104.17.79.107 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.17.79.107 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1105 - Ingress Tool Transfer, T1548 - Abuse Elevation Control Mechanism

• Tags: adobe reader, aes128gcm, all cve, amazon02, americachicago, android, apache, apple ios, Apple phishing, a record, as16509, asn15169, asn16509, asyncrat, attacks, august, b document, botnet campaign, browsing, ciphersuite, cndigicert sha2, communicating, comodo rsa, contacted, content reputation, copy, crypto, crypto threat, current dns, cve20140514 add, dark web, delete c, domain, ecdhersa, ecdsa, ellenmmm cve, email phishing, emotet, encrypt, enter, entries, error, et, execution, existing pulse, expiration, fast web, filehashmd5, filehashsha1, filehashsha256, frame, gecko, general full, gmbh version, google, google safe, hacktool, history http, hosting, hostname, http, iocs, iPhone phishing, ipv4, january, javascript, june, kb document, khtml, linux x8664, lmenlo park, malware, march, maxradlinklen50, misc http, name value, networks, new pulse, next, no expiration, odigicert inc, ometa platforms, openioc, page url, password, pcap, pdf report, primary request, probe, quasar, ransomware, redirect chain, referrer, remote, resolutions, resource, resource path, reverse dns, scan endpoints, search, secure s, security tls, size, social engineering, ssl certificate, stcalifornia, stealer, stix, summary, swiftwill, swiftwill2, threat roundup, tsara brashears, twitter, type mimetype, united, unknown, url http, url https, urls, verdict, verified, video streaming, waltham, whois record, win64, write

• JARM: 29d3fd00029d29d00029d3fd29d29d5a74e95248e58a6162e37847a24849f7

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 9 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: India, United States of America
• Passive DNS Results: cdnjs.cloudflare.com www.redbet.com redbet.com

Malware Detected on Host

Count: 3163 7cb720399c6fb5d812e22ef6be957f25aa3d36cac7a0ee37408c694d1421ffe9 4f4f8b0cf728f39692e14bd9f198e9ae951c5ff9ed3e1ed6c6de9490505f1a61 2ff86faa953c837c496cd7cf1dbde6ca828252dab4e860ab1db4ca7b4b44d221 be1c4fe9a70af50a5d390c9fb81641a1b671ada7c6c0e107378bbf694b6caec6 e8f6c0d12b65ffa02cef0c9118c177de20fa21e75e152702e124dc474cd004dc 006090493dabb4329c2198c88e0d70bedf0c37f842f89e6894437a86a89e7c41 bad0459fa2e428709523ddf59ab8bee4fef8f4679d08e8f8da59fc49c8b29c0f 50c92f3f9748fe1a9ed0ca2e03e3a5fa84d2e745239f5a99448fa35beafe271e 23991475094c0024b8b875e5d12794ad4f935c390645addbf25d5cbc9a6cc22c fa5037361e9e5b76b6696b0ce3d1792398ce0a33dc4eac9ecdba212bfb58a9c1

Open Ports Detected

2052 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22