IOC Radar
IPMediumSignal 16/100

45.148.7.2

Location
CanadaCanada
Toronto, ON
ASN
AS42201
PVDataNet AB
First Seen
May 15, 2021
Last Seen
May 11, 2026
May 15
First Seen
1865d ago
May 11
Last Seen
42d ago
13
Reports
source reports
16%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
16%
Signal Score
16 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Network Information

CountryCACanada
RegionToronto, ON
ASNAS42201
OrganizationPVDataNet AB

Feed Intelligence Summary

13 reports16% confidence
13
Source reports
16%
Confidence score
Category tags
abuseactive scanactive scanninganna paulaapacheapache attackeraptatom silobad reputationbad web botbotnet activitybrute forcebrute-forcebruteforcecacanadachoppercowriecredential harvestingcredential stuffingddosdenial of servicedionaeaexploitation activityfattfraud voipfrom emailhackingheadersidentity & access exploitationiocmalspam emailmsi filenetworknorth americap0fphishingphishing attackproxyransomwarereconnaissanceremote code executionresearchedscams & fraudscannersensor-taggedsocial engineeringspamssht1190t1203t1499.001t1566.001t1566.002t1566.003t1595.001t1595.002t1595.003tannerthreat actortpotweb app attackweb application attackweb exploitationwebshellzip archive

Activity Timeline

1 total obs
May 11May 11

Threat Activity Heatmap

· Peak: 2026-05-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
16
SIGNAL
Signal Score
16%
Confidence
13
Reports
First seenMay 15, 2021
Last seenMay 11, 2026
GeolocationCA
CountryCanada
LocationToronto, ON
ASNAS42201
OrgPVDataNet AB
Coords43.6644, -79.4195

VirusTotal

Not checked

WHOIS

raw
NetRange: 45.139.136.0 - 45.150.51.255 CIDR: 45.150.32.0/20, 45.144.0.0/14, 45.150.48.0/22, 45.139.160.0/19, 45.139.192.0/18, 45.148.0.0/15, 45.150.0.0/19, 45.139.144.0/20, 45.140.0.0/14, 45.139.136.0/21 NetName: RIPE NetHandle: NET-45-139-136-0-1 Parent: NET45 (NET-45-0-0-0-0) NetType: Early Registrations, Transferred to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2014-05-22 Updated: 2025-04-14 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/45.139.136.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
Bruteforce.pdf, 2021-09-21-Curriculo-IOCs.txt, https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html, https://github.com/volexity/threat-intel/blob/main/2022/2022-06-02%20Active%20Exploitation%20Of%20Confluence%200-day/indicators/indicators.csv, https://github.com/volexity/threat-intel/blob/main/2022/2022-06-02%20Active%20Exploitation%20Of%20Confluence%200-day/indicators/yara.yar, https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/, https://github.com/sophoslabs/IoCs/blob/master/ransomware_atomsilo.csv, https://www.fortiguard.com/threat-signal-report/4172/atom-silo-ransomware-actor-leverages-confluence-vulnerability, https://www.fortinet.com/blog/threat-research/recent-attack-uses-vulnerability-on-confluence-server, https://www.cisa.gov/uscert/ncas/current-activity/2022/06/02/atlassian-releases-security-updates-confluence-server-and-data

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 13 threat reports