IOC Radar
IPMediumSignal 57/100

66.124.123.92

Location
United StatesUnited States
Ashburn, California
ASN
AS7018
AT&T Corp
First Seen
Dec 5, 2021
Last Seen
Mar 9, 2026
Dec 5
First Seen
1652d ago
Mar 9
Last Seen
97d ago
5
Reports
source reports
57%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Network Information

CountryUSUnited States
RegionAshburn, California
ASNAS7018
OrganizationAT&T Corp

Feed Intelligence Summary

5 reports57% confidence
5
Source reports
57%
Confidence score
Category tags
aaaaacceptaccept chactive scanningadmin cityadmin countryadware affiliateaf81 httpalertsall octoseekaltaranomalyapplearcaneascii textasnoneasnone unitedazorult cncbackbackdoorbeastblackblastblazebodybonebotnetbrute forcebuildsc2callscanada canadacapecarnagechaoscharmchatcheckschromeck idclassclick-based attackclosecnamecode executioncode injectioncoldcomicommandcommand and controlcommand executioncommentcommunication protocolconduitcontent typecorecorpsecrazycreation datecredential accesscredential harvestingcrystaldamagedata accessdata copyingdata exfiltrationdata redacteddata theftdata transferdeaddefense evasiondeletedelete cdemondevelopment attdiablodiablo iiidiablo immortaldisplaynamedistributed attacksdropdropperdruidduo insightdynamicloadereclipseeliteemailsemotetencryptenergyenergy distributionenomentriesentropyenvironerroreternaleuropeexcelexfiltrationexpiration dateexplexploitfacefalsefearfear tacticsfeastfilesfiles matchingflagfooterformformatforumsfound httpsfrancefreezefrozenfurygandigandi sasguardharmonyhashhatredhawkheathellhighhistorical sslhornhostinghostname addhostname enumerationhtm alignhttp requesthttp scannerhunthunterhydraicloudicmp trafficids detectionsiframeimpair defensesindicatorinfo stealerinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassinteractive mapipv4ipv4 addireland unknownit infrastructurejeffrey reimer ptkhtmlknightladderlateral movementlearnlifelightlinkloaderidlong term campaignlookslowfiluckymagicmainmakermalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmediamediummetadata analysismetromobilemobile securitymodelmodule loadmothermovedmsiename servername serversname tacticsnetherlandsnetworknetwork intrusionnetwork probingnetwork scanningnextnext associatednorth americanotes clamavnumberobz4usfn0 httpoil & gasopenoperating systempacked malwarepacking t1045pandoraparampasspassive dnspassword attackpath traversalpattern matchpc httpspe resourcepe sectionphishingphishing attackplaygamepoisonportpossible malware activitypostpower generationpower systemspragmaprayerpremiumpresent aprpresent augpresent febpresent julpresent junpresent marpresent octpresent sepprivacy incprivacy nameprocess injectionpulse pulsespulse submitpushquasarrageransomratravenrdr httpsreadreadsrealmreconreconnaissancerecord typerecord valuerecycle binred teamredacted forredlineredline malwareregistrant faxreloadremote accessremote servicesrenewable energyresearchedreverse dnsrogue threatrticonrussia unknownsaboteurscan endpointsscanning activityschoolscriptscript urlsscripting attackssearchseasonserversserviceshadowshellshowshowingsiblings domainskullslowsmoke loadersoa nxdomainsocial engineeringsocial media securitysoftware developmentsoftware exploitationsolarsoulspansparkspawnsspeedspiritssl certificatestatusstealthsteamstonestopstrangestreamstringsstylesweet heartsystem processt1005t1007t1010t1012t1018t1021t1021.001t1027t1030t1031t1033t1040t1045t1046t1053t1055t1057t1059t1059.001t1060t1064t1068t1069.001t1070t1071t1071.001t1078t1082t1083t1086t1105t1106t1110t1113t1114t1119t1129t1133t1140t1143t1190t1201t1203t1204t1204.001t1204.002t1480t1486t1489t1496t1499.002t1499.003t1546t1553t1555t1562t1565t1566t1566.001t1566.002t1566.003t1568t1573t1583t1585.001t1587.001t1589.001t1590t1590.001t1595t1595.001t1595.002t1595.003t1614teamthreat actorthreat networkthreat rounduptitletls snitofseetrackertrier partrojan malwaretrojandroppertsara brashearsttl valuetwitchtypeubuntuukraineunauthorized accessunauthorized devicesunitedunited kingdomunited statesunknown nsurlsuser agentuser executionusersvendor findingverdictvirtoolvt graphwarpwaveweb application exploitationweb trafficwhois httpwhois recordwhois sslcertwhois whoiswin32 malwarewin32autoit marwindwindowwindows autowindows malwarewindows startupwritewrite cxml titlexrat1yara detectionsyara ruleyoutube

