IPMediumSignal 29/100

`104.254.151.60`

Location

United States

Los Angeles, California

ASN

AS29990

AppNexus, Inc

First Seen

Jul 21, 2023

Last Seen

May 22, 2026

Jul 21

First Seen

1068d ago

May 22

Last Seen

32d ago

Reports

source reports

29%

Confidence

medium

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

29%

Signal Score

29 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

99 techniques

Network Information

Country

United States

RegionLos Angeles, California

ASNAS29990

OrganizationAppNexus, Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

9 reports29% confidence

Source reports

29%

Confidence score

Category tags

.top domaina7i stringaaaaabuseacademic institutionsacceptaccept chaccessaccess ta0006account compromiseaccount discoveryaccount hijackingaccount manipulationaccount profilingaccount securityaccount takeoveractive relatedactive scanactive scanningactor/campaign: q vashtiadded activeaddress asaddress domainaddress rangeaddress virtualadmin countryadobe helpadware affiliateaerospace & defenseaf81 httpagentakamaiasn1alertsall ipv4all octoseekallocation typeameranalysis dateanalysis noanalyzeanomalous fileappleapple controlapple id phishingapple incapple iosapplication developmentarabicartroas autonomousascii textasiaasnoneasnone unitedattackauthenticationauthorityav detectionav detectionsavast avgawsdnsazorult cncazure tlsb imageb scriptbabylonbackdoorbad actorbad reputationbad trafficbalticbanking trojanbazaarbinary filebinrmblacklist httpsbodybody doctypebody htmlborland delphibotnetbotnet activitybrand spoofingbrian sabeybrute forcebrute force attackbusiness impersonationc2ca creationca idca issuersca limitedcalibricanada flagcanada hostnamecanada unknowncapecapturecat ozerosslcatalog filecentercentoschinachina educationchina telecomchina unicomchromecidrcivil servicesck idck idsck techniquesclassclick-based attackcloud infrastructurecloudfront xcnamecncomodo ecccnisrg rootcnletcnuscnzerossl ecccobalt strikecobaltstrikecodecode executioncode injectioncolorscom laudecommandcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescommunity scorecomodocompany limitedcompromised websiteconnect facebookcontactcontacted hostscontacted urlscontentcontent lengthcontent reputationcontent typecontrol ta0011cookiecopy md5copy sha1copy sha256corecorporate lawcountry namecph50 c2creation datecredential accesscredential harvestingcredential stuffingcredential theftcriminal gangcriteria idcrl cachecrypcsc corporatectacubacus oletcus subjectcust execustomer clientcyber threatsczechia unknowndarklivitydatadata accessdata aggregationdata copyingdata deletiondata encryptiondata exfiltrationdata store exposuredata transferdata uploadddosdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydeletedelphidelphi genericdenver postdepot techdes moinesdesigndevelopment methodologiesdevopsdga domainsdigicert httpsdigitaloceanasndirectorydisplaysdistributed attacksdiv divdnsdns attackdnssecdockdomainpath namedominican republicdone addingdos borlanddstrootduo insightdynadotdynadot incdynadot llcdynamicloadere0b functione4609lecho requestedgeeducational resourceseducational serviceseducational technologyelectronic health recordsemailsemotetencryptencrypt cnr10encryptionenigmaenterprise securityentity amazon4entriesentries peerroret infoeuropeeurope/asiaev serverevasion ob0006evasion ta0005excelexpirationexpiration dateexpiredexplexploitexploitation activityexpressextortionextra datafacebook urlfailedfailurefalcon sandboxfalsefastlyfear factorfilesfiles domainfiles ipfiles locationfiles relatedfiles showfinancefinancial extortionfinancial servicesfinancial theftfindfirstflagflag unitedfor privacyfoundryfoundry typeframeframingfraudfred scherrfrom win32biosfull urlg2 tlsgandi sasgeckogeneral fullgeneratorgenericgeneric malwaregeneric windosgeoipgermanyget httpghostgmbh versiongooglegoogle httpsgoogle llcgoogle safegoogle teamgoogle updategoogle urlgootloadergovernment technologygraph communitygreat britaingreatergreekgroupgtmkvjvztk dlguardh1 centerhandlehashhasheshealth care and social assistancehealth information technologyhealthcare information systemshebrewhighhigher educationhistorical sslhistory killerhithong konghospital managementhosthostname addhostname enumerationhours agohtml documenthtml internethtml publichttp attackhttp scannerhybridicloudicmpicmp trafficico mainiconicons libraryidentity & access exploitationidentity searchids detectionsiframeinclude reviewindicatorindicators showindonesiainformation gatheringinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinfrastructure communicationingress tool transferinitial accessinjection activityinput validation bypassinstallintelintel macintellectual property lawinternal nameinvalid urliocsiot securityipv4ipv4 addireland unknownissuing cait infrastructureitaly unknownite oja3sjavascript srcjeffrey reimerjeffrey reimer ptjs userk-12 educationkangenkey algorithmkey identifierkey infokey usagekgs0khtmlkls0launcherlaw