IOC Radar
IPMediumSignal 0/100

151.101.65.91

Location
United StatesUnited States
Montreal, California
ASN
AS54113
Fastly, Inc.
First Seen
Mar 27, 2025
Last Seen
May 30, 2026
Mar 27
First Seen
444d ago
May 30
Last Seen
16d ago
5
Reports
source reports
0%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionMontreal, California
ASNAS54113
OrganizationFastly, Inc.

Feed Intelligence Summary

5 reports0% confidence
5
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
5
Reports
First seenMar 27, 2025
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationMontreal, California
ASNAS54113
OrgFastly, Inc.
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
TTB-Chained executes a systemic collapse of the cryptographic chain of trust. Exploiting DNSSEC-unsigned protocols and .net edge nodes, it injects C++ payloads into the resolution chain prior to verification. Remediating via certificate expiration is ineffective; the architecture leverages systemic flaws in DMARC/SPF/DKIM and cryptographic handshake protocols to lock "Hollow Library" assets into the environment pre-enforcement, ensuring total detection evasion. The conduit utilizes a multi-umbrella transit strategy: Lumen (AS3356) + RIPE (37.97.254.27) + Fastly (151.101.130.159). These 63.16 KB "hollowed" assets masquerade as signed updates for total penetration. TTB-chained executes high-speed wipers targeting firmware/boot sectors, triggering complete corruption of hardware beyond restore. Once the root hosted in IP {53.xxx] is compromised and the pre-verified environment is saturated, the hardware is physically neutralized. -msudosos. See Belasco Chain for more.
raw
NetRange: 151.101.0.0 - 151.101.255.255 CIDR: 151.101.0.0/16 NetName: SKYCA-3 NetHandle: NET-151-101-0-0-1 Parent: RIPE-ERX-151 (NET-151-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Fastly, Inc. (SKYCA-3) RegDate: 2016-02-01 Updated: 2021-12-14 Ref: https://rdap.arin.net/registry/ip/151.101.0.0 OrgName: Fastly, Inc. OrgId: SKYCA-3 Address: PO Box 78266 City: San Francisco StateProv: CA PostalCode: 94107 Country: US RegDate: 2011-09-16 Updated: 2025-03-25 Ref: https://rdap.arin.net/registry/entity/SKYCA-3 OrgNOCHandle: FNO19-ARIN OrgNOCName: Fastly Network Operations OrgNOCPhone: +1-415-404-9374 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/FNO19-ARIN OrgTechHandle: FRA19-ARIN OrgTechName: Fastly RIR Administrator OrgTechPhone: +1-415-404-9374 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/FRA19-ARIN OrgAbuseHandle: ABUSE4771-ARIN OrgAbuseName: Abuse Account OrgAbusePhone: +1-415-496-9353 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4771-ARIN
references
https://www.virustotal.com/graph/embed/g69893935fadf4844ba16e31e50d346031181cd20a59942169dfcbf362cb87c92?theme=dark, FileHash-SHA256 025ca2c59c26197f3c1cd746469a5b9fe219a748716abd90daee792f34037d63, mastodon.social, https://families.google/intl/pt-PT_ALL/familylink/, http://service.adultprovide.com/docs/records.htm?site=bigtitsboss, slscr.update.microsoft.com •client.wns.windows.com • c.pki.goog • login.live.com, https://discuss.ai.google.dev/c/gemma/10, https://uj140.keap-link003.com/v2/render/acc9c3f6b0340c8e01d0d3d0e1662c9e/eJxtjjsLwjAUhf_LnTP0hdRspYQSWkXEwU1Ce4XUmob0Riil_90o0snxPD7OWYDQKEOyAw6-j7MIGDhstdVoqBwNqfYbprs4T3IGgzaPyo3eAl_-sVv-cbM0yfYRA5otho44FLKBddOXc1HW8ljdTvIqmgDjU5N4heEJODmPDJS1aLrfjxpn4Hc1TLi-ARRkO0Y=/pixel.png, https://m.bigwetbutts.com/ tmi, Spyware: FileHash-SHA256 035e393630953b89c602e7cfa3409da790e99309c2d916336147cf9c59ee1b89, Mirai: simswap.in, 66.254.114.41 • brazzersnetwork.com • brazzers.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian • www.pornhub.com, https://buildings.hexagongeosystems.com • https://connect.hexagongeosystems.com, https://load.ss.hexagongeosystems.com • https://rail.hexagongeosystems.com, https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/iocs, https://www.virustotal.com/graph/embed/g36d8fc13d786418ab1d0a75cc331f0eb5bca28d4a4fe4666a84f23e25fb6600b?theme=dark, https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/summary, https://report.netcraft.com/submission/iduhE4oNTsMOSAeOeBjzZdIfCLtefF3P - 07.23.25 - see notes on references*, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3, https://www.virustotal.com/graph/embed/gd8e70aa0638046c8af997e3e7fe529f1cfe2a121f5ca473880544f95a17eb56e?theme=dark, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3/iocs, https://tria.ge/240930-t6zdtsvfmk, https://mwdb.cert.pl/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://jaffacakes118.dev/analysis/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://tip.neiki.dev/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List, https://www.virustotal.com/graph/embed/g9e26667333d9418897f0ed8ce09560a6f8c68666f388427fb984306cf72b0125?theme=dark, https://www.virustotal.com/graph/embed/ga6f4f3cb5f1143dba3a0c5c4de4b4253709421851a914925a1512678f1034e9a?theme=dark, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/iocs, https://www.virustotal.com/gui/collection/0c323ad7f87df817719f1709edb03022c6b7fa4d27907b90eef0d5c863c1624a/graph, https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs, https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark, https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551, https://www.hybrid-analysis.com/sample/bc437a855075805df699bd915cd27814a799969bb38db45f09f5f16a54ccc5b6/655e548bc2555fc8280ba976, https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 16 days ago
Appeared in 5 threat reports