66.85.132.138 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 66.85.132.138 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 64/100

Host and Network Information

• Mitre ATT&CK IDs: T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol, T1053.005 - Scheduled Task, T1055.012 - Process Hollowing, T1055 - Process Injection, T1056.001 - Keylogging, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1087.001 - Local Account, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1113 - Screen Capture, T1115 - Clipboard Data, T1140 - Deobfuscate/Decode Files or Information, T1185 - Man in the Browser, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1547.001 - Registry Run Keys / Startup Folder, T1555.003 - Credentials from Web Browsers, T1555 - Credentials from Password Stores, T1560 - Archive Collected Data, T1562.001 - Disable or Modify Tools, T1564.001 - Hidden Files and Directories, T1564.003 - Hidden Window, T1566.001 - Spearphishing Attachment

• Tags: agenttesla, Agent Tesla, asec, asec blog, avemaria, cloudeye, emotet, formbook, guloader, invoice, lokibot, nanocore, nsis, purchase order, qakbot, RAT, remcos, Spyware, trickbot, Troajn, xlsx

• JARM: 29d29d00029d29d00042d43d00041d598ac0c1012db967bb1ad0ff2491b3ae

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 2 times
• Protocols Attacked: SSH
• Passive DNS Results: app.nawrinenterprise.com www.app.nawrinenterprise.com wen-side.com wp.dreamitworld.com www.wp.dreamitworld.com newgenerationbd.com wvcdhaka.com www.paynownew.azcoderslab.com academix.g-nx.com www.academix.g-nx.com anacorporation.com.bd onlinesubscriptionsstore.com.careernstudy.com www.onlinesubscriptionsstore.com.careernstudy.com www.khidmasanitary.com.osadharon.com khidmasanitary.com.osadharon.com hawladerenterprise.com.osadharon.com www.hawladerenterprise.com.osadharon.com apps.alzadidmodelmadrasah.com www.apps.alzadidmodelmadrasah.com www.abdullah.zamancatering.com abdullah.zamancatering.com kspstylezone.com www.bricks.dreamtechbd.xyz bricks.dreamtechbd.xyz www.html.dreamitworld.com html.dreamitworld.com marketingmap360.com www.marketingmap360.com www.pcrm.azcoderslab.com computerpricebd.com precisionbakeryfood.com www.new.fancytrade.com.bd new.fancytrade.com.bd newspaper.fahadbhuyian.com www.newspaper.fahadbhuyian.com fresh.edotshop.online www.fresh.edotshop.online karmominternational.com cravsol.com www.charchokh.prashaddey.com dreamitworld.com easy.access.onedrive.bikroyik.com www.easy.access.onedrive.bikroyik.com www.bsigfm.g-nx.com bsigfm.g-nx.com maishaenterprise.com geniustechnologybd.com edgzen.com adibinstitute.com www.demo.mobipay.bikroyik.com demo.mobipay.bikroyik.com swift-byte.com www.test.dotzfashion.xyz test.dotzfashion.xyz evershine.com.bd ssagronursery.com www.vote.bikroyik.com vote.bikroyik.com quizexam.com.bd desherswad.com llb.buradio.org www.llb.buradio.org www.tksv.futurejobbd.com www.demo1.futurejobbd.com www.boom.futurejobbd.com www.hhr-tools.futurejobbd.com www.hisab.futurejobbd.com www.soft.naharfashion.xyz soft.naharfashion.xyz puretasteofheaven.com mahmudmishu.com.pixldigi.com mahmudmishu.com www.mahmudmishu.com.pixldigi.com donebly.com globaltrimssolution.com api.realstate.moon-nest.com www.api.realstate.moon-nest.com spaceenterprisebd.com besayeed.com zodevs.com mitchaelfoodandbeveragecompanyltd.com yammystation.xyz bmc.swift-byte.com www.bmc.swift-byte.com gss.dreamtechbd.xyz www.gss.dreamtechbd.xyz lindaservices.com charchokh.com.prashaddey.com www.charchokh.com.prashaddey.com velentica.com kanontraders.com maathaiglass.com precisionbeautyshop.com hadiyahstore.com kspshoppingcentre.com travelsquadco.ltd mitchaelinternationalcompanyltd.com dailyprothombangla.com quizexam.net maimunabd.com alhudanooranisikkhafoundation.com goldbellbd.com craftxone.com nawaimport.com sulubricants.com smmservicesusa.com app.buradio.org salehakon.com bangladeshrentacar.com imrancomputer.com www.ellipticalview.com lamorefashion.com texbari.com asiaadmission.com isfatexbd.com tecbabamun.com aswadabayas.com allelist.com polomshopbd.com slbcci.com renessus.com msjoydebtraders.com techovamart.com smartglassbd.com srsapprales.com netmaxgroup.com panibd.com souqalamal.com alfachemicalsbd.com rakibmotors.com realassetdevelopers.com gadgethubbd.com lavunebd.com flooringdxb.com masuddigitalit.com hawladerenterprise.com sharminakter.info younusmridha.com eidsalami.com naturafoodsbd.com www.gramghor.com pencilielts.com madrasatulmadinaarabirahman.com krishishebabd.com researchmaxplc.com www.test.thixl.com test.thixl.com mmleatherbd.com nu.penciledu.com www.nu.penciledu.com innresortgroup.com fbhpropertiesltd.com iamsagor.com nextsparkit.com hopesafbd.org goodslyshop.com dunconsultant.com besttrimssolutions.com zapooz.rimonislam.com www.zapooz.rimonislam.com zapooz.com aponstudy.xyz educationaltour.xyz www.newspaper.asrafuddowla.com newspaper.asrafuddowla.com naairahs.com www.new.soe.com.bd new.soe.com.bd atsenergybd.com luxewoodstudioos.com aussiefoods.net digitecbd.net eraarabiallc.com easilymoneyincome.com cottonbazarbd.com www.raiyans.academy.khs2010welfare.org raiyans.academy.khs2010welfare.org imageprocessinghouse.com appleid.billing.bluepsilon.org abuni.info australiafartilizer.com desi-dua.com starcommunicationsbdnet.com eagleeyeapparelsinc.com withisrat.com drivingschoolbd.com symontech.com teachingtreasure.com kathalbaganhotlinkbd.com rangopuremh.com aiimagrovet.com shopmosaddek.com www.wpblankbkp1.mrictpark.com wpblankbkp1.mrictpark.com ecorecycleworldwide.com geogroupbd.net hobbydecords.com mirzasbeg.com g-nx.com shongkkhomoyee.com syranco.com bismillahenterprise.net atharobaki.com rehadhasan.com pseischool.com dynamicecom.com creativesoft.online adcoltdsa.com dhakaidealcadetmadrasahedu.com wayfareres.com trendtidebd.com idealtechnologybd.com phclbd.com usasellshop.com www.gds.dreamtechbd.xyz www.xbinary01.dreamtechbd.xyz www.sapaiker.dreamtechbd.xyz www.seeworld.dreamtechbd.xyz corona-pharma.com repabbd.com www.studentportal.infra.edu.bd healthpoint02.com servicesnap.net rupshafilms.com homoeobarta.com nawrinenterprise.com vimoai.com.ornach.com www.vimoai.com.ornach.com vimoai.com pacifico.asrafuddowla.com www.pacifico.asrafuddowla.com www.server1.quicksms.xyz merchantbd.online shuzog.nipponedubd.com www.shuzog.nipponedubd.com trendife.com www.brandonheath.net www.pb.dreamtechbd.xyz pb.dreamtechbd.xyz www.pos.bikroyik.com pos.bikroyik.com vastra-bd.com lowdemandshop.com www.n.ieltsrazu.com n.ieltsrazu.com ojifa.com www.digitalsignage.bikroyik.com digitalsignage.bikroyik.com dotzsolution.com mdjamilahmmed.com nasirpolytechnic.edu.bd test.bibahabondhon.com www.test.bibahabondhon.com arifenterprisebd.com restoora.online www.alibaba.thixl.com alibaba.thixl.com www.products.futurejobbd.com products.futurejobbd.com berfin.dreamtechbd.xyz www.berfin.dreamtechbd.xyz www.astonish2.dreamtechbd.xyz www.exportbazar.dreamtechbd.xyz www.ebd.dreamtechbd.xyz www.astonish1.dreamtechbd.xyz dreamtechbd.xyz www.ssh.dreamtechbd.xyz www.elah.dreamtechbd.xyz hbsnursingcare.com tsyarntrading.com tanjimulquranislamicaccademy.com jason-technology.com www.startise.asrafuddowla.com startise.asrafuddowla.com ptisbd.com hameemtextilesltd.com indsolbd.com expertsacademia.com choyagency.com www.shop.mrahmanagrocomplex.com shop.mrahmanagrocomplex.com www.zeluxiabd.dreamtechbd.xyz zeluxiabd.dreamtechbd.xyz ferraribd.com aliflailashop.com www.digital.futurejobbd.com digital.futurejobbd.com alzadidmodelmadrasah.com holysmells.com zamancatering.com girlvinebd.com livegamepctv.com techastrology.com ar-rahmanintl.com shohozmarket.com bichitracosmetic.com