104.17.68.176 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.17.68.176 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1158 - Hidden Files and Directories, T1204 - User Execution, T1498 - Network Denial of Service, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure

• Tags: acint, active related, active threat, adblock pro, added active, addtopayload, adload, agent, alerts, alexa, alexa top, algorithm, alina, all scoreblue, allusersprofile, analysis date, andromeda, api blog, applicunwnt, artemis, asyncrat, athena, attack, attention, august, australia, av detections, bambernek, bambernek gen, bambernek simda, banco, bandoo, bank, behav, betabot, blacklist, blacklist fri, blacklist http, blacklist https, bradesco, C2, ca1 odigicert, capture, cins active, cisco umbrella, citadel, cleaner, cname, cobalt strike, coinminer, collections, command_and_control, commerce, communicating, conduit, contact, contacted, copy, copyright, crack, create, create c, create new, crossrider, cus cndigicert, cyber stalking, cyber threat, data, database, date, date filename, dded active, ded active, deepscan, default, de indicators, delete, detection list, detections dns, dexter, dns requests, dock, docs pricing, domains, downldr, download, downloader, dropped, dropper, emotet, engineering, entries, et cins, execution, exploit, facebook, fakealert, falcon sandbox, february, filehash, filehashmd5, filehashsha1, filehashsha256, filerepmetagen, file score, filetour, firehol, first, found, fri dec, fri jan, full name, gamesmetadata, general full, generic malware, genkryptik, get h2, gmbh version, graph summary, hash, hashes, hawkeye, heur, historical ssl, hostname, hstr, hybridanalysis, ids detections, iframe, inc validity, indicator, indicator role, information, infy, inmortal, installcore, install league, internet storm, iocs, ip reputation, ip summary, ip tcp, ipv4, jackpos, keylogger, kraken, legends, linkid252669, login, loki, lowfi, main, malicious, malicious ids, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, malware type, matsnu, medium, million, mirai, mon jan, mon jul, mozilla, name verdict, nanocore, nemucod, neutrino, next, nircmd, no data, no entries, november, number, nymaim, online thu, opencandy, openioc, osuser, parent, patcher, pcap, pdf report, phase, phishing, phishing site, phishtank, pjp3sltkz, plasma, please, pony, poor reputation, presenoker, process list, protocol h2, pulses, pulses url, pykspa, qakbot, query, ramnit, ransomware, read c, record type, redline stealer, related pulses, relic, replication, reputation ip, resolutions, resource, reverse dns, riskware, role title, safe site, sample, samples, scan endpoints, search, search live, security tls, service, sha256, show, showing, siblings, siendownloader, simda, site, slingshot, smsspy, snanning_host, software, spitmo, spyeye, spyware, ssl certificate, stealer, steam, stix, summary, sun jan, suppobox, suspicioussectioname, swrort, systweak, tag count, targeting, team, threat report, threat roundup, threats et, tiggre, title added, tls rsa, tor role, tracking, trojan, trojanclicker, trojan.crypted, trojanspy, tsara brashears, ttl value, type, type indicator, union, united, unknown, unruy, unsafe, url http, url https, url summary, v3 serial, vadokrist, vawtrak, virut, vskimmer, wacatac, warbot, webtoolbar, whois record, whois whois, win324shared, win32mediadrug, win32spigot, win64, worm, write, xport, xrat, xtrat, xtreme, yara detections, zbot, zeus, zusy

• JARM: 27d40d40d00040d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_ats

• Country:
• Network:
• Noticed: 6 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, United States of America
• Passive DNS Results: deals.hy-vee.com confluence.hy-vee.com hy-vee.com accounts.hy-vee.com www.hy-vee.com js-eu1.hs-analytics.net jqgdkngci3z52o4vc6gakjueduejm7jt.7bf3z5y.1.0.q4pgqq4iaegujt6mpszvhgvh4i.ivwssta.dns0.org js.hs-analytics.net

Malware Detected on Host

Count: 2910 08b060282fefa727821323883646a68e44ae0fbfb442ee5318010923ac27dbd4 25b653c3f04bdfd7bcf78cd0836c1cdc4224032d158fee926d9a6e6c8b66cfa9 41ed7c765944a0d25d78fa4321e07b5140abb39b807848ab6af979dfb511d510 a0009f284f35d21032076b69032b6ea9be64d0a67b3e28c3cc506b6a6556f0c6 f12fe789facfc0e8f0fd259d1cc3eff4453455a519d996b3785c01d41ee046aa 156afac1f541bcd43ec34b3902737e7a935056672e58cd9b6fda0bd699bdb229 49a3baf0be3eeda78a32a0f0b65c543aebb4f153d9694f497a84c2c691061759 fe1fc1df1b606599dc65f73d98b2e5db5a0872bec77681c7f03aed4dd1a9e0a9 7b74f78f2904b653d0e3a8210ae3b55cd807dbc0fb6c1d4eca00705fb4f317af 5d9e6950d9cb78b17a427b64330184a44967c5bb8b18dc46952e82de537b603a

Open Ports Detected

2053 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22