66.29.137.55 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 66.29.137.55 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 64/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1018 - Remote System Discovery, T1023 - Shortcut Modification, T1031 - Modify Existing Service, T1045 - Software Packing, T1049 - System Network Connections Discovery, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window, T1204 - User Execution, T1428 - Exploit Enterprise Resources, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1553.002 - Code Signing, T1568 - Dynamic Resolution, T1583.005 - Botnet, T1598 - Phishing for Information

• Tags: 103.129.252.44, 103.224.212.222, 103.28.36.182, 162.0.215.111, aaaa, aaaa nxdomain, accept, accept encoding, added active, address, a div, a domains, agent, algorithm, a li, all scoreblue, all search, antigua, a nxdomain, apache, apple, apple-access.com, application, april, arial helvetica, artro, as10906, as11284, as13414 twitter, as14061, as15133 verizon, as15169, as15169 google, as16276, as19527 google, as22612, as24940 hetzner, as29873, as30081, as31034 aruba, as31898 oracle, as36459, as36647 oath, as393245 oath, as397240, as397241, as46606, as49505, as54113, as54994 quantil, as62597 nsone, as7296 alchemy, as8075, as8560, as9009 m247, ascii text, asn as22612, asn as36459, asnone united, aurora, author avatar, backdoor, bank, barbuda, barbuda unknown, beginstring, bios, bladabindi, body, brazil unknown, brute force, bugs, capture, certificate, change, checkin, chrome, city, class, click, cname, cnwe1 validity, cnwotrus dv, code, collisionbox, command type, contact, contacted, contacted hosts, content, content type, cookie, copy, copyright, crazy doll, create c, created, creation date, crlf line, cryp, csam, cus ogoogle, date, date hash, days ago, delete, delete c, director, div div, div h3, dns replication, dnssec, dock, document file, domain, domain address, domain name, dotcisoffer, downloader, drweb, dynamic, dynamicloader, east, email, emails, emotet type, encrypt, enigmaprotector, entries, equiv cache, error, error all, error f, execution, expiration, expiration date, expiresthu, exploit, false, federation asn, filehash, filehashmd5, filehashsha256, files, file samples, files ip, files location, files matching, files related, first, flag, flag united, formbook cnc, for privacy, gameoverpanel, gecko, germany, germany unknown, github, github pages, global domains, gmt cache, gmt content, gmt contenttype, gmt server, grum, guard, hacktool, hack type, health type, high, hostname, http, httponly, http scans, httpsupgrades, hybrid, iana, iana ref, iana special, icmp traffic, idlogin sep, ieedge chrome1, incapsula, installs, intel mac, international, internet, ip address, ip check, ipv4, ipv6, italy, italy unknown, key algorithm, key info, khtml, labs pulses, lanc type, launcher, less see, less whois, life, limited, linux x8664, litespeed x, llc name, local, location united, look, los angeles, lowfi, macintosh, malware, markmonitor, mcig sep, media center, medium, memcommit, memreserve, meta, meta http, meta name, miori hackers, mirai, mirai type, moved, mozilla, msie, mtb aug, mtb description, mtb sep, namecheap inc, name servers, net168, net1680000, nethandle, next, nextc type, ninite, null, number, nxdomain, orgabusephone, organization, org domains, orgid, orgtechhandle, orgtechref, os x, overview domain, overview ip, owotrus ca, panda, param, passive dns, path, pattern match, pegasus, phishing, pii, piiexposure, porn type, possible, powershell, pragma, privacy admin, privacy billing, privacy tech, process details, program, proxy, pulse pulses, pulses email, pulse submit, pulses url, python, ransom, read, read c, record value, redacted for, redirect, refresh, registrar, registrar abuse, related nids, related pulses, related tags, report spam, request, request id, restart, reverse dns, robots content, roleselfservice, role title, runner, russia, sameorigin, scan endpoints, script, script endif, script script, script urls, search, sea x, secure, secure server, server, server ca, servers, service, sha1, sha256, show, showing, size, slcc2, smoke loader, softcnapp, span, span div, span svg, stack, status, stream, strings, subject public, suite, technology, telegram strong, telper, title, tofsee, tools, top destination, top source, tour, trex, trojan, trojanclicker, trojandropper, trojan features, trojanspy, trust, tulach type, twitter, type indicator, typeof, types of, ucha, uid38009, ul div, unis, united, united kingdom, university, unknown, updater, url analysis, url http, url https, urls, utf8, v2 document, v3 serial, verdict, verify, veryhigh, vipre, virgin islands, virtool, virustotal, whitelisted, whitelisted ip, whois registrar, win32, win32mydoom sep, win32 type, win64, windows, windows nt, windows startup, worm, wow64, write, write c, xport, x ua, yara detections

• JARM: 3fd3fd15d3fd3fd00042d42d000000038eaaf490bec8dc33757f165ce01762

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 2 times
• Protocols Attacked: SSH
• Countries Attacked: Aruba, Italy, United States of America
• Passive DNS Results: wali.araisoftwares.website zeroxshipping.com zazaipay.com prediksirusuncuan1.com prokriticare.com prediksirusunpastijp1.com cosmicvapors.com prediksirusunselalupasti1.com prediksirusuntogelpro.com amoyboys.com itplanetsoftware.com digitaltool-kit.com usidbrand.com brandify.cfd readbongo.com khurjacrockery.in glavcrypto.com thepigmentdepot.com meinrezepte.com meisterkochen.com leckeresrezepte.com goldenerezept.com sanaaalyemen.com careergroupafrica.com dreamworldresort.site totalvocals.com refinethevision.com vizzu.art voltavolare.com mitolyn-eng.com www.pekog.com pekog.com shinasbusinesstrade.com yatft.com bellaitalia-restaurant.com homeworkshoplk.com muhammadarifhossain.com wanderpolska.com adventuresinpolska.com staynexplorepoland.com hiddenpolishgems.com polandholidaynest.com polandescapehub.com kironwork.com kironplay.com relaxinpolska.com ortiza20112.online journeythroughpolska.com www.journeythroughpolska.com usidspot.com elnileinins.com planetsbrand.com elyamoon.com christmasjar.com kironpay.com smsmarketingdata.com www.smsmarketingdata.com www.loomnaura.store loomnaura.store uaeone.net ingavip.agency www.sctotavalida.online sctotavalida.online pakistanmountaineeringclub.com angkaprediksirusunasli.com bitterli.xyz www.bitterli.xyz orientcomputer-eg.com teentaj.com roshanal.com bajumurah.store www.touchbooking.webflare.ma touchbooking.webflare.ma seokeras.org newbluewhale.webflare.ma www.newbluewhale.webflare.ma adsbersama.org passivewealthproject.com pinoyaussie.com techbyiz.com www.techbyiz.com vanishproservices.com mhfortrading.com linswd.website araisoftwares.website new88host.store iseverybodyok.org tiktoknews-asia.com luizdugraupremiacoes.com prediksi-jitu-rusun.com fixspotiphonerepairs.com www.fixspotiphonerepairs.com prediksi-jitu-rusuntogel.com clummymonkey.xyz gacor-win38.lol 21lacquer.com angkajitu-rusuntogel.com gmspiping.com vanishprocare.com vanishprocarpet.com vanishpropainting.com vanishproservice.com vanishproflooring.com vanishpromaintenanceservices.com vanishpromaintenance.com vanishpromaintenanceservice.com mecanicauniversalsac.com www.mecanicauniversalsac.com yojistudio.com elevatebusinessinstitute.com masterrusuntogel.com atteronet.com signners.com bijewels.com techtvmoney.com icaninchrist.com chaozhouhr.com sableng88.tech nativebrands.site alternatif-linksitus.online jhoncena.online adminapkrusun.com teamfloorservice.com teamfloorpro.com teamflooronline.com teamfloormaintenance.com teamfloorexperts.com teamfloorcommercial.com teamfloorcare.com commercialteamfloor.com myteamfloor.com parceltradeint.com getteamfloor.com 2x2cam.com shoeseys.store www.shoeseys.store findfahim.com prediksijitu-rusun.com jaivalservis.com www.jaivalservis.com crepesforeveramp.xyz formationstylismecoutureamp.xyz francenewlifeamp.xyz ministerio-upendj.org spizyrestaurantamp.xyz mediacafejoamp.xyz giropizzatakeandgoamp.xyz evolveultraloungeamp.xyz christianchannel.store servicenadprovider.online nmccanada.com www.formationstylismecouture.fr formationstylismecouture.fr mf-onegroup.com prediksiangkarusun.com petloverguide.com healthvistapharma.com qaisersports.com angkarusunsuper.com angkaprediksirusun.com copascentral-jo.com clumsymonkey.xyz lapdatcameradh.com innerlightconnections.com ampbaru.info www.amp1.me amp1.me premium210.web-hosting.com www.azamaracruisedestinations.com azamaracruisedestinations.com sarabengurshop.com www.sarabengurshop.com rangpurstore.com bitterli.co amsline.pk www.amsline.pk memorycrafterz.com www.memorycrafterz.com www.ccj.massivedinamic.com ccj.massivedinamic.com us1fitnesscenter.com www.us1fitnesscenter.com seobagas.com prediksirusunmax.com about.epfaucet.com www.about.epfaucet.com prediksirusunkaya.com prediksirusunkena.com epfaucet.com rtpnagajp-88.online transdeltaglobal.com transdeltacorp.com kasu.co.in rokyourbusiness.com trdominicantours.com freedomtrader.net gurgaonprimeproperties.com bossflix.cloud www.bossflix.cloud www.freeonlinedirectory.in freeonlinedirectory.in dreamworldresort.pk bengkel138togel.site prediksirusunjitu.com prediksirusungacor.com bersahaja-jepe.com livex5000uus.com vipbox.cloud domflix.cloud kokobox.cloud prediksiwinrusun.com prediksirusun.com dreamworldresort.live zoroflix.cloud audio1.net rtpliveamantops.com smspromotions.org marsdigihub.com syedmukhtar.com houseflix.cloud dkgblonyah.site luislocksmith.com smarted.co kittens4sale.us kaayu.us dapatangpau-nagajp882024.online mysteri-boxwin38.online wphealth.solutions energoominings.org ampify.bio ligototo.pro bestgradepaper.com khurjacrockery.com dominateltd.com allekitools.com