practicelearnlearn xmllegal consultinglegal researchlegal serviceslegal technologyless whoisletslevel3librarylicenselightlimitedlinelinklinkerlinkid69157 urllocallocalelockbitlog idlog operatorlogo analysislooklooplowfiltcgcltd dbamainmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware downloadmalware droppermanmarkusmediamedia centermedical servicesmediummembermenmeta httpmetadata analysismetromexicomigratemiles itmilitary operationsmimeminimitre attmobilemobile carriersmobile networksmobile securitymobile threatmodule loadmonitored targetmonitoringmovedmozillamsiemsilmutexes nothingmwdbn bethsedaname redactedname servername serversname sizename tacticsname verdictnation-state activitynational securitynetherlandsnetworknetwork infonetwork namenetwork reconnaissancenetwork scanningnetwork_icmpnew romannextnext associatednext httpnib filesno expirationnone filenone rticonnorth americanothingnumberob0002 defenseobz4usfn0 httpoc0001 processoc0003 dataocomodo caocspoffice depotoletopenoperating systemoperating system securityorg dataos xos2 executableouno snioverview dnsp2404packed executablepacketparentpassive dnspassword attackspastepatch managementpath traversalpatient carepattern matchpayload hellopayment securitypayment system attackpaypalpe filepe32 compilerpe64 compilerperforms dnsphilisphishingphishing attackphishing linkphp logopingplaygamepleasepoisonporkbun llcportpost httppragmapresent aprpresent augpresent decpresent febpresent julpresent junpresent marpresent novpresent octpresent sepprivacyprivacy cityprivacy countryprivacy createprivacy incprivacy updateprocess injectionprocesses extraproduct developmentprotocol h2protonproxypsiusapublic administrationpublic infrastructurepublic keypublic policypublic urlpulsepulse pulsespulse submitpulsespulses nonepulses otxpulses urlpushpythonpython softwarequality assurancerandomransomransomwarereadread creadsreconreconnaissancerecord valuered teamredacted forredlinestealerrefererrefreshregistrant faxregistry adminregulatory agenciesregulatory compliancerelated nidsrelated pulsesrelated tagsrelicremote accessremote attackersremote servicesreport spamrequestrequest chainrequests domainresearch groupresearchedresolved ipsresource pathrestartresults augresults janresults junresults sepreverse dnsrexx typerole titleromanroot carowsrsa publicrsa sha256rstunfruby logorussiarussia unknownsabey typesalfordsamplessan franciscoscams & fraudscan analysisscan endpointsscannerscans showscorescore cleanscriptscript scriptscript urlsscripting attacksse bethsedasearchsectigo httpssecure serversecurity tlsserver responseserversserviceservice privacyset cookiesetupseznamshowshowingsiblings domainsimdasite casizesize426kib typesize45b typeslcc2snisniffssoa nxdomainsoc radarsocial engineeringsocial media securitysoftware architecturesoftware caddysoftware developmentsoftware engineeringsoftware exploitationsoftware testingsoftware vulnerabilitiesspamspanspawnssrcrootssdeepssh attackssl certssl certificatestarfieldstatusstatus pagestrictorstringsstrongstusstwa lredmondstylesubidsubjectsubject publicsubmit urlsummarysummary iocssummary leafsuspsweepsystsystemsystem disruptionsystem oc0008t1003t1005t1014t1021t1021.001t1027t1030t1031t1033t1036t1045t1046t1047t1053t1055t1057t1059t1059.001t1059.007t1060t1064t1069.001t1070t1071t1071.001t1074t1078t1082t1083t1086t1090t1095t1105t1106t1110.001t1110.002t1110.003t1110.004t1112t1113t1119t1129t1132t1133t1140t1143t1155t1189t1190t1192t1202t1203t1204t1204.001t1204.002t1210t1480t1485t1486t1490t1496t1497t1499.001t1499.002t1499.003t1518t1539t1542t1543t1547t1548t1553t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1568t1569.002t1573t1574t1583t1583.003t1587.001t1588t1588.001t1589t1589.001t1590t1590 gathert1590.001t1595t1595.001t1595.002t1595.003ta0004 defenseta0008 commandtag counttagstargeted brand: appletargeted brand: paypaltargetstechtech countrytelecom servicestelecommunicationstempthreatthreat actorthreat analyzerthreat networkthreat reportthreat roundupthreat scorethrowntimes newtimestamp entrytitletitle addedtitle errortlstls handshaketls snitls webtlsv1tlsv1 aprtofseetoolstop destinationtop sourcetor nodetoroptriple mirrorstrojan malwaretrojandroppertsara brashearstucowstucows domainstulach typetwittertypetype indicatortype mimetypeubuntuukraineunauthorized accessunitedunited kingdomunited statesunknown nsupgradeurlsurls httpurls httpsurls showususer agentuser executionuss cusvwusvwuutc submissionsv3 serialvalidvalueverifyversionvictim networkviewer filevikingvirtoolvisitvmwarevt graphvulnerability scanweb application attackweb application exploitationweb exploitationweb securityweb trafficweeks agowhois recordwhois serverwhois sslcertwhois whoiswin.malware.snojan-6775202win16 newin32 exewin32 malwarewin32:banker-laawin32qqpass aprwindowwindowswindows malwarewindows ntworldwormwritewrite cx cachex poweredx509v3 subjectx8i stringxml titlexvideosy3i stringyarayara detectionsyara ruleyoa httpsz6s3iz6s3i stringz6s3i y3i

