66.96.147.111 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 66.96.147.111 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 59/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1057 - Process Discovery, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1480 - Execution Guardrails, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure

• Tags: Alberta, analysis, ansi, api key, apt, ck id, click, close, command decode, comspec, contact, CrimeStoppers AB, date, download, Edmonton Police Services, emulation, encrypt, entity, EPS, extraction, general, hash seen, hosts, hybrid, hybrid analysis, indicator of compromise, ioc, javascript, malware, model, mozi, online, path, pcap, pcap processing, platform, please, please note, prefetch8 ansi, ransomware, RCMP, RCMP AB, sample, sandbox, show process, static, strings, submit, suspicious, threat level, trojan, vetting process, virus, vxstream, win64

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_emd, hphosts_psh

• Country: United States
• Network:
• Noticed: 2 times
• Protocols Attacked: SSH
• Countries Attacked: Canada
• Passive DNS Results: cesoftlimited.com adammiranda.com gplfunds.com mannequinartonline.net amaggiepinemystery.com ctlhomerepairservice.com silverfernps.com www.stopnfixit.net dan4strath.com jjyosh.com kyogafoundationug.org autosavingswise.com shopifysnipers.com www.www.smithglobalcommerce.com outsourceglobalinc.com omanbeautyrituals.com retroglamor.com barcud.org plastic-granulators.net greenstoryfarm.com godhasyourback.com alkisoda.com consultoresmontalvo.com reethm.com shineshowh2o.com limitlesslearningsolutions.com www.solidforce.us lizcleaning.com noordinaryhearts.com goldandsilver.info showerbombs.com interactiveadsmedia.com easttnbubblefun.com easttnsantaclaus.com easttnfacepaint.com vasukisn.com www.anjdesignsunlimited.com citest20250827011810.net connectwithcoachcrystal.com nrseptictankcleaning.com citest20250827011810.com www.beabridebp.com brayosis.com lifespringmassage.com www.hydocounseling.com monicahaley.com gainesvilleroofingcontractor.com ffgvcverertfgh.org www.lakeminnetonkagardenclub.com mahmouddxb.com 4-horsemen.com decolonizing.org sqd.org.uk garcialaw.ca nathanielward.me cira.pe theshamanicbutterfly.com theshamanicchrysalis.com shamanicbutterfly.com psychedelic-butterfly.com www.westonhistoricalsociety.org aspenfiltration.com dinosaurfoamparty.com shamanic-rituals.com shamanicrituals.com gymleadsuae.com kinderdayshomecare.com greenlightdrivingschool.us aajung.com aajung4.com selfspanels.com redoaktexasgaragedoor.com fluffybuttfarm.org sidara.net idlovu.com fisherfaraday.com easy-streetllc.net pemfbliss.com cajunrattlerbaitcompany.com cajunrattler.com kinetikasystems.com maggiepine.org stembuddy.net texada.me theallancamp.com nexusdistributiongroup.com sweetbootybakery.com trialbypeers.org musicboxbooks.ca www.musicboxbooks.ca srinidhispices.com citest20250802045528.net solanorepublicanassembly.com themensgroup.net citest20250802045528.com leighmcounsellor.co.uk gate24show.com www.gate24show.com shavrefoods.com unicornairllc.com parabellummmaacademy.com highseasoman.com mensgroupai.com gallaghermasonryllc.com www.beneficioslatam.com mensgroupai.net mensgroupai.org hanneloreossig.ca alhorrya.net www.mikesoika.com andreawing.com www.somdhealthandlife.com ladder.sasjm.com tallow-pop.com patrickflores-scott.com dbcleveland.com leightonsurveyors.com zeiglerfamilyreunion.com kgaph.com buzwairegases.com mtranchbrokers.com mthuntinglands.com finmacgroup.com finmacholdings.com bluegridd.com dinosaurfoam.com firstrayofhope.org gatewayaccountancy.com meladevore.com monotheism4all.org www.thirtysixchambersconsulting.com lycaonentertainment.com nationalyouthconvention.com smartmoneytips.xyz all-aboard.online unicornairdrone.com bukidootech.com krivikar.com donatelmaefilhos.com richiesnetwork.com simple-3-etf-strategy.com viumvg.com ww.35.usafunithistory.com petiteblondine.com thetruepad.com altiushospitality.com darna-om.com landmediaagency.net novariscomputing.com qatestipgdpjun1.com qatestipgdppp17.com itsjustplanefun.org aivisualvault.com aipixiestudio.com aiavatarcreators.com ainomadmillionaire.com aibusinessmillionaire.com ainomadtools.com mypixiegirl.com mypixieai.com mynomaddream.com www.jennyshousefamilydaycare.com bosna1020.online conniestale.com www.dynastbrand.com www.subicgolf.com dynastbrand.com certifiedpotlights.com benefitseeking.com alabamadinosaurs.com aldinosauradventure.com aldinoadventure.com tennesseedinosaurs.com dinosaurlibraryprograms.com dinosaurlibraryprogram.com partywiththedinos.com partywiththedinosaurs.com gadinosauradventure.com backyarddinoparty.com georgiadinosaurs.com northgadinoadventure.com northgeorgiadinosaurs.com northgadinos.com kydinosauradventure.com kentuckydinosaurs.com kentuckydinosaurprogram.com corepointsms.com mgb-trans.com thegoodpathradio.com bigearsbranding.com certifiedpotlight.com wwww.kerian.com acscfze.com www.petebracey.com dispatchbot.us whisthall.com merakilymphatics.com hayleyshopefoundation.net djsilicones.com hayleyshopefoundation.info cheapratesdaily.com steelseamslesspipe.com hayleyshopefoundation.com jmrtr.com findautosavings.com thetudorroses.com themusiccure.com dash-uat.soldierforlife.army howabouthis.net cooperativecat.com emadehealthcompare.com prettybeehives.com yahoo2424.space digitalnomadhustle.com straightleginfantry.com sidehustleapproved.com pixiebright.com pixieadventure.com pixieadventurebooks.com pixiebrightpublishing.com eurosunwoodwork.nyc musicboxbooks.com boatchampions.com partywithdinos.com partywithdinosaurs.com backyarddinosaurparty.com backyarddinosaur.com imoneysaver.com vpfg.us vtcg.us angelencamino.com ventimigliatrust.com argoworkflow.mauriciojosesamayoa.com autoratesdeals.com compareratesusa.com myautocoverage.com medisapharam.com agmeneregy.com alfa-gmbh-de.com samandagostar.com besodoco.com fpe.company aager-de.com hozartintl.com electroganco.com alserats.biz technosolving-it.com shinestars-steel.com samic-it.com shahrekrodcement.com vereve-dev.com hunssd.com maham-groups.com mahaadpetroparagas.com great-pipes.com ghunutr.com omranasazan.com leslyecosmetics.com dropratestoday.com roshadaraoo.com tefelen-preissinger-de.com tjpca-pc.com veerjitandoor.com veerjirestaurant.com hydro2kingz.com zarasim.com siruma.gov.ph sbw-menna.com sbw-turbor.com ipec-ir.com newsavingsusa.com www.coworkingalphard.com sacredbotanicalbeauty.com www.autobusesmares.com appliedanimaltrainingscience.org behaviorinaction.org frt-pro.net imagecircles.com emadecreative.com autoplanadvisors.com autoquotetips.com dailydealstips.com drcprintstore.com softgreencircle.com proautorate.com prodailydeals.com unchainedlyrics.com easttnsanta.com immortalways.org tubacexs.com ptgdakemond.com bafs-me.com justincopelandgroup.com folsomsbest.com stephaniehartskincare.com lightitupshrimpinglight.com uprightpro.com kafka.poc.soldierforlife.army fundsforafricanwriters.com ernestom.com shafarexir.com breakwelltrust.com gasturbinesresources.com ctac.club oyoescapes.com innoventi.tech imap.missfitbikini.com mehmet-celik.com premat-mc.com utilitypowersventures.com fargarh.com skyarcaviation.com shamiiltd.com pledges-holdings.com propetymap.com propetymaps.com bassamediagency.com stephanieheartskincare.com twintech-it.com socialmediaamagazine.com pharosocial.com bassamabdelnaby.com sitemap.opulenceeventcenter.com www.ggkopilak.com chapter.pametinc.ph tantraliving.net limesproduct.net viyaish.com symedilabs.com global-unaphilippines.org autosquote.net myfaithinacti.net canineteethcleaning.com caninecherryeye.com jadehill-cn.com nathanward.site myfaithinacti.org smartercompare.com myfaithinacti.com policysaver.net darencsheriff.gov dangerouspeopleexposed.com mehanatondar.com liarsexposed.com rahavardtamin-ir.com siminasarmaad.com millionaluminum.com mapanadrilling.com proautosavings.com fullcoverageguide.com w-langner-de.com tradingsabbasi.com berkanapolymer.com onyxenerji-tr.com rayaaenergy.com atrazistaray-ir.com asabiotech-ir.com taagh-ae.com ddjllc.com bspc-ir.com pantatec-ae.com pushingthroughthepain.net cephalopodmicroschool.com avocetinsights.com arkadaspa.com alfaraooqgroup.com shengu-cn.com solidforce.us iilcnwi.org authorbarbi.com ontarioskilledtrades.com twinportsconcealedcarry.com neurognostics.org neurognostic.org jindred.net semi.academy ahcorf.com sensoryintuitive.com psyneosentient.com bbs.bristolwerks.net jindred.store jindred.com m.franklincountylibrary.org golgarh.com worldfarmfresh.com arkanagas.com vanerees.com scs-unions.com lxinternationalgroups.com melobee-cy.com yxbjitech.com gtmailsplus.com enepetro.com entekhabagroup.com entekhabagroup-ir.com nathonsfamousmerrick.com veer-ji.com smarfent.com givauadan.com genzeecoin.com ottofranck-de.com sazeh-ir.com instantpaperhelp.com grandfathers-garden.com www.attorneycucci.com auro.com.gt www.auro.com.gt tddiico.com swtkorea-kr.com screole.com empathbarn.com taban-nirioo.com autosavingsplans.com cwvoices.com dailydealshelp.com dplgroup-au.com gukkies.com autoinsureplans.com mycompare.net emademedia.net beptalentrep.com emademedia.info autoquoteplans.com testingwithsitlock.com pt-jalantrebaik.com brianedwardpatella.com k9herbalscience.com mikedanderson.com halalfoodmarketing.com ingramarchitecture.com memory-box.app apollo-holidays.com payainikco.com granotec-ar.com adioaccounting.com jaytechworks.com hengjialum-cn.com metuchenproductions.com thepaintballpost.com gnzecoin.com nomoremondays.co goldandsilverpawnshop.co.uk sbw-intnl.com sbw-hkk.com strokkurvision.com siliconvalleytcbit.com pgbidboland-ir.com bonizscontracting.com learntobeloud.com bantisproductions.com rbexplores.com qategtfdgffdgvxcvxcvcx.info rigel-ae.com jamiewhitemft.com nsna.ca www.fumcporter.org bcebcert.org veerjichicken.com ikaad.com batainterlock.com frankfurtspetroleum.com mktechsolution.com pharamagona.com fibreona.com beheboodfarayand.com leadmaxcana.info romakasanat.com sundanceopera.com citestdm12523.store kijiji.space tjpc-ir.com hohamecable.com mastersfnb.com duechiting.com vefailac-tr.com kikitoelvis.com corporatelawyer.info rmphair.com aia-stl.org aiastl.org stlaia.org stl-aia.org alhavipharama.com rhhardwares.com a320isg.com rvenjoyjourney.com rftdxb.com tabillac.com mesinbatako.com kokomeren-kg.com regenthouseoffices.com www.socialmediafestivaleg.com mascotsvalves.com enovas-me.com daxcocarrental.com guitarraffle.com suryabaja.com qatestdmcheck666.website qatestdmpp611.one hellointentional.com

Malware Detected on Host

Count: 24 67d398e11b6229ba7fd8895f73dc96ff99fd50a2f6c7360938e0a4eb748a18e8 f02caac47e9e55c5a74e718642de146ce9304aa37bd5d2c8ea748184b16b38c7 5e5c03a05c422df3b855c8377b1fb3f0cc13b6912fb7014495b30e28bf9334d9 bf8bac51c10cc653c5999e5a97f5075cbdc32bee75ecadf435a774249200adbc 13873ad7b2c445e5e928a8d21775262c2ba22a338be95ecfe0bfd9000d25d079 f2638c4e8c4a40164450175e82e455eb08bcfb80fdfcda9181c2084a470e1950 9182b4e89db03b169e41e7097c5db178ad2d48d2c1f757cf175fda3d0e498e79 d9c56b8a514d55693ad3fa830ab5f835abeff59cc030ebc355b022b43e2e4cfe 8bdfd6cc2ca93f82e9c6ab266a9d96d62826ac1cd884a9a63415ba114296a135 1481555c9047cb12ba4f00d724c99a4dbeee3f8b40b6e2c6bf117bef67a22edc

Open Ports Detected

110 143 21 2222 25 443 465 587 80 993 995

Map

Whois Information

• NetRange: 66.96.128.0 - 66.96.191.255
• CIDR: 66.96.128.0/18
• NetName: BIZLAND-FC01
• NetHandle: NET-66-96-128-0-1
• Parent: NET66 (NET-66-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Newfold Digital, Inc. (EIG-12)
• RegDate: 2001-04-03
• Updated: 2012-03-02
• Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
• Ref: https://rdap.arin.net/registry/ip/66.96.128.0
• OrgName: Newfold Digital, Inc.
• OrgId: EIG-12
• Address: 5535 Gate Parkway
• City: Jacksonville
• StateProv: FL
• PostalCode: 32256
• Country: US
• RegDate: 2005-02-07
• Updated: 2025-07-23
• Ref: https://rdap.arin.net/registry/entity/EIG-12
• OrgAbuseHandle: EIGAB1-ARIN
• OrgAbuseName: EIG-Abuse Mitigation
• OrgAbusePhone: +1-877-659-6181
• OrgAbuseEmail: IARPOC@Newfold.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/EIGAB1-ARIN
• OrgTechHandle: ENO74-ARIN
• OrgTechName: EIG Network Operations
• OrgTechPhone: +1-877-659-6181
• OrgTechEmail: eig-noc@endurance.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ENO74-ARIN
• OrgNOCHandle: ENO74-ARIN
• OrgNOCName: EIG Network Operations
• OrgNOCPhone: +1-877-659-6181
• OrgNOCEmail: eig-noc@endurance.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/ENO74-ARIN

Links to attack logs

****** ****** ******