172.66.0.165 Threat Intelligence and Host Information

Jun 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 172.66.0.165 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 47/100

Host and Network Information

Mitre ATT&CK IDs: T1023 - Shortcut Modification, T1036 - Masquerading, T1040 - Network Sniffing, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1119 - Automated Collection, T1129 - Shared Modules, T1204 - User Execution, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1566 - Phishing
Tags: 443 ma2592000, aaaa, aaaa nxdomain, accept, accept accept, activity dns, address, a domains, agent, a h2, alf features, a li, all scoreblue, all search, america asn, analyzer paste, anomalous file, a nxdomain, application, as132147, as14061, as14636, as15133 verizon, as15169 google, as16552 tiggee, as16625 akamai, as19527 google, as20940, as21342, as29791, as36459, as396982 google, as43830, as45102 alibaba, as48287 jsc, as50340, as54113, as62597 nsone, as9123 timeweb, as9808 china, asnone united, a td, backdoor, body, branches tags, brian sabey, cape, certificate, checkin, china, china unknown, chrome, class, cloudfront, cloud provider, cname, cnc checkin, code, code issues, contacted, copy, copyright, creation date, cryp, czechia unknown, date, date hash, default, defender, delete, delete c, delphi, div div, dj ai, dns resolutions, dnssec, domain, domainabuse, domain name, domains top, dongjun jeong, downloader, dynamic, dynamicloader, e0e8e, emails, entries, error, expiration date, expiro, expiro malware, exploit, fadok, failure, fakedout threat, february, filehash, files, file samples, files domain, files location, files matching, files related, footer, form, format, formbook cnc, g2 tls, gecko, germany unknown, github, github copilot, github pages, gmt cache, going dark, high, homepage, hostname, hostnames, http, ids detections, ieedge chrome1, incapsula, infosec journey, installcore, internal, iocs, ipv4, jpn write, june, khtml, level, levelblue, local, malware, media center, medium, meta, meta name, moved, msie, mtb aug, mtb may, mtb sep, name servers, netherlands, next, ninite, ninite sep, noobyprotect, notifications, number, nxdomain, observed dns, ollydbg, otx telemetry, overview ip, passive dns, peeringdb, possible, powershell, process32nextw, pull, pulse pulses, pulses, pulses none, python, query, read c, record value, regdword, regsetvalueexa, related nids, related pulses, related tags, reverse dns, robots content, rsa sha256, russia unknown, sameorigin, samples, scan endpoints, script urls, search, search otx, server, servers, setup, sha256, shell, show, showing, sign, simda, slcc2, span p, stack, star, stars, status, stop, su liao, suspicious, telper, template, tls handshake, trojan, trojandropper, trojan features, twitter, unique tlds, united, united states, unknown, url https, urls, urls http, view, virtool, vmprotect, win32, win32cve sep, win32mydoom sep, windows nt, worm, wow64, write, write c, writeups, x ua, yara detections, yara rule, zhi pin
JARM: 29d3fd00029d29d00042d43d00041d5de67cc9954cc85372523050f20b5007
View other sources: Spamhaus VirusTotal

