IPMediumSignal 46/100
166.145.46.87
Location
United StatesPortland, New York
ASN
AS6167
Verizon Business
First Seen
Oct 4, 2022
Last Seen
Jun 7, 2026
Oct 4
First Seen
1347d ago
Jun 7
Last Seen
5d ago
18
Reports
source reports
46%
Confidence
medium
9/91
VirusTotal
detections
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionPortland, New York
ASNAS6167
OrganizationVerizon Business
Feed Intelligence Summary
18 reports46% confidence
18
Source reports
46%
Confidence score
Category tags
aaaaaaaa nxdomainabuseabuseipdbaccess controlaccount enumerationaccount securityaccount stealeractive scanactive scanningaddpoaddportmappingadresse ipalertsall scoreblueasnoneasnone unitedate hashatif feedattackauthentication-failureauto-generated securityautomotive manufacturingazure adbad reputationbankingbanlist feedbelgiumbinary defensebinsh binshbotnetbotnet activitybrian sabeybrute forcebrute force attackbrute-forcecapecitycivil servicescivilian societycloud infrastructurecnamecode executioncode injectioncommand and controlcommand executioncommunication protocolcountrycowrie honeypotcreation datecredential accesscredential stuffingcredential-dumpingcredit card servicescry killctadata accessdata copyingdata exfiltrationdata exfiltration attemptsdata store exposuredata transferdatabase securityddosddos attacksdecoy systemdenial of servicedevsda1 devsda2dionaea honeypotdistributed attacksdns attackdocke procselffd9elasticpot honeypotelasticsearch monitoringelectronic health recordselectronics manufacturingemailsentrieset exploitet trojaneuropeeva120executable fileexpiration dateexploitexploit noneexploitation activityexploitation attemptexploitation attemptsexploited hostfilesfiles deletedfinancefinancial servicesfinancial technologygafgytgenericget httpgovernment technologygraphh devsda2hackinghashesheader intelhealth care and social assistancehealth information technologyhealthcare information systemshighhitmenhospital managementhosthostname enumerationhttp requestshuawei hg532huawei remoteidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfo compilerinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinjection activityintelinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackipv4ireland unknownit infrastructurejody alaskajody huffinesjsonlibmultipathlink librarylogicloudoun countymalicious activitymalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware deployment attemptsmalware wormmanufacturing technologymcicsmedical servicesmemory patternmicrosoft entra idminiigd upnpmirai botnetmitmmitre attmodify systemmodulesms visualmsiemultiple usersname md5name serversnation-state activitynetworknetwork attacksnetwork scanningnetwork securitynextnidsnorth americaoperating system securityorgdnshandleorgdnsrefp m0755passive dnspassword attackspassword bypasspassword crackingpatient carepayment processingpe resourcepe32 executablepegasus relatedphishingportpostsprocess injectionprocess manufacturingprocess t1543processes treeproducts idpublic administrationpublic infrastructurepublic policypulse submitquality controlqueryr englishransomransomwareransomwormrcerealtek sdkreconreconnaissanceregistry keysregulatory agenciesremote accessrequestresearchedresource hijackingrtbhruntime modulessaslscan endpointsscannerscanning activitysearchsecurity operationssecurity policysentrypeer botnetservicesftp access attemptsftp attackshell commandsshowshowingsip brute forceskynetsmbds ipcsmtpsmtp attackersmtp-attacksmugglers gambitsoa nxdomainsoap commandsoftware developmentsoftware exploitationsp6 buildsshssh attackssh monitoringstatussummarysupply chain attacksupply chain managementswippswipp9-arinswipperswitch dnssystemd servicet1005t1021t1027t1030t1040t1041t1055t1059t1059.007t1064 executest1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1583t1587.001t1588.004t1589.001t1590.001t1595t1595.001t1595.002t1595.003ta0002 commandta0004 createtannertargeting databasetcp protocoltelecommunicationstextthreat actorthreat intelligencethreat preventiontor nodeturkeytypeunitedunited kingdomunited statesurlsusverizonvoipvoip attackwannacrywannacry killwealth managementweb application attackweb crawlerweb crawlingweb exploitationwhois lookupswin16 newin32 dynamicwin32 exewindows ntwirelessdatanetworkwriteyara detectionsyara rule
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
18
Reports
First seenOct 4, 2022
Last seenJun 7, 2026
GeolocationUS
CountryUnited States
LocationPortland, New York
ASNAS6167
OrgVerizon Business
Coords40.7128, -74.0060
WHOIS
- description
- Real-time Intercept: SMTP attack. Reference: 2026-05-18 13:31:22.1995 Login failure: 166.145.46.87 SMTP
- raw
- NetRange: 166.139.0.0 - 166.147.63.255 CIDR: 166.146.0.0/16, 166.140.0.0/14, 166.147.0.0/18, 166.139.0.0/16, 166.144.0.0/15 NetName: MCICS NetHandle: NET-166-139-0-0-1 Parent: NET166 (NET-166-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Verizon Business (MCICS) RegDate: 2025-03-25 Updated: 2025-03-25 Ref: https://rdap.arin.net/registry/ip/166.139.0.0 OrgName: Verizon Business OrgId: MCICS Address: 22001 Loudoun County Pkwy City: Ashburn StateProv: VA PostalCode: 20147 Country: US RegDate: 2006-05-30 Updated: 2024-02-12 Ref: https://rdap.arin.net/registry/entity/MCICS OrgDNSHandle: VZDNS1-ARIN OrgDNSName: VZ-DNSADMIN OrgDNSPhone: +1-800-900-0241 OrgDNSEmail: [email protected] OrgDNSRef: https://rdap.arin.net/registry/entity/VZDNS1-ARIN OrgTechHandle: SWIPP9-ARIN OrgTechName: SWIPPER OrgTechPhone: +1-800-900-0241 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SWIPP9-ARIN OrgAbuseHandle: ABUSE5603-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5603-ARIN OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3-ARIN
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, Researched: 174.215.26.0/255 AS 6167 (CELLCO-PART) US | Swipper | Loudon County, Va | Ongoing attacks, Highlighted Text: The following text was observed as standard output, "[THEA-MALWARE]: Gimme Cum Pwease XD", Trojan.Linux.Mirai.1 | Crime_Mirai | DDoS:Linux/Gafgyt.YA!MTB: FILEHASH - SHA256 a1eff1e00a7d532a6e6d71b3c5328e, Antivirus Detections: ELF:Mirai-AHC\ [Trj] , Unix.Trojan.Mirai-7100807-0 , DDoS:Linux/Gafgyt.YA!MTB, IDS Detections: Huawei Remote Command Execution - Outbound (CVE-2017-17215), IDS Detections: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound, Yara Detections: Mirai_Botnet_Malware, High Priority Alerts: dead_host network_icmp osquery_detection network_irc nolookup_communication p2p_cnc, Interesting Strings: http://schemas.xmlsoap.org/soap/encoding/ http://0.0.0.0/nope, Interesting Strings: http://schemas.xmlsoap.org/soap/envelope/ 185.244.25.117 127.0.0.1, ELF Info Header ELF32 2's complement, little endian 1 (current) UNIX - System V EXEC (Executable file) Intel 80386 0x1, Matches rule Mirai_Botnet_Malware from ruleset crime_mirai by Florian Roth, Matches rule Linux_Trojan_Mirai_b14f4c5d from ruleset Linux_Trojan_Mirai by Elastic Security, Matches rule SUSP_XORed_Mozilla from ruleset gen_xor_hunting by Florian Roth, Matches rule Linux_Trojan_Mirai_fa3ad9d0 from ruleset Linux_Trojan_Mirai by Elastic Security, https://github.com/Neo23x0/signature-base/search?q=Mirai_Botnet_Malware Desc: Detects Mirai Botnet Malware RULE_AUTHOR: Florian Roth, Crime_WannaCry | Ransom:Win32/WannaCrypt.H | FILEHASH - SHA256 86f7e04aed8403e6b9f0d4ae880a55f7574c1b177cf6c24234ffa992eadb2c52, Yara Detections: WannaCry_Ransomware , Win32_Ransomware_WannaCry , Wanna_Cry_Ransomware_Generic ,, Yara Detections: MS17_010_WanaCry_worm , NHS_Strain_Wanna , stack_string , MS_Visual_Cpp_6_0, Alerts: nids_exploit_alert nids_malware_alert network_icmp nolookup_communication persistence_autorun network_cnc_http, IDS Detections: W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1, IDS Detections: Domain Sinkholed by Kryptos Logic (HTML Response), IDS Detections: Possible ETERNALBLUE Probe MS17-010 (MSF style), IDS Detections: Possible ETERNALBLUE Probe MS17-010 (Generic Flags), IDS Detections: ETERNALBLUE Probe Vulnerable System Response MS17-010, IDS Detections: Observed DNS Query to Suspicious Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com), IDS Detections: Behavioral Unusual Port 445 traffic Potential Scan or Infection, Antivirus Detections Sf:WNCryLdr-A\ [Trj] , Win.Ransomware.WannaCry-6313787-0 , Ransom:Win32/WannaCrypt.H, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 5 days ago
Appeared in 18 threat reports