80.66.75.4 Threat Intelligence and Host Information

Aug 29, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 80.66.75.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1010 - Application Window Discovery, T1012 - Query Registry, T1018 - Remote System Discovery, T1023 - Shortcut Modification, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1036.004 - Masquerade Task or Service, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055.003 - Thread Execution Hijacking, T1055 - Process Injection, T1056.001 - Keylogging, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1088 - Bypass User Account Control, T1089 - Disabling Security Tools, T1095 - Non-Application Layer Protocol, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1112 - Modify Registry, T1119 - Automated Collection, T1122 - Component Object Model Hijacking, T1129 - Shared Modules, T1133 - External Remote Services, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1183 - Image File Execution Options Injection, T1189 - Drive-by Compromise, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1428 - Exploit Enterprise Resources, T1443 - Remotely Install Application, T1445 - Abuse of iOS Enterprise App Signing Key, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1472 - Generate Fraudulent Advertising Revenue, T1478 - Install Insecure or Malicious Configuration, T1480 - Execution Guardrails, T1485 - Data Destruction, T1497 - Virtualization/Sandbox Evasion, T1543 - Create or Modify System Process, T1562 - Impair Defenses, T1564 - Hide Artifacts, T1566 - Phishing, T1569 - System Services, T1571 - Non-Standard Port, T1573 - Encrypted Channel, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0009 - Collection

  • Tags: 443 ma2592000, aaaa, abuse contact, abxcde, accept, access, accessibility, access ta0001, access ta0006, active threats, activity, activity mirai, added active, address, address domain, address google, address server, a domains, adversaries, adware, adware malware, ag alberto, agent, agent tesla, ag ingo, air force, alerts, alexa top, all octoseek, allowed server, all quiet, all scoreblue, all search, amazon, amazon rsa, amber a, analysis date, analyzer paste, andariel, android, and vids, anomalous file, a nxdomain, any, any quality, any quality videos, any source, apple, apple ios, apple private, april, as12337 noris, as133618, as13414 twitter, as13789, as14061, as15169 google, as15598, as16276, as16552, as16552 tiggee, as16625 akamai, as174 cogent, as19024, as1921, as19679 dropbox, as20940, as21342, as22075, as22612, as24940 hetzner, as25019, as25019 saudi, as2914 ntt, as29789, as3209 vodafone, as32787 akamai, as32934, as35680, as35819, as35994 akamai, as396982 google, as397240, as397241, as40021 contabo, as44273 host, as45430, as46606, as47846, as49505, as51167 contabo, as54113, as56864 xeon, as57416 llc, as62597, as62597 nsone, as63949 linode, as714 apple, as7303 telecom, as797 att, as8068, as8075, as8151, as8560, as8972 host, as9009 m247, as9318 sk, ascii text, asn as13414, asn as15598, asn as16509, asn as48684, asnone dns, asnone germany, asnone hong, asnone related, asnone united, attack, attempts, august, australia, austria, available now, av detections, avg clamav, awful, backdoor, baidu, baidu spider, bank, banker, b body, bekijk, binbusybox, bing ads, bios, bits, blackguard, blacklist, blustealer, body, body length, botnet, botnet campaign, bot networks, brashears, brazil, brian, brian sabey, browser, browsing, bundled, cachecontrol, cape, catalog tree, certificate, chaos, charter communications, checkin, checks amount, china unknown, chrome, ch ua, ciphersuite, cisco umbrella, ck id, ck t1003, clickable urls, cname, cnapple public, cnc beacon, cndigicert sha2, cobalt strike, code, college guy, command, communicating, conhost, connection, contacted, contacted urls, contact phone, content length, content reputation, content type, continue, control ta0011, cookie, copy, copyright, copyright c, core, cp bus, creates, creation date, crlf line, cryp, crypt, cryptexportkey, crypto, cur cono, cus cnr3, custom and, custom malware, cve201717215, cyber crime, cybercrime, cyber folks, cyberstalking, cyber warfare, czechia unknown, data, database, data collection, data redacted, date, date checked, date hash, date sat, date tue, ddos, december, decode, default, defense, defense evasion, delete, delete c, delete shadows, delphi, demonbot, denied trackers, denvecolorado, denver, denver colorado, destination, detected m1, detection list, detections, detections none, detections type, diamond, disability, discovery, discovery e1082, discovery t1027, div div, dns, dns query, dns resolutions, dnssec, docguard, dock, document file, domain, domain add, domain name, domain related, domains domain, domains show, domain status, download, dumping t1005, dynamic, dynamicloader, dyndns checkip, e1203 data, e1564 hidden, echo request, ee edcje4j, ef3ghigj, ekyxe, elderly, e lisa, elisa, email, emails, emails info, encrypt, endgame, endpoints all, english, enter, entries, entries http, eofae, ermac, error, et, etpro malware, et tor, evasion ob0006, execution, exit, expiration, expiration date, expiressat, expires thu, exploit, exploitation, exploit none, explorer, external ip, externalport, face, facebook, facts otx, failure, fakedout threat, fake news, february, federation asn, feet pics, filehash, filehashmd5, filehashsha1, filehashsha256, files, file samples, file score, files domain, files ip, file size, files location, files matching, files related, file type, final url, fin ivdo, firehol et, first, flag united, flywheel, footer, format, formbook, for privacy, found, france unknown, fraud services, fuck, gafgyt, gandcrab, gandcrab dns, generic, germany, germany mail, germany unknown, get her, gmt cache, gmt content, gmt contenttype, gmt max, gmt setcookie, gmt vary, google, google safe, google search, gopuram, greatcall, grum, guard, h3 p, hacktool, hallrender, hash avast, hashes cape, health phone, helaas, helloworld, heur, hichina, hide artifacts, high, high assurance, hijacker, hio50 c1, historical ssl, hitmen, holidaycheck ag, home network, homepage, home pg, honduras, hosting, hostmaster, hostname, hostname add, hours ago, html info, http, http headers, http host, http request, http response, huawei hg532, huawei remote, hungary unknown, iana id, icmp traffic, ids detections, images, images news, immobilien ag, impact ob0008, impact ta0040, inbound, indonesia, info, informative, injection, install, installcore, installer, installs, installs ip, instrumentation, intel, internalport, invalid pointer, iocs, ios, ip, ip address, ip addresses, ip check, ip country, ip traffic, ipv4, ip whitelisted, ireland, ireland unknown, issuer, issuing ca, jaik, january, japan, javascript, june, key algorithm, key identifier, key info, keylogger, known tor, Kong unknown, kraupa, kryptikxp, kurt walther, labs pulses, langgeorgian, lazarus, learn, length, less see, let me jerk, levelblue, licess, link, links, lively, llc address, lmenlo park, lnmp, lnmp a, local, local system, location united, lockbit, look, lookup, lredmond, m, m1, m417, magic pdf, mail spammer, main, malicious, malicious url, malvertising, malware, malware traffic, malware worm, masquerade, maxage31536000, maya, media center, medium, memcommit, memory pattern, memreserve, meta, metasploit, method, method status, metro, mexico, mexico unknown, microsoft, million, miner, miniigd upnp, minutes ago, mirai, mirai variant, miss x, mitm, mitre att, module load, monitoring, moved, msclkidn, msdefender apr, msie, msms57295540, ms windows, mtb apr, mtb aug, mtb yara, mxd78x8b, name, name servers, name tactics, name verdict, navegador, network, networks, next, next associated, nids, node tcp, no expiration, nondns, none google, none indicator, none related, nsone as63949, number, nxd2xebwx87, nxdomain, ob0005 defense, october, odigicert inc, olet, ometa platforms, onelouder, onl our, open, openioc, open ports, open threat, operation endgame, org domains, os credential, otx scoreblue, otx telemetry, output, overview ip, oxypumper, packing, packing t1045, parent domain, passive dns, password, path, pattern domains, payload hello, pcap, pdb path, pdf document, pdf execution, pdf report, pe32, pe32 executable, pedraz, pegasus, pe resource, persistence, phishing, phy samo, pics, .pl, please, please click, plugx, poland, poland unknown, porn, pornhub, pornhub.software, pornhub subsidiary, pornography, port, possible, post, power, powershell, premade, present apr, present dec, present jun, present may, present nov, present sep, privacy tools, private name, probe, process32nextw, processes tree, project, project pi, proxy, public key, pulse, pulse pulses, pulses, pulses none, pulse submit, puma se, push, pyinstaller, quality, quantum fiber, quasar, query, ransom, ransomexx, ransomware, raspberry robin, read c, realtek sdk, record type, record value, recycle bin, redacted for, redline, redline stealer, referral url, referrer, regbinary, regdword, registrar, registrar abuse, registrar url, registrar whois, registry t1018, regsetvalueexa, regsz, relacionada, related nids, related pulses, related tags, relayrouter, remote system, report spam, researched, resolutions, resolverror, response, response ip, reverse dns, road city, role title, round, roundup, rpcs, rsa ca, rsa sha256, rsa tls, rticon, russia as49505, russia unknown, sabey, safe browsing, safe site, sameorigin, samplepath, samples, sandbox, saudi arabia, savbwcd, scan endpoints, scans record, script domains, script urls, search, sea x, sec ch, september, serce internetu, server, server ca, server error, servers, serving ip, sha256, shell, shell commands, show, showing, sinkhole cookie, site, skip, skynet, slcc2, slovakia, sniffs, soap command, solutions, spam, spammer, span div, span h3, spawns, spectrum, spyware, ssdeep, ssl certificate, status, status code, status domain, stcalifornia, stix, stream, stwashington, subdomains, subject public, sublangdefault, susp, suspicious, sweep, swipper, switch dns, t1012, t1036, t1045, t1047, t1053, t1055, t1057, t1063, t1071, t1082, t1119, t1129, t1189 found, t1480 execution, tag manager, tags, tags twitter, tape, tcp syn, team, team malware, telegram, template, templates, thailand, thebrotherssabey, threat roundup, timo salzsieder, title, title access, title error, title telegram, tls handshake, tofsee, tools, tor known, total, tptjsw, tracking, traffic, trickbot, trid adobe, trojan, trojandropper, trojan features, trojanspy, true defense, tsara, tsara brashears, ttl value, tulach, t whois, twitter, twitter redirect, twitter running, type, type get, type indicator, ua full, ua platform, ukraine unknown, union, unique, united, united kingdom, united kingdom unknown, unknown, unknown ns, unknown soa, unlocker, unsafe, unsupported, updated date, updater, url add, url analysis, url hostname, url http, url https, urls, urls http, urls https, urls show, urls url, ursnif, us creation, use collection, useragent, users, utc google, utf8, v2 document, v3 serial, value, value snkz, ver2, ver los, vhash, videos, videos maps, vids, vids1, vietnam, view, virtool, virus, virustotal, vx10, watch, watch tsara, whitelisted, whitesky, whois, whois lookup, whois lookups, whois record, whois registrar, whois server, whois whois, win32, win32 exe, win64, windows, windows nt, windows startup, winnt, world, worm, wow64, write, write c, wsasend, wx10, x0cqpyx0c, x amz, x cache, xe e, xport, xxx video, xxx videos, yandex, yandex spider, yara detections, yara rule, yomi hunter, zenbox

  • View other sources: Spamhaus VirusTotal

  • Country: Russia
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: Anonymous Proxy
  • Countries Attacked: Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Croatia, Finland, France, Germany, Guatemala, Hong Kong, Hungary, Ireland, Japan, Kenya, Korea Republic of, Lithuania, Malaysia, Mexico, Morocco, Netherlands, Peru, Poland, Russian Federation, Singapore, Slovakia, Spain, Taiwan, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 2157 bb680d43dfa7ff2b73f16ac802a0a966deb726eb8f3f3b2462aa4fbc9afb1063 ec8ac3e5fccd902e2fea0ed9560a87427f1f603256eb33f368308ced5d7e474b facb836bb2a8a7944fe681794bcace87761bccfd0be5fa3ca69984cbe57c4b0d 0f15c0dbf71963b0b4841d2c969b1921e0876b63f3dfdda716dd2fef1f82d897 56c6dfcaabe7f115b5ae3510f66067abccca6dfdae17439566c429eac5d76f08 4fdde1a95bb3f6d545f6230b6dccff6b70dc941c51cdca04dbfe43415c37636d 8d32ba2c13f9dd9d45156192e415f734abb358a926c561f97c2d818f405cf35a 02fea7c4f6d6d024a24d94f6c914233b44800f1a5e2251d5b8156f0a99c5f112 404db48ad5ffca4d19a06b6e2c37fc7cd12ca46dcf0faf02561cd2ac2677b4fa 2eef7dea349af0070e8c000f63d464125f9ca19d42b853213553d48c68a79067