Country: United States
Network:
Noticed: 1 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Australia, Austria, Canada, China, Netherlands, Poland, United States of America
Passive DNS Results: bitnami.com vsanhealth.vmware.com.cdn.cloudflare.net scapi.telemetry.broadcom.com.cdn.cloudflare.net dl.broadcom.com dl.broadcom.com.cdn.cloudflare.net interopmatrix.broadcom.com interopmatrix.broadcom.com.cdn.cloudflare.net softwareupdate.broadcom.com profile-gcpstg.broadcom.com.cdn.cloudflare.net vcsa.telemetry.broadcom.com vcsa.telemetry.broadcom.com.cdn.cloudflare.net stg.market.csp.vmware.com mitm.sepmobile.securitycloud.symantec.com cdn.sepmobile.securitycloud.symantec.com cdn.sepmobile.securitycloud.symantec.com.cdn.cloudflare.net dev-liveupdate.symantec.com sims-stg.broadcom.com registrydevqa.market.csp.vmware.com liveupdate.symantec.com vropssizer.vmware.com staging.updates2.cdc.carbonblack.io dev.updates.cdc.carbonblack.io updates2.cdc.carbonblack.io dev.updates2.cdc.carbonblack.io definitions.symantec.com.cdn.cloudflare.net lumos.vmware.com.cdn.cloudflare.net academy-stg.broadcom.com kube-academy-verify.broadcom.com tanzu-academy-verify.broadcom.com spring-academy-verify.broadcom.com liveupdate.symantec.com.cdn.cloudflare.net vdc-download-pstg.broadcom.com liveupdate.symantecliveupdate.com.cdn.cloudflare.net dp-downloads-qa.broadcom.com softwareupdate-prod.broadcom.com mitm2.sepmobile.securitycloud.symantec.com repo.vmware.com repo.vmware.com.cdn.cloudflare.net dev-branding.symantec.com liveupdate.broadcom.com repo-pqa.broadcom.com hybridity-depot-pdev.broadcom.com hybridity-depot-dev.broadcom.com shddownload-nonprod.broadcom.com vrealize-updates.vmware.com dpdownloads-nonprod.broadcom.com shd-download-dev.broadcom.com download3.broadcom.com vcf.broadcom.com.cdn.cloudflare.net ksa.broadcom.com profile.broadcom.com.cdn.cloudflare.net hostupdate-nonprod.broadcom.com vvs.broadcom.com compatibilityguide.broadcom.com compatibilityguide.broadcom.com.cdn.cloudflare.net access-selfservice.broadcom.com vvm.esp.vmware.com vcdr-planner.esp.vmware.com help-ws.vmware.com tap-stgv2.broadcom.com vsansizer.esp-staging.vmware-aws.com configmax.broadcom.com configmax.broadcom.com.cdn.cloudflare.net vcsa.vmware.com hostupdate.broadcom.com.cdn.cloudflare.net connect.hcx.vmware.com.cdn.cloudflare.net jira.eng.vmware.com.cdn.cloudflare.net devqa.market.csp.vmware.com partnerweb.vmware.com.cdn.cloudflare.net apigw.vmware.com.cdn.cloudflare.net download3-json-stage-fetch.broadcom.workers.dev product-downloads-fetch-poc.broadcom.workers.dev downloads2-pqa.broadcom.com servicedesk-prod-worker.broadcom.workers.dev vcgw-updates-dev.broadcom.com dp-downloads-pstg.broadcom.com softwareupdate-euc-proxy.broadcom.workers.dev vcgw-updates-pdev.broadcom.com vcgw-updates-pstg.broadcom.com depot-pqa.broadcom.com downloads2-dev.broadcom.com jira-stg-worker.broadcom.workers.dev download3-json-prod-fetch.broadcom.workers.dev depot-basic-auth-fetch-poc.broadcom.workers.dev vcsa-prod-redirect.broadcom.workers.dev compatibilityguide-stg.broadcom.com scapi.vmware.com.cdn.cloudflare.net scapi-stg.vmware.com connect.hcx.vmware.com pstoolhub.broadcom.com spring-staging.academy tanzu.vmware.com.cdn.cloudflare.net packages-prod.broadcom.com partnerweb.vmware.com vdc-download-pqa.broadcom.com vdc-download.vmware.com repo-pdev.broadcom.com vapp-symlinks-poc.broadcom.workers.dev encrypt-text-poc.broadcom.workers.dev confluence.eng.vmware.com.cdn.cloudflare.net depot-getauthurl-fetch-test.broadcom.workers.dev decrypt-text-poc.broadcom.workers.dev dpdownloads-resource-non-prod-fetch.broadcom.workers.dev poc-getauth-create-order.broadcom.workers.dev repo.broadcom.com royal-lab-62d9.broadcom.workers.dev scapi-prod-pattern1-fetch.broadcom.workers.dev softwareupdate.broadcom.com.cdn.cloudflare.net depot-getauthurl-stage-fetch.broadcom.workers.dev vdc-download.broadcom.com.cdn.cloudflare.net downloads2.broadcom.com.cdn.cloudflare.net docs.vmware.com.cdn.cloudflare.net vropssizer.vmware.com.cdn.cloudflare.net vdc-repo.vmware.com.cdn.cloudflare.net packages-prod.broadcom.com.cdn.cloudflare.net blogs.vmware.com.cdn.cloudflare.net vrealize-updates-pstg.broadcom.com repo-prod.broadcom.com skyline.vmware.com.cdn.cloudflare.net broadfuck.com vmware-maintenance-prod.broadcom.workers.dev wp-team-poc-qa.broadcom.workers.dev wp-content-symlinks-poc.broadcom.workers.dev softwtareupdate-non-prod-fetch.broadcom.workers.dev repo.broadcom.com.cdn.cloudflare.net download3-stage-fetch.broadcom.workers.dev softwtareupdate-poc.broadcom.workers.dev dpdownloads-api-content-non-prod.broadcom.workers.dev dpdownloads-api-content-non-prod-dev.broadcom.workers.dev depot-getauthurl-stage.broadcom.workers.dev packages.vmware.com dpdownloads-json-fetch-test.broadcom.workers.dev download3-euc-proxy.broadcom.workers.dev repo-euc-proxy.broadcom.workers.dev compass.broadcom.com downloads2-hmac-oid-validation-non-prod.broadcom.workers.dev dpdownloads-hmac-oid-validation-non-prod-stage-fetch.broadcom.workers.dev downloads2-hmac-oid-validation-non-prod-fetch.broadcom.workers.dev downloads2-hmac-oid-validation-stage.broadcom.workers.dev connect-hcx-stage-fetch.broadcom.workers.dev dpdownloads-api-content-non-prod-fetch.broadcom.workers.dev dpdownloads-hmac-oid-validation-non-prod-qa-fetch.broadcom.workers.dev shd-download-pdev.broadcom.com poc-us-bucket-oid-email-check.broadcom.workers.dev test-dp-api-content.broadcom.workers.dev access-login.broadcom.com.cdn.cloudflare.net download3.broadcom.com.cdn.cloudflare.net worker-kv-poc.broadcom.workers.dev developer.broadcom.com.cdn.cloudflare.net poc-downloads-crushftp-test.broadcom.workers.dev vapp-updates.vmware.com shd-download.vmware.com depot.vmware.com hostupdate.vmware.com vcgw-updates.vmware.com hybridity-depot.vmware.com wp-content.vmware.com downloads2-hmac-oid-prod-fetch.broadcom.workers.dev dpdownloads-hmac-oid-prod-fetch.broadcom.workers.dev downloads2-prod.broadcom.com hybridity-depot-prod.broadcom.com wp-content.broadcom.com vcgw-updates.broadcom.com vapp-updates.broadcom.com vcgw-updates-prod.broadcom.com shd-download.broadcom.com depot-prod.broadcom.com vapp-updates-prod.broadcom.com shd-download-prod.broadcom.com depot.broadcom.com downloads2.broadcom.com hostupdate-prod.broadcom.com hostupdate.broadcom.com hybridity-depot.broadcom.com dp-downloads-prod.broadcom.com wp-content-prod.broadcom.com dp-downloads.broadcom.com downloads2-fetch-range-requests-poc.broadcom.workers.dev depot-getauthurl-non-prod.broadcom.workers.dev poc-create-order.broadcom.workers.dev access-login.broadcom.com assist-stg.broadcom.com partnerportal-stg.broadcom.com support-gcpstg.broadcom.com access-qa.broadcom.com esp.broadcom.com access-stg.broadcom.com esp-stg.broadcom.com access-dev.broadcom.com ah-dev.broadcom.com packages-pstg.broadcom.com softwareupdate-pstg.broadcom.com packages-pdev.broadcom.com softwareupdate-dev.broadcom.com softwareupdate-pqa.broadcom.com packages-pqa.broadcom.com softwareupdate-pdev.broadcom.com softwareupdate-nonprod.broadcom.com packages-dev.broadcom.com packages-nonprod.broadcom.com packages-euc-proxy.broadcom.workers.dev knowledge.broadcom.com.cdn.cloudflare.net support.broadcom.com support.broadcom.com.cdn.cloudflare.net dpdownloads-hmac-oid-validation-non-prod-fetch.broadcom.workers.dev downloads2-hmac-oid-validation-stage-fetch.broadcom.workers.dev

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

NetRange: 172.64.0.0 - 172.71.255.255
CIDR: 172.64.0.0/13
NetName: CLOUDFLARENET
NetHandle: NET-172-64-0-0-1
Parent: NET172 (NET-172-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2015-02-25
Updated: 2024-09-04
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref: https://rdap.arin.net/registry/ip/172.64.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/CLOUD14
OrgNOCHandle: CLOUD146-ARIN
OrgNOCName: Cloudflare-NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgRoutingHandle: CLOUD146-ARIN
OrgRoutingName: Cloudflare-NOC
OrgRoutingPhone: +1-650-319-8930
OrgRoutingEmail: noc@cloudflare.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: rir@cloudflare.com
OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: rir@cloudflare.com
RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-06-24

Share on: