66.42.99.107
# INTELLIGENCE BRIEFING: 66.42.99.107
## EXECUTIVE SUMMARY
IP address 66.42.99.107 is a low-risk cloud compute endpoint operated by Vultr Holdings, LLC. The address demonstrates standard web hosting characteristics with no active threat indicators. Risk score: 30/100 (Low Risk). No immediate blocking action recommended.
---
## INFRASTRUCTURE PROFILE
Ownership & Classification
- Organization: Vultr Holdings, LLC
- ASN: 20473
- Network Block: 66.42.98.0/23
- RIR: ARIN
- Infrastructure Type: CloudCompute / Cloud Hosting
- Geolocation: Los Angeles, California, US
Network Role
- Classification: Cloud Hosting Provider
- Not classified as: CDN, VPN, Proxy, Tor, Mobile, or Residential
- BGP Prefix: 66.42.96.0/20
- Route Stability: Stable (isRouteStable: true)
- RPKI State: Not validated
- DNSSEC: Valid
---
## SERVICE EXPOSURE
Open Ports & Services
| Port | Protocol | Service | Details |
|---|---|---|---|
| 80 | TCP | HTTP | Web server |
| 443 | TCP | HTTPS | SSL/TLS terminated |
| 22 | TCP | SSH | OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
| 8080 | TCP | HTTP-ALT | Alternate HTTP service |
Web Server Fingerprint
- Server Software: nginx/1.18.0 (Ubuntu)
- TLS Certificate: Let's Encrypt (CN=YE1, O=Let's Encrypt, C=US)
- HTTP Status: 200 OK
- HTTP Version: 1.1
- Response Time: 497ms
DNS Configuration
- PTR Hostname: 66.42.99.107.vultrusercontent.com
- Forward Resolution: Confirmed (1 record)
- Email Authentication: SPF enabled, DMARC configured
- DNSBL Listings: 1 of 8 lists
---
## THREAT ASSESSMENT
Risk Indicators
- Reputation Score: Low Risk
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
- Known Campaigns: None
- Threat Persistence Days: 0
Neighborhood Analysis
- Subnet: 66.42.99.107/24
- Abuse Density: 1 (Low)
- Classification: Mostly Clean
- Total Sibling IPs: 1
- Active Sibling IPs: 1
- Threat Siblings: 1
---
## OBSERVATION HISTORY
Historical Signals (31 observations)
Recent observations from June 21, 2026 indicate:
- Geolocation signals with 35-40% confidence (US classification)
- Network classification signals with 80-85% confidence
- Routing/operator analysis with 30-35% confidence
- HTTP fingerprinting with 80% confidence
- Data sufficiency: 6/6 dimensions covered
Temporal Stability
- Ownership Changes: 0
- Threat Observation Count: 1
- Persistently Malicious: No
---
## RELATIONSHIP GRAPH
Identified Relationships (36 total)
- Primary Relationship Type: Same Network
- Target Network: NET-66-42-98-0-23
- Multiple duplicate network relationships recorded
---
## SECURITY ACTIONS & RECOMMENDATIONS
Current Risk Score: 30/100
Assessment: No active threat indicators detected. The IP address exhibits normal cloud hosting behavior consistent with Vultr infrastructure.
Recommended Actions:
- No immediate firewall rules required
- Monitor SSH (port 22) exposure if this IP is not your infrastructure
- Standard cloud provider security practices apply
- Consider geo-blocking if source traffic does not match expected geographic patterns
Note: The presence of a single threat sibling in the /24 subnet warrants awareness but does not indicate direct threat association with this specific IP.
---
## CONCLUSION
IP 66.42.99.107 is a legitimate cloud hosting endpoint with low risk characteristics. No blocking or filtering actions are recommended based on current intelligence. Standard monitoring practices apply.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Vultr Holdings, LLC |
| ASN | AS20473 |
| Network Name | NET-66-42-98-0-23 |
| CIDR Block | 66.42.98.0/23 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 66.42.99.107.vultrusercontent.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 66.42.99.107.vultrusercontent.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| 8080 | http-alt | tcp | β |
| Closed Ports | 25, 3389, 8443 (4 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
π TLS Certificate
| SANs | None |
| Valid From | 2026-06-09T08:32:48+00:00 |
| Valid Until | 2026-06-16T00:32:47+00:00 (expired) |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 6 days |
| Serial Number | 066DEB7EC153CD193E10A7077DC2F300F814 |
| Thumbprint | BBD13B8FF691790922F62B37F0779625E6E25230 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 27% | 2 | 4 |
| routing | 27% | 2 | 3 |
| services | 27% | 2 | 3 |
| ownership | 30% | 3 | 4 |
| reputation | 22% | 1 | 3 |
| geolocation | 35% | 2 | 3 |
| Overall | 28% | 12 | 20 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-28 06:16:51 UTC |
| Last Seen | 2026-06-29 05:17:42 UTC |
| Profile Built | 2026-06-29 05:24:37 UTC |
| Data Freshness | Live |
| Signal Types | 31 |
| Total Observations | 31 |
Full dossier details are available via our API.