Open Ports Detected

443 485 8080

CVEs Detected

CVE-2006-20001 CVE-2007-3205 CVE-2007-4723 CVE-2009-0796 CVE-2009-2299 CVE-2011-1176 CVE-2011-2688 CVE-2011-4718 CVE-2012-1171 CVE-2012-3526 CVE-2012-4001 CVE-2012-4360 CVE-2013-0941 CVE-2013-0942 CVE-2013-2220 CVE-2013-2765 CVE-2013-3735 CVE-2013-4113 CVE-2013-4248 CVE-2013-4352 CVE-2013-4365 CVE-2013-5704 CVE-2013-6420 CVE-2013-6438 CVE-2013-6501 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2013-7456 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0185 CVE-2014-0207 CVE-2014-0226 CVE-2014-0231 CVE-2014-0236 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2020 CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3523 CVE-2014-3538 CVE-2014-3581 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 CVE-2014-5459 CVE-2014-8109 CVE-2014-8142 CVE-2014-9425 CVE-2014-9426 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2014-9912 CVE-2015-0228 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2325 CVE-2015-2326 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3152 CVE-2015-3183 CVE-2015-3184 CVE-2015-3185 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4116 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4642 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6497 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-7804 CVE-2015-8835 CVE-2015-8838 CVE-2015-8865 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2015-8935 CVE-2015-8994 CVE-2015-9253 CVE-2016-0736 CVE-2016-10158 CVE-2016-10159 CVE-2016-10161 CVE-2016-10397 CVE-2016-10712 CVE-2016-1903 CVE-2016-2161 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3171 CVE-2016-3185 CVE-2016-4070 CVE-2016-4342 CVE-2016-4343 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4975 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 CVE-2016-5387 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6174 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-7478 CVE-2016-8612 CVE-2016-8670 CVE-2016-8743 CVE-2016-9137 CVE-2016-9138 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2017-11142 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11147 CVE-2017-11628 CVE-2017-12868 CVE-2017-12933 CVE-2017-15710 CVE-2017-15715 CVE-2017-16642 CVE-2017-3167 CVE-2017-7272 CVE-2017-7679 CVE-2017-7890 CVE-2017-7963 CVE-2017-8923 CVE-2017-9224 CVE-2017-9226 CVE-2017-9788 CVE-2017-9798 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 CVE-2018-14851 CVE-2018-14883 CVE-2018-15132 CVE-2018-17082 CVE-2018-17199 CVE-2018-19395 CVE-2018-19396 CVE-2018-19520 CVE-2018-20783 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 CVE-2019-0217 CVE-2019-0220 CVE-2019-10092 CVE-2019-10098 CVE-2019-17567 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9641 CVE-2020-11579 CVE-2020-11985 CVE-2020-13938 CVE-2020-1927 CVE-2020-1934 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31628 CVE-2022-31629 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436 CVE-2022-4900 CVE-2023-25690 CVE-2023-31122 CVE-2023-38709 CVE-2024-24795 CVE-2024-25117 CVE-2024-3566 CVE-2024-38472 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 CVE-2024-40898 CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-49812

Map

Whois Information

  • inetnum: 80.66.75.0 - 80.66.75.255
  • netname: duwm-net
  • country: RU
  • org: ORG-DL550-RIPE
  • admin-c: DN4804-RIPE
  • tech-c: DN4804-RIPE
  • abuse-c: ACRO52056-RIPE
  • status: ASSIGNED PA
  • mnt-by: ru-avm-1-mnt
  • created: 2022-06-11T11:48:54Z
  • last-modified: 2023-03-10T11:30:29Z
  • organisation: ORG-DL550-RIPE
  • org-name: DUWM LLC
  • org-type: OTHER
  • address: 12700 Kyrgiz Republic Green str 1-50
  • abuse-c: ACRO52056-RIPE
  • mnt-ref: ru-avm-1-mnt
  • mnt-ref: FREENET-MNT
  • mnt-by: DUWM-MNT
  • created: 2023-03-10T08:59:17Z
  • last-modified: 2023-04-26T02:45:35Z
  • role: duwm noc
  • address: 12700 Kyrgiz Republic Green str 1-50
  • nic-hdl: DN4804-RIPE
  • mnt-by: DUWM-MNT
  • created: 2023-03-10T08:56:24Z
  • last-modified: 2023-03-10T08:56:24Z
  • route: 80.66.75.0/24
  • origin: AS211849
  • mnt-by: ru-avm-1-mnt
  • created: 2022-09-06T06:23:24Z
  • last-modified: 2022-09-06T06:23:24Z
  • route: 80.66.75.0/24
  • origin: AS35029
  • mnt-by: ru-avm-1-mnt
  • created: 2022-06-15T09:17:01Z
  • last-modified: 2022-06-15T09:17:01Z

Links to attack logs

****** anonymous-proxy-ip-list-2023-06-26 ****** ******

Share on: