IOC Radar
IPMediumSignal 84/100

45.134.26.80

Location
Russian FederationRussian Federation
Vawkavysk, Sankt-Peterburg
ASN
AS48207
GLB Bulut Teknolojisi Limited Sirketi
First Seen
Apr 25, 2025
Last Seen
Jun 6, 2026
Apr 25
First Seen
416d ago
Jun 6
Last Seen
9d ago
8
Reports
source reports
84%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryRURussian Federation
RegionVawkavysk, Sankt-Peterburg
ASNAS48207
OrganizationGLB Bulut Teknolojisi Limited Sirketi

Feed Intelligence Summary

8 reports84% confidence
8
Source reports
84%
Confidence score
Category tags
abuseactive scanningandroid exploitationattackautomotive manufacturingbankingbotnetbrute forcebrute_forcebulletproof hostingcivil servicescommand and controlconsumer goodscredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescritical vulnerabilitiescve exploitationdata encryptiondata exfiltrationdemodistributed attackselectronic health recordselectronics manufacturingeurope/asiaexploit activityexploit avaliableexploit campaignexploit campaignsexploit kitextortionfinancefinance and insurancefinancial servicesfinancial technologyftpgovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshonghospital managementin the wildindicatorindustrial automationindustrial iotindustrial productioninformation technologyinitial accessit infrastructurelockbitlockbit associated activitymalicious activitymalicious ip addressesmalicious softwaremalwaremanufacturing technologymass scanningmedical servicesmobilemobile securitynetworknetwork intrusionnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancepatient carepayment processingphishingphishing attackprocess injectionprocess manufacturingprotocol exploitationproton66 asnproton66 ippublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesremote accessremote servicesremote services exploitationresearchedretail traderussiascannerscanning activitysocial engineeringsoftware developmentssh attacksupply chain managementsystem disruptiont1005t1018t1021t1021.001t1040t1046t1053t1055t1059t1064t1068t1071t1071.001t1076t1078t1082t1083t1110t1110.002t1133t1189t1190t1203t1204t1210t1486t1490t1496t1499.002t1499.003t1558t1563t1565t1566t1566.001t1566.002t1566.003t1567t1583t1588t1589t1590t1591t1592t1595t1595.001t1595.002t1595.003t1598t1600telnet threatthreat actorundergroundunderground forumswealth managementwordpress vulnerability

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
8
Reports
First seenApr 25, 2025
Last seenJun 6, 2026
GeolocationRU
CountryRussian Federation
LocationVawkavysk, Sankt-Peterburg
ASNAS48207
OrgGLB Bulut Teknolojisi Limited Sirketi
Coords59.8944, 30.2642

VirusTotal

Not checked

WHOIS

description
This is clone Mass Scanning and Exploit Campaigns
references
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-1-mass-scanning-and-exploit-campaigns/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 8 threat reports