Activity Timeline

1 total obs

May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

29%

Confidence

Reports

First seenJul 21, 2023

Last seenMay 22, 2026

GeolocationUS

CountryUnited States

LocationLos Angeles, California

ASNAS29990

OrgAppNexus, Inc

Coords34.0544, -118.2440

Proxy

VirusTotal

Not checked

WHOIS

description: CC=US ASN=AS29990 appnexus inc
raw: NetRange: 104.254.148.0 - 104.254.151.255 CIDR: 104.254.148.0/22 NetName: APPNE-NET3 NetHandle: NET-104-254-148-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Xandr Inc. (APPNE) RegDate: 2015-01-06 Updated: 2015-01-06 Ref: https://rdap.arin.net/registry/ip/104.254.148.0 OrgName: Xandr Inc. OrgId: APPNE Address: 28 23rd Street Address: Fifth Floor City: New York StateProv: NY PostalCode: 10010 Country: US RegDate: 2008-01-07 Updated: 2024-11-04 Ref: https://rdap.arin.net/registry/entity/APPNE ReferralServer: rwhois://rwhois.appnexus.net:4321 OrgTechHandle: APPNE-ARIN OrgTechName: appnexus-ipadmin OrgTechPhone: +1-646-723-7844 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/APPNE-ARIN OrgAbuseHandle: APPNE1-ARIN OrgAbuseName: appnexus-abuse OrgAbusePhone: +1-646-723-7844 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/APPNE1-ARIN
references: https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, videolal.com [Exploitation for privilege - Turns victim into target then spys, smears, embeds pornography in devices], videolal.com was first found hosted : https://rexxfield.com/ | https://crt.sh/?id=410492573 | https://crt.sh/?id=411260982, https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/michael.pbxuser.auto.html, https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/, https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/project.pbxproj.auto.html, https://opensource.apple.com/source/security_certificates/security_certificates-2/roots/, https://crt.sh/?q=videolal.com, https://opensource.apple.com/source/security_certificates/security_certificates-2/Makefile.auto.html, https://opensource.apple.com/source/security_certificates/, https://crt.sh/?graph=410492573&opt=nometadata, https://crt.sh/?spkisha256=2c5ef644a15ed2d591aee707a125b2870da480a0bc16d78022a311c93aca5b15, Tracey Richter smear included Brashears: http://video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n, Tracey Richter smear: video-lal.com/videos/diabolical-sentencing.html, Tracey Richter smear: video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n, Tracey Richter smear: video-lal.com/video/fbcwPGTSo5lrA7e/tracey-richter-documentary?cpc=no, Malware hosting: http://videolan.mirror.triple-it.nl/vlc-android/3.0.4/VLC-Android-3.0.4-ARMv7.apk, video-lal.com/videos/sandra-richter-video.html, Denver Attorney Frank Azar Smear: video-lal.com/videos/sherryce-emery-frank-azar-&-associates.html, Brashears smear: video-lal.com/videos/tsara-brashears-dead-by-daylight.html, http://tx-p2p-pull.video-voip.com.dorm.com/Accept-Language, Crazy: video-lal.com/videos/michael-roberts.html, https://urlscan.io/screenshots/e40cd846-7c34-45a5-9f79-fea139f5b1ee.png, http://secure.applegiftcard.com • 199.59.243.224: http://tx-p2p-pull.video-voip.com.dorm.com • 199.59.243.224: http://wpad.dorm.com, notonmytrack.info • http://notonmytrack.info • https://pochta-rf.ru/track74157857 • patch-tracker.gnewsense.org • mysql.snore.co, Darren Meade: https://urlscan.io/result/e5f1d6fe-036e-4291-8595-0a33e5dacba5/#behaviour • alleged partner turned enemy of Michael Roberts, http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe | smithsthermopadtool.com, http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe •, Unclear given names authentic. Michael Roberts, Darren Mitchell Meade , M. Brian Sabey could be used interchangeably. Black hats