seralpaketleme.com stephaniesonnleitner.com ptc-academy.com gosalaktoto.com maindiemas.com kikenner.com rtprekor.com quickprofitsfrominternet.com mahansg.com regicorp.com rtprekor777.com mainkesalak.com sloanenyc.com vpnapi36.com suryadanza.com blackmeninfashions.com vocomedy.com mdn168.com apkrusuntogel.com maindisalak.com rtpliveultraslot777m.com laprimaradice.com bytezenx.com rtpliveamanslot.com rtpliveultraslott777.com www.rtprekor805.com rtprekor805.com cheatjoki.shop odstm.com maxwinrusuntogel.com southflix.cloud jaronmusicgroup.com alimousait.com worldtradeorganisation.org coopacsani.com rtpultraslot777k.com landingwdnaga.online popshirtshop.com sonicflix.cloud eastflix.cloud angkajiturusuntogel.com rtp-rusuntogel.com itoflix.cloud bookstovoices.com sadflix.cloud glowflix.cloud goatflix.cloud alnasrenterprises.com roronoa.cloud playboxx.online westflix.cloud aceflix.cloud totoflix.cloud seoflix.cloud monflix.cloud bobaflix.cloud ultraflix.cloud bionpharmagroups.com pmcamerica.org rtpultraslot777z.com pottflix.site tekflix.site maxxflix.site galflix.site kopflix.site ampbengkel138.com rtpbengkel138.vip misturaindia.com topicsify.com rtpbengkel138.art melaninmagicgifts.store mitierraverde.agency dreamworldresort.com.pk aldonportal.com themoneyvoice.com iotypro.net gershongroupinc.net retrointeriorsinc.net blueorangeconsultancy.net assureinterior.com artistic-interiorinc.com tomlinsoncannon.com courtneystonerdesigns.com susan-lachance.com socointerior.com hallenholmes.com maidswaycleaning.com masterpieceinterior.com interiorstalent.com interiorsdesignwest.com yachtinteriorsshelley.com boca-kitchens.com juanycleaningservices.com elevationhomebuildersinc.com emeraldrebath.com fhdstylesinteriors.com gacorolxtoto.net cinteriors-florida.com sugarbeachinterior.com mlmgroupestate.com ultimatebsdesigns.com kembleinterior.com emas36asli.com api36amp.com prudentialequity.com cidfacilityservice.com stoeckiglandscape.com leoslandtreeservice.com yemtrust.com onyxmedigroup.com formandfilms.com chaselight.us wirtdesigngroup.com swansonollisinc.com maritimedesignarch.com magnikalmaninterior.com bpf-design.com group4designinc.com jaaarchitectural.com klawiterassociates.com ricearchitectllc.com theprestonpartnershipllc.com creativesourcesphoto.com carltonfieldspa.com sultrysync.com stronglandscapes.com southeastspreadingcompany.com heritagephotographylp.com mbphotoshelter.com rosestudioinc.com faucetfortune.com wellcraftconstruct.com brpharch.com www.fiscusproductionphoto.com fiscusproductionphoto.com babysfirstphoto.com www.babysfirstphoto.com bengkel138.online www.bengkel138.online kawsarcomputer.com dyna-merch.com anythinganytimezm.com rekorkan.site rtprusuntoto.net bestpromo.live rtpaman88.info bulktextingtools.online sellaty.com passionstoabundance.com rtpbengkel138.xyz adstrim.app olxtotonihbos.vip olxtotogrub.com rtpaman88bet.xyz rtpemas36.today rtpapi36.today alkaramahmasr.com thefashionlodge.com horrorcreep.com modernfootera.com rtprusuntogel.com bobalicious.store rtprekor.online asolodk47.com sheshinesdigital.com massivedinamic.com yajmst.com pahadi.blog dashingclothing.com luckyspinsikowd.com hellflix.online twistflix.online patflix.online kanflix.online rtpbengkel138.pro bestpromosol.live manaratalofoq.com kipflix.online penflix.online kurflix.online ideaink.art discountpromo.live rtpapi36.com tehflix.online yuflix.online pringflix.online kenflix.online rtpbengkel138.com cheapairportcarrental.com rtpslotaman88.com geservesmi.com vpnsalak.com vpnemas.com demo.betindia.pro antiboncos3jp.site promosolution.site geniushubpaper.com cepuin.online ligototo.fun doyenassociatesbd.com tlsinboundxmailchannel.com beecombconsulting.com salakcuan.com serogation.com sentuhanlembut.click mangkokpetir.click minumanringan.click pejuangmahkota.click pecahpetir.click incespergi.click petakumpat.click papahzeus.click petirmanja.click botolpetircuy.click gulunganinces.click kacamatapetir.click juaranyapetir.click jajananpetir.click kilatanpetir.click kakekganggur.click kakeksalto.click faketaxi.click kalengpetir.click rotitawar.click tinggigaya.click tidakperlu.click tenangjiwa.click kotakkosong.click banyakgaya.click penyejukhati.click akactllc.com vacalling.com readyskip.com betindia.pro energysurvive.live thebloungerw.com virtualjetx.com blackjetx.com 4rabrand.com researchwritingsolutions.com rtprusuntogel.xyz fames.zone upinbet.vip rineer.design www.hueluxe.live hueluxe.live dadsec.space ultraslot777.cloud astromokshith.com intellectpaper.com broadwayinvestmentmgtltd.com creczer.com sporttimedeals.com newfastgame.com rusungg.com jawdaconsultant.elnadaonline.com www.jawdaconsultant.elnadaonline.com techwowza.com www.rtpbengkel138.live rtpbengkel138.live lowry-associates.com www.fess.brosbrain.com fess.brosbrain.com deshiinfluencer.com liveastrologyservices.com

Open Ports Detected

2079 2082 2083 21 26 443 465 587 80 995

CVEs Detected

CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331

Map

Whois Information

• NetRange: 66.29.128.0 - 66.29.159.255
• CIDR: 66.29.128.0/19
• NetName: NAMEC-4
• NetHandle: NET-66-29-128-0-1
• Parent: NET66 (NET-66-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Namecheap, Inc. (NAMEC-4)
• RegDate: 2021-03-05
• Updated: 2021-03-05
• Ref: https://rdap.arin.net/registry/ip/66.29.128.0
• OrgName: Namecheap, Inc.
• OrgId: NAMEC-4
• Address: 11400 W. Olympic Blvd. Suite 200
• City: Los Angeles
• StateProv: CA
• PostalCode: 90064
• Country: US
• RegDate: 2011-01-28
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/NAMEC-4
• OrgAbuseHandle: ABUSE2885-ARIN
• OrgAbuseName: Abuse team
• OrgAbusePhone: +1-323-375-2822
• OrgAbuseEmail: abuse@namecheaphosting.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2885-ARIN
• OrgTechHandle: EFIME-ARIN
• OrgTechName: Efimenko, Igor
• OrgTechPhone: +1-323-375-2822
• OrgTechEmail: igor.e@namecheap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/EFIME-ARIN
• OrgTechHandle: TECHT4-ARIN
• OrgTechName: Tech team
• OrgTechPhone: +1-323-375-2822
• OrgTechEmail: tech@namecheaphosting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHT4-ARIN
• network:Class-Name:network
• network:Auth-Area:66.29.137.0/24
• network:ID:NET-184494.66.29.137.55
• network:IP-Network:66.29.137.55
• network:IP-Network-Block:66.29.137.55
• network:Org-Name:Web-hosting.com
• network:Street-Address:3402 East University Drive
• network:City:Phoenix
• network:State:AZ
• network:Postal-Code:85034
• network:Country-Code:US
• network:Tech-Contact:MAINT-184494.66.29.137.55
• network:Created:20210526105246000
• network:Updated:20210528134522000
• network:Updated-By:net-admin@namecheap.com
• contact:POC-Name:Network team
• contact:POC-Email:net-admin@namecheap.com
• contact:POC-Phone:
• contact:Tech-Name:Network team
• contact:Tech-Email:net-admin@namecheap.com
• contact:Tech-Phone:
• contact:Abuse-Name:Abuse team
• contact:Abuse-Email:abuse@namecheaphosting.com

Links to attack logs

****** ****** ******