172.64.146.215 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 172.64.146.215 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 58/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1113 - Screen Capture, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window, T1480 - Execution Guardrails, T1553 - Subvert Trust Controls, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information

• Tags: accept, access ta0006, address port, address range, adversaries, aes128gcm, algorithm, alienvault, allocation, analysis date, analysis ob0001, analysis ob0002, april, arin rdapwhois, arin search, ascii text, autom93, automattic, azure rsa, base64uidenc, c0014, ca odigicert, catalog tree, cidr, cjutxg, ck id, click, cloudflarenet, cname, cndigicert sha2, cnmicrosoft ecc, command, connection, contacted, contentencoding, control ta0011, copy, copy md5, copyright, copy sha1, copy sha256, corporation c, corporation cus, country name, crash, created, crlf, cus olet, cus subject, data, datacrashpad, data oc0004, date, date mon, dead, defense evasion, delegation, detections none, dns resolutions, dock, domains, duration cuckoo, ecdsa, edge, email, emotet, encrypt, encrypt cne6, entity autom93, entries, error https, europedublin, evasion ta0005, exchange meta, execution, facebook, file score, file type, gecko, general, geofeed https, get http, get https, gmt contenttype, gmt ifnonematch, google tag, gtmkvjvztk, gtmkvjvztk dl, handle, handlebars, hashes, html document, html internet, http, https, hybrid, icmp, iframe tags, impact ta0040, inc abuse, inc cus, info file, informative, intel, ip address, ip traffic, january, june, key algorithm, key identifier, key info, khtml, learn, less, levelblue, lf line, link, linux x8664, local, machine label, malware, markus, mask, media center, memory pattern, miss xrq, module load, msie, ms windows, mtb yara, mutexes nothing, name automattic, name tactics, net1920000, net type, network dropped, network name, next, nothing, number, ob0007 impact, ob0012 file, oc0006, oc0006 http, oc0008, oid2, omicrosoft c, open threat, optanon, optanonwrapper, origin as, parent net192, parsely, path, pattern domains, pattern match, pe32, persistence, png image, port, post https, process oc0003, pulses, range, rdapwhois, read c, registry, related tags, reporting, request, resolved ips, response, restful link, script tags, search, secure server, server ca, server nginx, service, sha1, sha256, show, shutdown, size, slcc2, spawns, ssl certificate, status, stq function, street, strings, stwa lredmond, subject, subject public, suspicious, system oc0001, ta0004 defense, ta0007 command, ta0009 command, tags twitter, thumbprint, thursday, tls issuing, tls sni, tlsv1, trojan, twitter, type, typeof function, unicode text, unit, united, unknown, upatre, update secure, url data, urls http, utc gtm53l4wgzn, utc na, utf8 text, v3 serial, validity, value, variables, verified, version file, vis1, whoisrws, whois server, win32, win64, windows nt, wininet c0005, wordpress vip, wow64, write, x509v3 subject, x string

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 4 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: shm.www.linkedin.com cf-afd.www.linkedin.com otechie.com gruber.info privatebanking.oldnational.com.cdn.cloudflare.net gsshop.de blog.ostrovok.ru prod-nitro5.dahl.no brda04aap93x4iprod.dxcloud.episerver.net exp3.www.linkedin.com.cdn.cloudflare.net vtc08.vip rum22.perf.linkedin.com integration-nitro5.dahl.no cvdvaccine.co.bw www.cvdvaccine.co.bw privatebanking.oldnational.com carrierglobal.ni integration-nitro5.vvsfagmann.no www.jimfisher.com ab608c1dbafc2b378c45dc.ostrovok.ru preprod-nitro5.alternabad.no preprod-nitro5.vvsfagmann.no spc-hellas4.com ext-ingress.sandbox.vf-test.engineering.vodafone.com cloudflare-cname.squiz.cloud brda04aap93x4iprep-slot.dxcloud.episerver.net brda04aap93x4iprod-slot.dxcloud.episerver.net s7.ostrovok.ru www.4freecigars.com kong-cpg.sandbox.vf-test.engineering.vodafone.com testing-microsite.sandbox.vf-test.engineering.vodafone.com monorepo-testing-2.sandbox.vf-test.engineering.vodafone.com email.info.ostrovok.ru api-test2.sandbox.vf-test.engineering.vodafone.com cognito.auth.sandbox.vf-test.engineering.vodafone.com api-app02.sandbox.vf-test.engineering.vodafone.com tnet.nl preprod-nitro5.dahl.no brda04aap93x4i.dxp.optimizely.com testing-omar-monorepos.sandbox.vf-test.engineering.vodafone.com frontend1.mirrorfront.uk sch-brda04aap93x4iprep-slot.dxcloud.episerver.net debug-cname-caching.cf.squiz.cloud etoro.gr betwise.us api-app01.kong.sandbox.vf-test.engineering.vodafone.com primeplays53.com c.academyplus.pl jacksons-food-stores.pbis-cf.instacart.com cep-sandbox01-devhub.sandbox.vf-test.engineering.vodafone.com cf.perf.linkedin.com cf.perf.linkedin.com.cdn.cloudflare.net ostrovok.ru magnetismmstudies.com www.magnetismmstudies.com b2b.ostrovok.ru c.dev.academyplus.pl exp4.www.linkedin.com exp3.www.linkedin.com massachusettscasinos.com sg.fresh.com vf-web-mfe.sandbox.vf-test.engineering.vodafone.com www.linkedin.com www.linkedin.com.cdn.cloudflare.net integration-nitro5.digit.no nmnmn.dev www.xn--kylpyllahjakortit-vqb.fi cricket4gclassaction.com theinternetbugbountyprograms.com debug-cname-stub.cf.squiz.cloud knaufinsulation-supafil.fr www.knaufinsulation-supafil.fr qualitypeople.no gotoxeljanzuc.com www.gotoxeljanzuc.com fsseeds.com www.stenarecycling.se maybelline.fi unifyhealthlabs.com institut-sage.com lungcancerprofiles.org

Malware Detected on Host

Count: 39 1482798a5dc9e84e4e0ff2b884307f8ac4a113eddb2c9321ff01f17bf303b2e3 255ecafbb7330408e35ee3b9d6f3f906ce5611a844d9b873c2144f61a067cff6 5e5af4d277809762fdf3829291eb0f44e7f31eea0d37fe714eae3e4cd46f4c17 39b95ecbb425bab8d2bf77812d73e385d0e07686d0c96be20fb4bcae749bbead 6fd72cc6497792c03030d9d1e4c281183c3a8e4fd538986c98e3dbbffd7d4e32 862a51d075775ac093d1c50a71ce86247fa923b682b2454358ee60a9e080b234 1d01432a2c6f259e8b3e5c34a2afb078d2cb28edd4a386cb5ba7acb71e167982 5df2773f6c8ea71402d81044f9dcd8b304dfd921d6a890a38747cd5517a37221 640e7640635ab6ba8f32ef9ab8640b81cc11f971d1785709ea17e9c28df7dbff 7eabfc672075f081f194b12df148b6f1cb84a7d0571287927f4b03651abe95be

Open Ports Detected

2052 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 172.64.0.0 - 172.71.255.255
• CIDR: 172.64.0.0/13
• NetName: CLOUDFLARENET
• NetHandle: NET-172-64-0-0-1
• Parent: NET172 (NET-172-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2015-02-25
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/172.64.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-06-24