IPMediumSignal 87/100

`157.240.3.29`

Location

United States

Seattle, Washington

ASN

AS32934

Facebook, Inc.

First Seen

Dec 1, 2023

Last Seen

May 8, 2026

Dec 1

First Seen

926d ago

May 8

Last Seen

37d ago

Reports

source reports

87%

Confidence

medium

1/91

VirusTotal

detections

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

87%

Signal Score

87 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

84 techniques

Network Information

Country

United States

RegionSeattle, Washington

ASNAS32934

OrganizationFacebook, Inc.

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

11 reports87% confidence

Source reports

87%

Confidence score

Category tags

30000saaaaabuseabxcdeacceptaccess ob0005active scanactive scanningaddressaddress googleaddress rangeaddress serverafricaalertsalienvault_ransomwareallocation typeamazonamazon rsaanalysis dateanalysis ob0001analysis ob0002angry quasiapnicapnic whoisappleapple device compromiseapplication analysisarin whoisarubaas-protectasiaaspackautorunav detectionsbad reputationbanking trojanbase64-embeddedbobsoftbodybotnetbotnet activitybrute forcebrute force attackcanadacat antiviruscatalog treecbe oglobalsignch uacheckschecks amountcidrcloud infrastructurecnamecode executioncode injectioncom laudecom tektonitcommand & controlcommand and controlcommand executioncommunication protocolcompromised systemscompromised websiteconnected devicescontains-apkcontains-elfcontains-zipcontrol ob0004cookiecosta ricacreation datecredential accesscredential harvestingcredential stuffingcredential theftcsc corporatedatadata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferdata uploadddosddos attacksdefense evasiondeletedenver postdetections nonedevice managementdgadistributed attacksdns attackdockdocument filedoddomains showdownloads-zipdrive-by attackdynamicdynamic dnsdynamicloaderdyndns checkipe1203 windowseducationelfelf:mirai botnet activityencryptionentityentriesentries httpexecutable fileexecution flowexpirationexpiration dateexploitexploitation activityexternal ipextortionextrf0002 pollingfacebook_crawler-benignfacts otxfailedfailurefilesfiles domainfiles ipfiles locationfiles relatedfind suflag unitedgandi sasgepysgoogle llcgoogle teamguatemalahio50 c1hostname addhostname enumerationhttp attackhttp scannerianaicmp trafficidentity & access exploitationids detectionsigorincluded reviewindiaindia asnindia ip blockindia unknownindicatorindustrial iotinfo checksinformation gatheringinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinstainstallintelinternet of thingsinvalid pointeriociocsiosios devicesios malwareiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipadosipv4 addit infrastructurekey algorithmkey identifierkey infokey usagekeyloggerlengthlinklinuxlocallockdown modelokibotlookuplowfiltd dbamacosmacos devicesmalicious domainsmalicious downloadmalicious linksmalicious softwaremalwaremalware activitymalware distributionmalware installationmatch infomatch unknownmedia centermediummetadata analysismexicomiaxdxmirai botnetmiss xmobilemobile securitymobile threatmoniker onlinemonitoringmovedms defendermsiemsilmtb yaramyrakezname serversnamecheap incnation-state activitynemtihnetworknetwork intrusionnetwork namenetwork scanningnextnext associatedno expirationnone googlenone indicatornone relatednorth americansisnumberonlineopen portsopendiroperating systemorg domainsoriginal fotx telemetryouno snipackingpanamapassive dnspassword attackspavlovpehash externalpexephishingphishing attackphysical securitypleaseportpp mafiapresent aprpresent decpresent junpresent novpresent sepprivacy violationprivate buildprivate nameprocess injectionprocess32nextwproxypublic keypulsepulse pulsespulse submitpulsespulses nonepulses otxpushqueryr6 alphasslransomransomwareratreadread creadsreconnaissancerecord valueredrumreferences tryreferral urlrelated nidsrelated pulsesrelated tagsrelated truremote access toolremote servicesresearchedresponse iprmsrms moduleroad cityrogerssafe browsingsandboxsavbwcdscannerscanning activityscans recordscript urlssea xsearchshowshowingskykitslcc2smart devicessocial engineeringsocial media securitysoftware developmentsoftware exploitationstaticstatic analysisstatic analyzerstatussubject publicsubmitsystem disruptiont1003t1005t1010t1012t1016t1018t1021t1021.001t1027t1030t1036t1045t1047t1053t1055t1056t1057t1059t1059.007t1063t1064t1068t1069.001t1070t1071t1071.001t1078t1081t1082t1083t1091t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1119t1120t1129t1133t1140t1143t1189t1190t1202t1203t1204t1204.001t1210t1222t1485t1486t1490t1496t1497t1499.002t1499.003t1518t1539t1542t1547t1548t1555t1562t1564t1565t1566t1566.001t1566.002t1566.003t1574t1574 dllt1587.001t1589t1589.001t1590.001t1592t1595t1595.001t1595.002t1595.003t1614ta505tagstaskjob t1053tektonit yaratelecommunicationstelockthomaskralowthreat actortitle errortls handshaketor nodetrojan malwaretrojandroppertsara brashears targettulachtwitter runningtype oua fullua platformudp a83f8110uniqueunit dataunitedunited statesunknown nsunknown soaupxurlsurls showurlscan iousus creationuwmlifev2 documentv3 serialvaluevendor findingverified-benignviruswatchweb application attackweb exploitationweb securityweb trafficwhois registrarwhois serverwin.malware.snojan-6775202win32 malwarewin32:banker-laawin32qqpass aprwindowwindows malwarewindows ntwormwritewrite cx cachexssyarayara detectionsyara.trojan.remoteadmin-151

Activity Timeline

1 total obs

May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The IP address 157.240.3.29 is identified as a critical Indicator of Compromise (IOC) with a high severity score of 86.7, signifying a substantial threat to organizational security. This address has been directly associated with TA505, a highly sophisticated APT group renowned for its involvement in financial cybercrime and ransomware operations, underscoring the severity of potential engagements. Its links to several potent malware families, including Win.trojan.remoteadmin-151 and the ransomwa…

Threat ScoreHigh Risk

SIGNAL

Signal Score

87%

Confidence

Reports

First seenDec 1, 2023

Last seenMay 8, 2026

GeolocationUS

CountryUnited States

LocationSeattle, Washington

ASNAS32934

OrgFacebook, Inc.

Coords47.6109, -122.3303

Proxy

VirusTotal

1/ 91vendors flagged

1% detection rateJun 3, 2026

WHOIS

description: The following is a partial set of logs & leftovers from the Apple Family of Devices

`157.240.3.29`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy