104.17.76.195 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.17.76.195 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

• Mitre ATT&CK IDs: T1001.001 - Junk Data, T1027 - Obfuscated Files or Information, T1059.007 - JavaScript, T1071.004 - DNS, T1105 - Ingress Tool Transfer, T1497 - Virtualization/Sandbox Evasion

• Tags: acint, artemis, Autonomous System, cisco umbrella, collections, communicating, conduit, crack, dropper, filerepmalware, heur, historical ssl, installcore, iobit, malicious site, malware, malware site, mediaget, obsfucation, outbreak, phishing site, referrer, resolutions, rostpay, safe site, siblings, site, Suricata, unsafe, whois whois

• JARM: 29d3fd00029d29d00042d43d00041d5de67cc9954cc85372523050f20b5007

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: China
• Passive DNS Results: auth-api.phonepe.com auth-api.phonepe.com.cdn.cloudflare.net help.phonepe.com help.phonepe.com.cdn.cloudflare.net api2.phonepe.com api2.phonepe.com.cdn.cloudflare.net content.phonepe.com terms-and-conditions.phonepe.com tnc.phonepe.com felix.phonepe.com pulse.phonepe.com kyc.phonepe.com services.phonepe.com mercury-t2.phonepe.com website.phonepe.com mercury-stg.phonepe.com iris.phonepe.com pg-api-meta.phonepe.com optimus-bot.phonepe.com docs.phonepe.com sentry.phonepe.com web-api.phonepe.com insights.phonepe.com support.phonepe.com images.phonepe.com careers.phonepe.com business.phonepe.com blog.phonepe.com cybercell.phonepe.com grievance.phonepe.com merchant-simulator.phonepe.com merchant-sync.phonepe.com mercuryui-linchpin.phonepe.com documents.phonepe.com img.phonepe.com tncstatic.phonepe.com api-testing.phonepe.com business-api.phonepe.com servicesstatic.phonepe.com stg-sessionservice.phonepe.com aa.phonepe.com api-preprod.phonepe.com aa-cms.phonepe.com newmercury.phonepe.com ads-static-traffic-policy.phonepe.com ads-static.phonepe.com api-myntra.phonepe.com helix.phonepe.com imgstatic.phonepe.com aa-interface.phonepe.com cms.phonepe.com csp.phonepe.com app.phonepe.com peekaboo.phonepe.com mercury-uat.phonepe.com campaign.phonepe.com docstore.phonepe.com ads-testing.phonepe.com insights-api.phonepe.com aa-cms-uat.phonepe.com apps-uat.phonepe.com terms-and-conditions.phonepe.com.cdn.cloudflare.net web-api.phonepe.com.cdn.cloudflare.net servicesstatic.phonepe.com.cdn.cloudflare.net merchant-simulator.phonepe.com.cdn.cloudflare.net pulse.phonepe.com.cdn.cloudflare.net merchant-sync.phonepe.com.cdn.cloudflare.net pg-api-meta.phonepe.com.cdn.cloudflare.net kyc.phonepe.com.cdn.cloudflare.net newmercury.phonepe.com.cdn.cloudflare.net grievance.phonepe.com.cdn.cloudflare.net app.phonepe.com.cdn.cloudflare.net cybercell.phonepe.com.cdn.cloudflare.net mercuryui-linchpin.phonepe.com.cdn.cloudflare.net aa-cms.phonepe.com.cdn.cloudflare.net optimus-bot.phonepe.com.cdn.cloudflare.net tncstatic.phonepe.com.cdn.cloudflare.net aa-interface.phonepe.com.cdn.cloudflare.net api-testing.phonepe.com.cdn.cloudflare.net aa.phonepe.com.cdn.cloudflare.net ads-testing.phonepe.com.cdn.cloudflare.net api-myntra.phonepe.com.cdn.cloudflare.net ads-static.phonepe.com.cdn.cloudflare.net campaign.phonepe.com.cdn.cloudflare.net aa-cms-uat.phonepe.com.cdn.cloudflare.net uat-cloud.phonepe.com uat-cloud.phonepe.com.cdn.cloudflare.net chat-bot.phonepe.com chat-bot.phonepe.com.cdn.cloudflare.net www.phonepe.com bossjionet.tech blog.phonepe.com.cdn.cloudflare.net images.phonepe.com.cdn.cloudflare.net mercury.phonepe.com mercury.phonepe.com.cdn.cloudflare.net docstore.phonepe.com.cdn.cloudflare.net ads.phonepe.com preprod42.phonepe.com tech.phonepe.com stg-sessionservice.phonepe.com.cdn.cloudflare.net api-flipkart.phonepe.com.cdn.cloudflare.net peekaboo.phonepe.com.cdn.cloudflare.net cms.phonepe.com.cdn.cloudflare.net vertx-api-testing.phonepe.com.cdn.cloudflare.net nachservice.phonepe.com.cdn.cloudflare.net apps-uat.phonepe.com.cdn.cloudflare.net pg-transport-preprod.phonepe.com.cdn.cloudflare.net ads.phonepe.com.cdn.cloudflare.net cybersafe.phonepe.com.cdn.cloudflare.net samsara-testing.phonepe.com.cdn.cloudflare.net felix.phonepe.com.cdn.cloudflare.net careers.phonepe.com.cdn.cloudflare.net insights-api.phonepe.com.cdn.cloudflare.net csp.phonepe.com.cdn.cloudflare.net api-icicitesting.phonepe.com.cdn.cloudflare.net tnc.phonepe.com.cdn.cloudflare.net insights.phonepe.com.cdn.cloudflare.net apps.phonepe.com.cdn.cloudflare.net pg-uat.phonepe.com.cdn.cloudflare.net mercury-fk.phonepe.com.cdn.cloudflare.net tech.phonepe.com.cdn.cloudflare.net admin-doorway-stage-internal.phonepe.com.cdn.cloudflare.net imgstatic.phonepe.com.cdn.cloudflare.net services-stg.phonepe.com.cdn.cloudflare.net doorway-stage-internal.phonepe.com.cdn.cloudflare.net services.phonepe.com.cdn.cloudflare.net mercury-uat.phonepe.com.cdn.cloudflare.net sentry.phonepe.com.cdn.cloudflare.net stg-linchpin.phonepe.com.cdn.cloudflare.net api-preprod.phonepe.com.cdn.cloudflare.net infinitest.phonepe.com.cdn.cloudflare.net mercurystatic.phonepe.com.cdn.cloudflare.net peekaboo-testing.phonepe.com.cdn.cloudflare.net mercury-stg.phonepe.com.cdn.cloudflare.net content.phonepe.com.cdn.cloudflare.net wa-uat.phonepe.com.cdn.cloudflare.net pg-testing.phonepe.com.cdn.cloudflare.net iris.phonepe.com.cdn.cloudflare.net img.phonepe.com.cdn.cloudflare.net helix.phonepe.com.cdn.cloudflare.net api-uat.phonepe.com.cdn.cloudflare.net support.phonepe.com.cdn.cloudflare.net stg-ppcms.phonepe.com.cdn.cloudflare.net gandalf-stage-internal.phonepe.com.cdn.cloudflare.net stg-tempimages.phonepe.com.cdn.cloudflare.net mercury-preprod1.phonepe.com.cdn.cloudflare.net upisb.phonepe.com.cdn.cloudflare.net chat-testing.phonepe.com.cdn.cloudflare.net documents.phonepe.com.cdn.cloudflare.net business-api.phonepe.com.cdn.cloudflare.net business.phonepe.com.cdn.cloudflare.net docs.phonepe.com.cdn.cloudflare.net mercury-t2.phonepe.com.cdn.cloudflare.net www.phonepe.com.cdn.cloudflare.net website.phonepe.com.cdn.cloudflare.net

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-30 anonymous-proxy-ip-list-2025-07-02 anonymous-proxy-ip-list-2025-08-12 anonymous-proxy-ip-list-2025-08-13 anonymous-proxy-ip-list-2025-07-18 anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-26 anonymous-proxy-ip-list-2025-06-27 anonymous-proxy-ip-list-2025-08-03 anonymous-proxy-ip-list-2023-07-18 anonymous-proxy-ip-list-2023-07-19 anonymous-proxy-ip-list-2025-07-13 ****** anonymous-proxy-ip-list-2025-07-11 anonymous-proxy-ip-list-2025-07-15 anonymous-proxy-ip-list-2025-07-30 anonymous-proxy-ip-list-2025-08-10 anonymous-proxy-ip-list-2025-08-14 anonymous-proxy-ip-list-2025-07-01 anonymous-proxy-ip-list-2025-07-06 anonymous-proxy-ip-list-2025-07-24 anonymous-proxy-ip-list-2025-08-11 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-07-07 anonymous-proxy-ip-list-2025-07-14 anonymous-proxy-ip-list-2025-07-23 anonymous-proxy-ip-list-2025-06-24 anonymous-proxy-ip-list-2025-06-28 anonymous-proxy-ip-list-2025-06-29 anonymous-proxy-ip-list-2025-07-05 anonymous-proxy-ip-list-2025-07-27 anonymous-proxy-ip-list-2025-08-08 anonymous-proxy-ip-list-2025-08-15 anonymous-proxy-ip-list-2025-08-17 anonymous-proxy-ip-list-2025-07-12 anonymous-proxy-ip-list-2023-07-16 anonymous-proxy-ip-list-2025-07-17 anonymous-proxy-ip-list-2025-07-22 anonymous-proxy-ip-list-2025-08-18 anonymous-proxy-ip-list-2025-07-28 anonymous-proxy-ip-list-2025-07-31 anonymous-proxy-ip-list-2025-08-01 anonymous-proxy-ip-list-2025-08-02 anonymous-proxy-ip-list-2025-08-05 anonymous-proxy-ip-list-2025-07-19 anonymous-proxy-ip-list-2023-06-22 ****** anonymous-proxy-ip-list-2025-07-04 anonymous-proxy-ip-list-2025-07-08 anonymous-proxy-ip-list-2025-07-10 anonymous-proxy-ip-list-2025-07-09 anonymous-proxy-ip-list-2025-07-03 anonymous-proxy-ip-list-2025-07-29 anonymous-proxy-ip-list-2025-08-04 anonymous-proxy-ip-list-2025-08-07 anonymous-proxy-ip-list-2025-08-09 anonymous-proxy-ip-list-2025-07-16 anonymous-proxy-ip-list-2025-07-20 anonymous-proxy-ip-list-2025-07-25 anonymous-proxy-ip-list-2025-08-06 anonymous-proxy-ip-list-2025-08-16 ****** anonymous-proxy-ip-list-2025-06-25 anonymous-proxy-ip-list-2025-07-21 anonymous-proxy-ip-list-2025-07-26