IOC Radar
IPMediumSignal 0/100

34.117.59.81

Location
United StatesUnited States
Kansas City, Missouri
ASN
AS396982
Google Cloud
First Seen
Jul 8, 2023
Last Seen
May 31, 2026
Jul 8
First Seen
1068d ago
May 31
Last Seen
10d ago
3
Reports
source reports
0%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionKansas City, Missouri
ASNAS396982
OrganizationGoogle Cloud

Feed Intelligence Summary

3 reports0% confidence
3
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator of compromise (IOC), an IPv4 address, has been explicitly whitelisted by multiple reputable threat intelligence services, indicating it is considered benign and poses a low risk to organizational security. With a reported score of 0.0, there is no corroborating evidence to suggest malicious intent or activity associated with this IP address. While it appears in various threat intelligence feeds, this presence alone does not imply hostile behavior, especially given its confirmed wh…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
3
Reports
First seenJul 8, 2023
Last seenMay 31, 2026
GeolocationUS
CountryUnited States
LocationKansas City, Missouri
ASNAS396982
OrgGoogle Cloud
Coords39.0997, -94.5786

VirusTotal

Not checked

WHOIS

raw
NetRange: 34.64.0.0 - 34.127.255.255 CIDR: 34.64.0.0/10 NetName: GOOGL-2 NetHandle: NET-34-64-0-0-1 Parent: NET34 (NET-34-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Google LLC (GOOGL-2) RegDate: 2018-09-28 Updated: 2018-09-28 Ref: https://rdap.arin.net/registry/ip/34.64.0.0 OrgName: Google LLC OrgId: GOOGL-2 Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2006-09-29 Updated: 2019-11-01 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment: Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment: Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment: Comment: For fastest response, use the relevant forms above. Comment: Comment: Complaints can also be sent to the GC Abuse desk Comment: ([email protected]) Comment: but may have longer turnaround times. Comment: Comment: Complaints sent to any other POC will be ignored. Ref: https://rdap.arin.net/registry/entity/GOOGL-2 OrgTechHandle: ZG39-ARIN OrgTechName: Google LLC OrgTechPhone: +1-650-253-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN OrgNOCHandle: GCABU-ARIN OrgNOCName: GC Abuse OrgNOCPhone: +1-650-253-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/GCABU-ARIN OrgAbuseHandle: GCABU-ARIN OrgAbuseName: GC Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/GCABU-ARIN
references
80.125.71.115, Yara Detections: Armadillov171, https://malbeacon.com/, prod-lt-playstoregatewayadapter-pa.googleapis.com • redirector.gvt1.com • torexit.net-137.ampr.org, https://www.virustotal.com/graph/embed/g5a4ffbe1307744b29397d2362a7fc0b994dd3808bb3040c7ba30dae382a765f6?theme=dark, https://www.virustotal.com/graph/ga6e62d16f48f4ccba8be6085e739c5d34fed0fe82fc84581bd52e069b01e39c2, https://viz.greynoise.io/analysis/2348c949-353d-4f1c-ab66-e47f3f, https://www.virustotal.com/graph/g808ee4b1b8454204b3663e11889c74e7054dda38b3ba4e44893825a74410df38, https://www.virustotal.com/graph/gaff2ff986d0a4608a5484f363e15a8e2f8631090c9114ac2917672cd1471147a, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, https://github.com/telekom-security/tpotce, Title: The page title. Remote Access - Dynamic DNS - Create a Free DDNS Account Now - No-IP, http://hopto.org/colocrossing/192.3.13.56/telco, N∅ IP: https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://hopto.org/colocrossing/192.3.13.56/telco, SLF:Trojan:Win32/Grandoreiro.A - FILEHASH - SHA256 5253cfaec7456b9fe440ab25207b8e1ff948b04fc2f2f34befc2354bf4431d07, FILEHASH - SHA256 253cfaec7456b9fe440ab25207b8e1ff948b04fc2f2f34befc2354bf4431d07 | IP’s Contacted: 34.117.59.81, Malicious Antivirus Detections SLF:Trojan:Win32/Grandoreiro.A Yara Detections md5_constants , Delphi ,, IDS Defections: Possible Cerber Ransomware IP Check Possible ET INFO RealThinClient Session Init, IDS Defections: Possible External IP Lookup ipinfo.io DNS Query to DynDNS Domain *.ddns .me, Alerts: network_icmp antianalysis_detectfile antidbg_windows antivm_generic_scsi, Alerts: sysinternals_tools_usage antivm_vmware_in_instruction persistence_autorun, Yara Detections: XOR_embeded_exefile_xored_with_round_256_bytes_key, Malware.Nymeria-6993588-0: FileHash-SHA256 9dddb78cec49c05f2bec6f2583e4d8a663435f5a265a09a5966d5d4bfa866761, NanoCore RAT CnC 7 : FileHash-SHA256 0031cb925e76f801a0ca2ebbc32029be927687f0d6183777be917878ffd7cd4b, CVE-2023-23397 | scanning_host IPv4 158.247.7.206 scanning_host IP's: 192.3.13.56 158.247.7.206, Whois-RWS ; Name, SWIPPER ; Handle, SWIPP9-ARIN ; Company, Verizon ; Street, 22001 Loudoun County Pkwy., Whois-RWS ; Name, SWIPPER ; Handle, SWIPP9-ARIN ; Company, Verizon ; Street, 22001, Is Swipper: pool-70-21-23-161.washdc.fios.verizon.net, SWIPPER - IP: 152.199.161.19 ISP Edgecast Inc. Content Delivery Network Domain Name edgecast.com Los Angeles, California, SWIPPER - IP: 152.199.161.19 - Florence, Co related, SWIPPER - ISP: WS/Acs Inc/Acs Usage Type:University/College/School Domain Name: acs-inc.com Pittsburgh, Pennsylvania, SWIPPER Behavior: Brute-Force Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc., SWIPPER Behavior: Category is seperate from DDoS attacks. Bad Web Bot Web App Attack, Confirmed Malware: Cl0p QVM41.1.083F.Malware SLF:Trojan:Win32/Grandoreiro VirTool:Win32/Injector, Confirmed Malware: Trojan:Win/Zombie Trojan:Win32/AutoitInject Trojan:Win32/Glupteba Trojan:Win32/QQpass, Confirmed Malware: Trojan:Win32/Zbot TrojanDropper:Win32/Muldrop Worm:Win32/Mofksys, Command and Control: 208.95.112.1 | 34.154.67.14, https://www.colocrossing.com/, American Registry for Internet Numbers (ARIN) http://www.arin.net › cgi-bin › Who is RWS, https://whois.arin.net/rest/net/NET-71-96-0-0-1/pft?s=71.106.106.47, https://www.crccolorado.com/dr-adam-sang, CS IDS Rules: MALWARE Possible Compromised Host, CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz, CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt, CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses, CS IDS Rules: ET AnubisNetworks Sinkhole Cookie Value btst, http://www.defi-realty.com/jem9/ [phishing], http://45.159.189.105/bot/regex [phishing | tracking], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing | data collection| browser vulnerability], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption], https://www.sentinelone.com/blog/going-deep-a-guide-to-reversing-smoke-loader-malware/, https://attack.mitre.org/software/S0226/, http://watchhers.net/index.php. [ data collection], remotewd.com, https://remote.krogerlaw.com, device-local-7e6b3aa6-e3de-4e8f-9213-9f15c92d1d81.remotewd.com, www.pornhub.com [password decryption], www.supernetforme.com [CnC], ddos.dnsnb8.net [CnC], http://happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg [phishing], http://amaiorpascoadetodas2.com/cgi-sys/suspendedpage.cgi?smart-tv-led-55-samsung-55ru7100-ultra-hd-4k-com-conversor-digital-3-hdmi-2-usb-wi-fi-visual-livre-de-cabos-controle-remoto-%C3%9Anico-e-bluetooth-&skullid=539293743, http://url7639.ascglobal-email.com/wf/open?upn=HDu-2BON2WuckNVJ2U1s3AlMizU2CbfEvFl7S9TXTdQm2nLS-2F0QX6mc4PxuUDVyCyIzMeTvJRSiC633rEV-2B8mukshW0CHiC-2FvQOWOgJR6RGOtzDWutJV4OtjBHGduMDUigvEESSJQD8KXk1UU3bXtRdyd7QpBC-2F7Ti-2Bq6tNr1C4yz-2FXcUbYvtJX4ip5d5t5eXud233BW97tdcojPu0yKWZ0Zm2DyXbj1RIwt-2FO0RcYLC7feNtrpw6OxBd8r4Tc3uHoT7Z9NFErDUBbBuYpsze-2FiBRziGeeMExS5l82Xna4au56co0IdOcfscmwGtC-2BxD3xiJW4v560wXMZQU0G9hqqPVeYTnwZwyfebBz1KLSW-2BIJtHMF6DCNHhatvrb3WM84-2BGpgCxOK1dFKPiKsmPzSc-2BdCAO9BzU3K6G7EaDYNu2cRHdGmat-2BCJs, https://darkforums.me/Thread-Check-Any-Indian-Vehicle-Owner-Details-home-address-phone-number [Whoa Nelly!], https://us-bankofamerica.com/PhoneVerification.php/, http://www.w3.org/TR/html4/loose.dtd | www.w3.org [collection], http://dl.ariamobile.net/mobile/2008.10.a/applications/My_Phone-v2.01-S60v3-[wWw.Ariamobile.Net].zip, http://iphones.email [redirection chain], *Patient PII & PHI at critical risk

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 10 days ago
Appeared in 3 threat reports