104.20.64.56 Threat Intelligence and Host Information

Aug 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.20.64.56 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1114 - Email Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1158 - Hidden Files and Directories, T1176 - Browser Extensions, T1546 - Event Triggered Execution, T1560 - Archive Collected Data, T1566 - Phishing, T1588 - Obtain Capabilities

  • Tags: 443 ma2592000, aaaa, active related, added active, address, akamaias, akamaiasn1, alerts, all scoreblue, amadey, amazon02, analyzer paste, andcustomer, a nxdomain, as12310, as13414 twitter, as15133 verizon, as15169, as16509, as16625 akamai, as174 cogent, as19679 dropbox, as20940, as32934, as3359, as39960, as44273 host, as45102 alibaba, as47846, as4835 china, as4837 china, as48945, as64286, as6762 telecom, as7018 att, as8075, as852, as9009 m247, b3viles0 feb, body, browsing, c2 channel, canada unknown, capture, china domain, china flag, china unknown, ck id, ck matrix, classid1, click, cname, cobalt strike, companyname gm, comspec, copy, co sheriff, created, create new, creation date, cuba, cve cve20170147, cve type, date, delphi, discovery, domain, douglas county, dynamicloader, emails, entries, eternalblue, evader, expiration, facebook, fakedout threat, filehashmd5, filehashsha1, filehashsha256, files, files domain, files hostname, files location, files related, formatpng feb, formsecnen, general, geoip, germany unknown, ghost, google, google safe, high, historical ssl, hosting, hostname, hostnames, http, https, hybrid, icmp traffic, ids detections, indicator role, indonesia, information, intel, iocs, ip address, ipv4, israel unknown, japan unknown, jeffrey scott, langchinese, level3, locuo, login0, malware, media, memcommit, message, mexico, mini, mitre att, modified, module load, months ago, msie, ms windows, myapp, name servers, neshta, neshta virus, next, no expiration, novno jan, null, nxdomain, office, org4, org7, org9, overview ip, passive dns, path, pattern match, pecompact, pegasus, pegasus attacks, pe resource, pe section, pinterest, prefetch1, prefetch8, process32nextw, proton, public url, pulse pulses, pulses, pulses none, pulses otx, pulses url, push, qbot, qbot qakbot, qbot type, qmount, quackbot, quasar rat, ransomexx, read, read c, redacted for, refererparam, referrer, regdword, regsetvalueexa, reimer dpt, related nids, related pulses, related tags, report spam, rims https, role title, romania unknown, russia as48848, sahil, sa victim, scan endpoints, search, service, seznam, show, showing, show technique, siteid289, siteid290, siteid969, span, spoofed, status, strings, style1, subsys00000000, t1027, t1036, t1041, t1056, t1057, t1129, telecom, tinynote, title added, trojan, twitter, typeid1, type indicator, ukraine, united, united kingdom, unknown, url http, url https, urls, urls https, verdict vpn, virustotal, white, whitelisted, win32, win64, windows nt, worm, write, yara detections, yara rule

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network:
  • Noticed: 3 times
  • Protocols Attacked: Anonymous Proxy
  • Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, France, Georgia, Germany, Guatemala, Italy, Japan, Korea Republic of, Malaysia, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.pastebin.com pastebin.com

Malware Detected on Host

Count: 395 53ae1604115090a4700c9d159e02bc6cc497e1e87a9345b7399b719dd22039e3 bbcdd85af1a395090256eb1e654e880bab7aa5aeaff86fd371bed3d32a7593ca 1a3369a1ddf1ba78f911a82b1644d1e3b907f6e8387db2195c2d01ce2e58aee1 503dde4a4da05f0932edbd960663c55c626155ba4cc41cd5181ef6e91ab57a6f de1059119d7631a34f0e15b7f5768d1b2d666622dd2a9b2af16226a13e0cf6bd 31a8c1507ebd13172d393d44208d9f54058b8fb5328f97d345c41c8de98a9da0 660b108dc6f7135918e1f29b9045556b2614ac03ccd386002298dd995b545542 7e6cfa277e0322d65f4f692a4b23d9840bd7d1d8aa1231d05793fdfc98618115 63a4029d8f21714c68b1cdff54554efbb738fff7cd4f209b0a3662901aaf72d1 a8432adde7b9bad7fa573c9bb02e54d8f51e49f1642f5cfaca733388ae353a43

Map

Links to attack logs

****** anonymous-proxy-ip-list-2023-06-22 ****** ******

Share on: