66.81.203.8 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 66.81.203.8 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 70/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: British Virgin Islands
- Noticed: 5 times
- Protocols Attacked: SSH
- Countries Attacked: United States of America
- Open Ports: 80
- Tor Node: No
- Associated Malware Samples: 9
Tags
- aaaa
- aaaa nxdomain
- abuse contact
- accept
- access ta0001
- address
- a domains
- alexa
- alexa top
- algorithm
- all scoreblue
- all search
- analyzer paste
- analyzer threat
- apache
- apex lehends
- archive
- arial
- as15169 google
- as16276
- as16342 toya
- as16509
- as198921
- as202425 ip
- as20940
- as29686 probe
- as3215 orange
- as36352
- as3842 inmotion
- as40676 psychz
- as4230 claro
- as44273 host
- as46606
- as50599
- as53667
- as5617 orange
- as63949 linode
- as8075
- asn as16342
- asnone
- asnone united
- a td
- august
- av detections
- azorult
- backdoor
- bank
- blacklist
- body
- body doctype
- body html
- browsing
- buckler
- bush
- campaign
- checkin
- cisco umbrella
- cname
- co20230203
- cobalt strike
- code
- contact email
- contact phone
- contained
- content
- content length
- copy
- country
- crack
- crack serial
- create c
- creation date
- cryptexportkey
- cus olet
- cyber threat
- data
- data redacted
- date
- date hash
- ddos
- defense evasion
- detection list
- dlls defense
- dll sideloading
- dlls privilege
- dns replication
- dns resolutions
- dnssec
- dock
- domain
- domain check
- domain name
- domain status
- dostpne jzyki
- download
- downloader
- download full
- dynamicloader
- emails
- emotet
- encrypt
- encrypt cne1
- engineering
- entries
- error
- evasion
- executable
- expiration date
- expiry date
- exploit
- ezcrack all
- file
- filehash
- files
- file samples
- files copied
- files domain
- files dropped
- files ip
- files location
- files matching
- files related
- first
- flag united
- flow t1574
- formbook cnc
- france unknown
- fraud risk
- free
- generic windos
- germany
- germany unknown
- gmt content
- gmt contenttype
- gmt server
- google domain
- google safe
- grum
- gustier
- hacktool
- hash
- hashes
- head body
- header intel
- head title
- high
- high defense
- historical ssl
- hostname
- hostnames
- html public
- ids detections
- ietfdtd html
- info compiler
- infrastructure
- intel
- internet mobile
- invalid url
- iocs
- ip address
- ip summary
- ip traffic
- ipv4
- just
- key algorithm
- key info
- keys license
- kingdom unknown
- language
- location poland
- luna moth
- mail spammer
- malicious
- malicious site
- maltiverse
- malware
- malware trojan
- media t1091
- medium
- memcommit
- menu files
- meta
- meta http
- microsoft stuff
- million
- mitre att
- modify existing
- module load
- modyfikuj stref
- moved
- ms windows
- mtb feb
- mtb mar
- mx a
- name
- name md5
- name servers
- namesilo
- next
- number
- nxdomain
- ordination
- os2 executable
- otx scoreblue
- overview ip
- passive dns
- pe32 executable
- pe resource
- phishing
- please
- pointers
- poland unknown
- posix tar
- postal code
- pragma
- privacy
- privacy admin
- privacy create
- privacy tech
- problems
- products id
- provides
- pulse pulses
- pulse submit
- pungency
- push
- query
- query time
- read c
- record type
- record value
- redacted for
- referrer
- registrant fax
- registrar
- registrar abuse
- registrar iana
- registrar url
- registry
- related
- related nids
- related pulses
- replication
- reverse dns
- runescape
- safe site
- sample
- samplepath
- samples
- sapphire
- scan endpoints
- script
- script domains
- script urls
- search
- server
- service
- sha256
- shellexecuteexw
- show
- showing
- singapore asn
- site
- site kit
- software
- softwares
- spawns
- stateprovince
- status
- stream
- subject public
- summary
- suppobox
- support
- susp
- suspicious
- switch dns
- t1031
- t1055
- t1055 spawns
- table
- td td
- td tr
- team
- team phishing
- telefonica co
- threat network
- title
- title head
- tofsee
- traffic
- trojan
- trojandropper
- trojan features
- trojanspy
- tr table
- tr tr
- ttl value
- type
- type name
- type texthtml
- udp a83f8110
- united
- united kingdom
- unknown
- updated date
- url analysis
- url https
- urls
- urls http
- url summary
- user
- utwrz stref
- v3 serial
- validity
- vary
- verdict
- version crack
- virgin islands
- virtool
- whitelisted
- whois lookup
- win16 ne
- win32
- win32botgor
- win32 exe
- win32mofksys
- win32qqpass
- win32salgorea
- win32tofsee
- win32vb
- window
- windows
- winhttp authip
- wordpress site
- worm
- worm worm
- write
- write c
- writeconsolew
- written c
- x00x00
- yara detections
- yara rule
- zbot
MITRE ATT&CK TTPs
- T1010 - Application Window Discovery
- T1012 - Query Registry
- T1031 - Modify Existing Service
- T1036 - Masquerading
- T1045 - Software Packing
- T1053 - Scheduled Task/Job
- T1055 - Process Injection
- T1060 - Registry Run Keys / Startup Folder
- T1082 - System Information Discovery
- T1083 - File and Directory Discovery
- T1091 - Replication Through Removable Media
- T1120 - Peripheral Device Discovery
- T1129 - Shared Modules
- T1143 - Hidden Window
- T1147 - Hidden Users
- T1158 - Hidden Files and Directories
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1497 - Virtualization/Sandbox Evasion
- T1574 - Hijack Execution Flow
Associated CVEs
- CVE-2018-16845
Passive DNS
- supermercadoida.com
Whois Information
NetRange: 66.81.192.0 - 66.81.207.255
CIDR: 66.81.192.0/20
NetName: CN
NetHandle: NET-66-81-192-0-1
Parent: NET66 (NET-66-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Confluence Networks Inc (CN)
RegDate: 2017-01-23
Updated: 2021-03-10
Comment: Hosted in Austin TX
Ref: https://rdap.arin.net/registry/ip/66.81.192.0
OrgName: Confluence Networks Inc
OrgId: CN
Address: 3rd Floor, J & C Building, P.O. Box 362
City: Road Town
StateProv: Tortola
PostalCode: VG1110
Country: VG
RegDate: 2011-04-07
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/CN
OrgAbuseHandle: ABUSE3065-ARIN
OrgAbuseName: Abuse Admin
OrgAbusePhone: +1-415-449-4704
OrgAbuseEmail: abuse@confluence-networks.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3065-ARIN
OrgTechHandle: TECHA29-ARIN
OrgTechName: Tech Admin
OrgTechPhone: +1-415-358-0891
OrgTechEmail: noc@confluence-networks.com
OrgTechRef: https://rdap.arin.net/registry/entity/TECHA29-ARIN
OrgNOCHandle: NOCAD51-ARIN
OrgNOCName: NOC Admin
OrgNOCPhone: +1-415-358-0891
OrgNOCEmail: noc@confluence-networks.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOCAD51-ARIN