IOC Radar
IPMediumSignal 46/100

45.134.26.8

Location
BelarusBelarus
Vawkavysk, Moscow
ASN
AS48207
GLB Bulut Teknolojisi Limited Sirketi
First Seen
Jun 10, 2023
Last Seen
Jun 16, 2026
Jun 10
First Seen
1113d ago
Jun 16
Last Seen
11d ago
15
Reports
source reports
46%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryBYBelarus
RegionVawkavysk, Moscow
ASNAS48207
OrganizationGLB Bulut Teknolojisi Limited Sirketi

Feed Intelligence Summary

15 reports46% confidence
15
Source reports
46%
Confidence score
Category tags
abuseaccessactive scanactive scanningadminandroid exploitationapiattackautomotive manufacturingbad reputationbankingbelarusbotnetbotnet activitybrute forcebrute force attackbrute_forcebulletproof hostingbyciscocisco asa attackcisco devicecivil servicescommand and controlconfigconsumer goodscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescritical vulnerabilitiescve exploitationdata encryptiondata exfiltrationdata store exposuredecoy systemdemodesktopdevice managementdistributed attackselectronic health recordselectronics manufacturingencryptionenterprise networkingeuropeeurope/asiaexecutable fileexploit activityexploit avaliableexploit campaignexploit campaignsexploit kitexploitation activityextortionfinancefinance and insurancefinancial servicesfinancial technologyftpgithubgovernment technologygroupshealth care and social assistancehealth information technologyhealthcare information systemshonghospital managementhtmlhttpidentity & access exploitationin the wildindexindicatorindustrial automationindustrial iotindustrial productioninformation technologyinitial accessinjection activityiot securityit infrastructurelockbitlockbit associated activitymalicious activitymalicious ip addressesmalicious softwaremalwaremanufacturing technologymass scanningmedical servicesmobilemobile securitymobile threatnetworknetwork infrastructurenetwork intrusionnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork_reconnaissancepassword attackspatient carepayloadpayment processingphishingphishing attackprocess injectionprocess manufacturingprotocol exploitationproton66 asnproton66 ippublic administrationpublic infrastructurepublic policypythonquality controlransomwarereconnaissanceredmineregulatory agenciesremote accessremote servicesremote services exploitationresearchedretail traderurussiascannerscanning activityscriptsftpsftp attackslugsocial engineeringsoftware developmentsshssh attackssh monitoringsupply chain attacksupply chain managementsurface websystem disruptiont1005t1018t1021t1021.001t1021.004t1040t1041t1046t1053t1055t1059t1059.004t1064t1068t1071t1071.001t1076t1078t1082t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1210t1486t1490t1496t1499.001t1499.002t1499.003t1558t1563t1565t1566t1566.001t1566.002t1566.003t1567t1583t1588t1589t1590t1591t1592t1595t1595.001t1595.002t1595.003t1598t1600telnet threatthreat actortor nodetpotceunauthorized access attemptundergroundunderground forumsv2vulnerability scanwealth managementwordpress vulnerabilityxml

Activity Timeline

1 total obs
Jun 16Jun 16

Threat Activity Heatmap

· Peak: 2026-06-16
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
15
Reports
First seenJun 10, 2023
Last seenJun 16, 2026
GeolocationBY
CountryBelarus
LocationVawkavysk, Moscow
ASNAS48207
OrgGLB Bulut Teknolojisi Limited Sirketi
Coords55.7569, 37.6151

VirusTotal

Not checked

WHOIS

description
This is clone Mass Scanning and Exploit Campaigns
raw
inetnum: 45.134.26.0 - 45.134.26.255 remarks: Assignment revoked from ORG-PL533-RIPE on 2026-01-30 remarks: Prefix quarantined - not in service remarks: For lawful information requests, please contact the LIR Abuse Desk netname: RU-PROTON66 country: RU org: ORG-PL533-RIPE admin-c: PL14453-RIPE tech-c: PL14453-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2023-03-31T20:14:04Z last-modified: 2026-02-01T17:25:10Z source: RIPE organisation: ORG-PL533-RIPE org-name: Proton66 LLC org-type: OTHER address: pr-kt Iskrovskiy, d. 21YU, kv. 218 address: 193230 Saint Petersburg address: Russia abuse-c: PL14453-RIPE mnt-ref: IP-RIPE mnt-by: IP-RIPE created: 2023-03-31T20:10:41Z last-modified: 2023-03-31T20:10:41Z source: RIPE # Filtered role: Proton66 LLC nic-hdl: PL14453-RIPE address: pr-kt Iskrovskiy, d. 21YU, kv. 218 address: 193230 Saint Petersburg address: Russia abuse-mailbox: [email protected] phone: +7 999 5285271 mnt-by: IP-RIPE created: 2023-03-31T20:09:34Z last-modified: 2023-03-31T20:10:30Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 11 days ago
Appeared in 15 threat reports