IOC Radar
IPMediumSignal 48/100

173.254.30.120

Location
United StatesUnited States
Phoenix, Arizona
ASN
AS31898
Unified Layer
First Seen
Oct 2, 2020
Last Seen
May 24, 2026
Oct 2
First Seen
2094d ago
May 24
Last Seen
34d ago
14
Reports
source reports
48%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Network Information

CountryUSUnited States
RegionPhoenix, Arizona
ASNAS31898
OrganizationUnified Layer

Feed Intelligence Summary

14 reports48% confidence
14
Source reports
48%
Confidence score
Category tags
abuseactive scanactive scanningapacheapache attackerbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcec2c2 activitycommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscredential accesscredential stuffingcredential-accessdata exfiltrationdata store exposureddosddos preparationdenial of servicedistributed attackseuropeexecutable fileexploitexploitationexploitation activityfinlandhackinghttphttp scanneridentity & access exploitationindicatorinformation technologyinjection activityit infrastructurelogin-brute-forcemalicious domainmalicious linksmalicious softwaremalwaremalware filternetworknetwork attacksnetwork intrusionnetwork reconnaissancenetwork scanningnorth americapassword attacksphishingphppossible infectionprocess injectionreconnaissanceresearchedscannerscanning activityscripting languagesoftware developmentssh attackt1005t1018t1021t1040t1046t1053t1055t1056t1059t1059.007t1065t1068t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1185t1190t1203t1204t1204.001t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566t1566.003t1573t1583t1595.001t1595.002t1595.003tcptcp protocolunited statesuswebweb application attackweb application exploitationweb developmentweb exploitationweb securityweb traffic

Activity Timeline

1 total obs
May 24May 24

Threat Activity Heatmap

· Peak: 2026-05-24
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
14
Reports
First seenOct 2, 2020
Last seenMay 24, 2026
GeolocationUS
CountryUnited States
LocationPhoenix, Arizona
ASNAS31898
OrgUnified Layer
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

raw
NetRange: 173.254.0.0 - 173.254.127.255 CIDR: 173.254.0.0/17 NetName: UNIFIEDLAYER-NETWORK-8 NetHandle: NET-173-254-0-0-1 Parent: NET173 (NET-173-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Unified Layer (BLUEH-2) RegDate: 2010-10-05 Updated: 2025-08-04 Comment: OCITOKEN::173.254.56.0/21:d4854c3f4e2050536e592439214736116a4ab54079a0955645ac348630c7dca9 Ref: https://rdap.arin.net/registry/ip/173.254.0.0 OrgName: Unified Layer OrgId: BLUEH-2 Address: 1958 South 950 East City: Provo StateProv: UT PostalCode: 84606 Country: US RegDate: 2006-08-08 Updated: 2025-07-24 Ref: https://rdap.arin.net/registry/entity/BLUEH-2 ReferralServer: rwhois://rwhois.unifiedlayer.com:4321 OrgTechHandle: ENO74-ARIN OrgTechName: EIG Network Operations OrgTechPhone: +1-781-852-3200 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ENO74-ARIN OrgAbuseHandle: EIGAB1-ARIN OrgAbuseName: EIG-Abuse Mitigation OrgAbusePhone: +1-877-659-6181 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/EIGAB1-ARIN OrgNOCHandle: ENO74-ARIN OrgNOCName: EIG Network Operations OrgNOCPhone: +1-781-852-3200 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ENO74-ARIN OrgAbuseHandle: NOC2320-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-801-765-9400 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NOC2320-ARIN RTechHandle: NETWO2081-ARIN RTechName: Network Operations RTechPhone: +1-801-765-9400 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/NETWO2081-ARIN RAbuseHandle: NOC2320-ARIN RAbuseName: Network Operations Center RAbusePhone: +1-801-765-9400 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/NOC2320-ARIN RNOCHandle: TECHN497-ARIN RNOCName: Technical Operations RNOCPhone: +1-801-765-9400 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/TECHN497-ARIN
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 14 threat reports