Activity Timeline

1 total obs
Mar 9Mar 9

Threat Activity Heatmap

· Peak: 2026-03-09
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
5
Reports
First seenDec 5, 2021
Last seenMar 9, 2026
GeolocationUS
CountryUnited States
LocationAshburn, California
ASNAS7018
OrgAT&T Corp
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

raw
NetRange: 66.120.0.0 - 66.127.255.255 CIDR: 66.120.0.0/13 NetName: SBCIS-SIS80 NetHandle: NET-66-120-0-0-1 Parent: NET66 (NET-66-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: AT&T Enterprises, LLC (AEL-360) RegDate: 2001-05-01 Updated: 2024-12-05 Ref: https://rdap.arin.net/registry/ip/66.120.0.0 OrgName: AT&T Enterprises, LLC OrgId: AEL-360 Address: 208 S. Akard St. City: Dallas StateProv: TX PostalCode: 75202 Country: US RegDate: 2024-11-22 Updated: 2025-03-21 Ref: https://rdap.arin.net/registry/entity/AEL-360 OrgRoutingHandle: ROUTI59-ARIN OrgRoutingName: Routing POC OrgRoutingPhone: +1-999-999-9999 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/ROUTI59-ARIN OrgAbuseHandle: ABUSE7-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-919-319-8167 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7-ARIN OrgTechHandle: ZS44-ARIN OrgTechName: IPAdmin-ATT Internet Services OrgTechPhone: +1-888-510-5545 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZS44-ARIN OrgTechHandle: ICC-ARIN OrgTechName: IP Team OrgTechPhone: +1-888-876-2382 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ICC-ARIN
references
https://www.virustotal.com/graph/g7b18ba360e7d4bb4ba09e89439dd5886823147fbdc6f4dbaa99c7f59efd08ce0, https://www.sharecare.com/doctor/jeffrey-reimer-6ie6z, qbot.zip, imp.fusioninstall.com, https://mylegalbid.com/malwarebytes, 192.185.223.216 | 192.168.56.1 [malware], http://45.159.189.105/bot/regex, https://success.trendmicro.com/dcx/s/solution/000146108-azorult-malware-information?language=en_US&sfdcIFrameOrigin=null, http://config.premiuminstaller.com/config/ls/offers.json?pid=installer&ts=2014-10-14T18:54:45.9443368Z&br=CR&adprovider=marmarf, xhamster.comyouporn.com, cams4all.com, watchhers.net, weconnect.com, icloud-appleidsuport.com | appleid.com | apple.com | apple-dns.net, http://install.oinstaller5.com/o/jfaquew_jupdate/setup.exe?mode=dlshift&sf=0&subid=a208&filedescription=setup&adprovider=jfaquew&cpixe, init.ess.apple.com | 0-courier.push.apple.com | dns1.registrar-servers.com, Apple -dns1.registrar-servers.com | emails.redvue.com | icloud-appleidsuport.com, https://songculture.com/tsara-brashears | https://www.songculture.com/tsara-brashears-music, https://www.songculture.com/tsara-lynn-brashears-music, https://www.anyxxxtube.net/search-porn/tsara-brashears/, youramateuporn.com, ns2.abovedomains.com, ww16.porn-community.porn25.com, https://totallyspies.1000hentai.com/tag/clover-porn/, pirateproxy.cc, [email protected] | piratepages.com, 838114.parkingcrew.net, static-push-preprod.porndig.com, www.redtube.comyouporn.com, https://severeporn-com.pornproxy.page/, https://spankbang-com.pornproxy.page/593ao/video/sunshine%20mouth%20stuffed%20gagged%20and%20tied%20with%20her%20friend, yoursexy.porn | indianyouporn.com, source-6.youporn.express | source-6.sexpornsource.com hostname source-3.xxxporn.club | source-2.pornhubs.best | source-2.freepornxo.com, cdn.pornsocket.com, http://secure.indianpornpass.com/track/hotpornstuff, www.anyxxxtube.net, https://twitter.com/PORNO_SEXYBABES, http://www.my-sexcam.com/mf6w/?K48hY=mUHPm4taPKwCazx4uoqkcvO3m838TOpLC/XyTruUQEV1lwGjr5ldYJa4yIBvf0ifHE4=&sHB=DPfXxzFpo, campaign-manager.sharecare.com, qa.companycam.com, https://app.join.engineeringim.com/e/er?utm_source=eloqua&utm_medium=email&utm_campaign=&sp_cid=&utm_content=PB_NAM23BSE_PB_06_BATT_PW_Shmuel&sp_aid=27591&sp_rid=31788066&sp_eh=577a94ae55b9b9c106e776e684a2413f8c4dac061fc5b814c054be9e822698d9&s=949606000&lid=79146&elqTrackId=2AD273F3E5AB3555FA7D5FA11122C7C2&elq=a46790e54bbc42d2b0adbc4e6533814e&elqaid=27591&elqat=1, 24-70mm.camera, dropboxpayments.com, http://r3.i.lencr.org/ | r3.i.lencr.org | c.lencr.org | x1.c.lencr.org, http://xred.mooo.com, https://sexgalaxy.net/tag/rodneymoore/, http://alive.overit.com/~schoolbu/badmood3.exe, jimgaffigan.com, <html><head><meta charset=%22UTF-8%22><meta content=%22width=device-width….pdf, blutoothbotty

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 3 months ago
Appeared in 5 threat reports