104.17.60.19 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.17.60.19 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 34/100

Host and Network Information

• Tags: alien labs, diplomatic, epss, expl, exploit, government, industrial, manufacturing, media, misc http, scan endpoints

• JARM: 29d3fd00029d29d21c42d43d00041d44609a5a9a88e797f466e878a82e8365

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: m.9kpwz.live pt.mersinc.org pt.mersinc.org.cdn.cloudflare.net downloads12.lavasoft.com.cdn.cloudflare.net downloads12.lavasoft.com downloadnada.lavasoft.com flow.lavasoft.com wcdownloadercdn.lavasoft.com acs.lavasoft.com.cdn.cloudflare.net eventstaging.lavasoft.com hmsdownloader.lavasoft.com wcdownloader-qa.lavasoft.com acs.lavasoft.com wcdownloadercdn.lavasoft.com.cdn.cloudflare.net flow.lavasoft.com.cdn.cloudflare.net appdownload.lavasoft.com wcdownloadercdn.lavasoft.com. flow.lavasoft.com. downloadnada.lavasoft.com. appdownload.lavasoft.com.cdn.cloudflare.net 104.17.60.19 downloadnada.lavasoft.com.cdn.cloudflare.net

Malware Detected on Host

Count: 1106 51aedc57e760fc453ae7ae091ee4556d4c4300897ffd9884f242b6078ab84768 37b577383a1dd6bf24b4b2226e8f736497ca6e0cae99f4f9ebbf60a7c2bdf443 3903afaa25d2d2d41b776f01ba45a67983b7eb1612083fe0ac766a0640c5f1ec c85bbfd911ddad051faa4571671df2fe5140612084571ce41c8ac9fc14381781 1e77b19d290511cad65dab45465f8fa658e69b20c7dc9ea71bf0040175a763a8 492d8d28d96f89e35807b99a2eaf8410060027bced9551dcceb288aca061f201 20dce615fd996b3a1f75918b7247141463c4c6f88b43c4976c389df37feed130 450e03c1b0b667d8efbe6327cc260f030eb53105ed04edfa2b4e204d50c337c1 46e072b244e69356db71c7aa9c522f69eca17beb7f548fcfc94dffdfc8df378e 40be8f54d647b087d7b2951e8c6b73bcd697ab12d6741c19a793398478af93a6

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22