166.62.107.20 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 166.62.107.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: United States
  • Network: AS398101 godaddy.com llc
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Open Ports: 22, 443, 80
  • Tor Node: No
  • Associated Malware Samples: 10

Tags

  • abuse contact
  • all search
  • amazon02
  • amazonaes
  • apeaksoft ios
  • apple ios
  • apple phone
  • apple private
  • april
  • ascii text
  • asn owner
  • attack
  • august
  • author avatar
  • awful
  • banker
  • benjamin
  • cisco umbrella
  • ck id
  • cloudflarenet
  • cloud host
  • cobalt strike
  • code
  • comments
  • company limited
  • computer
  • concerning link
  • contacted
  • cookie
  • copy
  • country
  • creation date
  • critical
  • critical risk
  • cyber criminal
  • cyberstalking
  • data collection
  • date
  • detections file
  • detections type
  • dga domain
  • djcodychase.com
  • dnssec
  • domain name
  • domains
  • drive
  • dynadot llc
  • elf collection
  • email
  • emotet
  • execution
  • external
  • factory
  • falcon sandbox
  • file
  • file size
  • firewall sync
  • first
  • formbook
  • gandi sas
  • getprocaddress
  • google
  • graph community
  • hackers
  • hacktool
  • high level
  • hijacker
  • historical otx
  • historical ssl
  • hybrid
  • hybridanalysis
  • iframe
  • indicator
  • info api
  • installer
  • internapblk4
  • ip detections
  • it's back
  • json data
  • kb file
  • keylogger
  • limited
  • localappdata
  • malicious
  • malware
  • matches rule
  • metro
  • million alexa
  • mitre att
  • monitoring
  • mon mar
  • mumblehard
  • name
  • name verdict
  • neworder.doc
  • online sun
  • open
  • otx octoseek
  • path
  • pte ltd
  • record type
  • red team
  • registrar
  • relacionada
  • related
  • report spam
  • resolutions
  • resolved ips
  • scan endpoints
  • script
  • search
  • server
  • shell code
  • siem
  • singlehopllc
  • site
  • skynet
  • soar
  • squarespace
  • ssl certificate
  • status
  • subdomains
  • submitters
  • summary iocs
  • team internet
  • temp
  • threat roundup
  • tsara brashears
  • ttl value
  • tue mar
  • united
  • unknown
  • unlocker
  • url http
  • url https
  • urls
  • urlvoid
  • utc submissions
  • virus network
  • vt graph
  • webico company
  • whois
  • whois lookup
  • whois record
  • whois show
  • whois whois
  • win32 exe
  • win64
  • windir

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
  • T1056.001 - Keylogging
  • T1057 - Process Discovery
  • T1059 - Command and Scripting Interpreter
  • T1068 - Exploitation for Privilege Escalation
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1105 - Ingress Tool Transfer
  • T1106 - Native API
  • T1122 - Component Object Model Hijacking
  • T1129 - Shared Modules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS
  • T1546 - Event Triggered Execution
  • T1583.005 - Botnet

Associated CVEs

  • CVE-2007-2768

Passive DNS

  • www.speakeasyboston.com

Attack Log References

Whois Information

NetRange: 166.62.0.0 - 166.62.127.255 CIDR: 166.62.0.0/17 NetName: GO-DADDY-COM-LLC NetHandle: NET-166-62-0-0-1 Parent: NET166 (NET-166-0-0-0-0) NetType: Direct Allocation OriginAS: AS26496 Organization: GoDaddy.com, LLC (GODAD) RegDate: 2012-11-14 Updated: 2014-02-25 Comment: Please send abuse complaints to abuse@godaddy.com Ref: https://rdap.arin.net/registry/ip/166.62.0.0 OrgName: GoDaddy.com, LLC OrgId: GODAD Address: 2155 E GoDaddy Way City: Tempe StateProv: AZ PostalCode: 85284 Country: US RegDate: 2007-06-01 Updated: 2023-12-19 Comment: Please send abuse complaints to abuse@godaddy.com Ref: https://rdap.arin.net/registry/entity/GODAD OrgAbuseHandle: ABUSE51-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-480-624-2505 OrgAbuseEmail: abuse@godaddy.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN OrgNOCHandle: NOC124-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-480-505-8809 OrgNOCEmail: noc@godaddy.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN OrgTechHandle: NOC124-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-480-505-8809 OrgTechEmail: noc@godaddy.com OrgTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RTechHandle: NOC124-ARIN RTechName: Network Operations Center RTechPhone: +1-480-505-8809 RTechEmail: noc@godaddy.com RTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RNOCHandle: NOC124-ARIN RNOCName: Network Operations Center RNOCPhone: +1-480-505-8809 RNOCEmail: noc@godaddy.com RNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RAbuseHandle: ABUSE51-ARIN RAbuseName: Abuse Department RAbusePhone: +1-480-624-2505 RAbuseEmail: abuse@godaddy.com RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN