IOC Radar
IPMediumSignal 80/100

74.119.239.234

Location
United StatesUnited States
Salt Lake City, Utah
ASN
AS46606
PDR
First Seen
Feb 26, 2021
Last Seen
May 19, 2026
Feb 26
First Seen
1932d ago
May 19
Last Seen
24d ago
14
Reports
source reports
80%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

68 techniques

Network Information

CountryUSUnited States
RegionSalt Lake City, Utah
ASNAS46606
OrganizationPDR

Feed Intelligence Summary

14 reports80% confidence
14
Source reports
80%
Confidence score
Category tags
#potentialus-origin_falseflag_obfuscationacademic institutionsacceptaccount compromiseactive relatedactive scanactive scanningahnlabakamaiasn1am utcammy ratanydeskappleasecasec blogasiaasia pacificauto-generated securityautomobile dealersautomotive manufacturingbackdoorbanking trojanbase64 encoded urlbase64 prefikswbase64 tenbecbiocboeingbotnetbotnet activitybrakbrute forcebusiness email compromisec2caasccin asnas45609ccus asnas6102censys searchcivil servicesck idsclickclick-based attackcloud infrastructureclustercode executioncommandcommand & controlcommand and controlcommand executioncommandand_and_controlcommentcommunication technologiescopycredential accesscredential harvestingcredential stuffingcredential theftcubacyber crimedata accessdata brokersdata copyingdata exfiltrationdata exfiltration attemptdata store exposuredata transferdaumdeaddeathdga domainsdigital mediadiscorddisplaynamedistributed attacksdns attackdockdomaineducationeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingemotetencoded urlencryptionentertainment technologyeuropeeuropean regionexploitation activityexploited hostfailfigurefinancefleet managementformform builderform phishingfoundfoundryfrancefraudfreight servicesfuturegamesgang vgtgeoipgermanyghostgooglegovernment technologygreen dinosaurhackinghashhealth care and social assistancehealth information technologyhealthcare information systemshellohigher educationhome visitorhomenethospital managementhostinghttp attackhttpshubspot freehunterid.security.trackididentity & access exploitationindonesiaindustrial automationindustrial iotindustrial productioninfo stealersinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityiociot securityipv4ipv4 domainipv4 urlit infrastructurejetbluek-12 educationkeyloggerkimsukykimsuky groupkorea, democratic people's republic ofkoreankryptiklearnlevel3malicious linksmalicious softwaremalicious wordmalwaremanualmanufacturing technologymaritime transportmastodon-benignmediamedia & entertainmentmedia distributionmedical servicesmexicomgutmicrosoft azuremilitary parademinimobile carriersmobile networksmtzqoemultimedia productionname tacticsnetherlandsnetworknetwork traffic analysisnorth americanorth koreantfs fileopensoperating systemosintpark pagesparked domainsparking crewpassenger transportationpasswordpatient carepayment securitypayment system attackpaypalpehashphishingphishing attphishing attackphishing campaignpitpornprocess injectionprocess manufacturingprotonproxypsalms 37public administrationpublic infrastructurepublic policypublic urlpushquality controlquasarquasar ratrail transportransomwarerdp wrapperreconnaissanceregulatory agenciesremote accessremote keyloggerremote servicesresearchedreverse whoisrotorsamascamsscams & fraudscannersddlserviceseznamshellexecuteexwsimdasmtp serversocial engineeringsoftware developmentsoftware exploitationspawnsspingssdeepssh hijackingssl certificatestalkerstreamstreaming manipulationstreaming servicessupply chain attacksupply chain managementt1003t1003.008t1005t1021t1021.001t1027t1030t1031t1036t1045t1053t1055t1056.001t1057t1059t1060t1068t1069t1069.001t1071t1071.001t1078t1078.001t1082t1090t1096t1102t1105t1112t1129t1133t1134t1143t1189t1190t1192t1203t1204.001t1204.002t1210t1218t1480t1486t1496t1499.001t1499.002t1499.003t1553t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1583.001t1583.005t1583.006t1586t1587.001t1588t1588.002t1590.001t1595.001t1595.002t1595.003t1598t1598.003telecomtelecom servicestelecommunicationsthreat actorthreat intelligence gatheringtofseetor nodetransportation and warehousingtransportation infrastructuretransportation technologytrojantrojan malwaretsara brashearstwittertyposquattingukraineunitunit 42unitedunited kingdomunited statesunknown nsususer executionvalueverified-benignvhashvulnerability scanweb securitywhois informationwin32 malwarewin32tofsee attwindowswindows malwarewindstream communications llcwritex82xd4x86xd3xdr analyticsxe8xc2x14yarayara adres

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
14
Reports
First seenFeb 26, 2021
Last seenMay 19, 2026
GeolocationUS
CountryUnited States
LocationSalt Lake City, Utah
ASNAS46606
OrgPDR
Coords42.5085, -71.2011

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS46606 UNIFIEDLAYER-AS-1
raw
NetRange: 74.119.238.0 - 74.119.239.255 CIDR: 74.119.238.0/23 NetName: PUBLICDOMAINREGISTRY-NETWORKS NetHandle: NET-74-119-238-0-1 Parent: NET74 (NET-74-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: PDR (PSUL-1) RegDate: 2017-04-14 Updated: 2018-11-29 Ref: https://rdap.arin.net/registry/ip/74.119.238.0 OrgName: PDR OrgId: PSUL-1 Address: P.D.R Solutions LLC, 10, Corporate Drive, Suite 300 City: Burlington StateProv: MA PostalCode: 01803 Country: US RegDate: 2015-08-04 Updated: 2019-11-07 Ref: https://rdap.arin.net/registry/entity/PSUL-1 OrgNOCHandle: EIGAR-ARIN OrgNOCName: eig-arin OrgNOCPhone: +1-866-897-5421 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgRoutingHandle: EIGAR-ARIN OrgRoutingName: eig-arin OrgRoutingPhone: +1-866-897-5421 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgTechHandle: EIGAR-ARIN OrgTechName: eig-arin OrgTechPhone: +1-866-897-5421 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgAbuseHandle: ABUSE5185-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-415-230-0648 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5185-ARIN OrgNOCHandle: NOC32406-ARIN OrgNOCName: NOC OrgNOCPhone: +1-415-230-0680 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32406-ARIN OrgDNSHandle: EIGAR-ARIN OrgDNSName: eig-arin OrgDNSPhone: +1-866-897-5421 OrgDNSEmail: [email protected] OrgDNSRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN OrgTechHandle: TECH953-ARIN OrgTechName: Tech OrgTechPhone: +1-415-230-0680 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/TECH953-ARIN
references
https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt, https://unit42.paloaltonetworks.com/european-phishing-campaign/, https://www.virustotal.com/graph/g272b5ff6d1554a7c9e4f2a484371aa5893e071401be649749164c4909c055db4, https://asec.ahnlab.com/en/58654/, https://asec.ahnlab.com/wp-content/uploads/2023/10/20231101_Kimsuky_OP.-Covert-Stalker.pdf, https://asec.ahnlab.com/ko/58231/, https://pylos.co/2022/11/23/detailing-daily-domain-hunting/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 24 days ago
Appeared in 14 threat reports