166.168.105.4 Threat Intelligence and Host Information

Oct 05, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 166.168.105.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 67/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1064 - Scripting, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1158 - Hidden Files and Directories, T1185 - Man in the Browser, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1557 - Man-in-the-Middle, T1571 - Non-Standard Port

  • Tags: aaaa, aaaa nxdomain, account stealer, acpimofresource, addpo, addportmapping, adversary in the middle, alerts, all scoreblue, a nxdomain, as20446, as22394 verizon, as6167 verizon, as8068, as8075, asnone, asnone united, ate hash, b file, binbusybox, binsh binsh, binsh c, blacklist, block id, botnet, brian sabey, brute force, cachecontrol, cape, city, cloudflare, cname, contained, contentlength, copy, country, create, created binsh, creation date, cry kill, cve201717215, date, default, destination, devftwdt101, devsda1 devsda2, dock, domain, domain http, domains, emails, entries, e procselffd9, eternalblue, et exploit, et trojan, eva120, execution, expiration date, exploit, exploit none, files, files deleted, file system, file type, formbook, gafgyt, generic, get http, graph, hallrender, hashes, hdaudiomofname, h devsda2, header intel, hiddentear, high, hitmen, host, hostname, httponly, http requests, huawei hg532, huawei remote, i lo, info compiler, installer, intel, ip detections, ip traffic, ipv4, ireland unknown, javascript, jody alaska, jody huffines, json, kernel context, language, libmultipath, link library, logic, loudoun county, Malicious IP, malware, malware worm, mb graph, mb pe, mcics, memory pattern, miniigd upnp, mirai, mitm, mitre att, modify system, modules, mofresource, mofresourcename, msie, ms visual, ms windows, name md5, name servers, net174, net1740000, nethandle, network, newenabled, newexternalport, newinternalport, newprotocol, newremotehost, next, nids, ns nxdomain, nxdomain, orgdnshandle, orgdnsref, passive dns, password bypass, pe32 executable, pegasus related, pe resource, p m0755, port, port 23, postalcode, posts, processes tree, process t1543, products id, pulse submit, query, ransom, ransomworm, rce, realtek sdk, recon, referrer, registry, registry keys, r english, request, response, rf cum, runtime modules, samesitelax, scan, scan endpoints, search, service, settingswpad, shell commands, show, showing, skynet, smbds ipc, smugglers gambit, soa nxdomain, soap command, sp6 build, spyware, sreredrum, stateprov, status, summary, suspicious, swipp, swipp9-arin, swipper, switch dns, systemd service, t1059, t1064 executes, ta0002 command, ta0004 create, target tsara brashears, tcp, tcp/23, telnet, text, type, united, united kingdom, unknown, url analysis, urls, varrunsshd, verizon, vs98, wannacry, wannacry kill, whitelisted, whois lookups, win16 ne, win32 dynamic, win32 exe, windows nt, wirelessdatanetwork, write, yara detections, yara rule

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 17 times
  • Protocols Attacked: telnet
  • Countries Attacked: United States of America
  • Passive DNS Results: 4.sub-166-168-105.myvzw.com

Open Ports Detected

22 80

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

Links to attack logs

****** digitaloceantoronto-telnet-bruteforce-ip-list-2024-04-15 dobengaluru-telnet-bruteforce-ip-list-2023-07-17 ****** ****** vultrwarsaw-telnet-bruteforce-ip-list-2023-07-18

Share on: