IOC Radar
IPMediumSignal 0/100

34.41.139.193

Location
Hong KongHong Kong
Council Bluffs, Iowa
ASN
AS396982
Google Cloud (us-central1)
First Seen
Jun 20, 2025
Last Seen
Jun 3, 2026
Jun 20
First Seen
358d ago
Jun 3
Last Seen
10d ago
5
Reports
source reports
0%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryHKHong Kong
RegionCouncil Bluffs, Iowa
ASNAS396982
OrganizationGoogle Cloud (us-central1)

Feed Intelligence Summary

5 reports0% confidence
5
Source reports
0%
Confidence score
Category tags
networkproxyresearched

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
5
Reports
First seenJun 20, 2025
Last seenJun 3, 2026
GeolocationHK
CountryHong Kong
LocationCouncil Bluffs, Iowa
ASNAS396982
OrgGoogle Cloud (us-central1)
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
TTB-Chained executes a systemic collapse of the cryptographic chain of trust. Exploiting DNSSEC-unsigned protocols and .net edge nodes, it injects C++ payloads into the resolution chain prior to verification. Remediating via certificate expiration is ineffective; the architecture leverages systemic flaws in DMARC/SPF/DKIM and cryptographic handshake protocols to lock "Hollow Library" assets into the environment pre-enforcement, ensuring total detection evasion. The conduit utilizes a multi-umbrella transit strategy: Lumen (AS3356) + RIPE (37.97.254.27) + Fastly (151.101.130.159). These 63.16 KB "hollowed" assets masquerade as signed updates for total penetration. TTB-chained executes high-speed wipers targeting firmware/boot sectors, triggering complete corruption of hardware beyond restore. Once the root hosted in IP {53.xxx] is compromised and the pre-verified environment is saturated, the hardware is physically neutralized. -msudosos. See Belasco Chain for more.
raw
NetRange: 34.4.5.0 - 34.63.255.255 CIDR: 34.8.0.0/13, 34.4.16.0/20, 34.16.0.0/12, 34.4.8.0/21, 34.4.64.0/18, 34.32.0.0/11, 34.4.5.0/24, 34.6.0.0/15, 34.4.32.0/19, 34.4.128.0/17, 34.4.6.0/23, 34.5.0.0/16 NetName: GOOGL-2 NetHandle: NET-34-4-5-0-1 Parent: NET34 (NET-34-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Google LLC (GOOGL-2) RegDate: 2022-05-09 Updated: 2022-05-09 Ref: https://rdap.arin.net/registry/ip/34.4.5.0 OrgName: Google LLC OrgId: GOOGL-2 Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2006-09-29 Updated: 2019-11-01 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment: Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment: Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment: Comment: For fastest response, use the relevant forms above. Comment: Comment: Complaints can also be sent to the GC Abuse desk Comment: ([email protected]) Comment: but may have longer turnaround times. Comment: Comment: Complaints sent to any other POC will be ignored. Ref: https://rdap.arin.net/registry/entity/GOOGL-2 OrgTechHandle: ZG39-ARIN OrgTechName: Google LLC OrgTechPhone: +1-650-253-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN OrgNOCHandle: GCABU-ARIN OrgNOCName: GC Abuse OrgNOCPhone: +1-650-253-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/GCABU-ARIN OrgAbuseHandle: GCABU-ARIN OrgAbuseName: GC Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/GCABU-ARIN
references
https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://x.com/SarlackLab/status/1950526854047125563, https://x.com/SarlackLab/status/1950662767175684601

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 10 days ago
Appeared in 5 threat reports