172.67.145.148 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 172.67.145.148 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 38/100

Host and Network Information

• Mitre ATT&CK IDs: T1140 - Deobfuscate/Decode Files or Information

• Tags: aaaa, accept encoding, acceptencoding, api key, as13335, ascii text, body, buildtosuit, centers, chi2, cil executable, cloudflare, colocation data, community, contact, contained, cookie, creation date, date, details links, discover, domain related, enterprise, entries, entropy, file type, fortune, functionality, gartner magic, imphash, intel, join, link, magic pe32, maxage0, maxage2592000, mono, ms windows, neutral, powered shells, protect, quadrant, raw size, read, record value, report, rticon, rtmanifest, sabey, search, sections, sha256, showing, sign, ssdeep, ssl certificate, submission, trid generic, type rticon, united, unknown, us entropy, vhash, view, virtual address, virtual size, vt community, win32 exe, zero trust

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 4 times
• Protocols Attacked: SSH
• Countries Attacked: United States of America

Malware Detected on Host

Count: 8 8165eb1e6ebc0f6980ee99eb7da68e06ad3f8db92bd7bce8bf6031e347cd058f c1f0574a32cd5b25a91e092d890f13e8779432a4442cb5a5e06334bca5738a13 a9ee2c31cdb61dbeddd498f7ea24af51a8f6d0ee81ebf346996c333626285cdd 3c1b27952318f5a6102d52a5d81fbde4fa5f89c517381d127488edef79075997 07ab16d65a728b941454ee974cc24bdaa7b77a3dd1fb94dc84f1d04cf028a5e3 4085913c43eb04c4cba799923d086d49da14a51282528f71721873ca9875d957 2959070db750aede0c90c8fbb5da0558e6a96c2f360414547fd6f8379a744812 0e8e8c9da77fe5bb038a2fc189b1f3b142b7290409467c6ddc2c2f8b4b0a736f

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 172.64.0.0 - 172.71.255.255
• CIDR: 172.64.0.0/13
• NetName: CLOUDFLARENET
• NetHandle: NET-172-64-0-0-1
• Parent: NET172 (NET-172-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2015-02-25
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/172.64.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

****** ****** ******