shatabdibsl.com muhitksa.com maktexbd.com azmainsrizon.com princeitpark.com demopos.dotzdemo.xyz www.demopos.dotzdemo.xyz alazadi.com prashaddey.com www.anex.dotzshoe.xyz ssf.dreamtechbd.xyz www.ssf.dreamtechbd.xyz pastelbeauty.store bluepsilon.org gramghor.com fujielevate.com www.saafi.dreamtechbd.xyz saafi.dreamtechbd.xyz futurejobbd.com eurobdsolution.com northcityabason.com soft.aziziaislamiamadrasah.com www.soft.aziziaislamiamadrasah.com toyfactorybd.com exportmartbd.com djourneysbd.com paisaajnu.com digicombd.com dotmaxbd.com saimul-islam.com omartechapps.com www.gari.azcoderslab.com api.ujjalflourmills.com www.api.ujjalflourmills.com globalciviltechltd.com blessinggroup.net www.brownhide.dreamtechbd.xyz brownhide.dreamtechbd.xyz mpgbimstec.org villagegroupbd.com bab-bd.com www.services.idealtechbd.com services.idealtechbd.com testmah.dotzdemo.xyz www.testmah.dotzdemo.xyz app.luckynumberuae.com www.app.luckynumberuae.com test.designfixity.com www.test.designfixity.com petchoicebd.com safoodproduct.com a2zpocketbazar.com dokhalaagro.com enovainterior.com fingermoney.com fclstore.com taffoodproducts.com luckynumberuae.com www.bdprimenews.com welloptionbd.com aadevgroup.com taxationlinkbd.com hstilesbd.com hhbricks.com float-value.com fbhtrip.com www.mimismparking.com fbhltd.com roxypaints.net infaabd.com kurimart.com citymusicbd.com bdprimenews.com fishagentapp.com marriagemedia24.com lakdhanavi.com.bd test.abmgsac.com www.test.abmgsac.com epaper.dainiknotunkhobor.com asrafuddowla.com demo.bikroyik.com www.demo.bikroyik.com jolsiri.com deenhajjkafela.com bisshopratidin.com www.soft.alisramadrasah.com bithifood.com elmottib.com kajlawn.com rsc.dreamtechbd.xyz www.rsc.dreamtechbd.xyz arafatnahid.top assuffahacademy.com lotusfashionbd.com www.alumni.infra.edu.bd www.jobportal.infra.edu.bd aljabalbd.com www.test.silverdevelopersltd.com test.silverdevelopersltd.com parthoent.com alisramadrasah.com onlinesubscriptionsstore.com farazshopbd.com www.sms.dreamtechbd.xyz sms.dreamtechbd.xyz quickdealbd.com grameenbangla.com fbhlimited.com softtecfirm.com fitgear.uk befbd.org deshifashionhouse.com mavenrabiul.com fbhgroupbd.com fbhorganic.com demo.tcl-bd.com www.demo.tcl-bd.com test.dreamtechbd.xyz www.test.dreamtechbd.xyz tahacollection.com abhimohajan.com ronstechbd.com www.pos.mhrafi.xyz kg-visa.com ajefashionbd.com acibdchapter.org www.gbs.dreamtechbd.xyz gbs.dreamtechbd.xyz assaiffoundation.com neyamat.com 7k7bd.com talentsharebd.com samranwellness.com aamfah.com www.demos.ahrintl-pvt.com dnba.ahrintl-pvt.com theengineeringmax.com www.elearning.infra.edu.bd elearning.infra.edu.bd www.bingo.dreamtechbd.xyz bingo.dreamtechbd.xyz rakibbin.com premiumlawbd.com suptosumon.com prolinkinternational.com kiptus.com voiceofnatore.com raisababytime.com sdagrocare.com alphatelsoft.com news247stream.com www.grandtraders.net www.techrevoinno.com www.divinetradelinkbd.com www.ishop.creativesoftbd.com ishop.creativesoftbd.com noneeddiet.com reciperofl.com clickodemy.com portal.dhopahouse.com www.portal.dhopahouse.com real-earn.online sportsonpctv.com sportstelecasttv.com khidmatulfoods.com arthirituraj.com nbmfwt.org www.bonpara.net sportslivestv.com app-tryst.app motherliftslimited.com mariabd.com pay.ywca-bd.org grandtraders.net ariseltd.online borolooks.com bangalikhaana.com drarifabillah.com thedivinebd.com research-max.com onboardwork.com evercarediagnosticcenter.com itbabu.online imaginarygambit.com techrevoinno.com roozahin.com divinetradelinkbd.com swapnochowa.com freedomlearningg.com s-vac.com purestoryoflife.com aziziaislamiamadrasah.com boihoichoi.com aroshebay.com chittagongtravelandhajjkafela.com alshamsbd.com miaziledstump.com rainbowconstandint.com artikotech.com giobaba.com laundrybangla.com tclagro.com dhopahouse.com newsjanata.com

Malware Detected on Host

Count: 5 b396f3f9fa5b3acac6ddbd6699ceeff35c671c1d0d595a69b187c2a107cd31eb c21c2d2186a54c66a7be284fadef65710a1b3afb123d96a4405e5bd9aa843087 106e360fa4467673bc46d467e7436c9cdee3d638cd14db8f5c8aff07fec90ebe 5b31952ea77969284cf28e0c670b4aa9f875a93af1c3fb02b0265bcea5a63921 a12c6c9f6c8e536fd4106195ef4b8e4bf3b2a95de10dc24eef8186af01ae4857

Open Ports Detected

110 143 2082 2083 2086 2087 21 443 465 53 80

CVEs Detected

CVE-2007-3205 CVE-2013-2220 CVE-2022-3559 CVE-2022-3620 CVE-2022-4900 CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 CVE-2023-42117 CVE-2023-42119 CVE-2023-51766 CVE-2024-25117 CVE-2024-3566 CVE-2024-39929 CVE-2024-5458

Map

Whois Information

• NetRange: 66.85.128.0 - 66.85.191.255
• CIDR: 66.85.128.0/18
• NetName: SS7
• NetHandle: NET-66-85-128-0-1
• Parent: NET66 (NET-66-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: SECURED SERVERS LLC (SSL-65)
• RegDate: 2011-08-18
• Updated: 2011-08-18
• Comment: www.SecuredServers.com - Support Available 24x7 via 1.866.354.5509
• Ref: https://rdap.arin.net/registry/ip/66.85.128.0
• OrgName: SECURED SERVERS LLC
• OrgId: SSL-65
• Address: 2353 W University Bldg A
• City: Tempe
• StateProv: AZ
• PostalCode: 85281
• Country: US
• RegDate: 2003-12-08
• Updated: 2025-07-07
• Ref: https://rdap.arin.net/registry/entity/SSL-65
• OrgTechHandle: IPADM294-ARIN
• OrgTechName: IPADMIN
• OrgTechPhone: +1-480-422-2031
• OrgTechEmail: ipadmin@phoenixnap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPADM294-ARIN
• OrgTechHandle: MUSGR48-ARIN
• OrgTechName: Musgrave, Brian
• OrgTechPhone: +1-480-401-0309
• OrgTechEmail: brianmu@phoenixnap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/MUSGR48-ARIN
• OrgTechHandle: MONTE41-ARIN
• OrgTechName: Montebello, Adrian
• OrgTechPhone: +35679305305
• OrgTechEmail: adrianm@phoenixnap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/MONTE41-ARIN
• OrgAbuseHandle: ABUSE1536-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-480-422-2022
• OrgAbuseEmail: abuse@phoenixnap.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1536-ARIN
• OrgTechHandle: PETRO182-ARIN
• OrgTechName: Petrovic, Dragan
• OrgTechPhone: +35677548965
• OrgTechEmail: draganp@phoenixnap.com
• OrgTechRef: https://rdap.arin.net/registry/entity/PETRO182-ARIN

Links to attack logs

****** ****** ******