IOC Radar
IPMediumSignal 0/100

34.160.111.145

Location
United StatesUnited States
Kansas City, Missouri
ASN
AS396982
Google Cloud
First Seen
Jun 29, 2023
Last Seen
Jun 3, 2026
Jun 29
First Seen
1088d ago
Jun 3
Last Seen
18d ago
4
Reports
source reports
0%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionKansas City, Missouri
ASNAS396982
OrganizationGoogle Cloud

Feed Intelligence Summary

4 reports0% confidence
4
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The provided Indicator of Compromise (IOC), an IPv4 address identified as 34.160.111.145, has been explicitly whitelisted by multiple reputable threat intelligence services, including AlienVault OTX Feeds, AlienVault Ransomware-Firehol, and Cisco-Talos. This comprehensive whitelisting, coupled with an extremely low score of 0.0, definitively categorizes this IOC as benign and poses no current threat to the organization. Its inclusion in threat intelligence feeds, despite its benign nature, may b…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
4
Reports
First seenJun 29, 2023
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationKansas City, Missouri
ASNAS396982
OrgGoogle Cloud
Coords39.0997, -94.5786

VirusTotal

Not checked

WHOIS

references
2021-09-21-Curriculo-IOCs.txt, https://github.com/MSUDenverSystemsEngineering/Salt-Instructional-18/tree/master/AppDeployToolkit, Andariel group » State-sponsored threat actor & Defense media, IDS Detections: Possible Zbot Activity Common Download Struct Zbot Generic URI/Header Struct .bin, Alerts: nids_malware_alert network_icmp dumped_buffer2 allocates_execute_remote_process, Alerts: persistence_autorun creates_user_folder_exe injection_createremotethread, Alerts: injection_modifies_memory injection_write_memory modifies_proxy_wpad packer_polymorphic self_delete_bat banker_zeus_p2p, PWS:Win32/Zbot!CI: FileHash-SHA256 edfec48c5b9a18add8442f19cf8ecd8457af25a7251cb34fe2d20616dcf315ef, Domains Contacted: crl.microsoft.com blackmarket.ogspy.net, FileHash-SHA256 e5c584fdb2a3684a52edb41836436bb3d88221ffd3eb252516e1ca6dc879f8f9, TrojanDownloader:Win32/Cutwail: IDS Detections: W32/Zbot.InfoStealer WindowsUpdate Connectivity Check With Opera UA Possible Zeus GameOver Connectivity Check 2, NSO Group auto populated/relevant to research results. For several year we've seen evidence of Pegasus attacks on Americans., Apple:appleremotesupport.com | appleid.cdn-appme.com | appleid.cdn-aqple.com | www.ns1.bdn-apple.com, Used as Apple IP's : 160.153.62.66 | 162.255.119.21 | 192.64.119.254, Apple: ns2.usm87.siteground.biz | ns2.usm87.siteground.biz | Hostnme www.appleremotesupport.com, espysite.azurewebsites.net, http://45.159.189.105/bot/regex [command and control infection source], http://update.partitionwizard.com/checking-update/ko/verconfig-v11-registered.txt, http://www.partitionwizard.com/checking-update/ko/verconfig-v11-registered.txt, http://tracking.minitool.com/pw/launch.php?120100-from-enterprise-v11, http://www.google-analytics.com/r/collect?v=1&_v=j83&a=160340377&t=pageview&_s=1&dl=http://tracking.minitool.com/pw/launch.html?120100-from-enterprise-v11&ul=en-us&de=utf-8&dt=launch%20tracking&sd=32-bit&sr=1152x864&vp=79x26&je=0&fl=19.0%20r0&_u=IEBAAE~&jid=960554243&gjid=1088832951&cid=1848517172.1595359858&tid=UA-686301-39&_gid=1248672958.1595359858, http://tracking.minitool.com/pw/launch.html?120100-from-enterprise-v11, https://twitter.com/PORNO_SEXYBABES, https://adservice.google.com.uy/clk init.ess.apple.com, WinToFlash-Lite-The-Bootable-USB-Creator-1.13.0000-Setup.exe | Setup.Bin Lockbin1.com, crl.globalsign.com WinPCA.crl gscodesigng2.crl crl.globalsign.net root.crl crl.microsoft.com WinPCA.crl analytics.js tracking.minitool.com launch.php, VTBehaviour.CommonDataStirage.GoogleAPIs.com Playatoms-pa.googleapis.com SongCulture.com bam.nr-data.net, https://www.google.co.kr/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-686301-28&cid=1048899291.1595287580&jid=1064984308&_v=j83&z=1277946686&slf_rd=1&random=491737294, Yara Detections: Delphi , ProtectSharewareV11eCompservCMS, Alerts: stops_service network_icmp network_irc persistence_autorun creates_largekey antisandbox_mouse_hook, Alerts: infostealer_keylogger rat_pcclient process_interest injection_resumethread stealth_hiddenfile, Domains Contacted: cdn2.minitool.com www.partitionwizard.com, https://otx.alienvault.com/indicator/file/22e8de5785b65790950eeef5e81dadf9acd44d7767399f8a88bab8b7059b1269, PWS:Win32/Ymacco: FileHash-SHA256 22e8de5785b65790950eeef5e81dadf9acd44d7767399f8a88bab8b7059b1269, PWS:Win32/Ymacco: FileHash-MD5 0145b299e0d988750bd, PWS:Win32/Ymacco: FileHash-SHA1 05d3eef1b402fcceced24bd5e8cc3d613c311419, samsungdevapi.reverselogix.net, https://otx.alienvault.com/otxapi/indicators/file/screenshot/22e8de5785b65790950eeef5e81dadf9acd44d7767399f8a88bab8b7059b1269, https://otx.alienvault.com/indicator/hostname/www.partitionwizard.com, TEL:Trojan:Win32/Injector.AB!MSR: FileHash-SHA256 3a8d5782cd3335cb19bc9f1588a9303e7c8bf46aa0a6dd8d9a8fbada0dc23293, TEL:Trojan:Win32/Injector.AB!MSR: FileHash-MD5 502983a98c69c012c600e2a2a7b2a1af, TEL:Trojan:Win32/Injector.AB!MSR: FileHash-SHA1 217eed43662f43704c5c65bbdb503699b8689d6a, CVE-2017-0147 CVE-2017-11882 CVE-2017-8570 CVE-2018-8453 CVE-2014-0160, https://otx.alienvault.com/indicator/url/http://www.pulsesolutions.com/WebService/EasyLoggerWebService.asmx/, Ransom:Win32/Crowti.A: FileHash-SHA256 3328a110970be661ce1267a553fa2ddf, Ransom:Win32/Crowti.A: FileHash-SHA1 f7e6be8e6b15e4c67d82ec663abee6f0a292ff77, Ransom:Win32/Crowti.A: FileHash-MD5 3328a110970be661ce1267a553fa2ddf, https://otx.alienvault.com/indicator/file/94cdf28c30c4bb09d191990706844f10d8ba837459c9a81dd672f209e77c2fb9, IDS Detections: CryptoWall Check-in Zeus Bot Connectivity Check External IP Check myexternalip.com IP Check myexternalip.com, Alerts: procmem_yara injection_inter_process injection_create_remote_thread antiav_servicestop suricata_alert suspicious_command_tools, Alerts: bcdedit_command stealth_network cape_detected_threat deletes_shadow_copies infostealer_cookies, TrojanSpy:Win32/Nivdort.DC: FileHash-SHA256 00f4950d49404f58e223c0946f18a2a779c502d82ce67d419ce42f794666d3c8, TrojanSpy:Win32/Nivdort.DC: FileHash-SHA1 fa773890465396aefe1a6b74d107ce1fee664ef9, TrojanSpy:Win32/Nivdort.DC: FileHash-MD5 ecd1617974166e34de036ddf859a78f6, Trojan:Win32/Formbook!MTB: FileHash-SHA256 c72bf65e0b2635221ce291191b40ddae3d599e418601dcef5d3ef4ab6e929d5f, Trojan:Win32/Formbook!MTB: FileHash-SHA1 3bba9a34622ca39fe8b7132da8056a0d8c9be36c, Trojan:Win32/Formbook!MTB: FileHash-MD5 1f5c006f1ef8d4998c5a6392c4082aef, VirTool:Win32/Obfuscator.JM: FileHash-SHA256 b4cbdc6fe310af9d4d089d36141ca51d5b91ce877c6d0f6f78fc8bd8e6ce5b37, https://saptools.mx/files/aud2txt-linux.zip | linuxeater.com | [email protected] | https://saptools.mx/files/aud2txt-linux.zip, Related Domains By Email DOMAIN ORGANISATION NAME: citrusea.com - Kent Riboe | linuxeater.com - Kent Riboe [[email protected]], https://admin.safeid.io/Account/ResetPassword?token=Bx_9HrVhO0ihjnilL3BfcpM9s_1XmMRCAI4Sr1QWsLNmMlpmaAH0DI8fWkk7MSrh, Tracking: jrstrackingfunction.com | http://tracking.orca-functions.zoovu.solutions/ | http://tracking.orca-functions.zoovu.solutions/, Tracking: https://sharepointwow.msnd36.com/tracking/lc/3d8656d6-d66c-4b3b-aec3-a363f4faf30f/9d15012d-b2b5-4d70-abb1-eed6eff85f20/7b92544e-3ea3-dccc-179b-fdc110fc452a/, Tracking: URL http://45.159.189.105/bot/regex | http://tracking.minitool.com/pw/launch.html?120100-from-enterprise-v11, Tracking: http://tracking.minitool.com/pw/launch.php?120100-from-enterprise-v11 No Expiration 0 URL http://www.google-analytics.com/r/collect?v=1&_v=j83&a=160340377&t=pageview&_s=1&dl=http://tracking.minitool.com/pw/launch.html?120100-from-enterprise-v11&ul=en-us&de=utf-8&dt=launch%20tracking&sd=32-bit&sr=1152x864&vp=79x26&je=0&fl=19.0%20r0&_u=IEBAAE~&jid=960554243&gjid=1088832951&cid=1848517172.1595359858&tid=UA-686301-39&_gid=1248672958.1595359858&_r=1&z=1767086795, IDS Detections: Win32/Kapahyku.A Activity 1 PUP/ASMalwNS.A Checkin Observed Suspicious UA (NSIS_Inetc (Mozilla)), iappletech.com | init.ess.apple.com | https://appliedinnovation.forms.pia.ai/r | join.appliedpsych.com, Zeus: FileHash-SHA256 94cdf28c30c4bb09d191990706844f10d8ba837459c9a81dd672f209e77c2fb9, https://hybrid-analysis.com/sample/6765f47ea77c8274c8e4973ed95aedf59e75998c62f6029e23c58cdf36ed85ba/654afdbdc621e7037801cce7, 20.99.186.246 exploit source, fp2e7a.wpc.2be4.phicdn.net, https://www.anyxxxtube.net/search-porn/tsara-brashears/ (phishing, ELF, Prism.exe found), https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian (password cracker), http://182.22.25.124:7878/182.22.25.124:443 (malicious dropper), init.ess.apple.com (malicious code script), https://www.pornhub.com/video/search?search=tsara+brashears (Malicious PW cracker | stylebk.css stylesheets - not found ), https://urlscan.io/result/a328d9ff-fb49-4078-960d-a757fd41404f/#indicators, VirusTotal Link: https://www.virustotal.com/gui/ip-address/20.99.186.246/detection, Abuse IPDB Link: https://www.abuseipdb.com/check/20.99.186.246, IPv4 45.12.253.72. command_and_control, Hostname: ddos.dnsnb8.net command_and_control, IPv4 95.213.186.51 command_and_control, Hostname: www.supernetforme.com command_and_control, IPv4 103.224.182.246 command_and_control, IPv4 72.251.233.245 command_and_control, IPv4 63.251.106.25 command_and_control, IPv4 45.15.156.208 command_and_control, IPv4 104.247.81.51 command_and_control, http://ambisexual.phone-sex-blogs.com/http:/ambisexual.phone-sex-blogs.com/images/thumbnails/pic118.jpg (phishing), https://downloaddevtools.ir/ (phishing), happylifehappywife.com, apples.encryptedwork.com (Interesting in the blacknet), https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635. (iOS unlocker and hijacker), https://www.anyxxxtube.net/media/favicon/apple (password cracker and iOS hijacker), https://www.apple.com/shop/browse/open/country_selector (exploit), www.norad.mil (federal tracking tool used by attorneys, law firms, and private investigators 'licensed or unlicensed') hi!, http://init-p01st.push.apple.com/bag (malicious web creator), opencve.djgummikuh.de (CVE dispensary), Maltiverse Research Team, URLscan.io, Deep Research, Hybrid Analysis, URLhaus Abuse.ch, Cyber Threat Coalition, ThreatFox Abuse.ch, CVE-2017-0147, CVE-2017-11882 c887254bf98b3e6acbf3cd1869bdcbfb0f3abdc1168e2be8e04e93cbf6a48b9d, https://www.virustotal.com/graph/gec39ecdb2b6243d5818d40ed7191f1d0840c1a86d34841a1b93a6d5fa9b956d2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 18 days ago
Appeared in 4 threat reports