66.81.203.133 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 66.81.203.133 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1010 - Application Window Discovery, T1012 - Query Registry, T1031 - Modify Existing Service, T1036 - Masquerading, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1060 - Registry Run Keys / Startup Folder, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1091 - Replication Through Removable Media, T1120 - Peripheral Device Discovery, T1129 - Shared Modules, T1143 - Hidden Window, T1147 - Hidden Users, T1158 - Hidden Files and Directories, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1574 - Hijack Execution Flow

• Tags: aaaa, aaaa nxdomain, abuse contact, accept, access ta0001, address, a domains, alexa, alexa top, algorithm, all scoreblue, all search, analyzer paste, analyzer threat, apache, apex lehends, archive, arial, as15169 google, as16276, as16342 toya, as16509, as198921, as202425 ip, as20940, as29686 probe, as3215 orange, as36352, as3842 inmotion, as40676 psychz, as4230 claro, as44273 host, as46606, as50599, as53667, as5617 orange, as63949 linode, as8075, asn as16342, asnone, asnone united, a td, august, av detections, azorult, backdoor, bank, blacklist, body, body doctype, body html, browsing, buckler, bush, campaign, checkin, cisco umbrella, cname, co20230203, cobalt strike, code, contact email, contact phone, contained, content, content length, copy, country, crack, crack serial, create c, creation date, cryptexportkey, cus olet, cyber threat, data, data redacted, date, date hash, ddos, defense evasion, detection list, dlls defense, dll sideloading, dlls privilege, dns replication, dns resolutions, dnssec, dock, domain, domain check, domain name, domain status, dostpne jzyki, download, downloader, download full, dynamicloader, email, emails, emotet, encrypt, encrypt cne1, engineering, entries, error, evasion, executable, expiration date, expiry date, exploit, ezcrack all, facebook, file, filehash, files, file samples, files copied, files domain, files dropped, files ip, files location, files matching, files related, first, flag united, flow t1574, formbook cnc, france unknown, fraud risk, free, generic windos, germany, germany unknown, gmt content, gmt contenttype, gmt server, google domain, google safe, grum, gustier, hacktool, hash, hashes, head body, header intel, head title, high, high defense, historical ssl, hostname, hostnames, html public, ids detections, ietfdtd html, info compiler, infrastructure, intel, internet mobile, invalid url, iocs, ip address, ip summary, ip traffic, ipv4, just, key algorithm, key info, keys license, kingdom unknown, language, location poland, luna moth, mail spammer, malicious, malicious site, maltiverse, malware, malware trojan, media t1091, medium, memcommit, menu files, meta, meta http, microsoft stuff, million, mitre att, modify existing, module load, modyfikuj stref, moved, ms windows, mtb feb, mtb mar, mx a, name, name md5, name servers, namesilo, next, number, nxdomain, ordination, os2 executable, otx scoreblue, overview ip, passive dns, pe32 executable, pe resource, phishing, please, pointers, poland unknown, posix tar, postal code, pragma, privacy, privacy admin, privacy create, privacy tech, problems, products id, provides, pulse pulses, pulse submit, pungency, push, query, query time, read c, record type, record value, redacted for, referrer, registrant fax, registrar, registrar abuse, registrar iana, registrar url, registry, related, related nids, related pulses, replication, reverse dns, runescape, safe site, sample, samplepath, samples, sapphire, scan endpoints, script, script domains, script urls, search, server, service, sha256, shellexecuteexw, show, showing, singapore asn, site, site kit, software, softwares, spawns, stateprovince, status, stream, subject public, summary, suppobox, support, susp, suspicious, switch dns, t1031, t1055, t1055 spawns, table, td td, td tr, team, team phishing, telefonica co, threat network, title, title head, tofsee, traffic, trojan, trojandropper, trojan features, trojanspy, tr table, tr tr, ttl value, type, type name, type texthtml, udp a83f8110, united, united kingdom, unknown, updated date, url analysis, url https, urls, urls http, url summary, user, utwrz stref, v3 serial, validity, vary, verdict, version crack, virgin islands, virtool, whitelisted, whois lookup, win16 ne, win32, win32botgor, win32 exe, win32mofksys, win32qqpass, win32salgorea, win32tofsee, win32vb, window, windows, winhttp authip, wordpress site, worm, worm worm, write, write c, writeconsolew, written c, x00x00, yara detections, yara rule, zbot

• View other sources: Spamhaus VirusTotal

• Country: British Virgin Islands
• Network:
• Noticed: 5 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America

Malware Detected on Host

Count: 15 768c3fc59589decb6f742ed3ecff533800da9952b0d0d658f51c2fbade5562fb f3c2569b4a2b5e9e4fd5da6ce1c6034be648cf113ce11619fccba10abafe86fe f506144ea262f567871f20b83ce4f3d64f7b699e8204d27ada2c696097db324a 4f9cae3b5a0a3ec8ca2bcd36eb5d16fc31bcc9925d7a50e255a2af1ad04bad72 d330c8e023b24928dc2beb0a855a16eb5eef5e3717d0c4f2ac57a36e1b1a6eee a705f73de418d3167f2368de48a70fddb3190ca01897ad3c475f68fb4ad913ce 325d20b0f3ae873bcbad00fdc6a8010e5f8f6a53cf6e17af246a8c67d2355933 29f413d122242f76652e2abbe94627cbb769d66ecb147a3cd25c078f2973a7f8 d95371b57a86d8207c1ed0f5c7194b9186225d9bb3e5d8da61a2458571755118 161cabd0f35cf74bb15854ae1cfd65c370dc2fdfa9ad8a82ae5cca91421a8a9b

Open Ports Detected

80

CVEs Detected

CVE-2018-16845 CVE-2019-20372 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 CVE-2021-23017 CVE-2021-3618 CVE-2023-44487 CVE-2025-23419

Map

Whois Information

• NetRange: 66.81.192.0 - 66.81.207.255
• CIDR: 66.81.192.0/20
• NetName: CN
• NetHandle: NET-66-81-192-0-1
• Parent: NET66 (NET-66-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Confluence Networks Inc (CN)
• RegDate: 2017-01-23
• Updated: 2021-03-10
• Comment: Hosted in Austin TX
• Ref: https://rdap.arin.net/registry/ip/66.81.192.0
• OrgName: Confluence Networks Inc
• OrgId: CN
• Address: 3rd Floor, J & C Building, P.O. Box 362
• City: Road Town
• StateProv: Tortola
• PostalCode: VG1110
• Country: VG
• RegDate: 2011-04-07
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CN
• OrgNOCHandle: NOCAD51-ARIN
• OrgNOCName: NOC Admin
• OrgNOCPhone: +1-415-358-0891
• OrgNOCEmail: noc@confluence-networks.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOCAD51-ARIN
• OrgTechHandle: TECHA29-ARIN
• OrgTechName: Tech Admin
• OrgTechPhone: +1-415-358-0891
• OrgTechEmail: noc@confluence-networks.com
• OrgTechRef: https://rdap.arin.net/registry/entity/TECHA29-ARIN
• OrgAbuseHandle: ABUSE3065-ARIN
• OrgAbuseName: Abuse Admin
• OrgAbusePhone: +1-415-449-4704
• OrgAbuseEmail: abuse@confluence-networks.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3065-ARIN