104.20.64.56 Threat Intelligence and Host Information

Share on:
Jun 24, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.20.64.56 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • Tags: Hammertoss, Mac Zero Day, MacOS EvilQuest, Ransomware, bxudvx, file, first, google, hitsperpage30, kb (, mb (, md5, pcap, pcaps, post, rig ek, see, sha256, shown, ssl certificate, traffic, utc, whois, whois record, zip

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS13335 cloudflare
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: Australia, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: www.pastebin.com pastebin.com

Malware Detected on Host

Count: 395 53ae1604115090a4700c9d159e02bc6cc497e1e87a9345b7399b719dd22039e3 bbcdd85af1a395090256eb1e654e880bab7aa5aeaff86fd371bed3d32a7593ca 1a3369a1ddf1ba78f911a82b1644d1e3b907f6e8387db2195c2d01ce2e58aee1 503dde4a4da05f0932edbd960663c55c626155ba4cc41cd5181ef6e91ab57a6f de1059119d7631a34f0e15b7f5768d1b2d666622dd2a9b2af16226a13e0cf6bd 31a8c1507ebd13172d393d44208d9f54058b8fb5328f97d345c41c8de98a9da0 660b108dc6f7135918e1f29b9045556b2614ac03ccd386002298dd995b545542 7e6cfa277e0322d65f4f692a4b23d9840bd7d1d8aa1231d05793fdfc98618115 63a4029d8f21714c68b1cdff54554efbb738fff7cd4f209b0a3662901aaf72d1 a8432adde7b9bad7fa573c9bb02e54d8f51e49f1642f5cfaca733388ae353a43

Open Ports Detected

2082 2083 2087 2096 80 8080 8443

Map

Whois Information

  • NetRange: 104.16.0.0 - 104.31.255.255
  • CIDR: 104.16.0.0/12
  • NetName: CLOUDFLARENET
  • NetHandle: NET-104-16-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS13335
  • Organization: Cloudflare, Inc. (CLOUD14)
  • RegDate: 2014-03-28
  • Updated: 2021-05-26
  • Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  • Ref: https://rdap.arin.net/registry/ip/104.16.0.0
  • OrgName: Cloudflare, Inc.
  • OrgId: CLOUD14
  • Address: 101 Townsend Street
  • City: San Francisco
  • StateProv: CA
  • PostalCode: 94107
  • Country: US
  • RegDate: 2010-07-09
  • Updated: 2021-07-01
  • Ref: https://rdap.arin.net/registry/entity/CLOUD14
  • OrgAbuseHandle: ABUSE2916-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-650-319-8930
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • OrgRoutingHandle: CLOUD146-ARIN
  • OrgRoutingName: Cloudflare-NOC
  • OrgRoutingPhone: +1-650-319-8930
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgNOCHandle: CLOUD146-ARIN
  • OrgNOCName: Cloudflare-NOC
  • OrgNOCPhone: +1-650-319-8930
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgTechHandle: ADMIN2521-ARIN
  • OrgTechName: Admin
  • OrgTechPhone: +1-650-319-8930
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • RTechHandle: ADMIN2521-ARIN
  • RTechName: Admin
  • RTechPhone: +1-650-319-8930
  • RTechEmail: [email protected]
  • RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • RAbuseHandle: ABUSE2916-ARIN
  • RAbuseName: Abuse
  • RAbusePhone: +1-650-319-8930
  • RAbuseEmail: [email protected]
  • RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • RNOCHandle: NOC11962-ARIN
  • RNOCName: NOC
  • RNOCPhone: +1-650-319-8930
  • RNOCEmail: [email protected]
  • RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-06-22