66.146.193.33 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 66.146.193.33 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_net_ua, botscout_30d, botscout_7d, dm_tor, et_tor, maxmind_proxy_fraud, sblam, snort_ipfilter, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, talosintel_ipfilter, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Known TOR node
• Country: United States
• Network:
• Noticed: times
• Protocols Attacked: SSH
• Passive DNS Results: block2.mmms.eu thitri.direct.quickconnect.to

Malware Detected on Host

Count: 42 dfc41ce030340214dfb943f97574b23d44728460586c139e7873732fcd44c1af b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 7282e2fdb25b07554b082f5cf1697315ed5ce3005f985cbe96a34da965869db5 fc422e4996788c92eb794e74e694b3fdfb082ccdb43292e871d3062a857d1f3c a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 31e336d15f3414e6bae7056b612b3529b0af5c6656f93f9c3d51312a3ce8935c 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 b94e8a6cf9073e454344179dc3ec62d74ea682a08f276c5eb58b2b195d016b07 da94ae6648d6b0b7a9d7290f0a7336005f6521856f0ddfa39ad6aad7d27a1fd7 e7711425a3037a9b4a805b185c9096b2db65a523f07c8f908ab89d1da37370b7

Open Ports Detected

123 161 22 80 9001

Map

Whois Information

• NetRange: 66.146.192.0 - 66.146.219.255
• CIDR: 66.146.192.0/20, 66.146.208.0/21, 66.146.216.0/22
• NetName: ONSH-NET
• NetHandle: NET-66-146-192-0-1
• Parent: NET66 (NET-66-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: OnShore, Inc. (ONSH)
• RegDate: 2002-11-19
• Updated: 2021-12-20
• Comment: Send abuse to abuse@onshore.com
• Ref: https://rdap.arin.net/registry/ip/66.146.192.0
• OrgName: OnShore, Inc.
• OrgId: ONSH
• Address: 1823 Grant Street
• City: Evanston
• StateProv: IL
• PostalCode: 60201
• Country: US
• RegDate: 1999-05-25
• Updated: 2024-12-23
• Comment: Send abuse reports to stel@stel.us
• Ref: https://rdap.arin.net/registry/entity/ONSH
• OrgAbuseHandle: SK692-ARIN
• OrgAbuseName: Kent, Steven
• OrgAbusePhone: +1-847-859-3813
• OrgAbuseEmail: sjk@dredel.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/SK692-ARIN
• OrgTechHandle: SK692-ARIN
• OrgTechName: Kent, Steven
• OrgTechPhone: +1-847-859-3813
• OrgTechEmail: sjk@dredel.com
• OrgTechRef: https://rdap.arin.net/registry/entity/SK692-ARIN

Links to attack logs

****** ****** ******