66.212.31.250 Threat Intelligence and Host Information

Share on:
Dec 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 66.212.31.250 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 32/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, msiexec, Nextray, phishing

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS8100 quadranet enterprises llc
  • Noticed: 1 times
  • Protcols Attacked: mssql
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: 036799.com thy158.com

Malware Detected on Host

Count: 19 ac424529c4a8a40a9f264192baaa69aea728a88cd3bb0cffb84ccdb01d462a60 cf09be2df014f9fbfe210576cb7a2d22da2981c60fa00e67b721d6ed1c2c465c b761ca8f3ca8e59a5a7f01132cc62cb6c3aa8260a23da8529de6685d9dc7822e dce9df28495b718c1274e10fdb12640aac6392d41fc55fc72e33c98db66a3c45 d861a2e63be5f585016a964d91953dc5ff52b39aa770641b66ddaba06e38a02d 6da9161a70b4dc1cfda256667195524f1ff35def092d5ced9c490662ef04b95f d3fb3c2b2f170000b6bbe057e89e05e3a5d58661fda1b9ebb45a78f7d0afb08f 3374fbf81337d4374b07bae49875246b88fcdfc371a2056b14424bcc9789341e ac477930ed8044e94253b277e643bf066e5d417b7cf7a449affaac78268737a4 c90959239b5d2e07fcbbbe85b392a3e0843deda5059d7b2d10535a43c97e679c

Open Ports Detected

135 445 80

CVEs Detected

CVE-2014-4078

Map

Whois Information

  • NetRange: 66.212.16.0 - 66.212.31.255
  • CIDR: 66.212.16.0/20
  • NetName: QUADRANET
  • NetHandle: NET-66-212-16-0-1
  • Parent: NET66 (NET-66-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS8100
  • Organization: QuadraNet Enterprises LLC (QEL-5)
  • RegDate: 2006-11-28
  • Updated: 2016-12-11
  • Ref: https://rdap.arin.net/registry/ip/66.212.16.0
  • OrgName: QuadraNet Enterprises LLC
  • OrgId: QEL-5
  • Address: 530 W. 6th ST
  • City: Los Angeles
  • StateProv: CA
  • PostalCode: 90014
  • Country: US
  • RegDate: 2018-06-07
  • Updated: 2023-02-14
  • Ref: https://rdap.arin.net/registry/entity/QEL-5
  • OrgTechHandle: QNO6-ARIN
  • OrgTechName: QuadraNet Network Operations
  • OrgTechPhone: +1-213-614-9371
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/QNO6-ARIN
  • OrgAbuseHandle: QUADR4-ARIN
  • OrgAbuseName: QuadraNet Abuse
  • OrgAbusePhone: +1-213-614-8371
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/QUADR4-ARIN
  • network:Class-Name:network
  • network:Auth-Area:66.212.30.0/23
  • network:ID:NET-150587.66.212.31.224/27
  • network:Network-Name:Public Network IP Range - Asia Optmized
  • network:IP-Network:66.212.31.224/27
  • network:IP-Network-Block:66.212.31.224 - 66.212.31.255
  • network:Org-Name:EMSIDC
  • network:Street-Address:330 Shenzhen Road, Laoshan District
  • network:City:Qingdao City
  • network:State:
  • network:Postal-Code:
  • network:Country-Code:CN
  • network:Tech-Contact:MAINT-150587.66.212.31.224/27
  • network:Created:20230918164027000
  • network:Updated:20230918164027000
  • network:Updated-By:[email protected]
  • contact:POC-Name:Network Administrator
  • contact:POC-Email:[email protected]
  • contact:POC-Phone:1-888-5-QUADRA
  • contact:Tech-Name:Network Administrator
  • contact:Tech-Email:[email protected]
  • contact:Tech-Phone:1-888-5-QUADRA
  • contact:Abuse-Name:Abuse Dept
  • contact:Abuse-Email:[email protected]
  • contact:Abuse-Phone:EMAIL ONLY

Links to attack logs

** aws-mssql-bruteforce-ip-list-2020-11-07 ** **