (73)45.84.107.174 (73)View all →

Security Intelligence

💡 SQL Injection Campaigns

SQL injection remains one of the most common web attack vectors. Attackers inject malicious SQL code through input fields to extract database contents, modify data, or gain administrative access. Automated scanners test for SQLi vulnerabilities at massive scale.

💡 Directory Traversal Attacks

Path traversal attacks attempt to access files outside the intended directory by manipulating file path references. Attackers use sequences like ../ to reach sensitive system files such as /etc/passwd or application configuration files.

🔍 Check Any IP Address

Share this report:

IP Threat Report45.84.107.74

⛔ Verdict: BLOCK