162.255.118.66 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 162.255.118.66 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

• Tags: agenttesla, agentteslaexe, arkeistealer, azorult, azorultexe, danabot, darkrat, dridex, dridexopendir, emotetheodo, formbook, gandcrab, gozi, hancitor, hawkeye, heodo, icedid, kpot, kpotstealer, loader, loki, luminositylink, nanocore, nemty, netwire, phorpiex, pony, qakbot, qealler, quasarrat, raccoonstealer, remcos, remcosrat, servhelper, stealer, systembc, trickbot, troldesh, zloader

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_emd, hphosts_psh

• Country: United States
• Network: AS22612 namecheap inc.
• Noticed: 1 times
• Protocols Attacked: SSH

Malware Detected on Host

Count: 9 5acffa1012854d03e5f9f1b3f970cb8b7192b46f49fbee9670ac7247838869c1 e7c27968dbdb4e26b57ece3896dd0ccc58a7da77a90571371420aae376982452 6e22660930bf01ec7b9be6c79621c648d178e0041a4d9078cdd43d41b07d09a8 6d073df12f04f5233706c515b6c82e5daa2ef7092f54ad607c22dfcabeacafdf 81af3e551aef5b8b066274d99445d11b70f323ebcc633149a90354317163d65e 24adecf7ab59fa476d62ba40143b6153aab87b04d5d41f80627550c14f4d2c1d b7a33a202a4eb9008f24a06b1da89103cc4e8e67b7c6b376fd9821d3d1895f0a ee5b4834bfdb856c66104f1440ba559cc7684acdfc70142242a7a57db5aad85d a3debbd10e55348934034a31024e70c67876a943fe1ea36a9db293fdfa9ec85b

Open Ports Detected

22 443 80

Map

Whois Information

• NetRange: 162.255.116.0 - 162.255.119.255
• CIDR: 162.255.116.0/22
• NetName: NCNET-5
• NetHandle: NET-162-255-116-0-1
• Parent: NET162 (NET-162-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS16626, AS174, AS3356, AS4323, AS22612, AS32421
• Organization: Namecheap, Inc. (NAMEC-4)
• RegDate: 2014-05-14
• Updated: 2015-03-24
• Comment: http://namecheap.com
• Comment: for any abuse please use: abuse@namecheap.com
• Ref: https://rdap.arin.net/registry/ip/162.255.116.0
• OrgName: Namecheap, Inc.
• OrgId: NAMEC-4
• Address: 11400 W. Olympic Blvd. Suite 200
• City: Los Angeles
• StateProv: CA
• PostalCode: 90064
• Country: US
• RegDate: 2011-01-28
• Updated: 2017-01-28
• Ref: https://rdap.arin.net/registry/entity/NAMEC-4
• OrgTechHandle: TECHT4-ARIN
• OrgTechName: Tech team
• OrgTechPhone: +1-661-310-2107
• OrgTechEmail: tech@namecheaphosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
• OrgAbuseHandle: ABUSE2885-ARIN
• OrgAbuseName: Abuse team
• OrgAbusePhone: +1-323-375-2822
• OrgAbuseEmail: abuse@namecheaphosting.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
• OrgTechHandle: EFIME-ARIN
• OrgTechName: Efimenko, Igor
• OrgTechPhone: +1-323-375-2822
• OrgTechEmail: igor.e@namecheap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN

Links to attack logs

****** ****** ******