IOC Radar
IPMediumSignal 53/100

4.8.9.6

Location
CanadaCanada
Toronto, Ontario
ASN
AS3356
Level 3
First Seen
Apr 16, 2026
Last Seen
Apr 23, 2026
Apr 16
First Seen
68d ago
Apr 23
Last Seen
61d ago
3
Reports
source reports
53%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Network Information

CountryCACanada
RegionToronto, Ontario
ASNAS3356
OrganizationLevel 3

Feed Intelligence Summary

3 reports53% confidence
3
Source reports
53%
Confidence score
Category tags
acceptacrongl integbackbazaarcache entrycalls processchrome cachecloseentryeuropefirstgif imageindicatorinfolcidmitre attmwdbnetworknextnorth americantopenfile filepathphishingpng imageresearchedriffservicessdeepstreamstringformatstringformatdott1003t1012t1014t1036t1046t1055t1056t1071t1082t1083t1095t1140t1203t1221t1485t1496t1542t1564t1566t1573threat actortoggletor nodeukraineunitedunited statesunixvp8 encodingwebp imagewindows sandboxx85bxa1pyuv color

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
3
Reports
First seenApr 16, 2026
Last seenApr 23, 2026
GeolocationCA
CountryCanada
LocationToronto, Ontario
ASNAS3356
OrgLevel 3
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Here is the full text of Yomi's Verdict, which was sent to the BBC by the MITRE team and is now available to view via the web browser, via iPlayer, £1.
raw
NetRange: 4.0.0.0 - 4.127.255.255 CIDR: 4.0.0.0/9 NetName: LVLT-ORG-4-8 NetHandle: NET-4-0-0-0-1 Parent: NET4 (NET-4-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Level 3 Parent, LLC (LPL-141) RegDate: 1992-12-01 Updated: 2019-07-17 Ref: https://rdap.arin.net/registry/ip/4.0.0.0 OrgName: Level 3 Parent, LLC OrgId: LPL-141 Address: 100 CenturyLink Drive City: Monroe StateProv: LA PostalCode: 71203 Country: US RegDate: 2018-02-06 Updated: 2024-06-17 Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY: Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY: Comment: Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden. Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering. Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so. Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination. Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met. Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Our looking glass is located at: https://lookingglass.centurylink.com/ Comment: Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page: Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html Comment: Comment: For abuse issues, please email [email protected] Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/LPL-141 OrgAbuseHandle: LAC56-ARIN OrgAbuseName: L3 Abuse Contact OrgAbusePhone: +1-877-453-8353 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/LAC56-ARIN OrgRoutingHandle: RPKIR-ARIN OrgRoutingName: RPKI-ROA OrgRoutingPhone: +1-877-886-6515 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN OrgTechHandle: APL7-ARIN OrgTechName: ADMIN POC LVLT OrgTechPhone: +1-877-453-8353 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/APL7-ARIN
references
https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295422&Signature=MGWQsvbK%2B2fzrIXTtkiC8a4hyB42AqIP%2BEYXiYCIQunSYrk3mxbrKM70fNx%2Bnk%2BqR8PHxvPuhe3s0SL1u6JizNPvRu%2FI%2Fr6M0FQnaCaDjJmN9xWKFtyiqCrJmG3YuDnhWyJpFBDJjEPRUTdc3ZQNc6mc9yHGlT3ReRPPj4WmyXPQiyR%2B9OhTVVph7xsVgk%2BNfZ4RKGrJS0kYj9BsMLJpUU2WiqIJxxFhQI%2FsubPcbRl9SSLi66Sc, https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295548&Signature=RKMl9Ti%2FIEwtVcecQkZvvcGP8IRy%2BOarFR0pAA1%2FwIeDTwGqYrAtzLQuLQanu9XcwhzxxjencTEt7C0aekGtzZubGI1CqGmsZwt9HZwmSg5bwM1Mrg6q98HNY14aPYkfvyoWwGqIe%2FBc56KMYG2IQtkp4BI110vNYueOxVdjH7ucAj7VmP5LM%2FMSPZS6FGZOXUGz5uT9dWgmzH84nj0GGXgxzopu7KstQyXUfSe2yoRkYQ2O1weE, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295630&Signature=TWmnms0j0EAynoVgzAAGnFNZ59548rJO8tXmmDJgPTaMSVEC66%2BiaIuxJdIjws23FyDkw5Q%2BHCPjbG96Tu2xMfJ4MMgCW10JC48yAgqfpHkeataovA7w3qEBAeyk5I6T%2B6gJ8w%2Bn4QCcjhGhNmaQTYB64TylVV7sJHS6ZgMcLjmB8601iHsLImh8d5pqYXP02vB9jxGojeqoESQ2dhme8MwnzE6tio4xIFpNEdjDjBvgHMPbx5E4f9b, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295686&Signature=e7ilcyg3a0lgCevSKe3wPqb2tRyDyMpmafAu0uPw81VkvqwyU66fBup558Ffl4F81tkypdO1bctU6ufCZrhundVPG%2FjETxKdFFvK%2FScl1Q1SQ2QpRR3YLuvdTg%2FcXqqqLmZ%2BhYe74Wbp8sBMXuMEQSfdZO%2FSoUAxTxF%2FWwfS7aNC8ePcbnl50oI1MRDx0KNodRC3qXoICpUlcL%2FYWtlZMbi67A4qz0HLsz%2B9%2Fj, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295707&Signature=bFkDOzIAOCZFSxQYdRvHOOIs6LTlLcdExd362Gq1NaK15UiMHX9QT5qHKi42FwP7JAHKv1QHajbGumSMwOtprT5hliFeSV2sw%2BWZ66D0h6%2FChZzROiBuxC6bjaFhnJI8yr2q7TbpC0sGdk%2BGAY8PxRMeNgwZ1VJzNfbkCErzMK%2FTe0jH%2BA0ejQCgeVMwRydbOzl091fXkrl4ombfZJqGFRBzUPUqqUQE3xU4fVDSnT2L%2FKWfHw, https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295736&Signature=OLEx8EplUxZPrF7FhVUZaNqWvPDJu%2Bf7aIpde%2B0wDXGjVso%2BPaIRoZt%2B%2BysT5WjpPpI8cNTbb%2BgPLAT80hcjvZqZv4Jpt%2BfniNnG6sT86NLmmUr8PzZNJeqw4tFKteQCWOiwzF0qJ4Jrv%2BjwmOxizSFEQYwX7JdqRYmCd1kVtEM3PgQqX5%2BW2gAlpSPM2N61J6N5YOhvaHMp52tGKEbaYGMaakcmL7%2FqPuUqJ4a%2FD0y5GE%2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 3 threat reports