w/pseudonyms., Smith tech may refer to Det. Ben Smith. HallRender; a media company, producing nonsensical, albeit convincing evidence of deeply fake content., Possibly false names given by individual involved. Brian Sabey Hall Render | Michael Roberts Rexxfield | Darren Meade former partner of Roberts, Responsible reopening Richter case via alleged Detective Ben Smith | Names Below linked to porn spewing Videolan , Videolal, Video-lal (Honeypots?) |, http://www.hallrender.com/attorney/brian-sabey |, Sabey: https://www.google.com/search?q=tsara+brashears&client=ms-android-tmus-us-rvc3&sca_esv=52c806ab62ec5c59&cs=1&prmd=inv&filter=0&biw=347&bih=710&dpr=2.08#ip=1, https://www.hallrender.com/attorney/brian-sabey, https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png | www.hallrender.com | rexxfield.com, http://usb.smithtech.us • http://usb.smithtech.us/apps/downloads/NSISPortable.exe • http://usb.smithtech.us/apps/downloads/xplorer2.lite.portable.exe, http://usb.smithtech.us/projects/downloads/• http://usb.smithtech.us/projects/downloads/psu.exe • smithsthermopadtool.com, servicer.mgid.com • http://iv-u15.com/imbd-104-é»’å®®ã‚Œã„-å¤å°‘å¥³-é»’å®®ã‚Œã„-blu-ray • https://load77.exelator.com/pixel.gif, brain-portal.net, 303 Status. Ide redirect from: https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297, https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf, https://otx.alienvault.com/pulse/64cf438a574eae18716e5954, https://otx.alienvault.com/pulse/64d018ee4623e8fcd386c2e1, https://otx.alienvault.com/pulse/65418472eb20b10ee5510fde, https://otx.alienvault.com/pulse/64d65255c80d866add600bac, https://otx.alienvault.com/pulse/65204565ac1e8bce4de26df3, https://otx.alienvault.com/pulse/65a342310ab3d2c69778d608, Refuses to remove target from adult content "tagging", https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z, qbot.zip, imp.fusioninstall.com, https://mylegalbid.com/malwarebytes, 192.185.223.216 | 192.168.56.1 [malware], http://45.159.189.105/bot/regex, https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null, http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf, xhamster.comyouporn.com, cams4all.com, watchhers.net, weconnect.com, icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net, http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe, init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com, Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com, https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music, https://www.songculture.com/tsara-lynn-brashears-music, https://www.anyxxxtube.net/search-porn/tsara-brashears/, youramateuporn.com, ns2.abovedomains.com, ww16.porn-community.porn25.com, https://totallyspies.1000hentai.com/tag/clover-porn/, pirateproxy.cc, [email protected] | piratepages.com, 838114.parkingcrew.net, static-push-preprod.porndig.com, www.redtube.comyouporn.com, https://severeporn-com.pornproxy.page/, https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend, yoursexy.porn | indianyouporn.com, source-6.youporn.express | source-6.sexpornsource.com hostname source-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com, cdn.pornsocket.com, http://secure.indianpornpass.com/track/hotpornstuff, www.anyxxxtube.net, https://twitter.com/PORNO_SEXYBABES, http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo, campaign-manager.sharecare.com, qa.companycam.com, https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1, 24-70mm.camera, dropboxpayments.com, http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org, http://xred.mooo.com, https://sexgalaxy.net/tag/rodneymoore/, http://alive.overit.com/~schoolbu/badmood3.exe, jimgaffigan.com

`104.254.151.60`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey