104.19.147.8 Threat Intelligence and Host Information

Share on:
Jul 14, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.19.147.8 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

  • Mitre ATT&CK IDs: T1571 - Non-Standard Port, T1573 - Encrypted Channel

  • Tags: accept, agent, analysis, ansi, apt, click, close, collection, data, date, dcry, decrypted ssl, download, facebook, findingevil, format, general, group earth, hosts, hybrid, local, malicious, malware, mozilla, online, patch, path, pcap, possible, qakbot, quasar, rana, report domain, ryuk, sample, sandbox, sha256, springshell, ssl certificate, steg icons, strings, submit, suspicious, threat level, trojan, united, ursnif, vt graph, vxstream, whois, whois record, windows nt

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_ats

  • Country:
  • Network: AS13335 cloudflare
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Passive DNS Results: 0324e0417d82cc25d.crazyegg.com 0a380009c61111370.crazyegg.com 0a790dec2d98b6ddb.crazyegg.com 09ac563071cd463c9.crazyegg.com 0c6413f2bdab97b50.crazyegg.com 068bca70e636ce7b9.crazyegg.com 05167b12d27ce6df2.crazyegg.com app.crazyegg.com blog.crazyegg.com.cdn.cloudflare.net comments-api.crazyegg.com www.crazyegg.com.cdn.cloudflare.net admin.app.crazyegg.com rubytest.crazyegg.com shopify.crazyegg.com email-analytics.crazyegg.com accounts.crazyegg.com help.crazyegg.com integration-api-staging.crazyegg.com integration-api.crazyegg.com w3.crazyegg.com core.crazyegg.com www.crazyegg.com surveys.crazyegg.com cftestscript.crazyegg.com.cdn.cloudflare.net integrations.crazyegg.com marketing-20.crazyegg.com cftestscript2.crazyegg.com cftestscript.crazyegg.com crazyegg.com.cdn.cloudflare.net powerup.crazyegg.com.cdn.cloudflare.net script.crazyegg.com script.crazyegg.com.cdn.cloudflare.net

Malware Detected on Host

Count: 1626 2ac7bae0662928e1ca31232f654497323258cd2f968ddc2cfa077b67a1ca4038 967cda3115583076c770e902f6d8ad7b93b9a059497ed3a601097af610045b04 4ed9b5409107a97c2b7cb518465d00fcfd8cec2a010148a1cee3066912c52f08 3403945bb9bdc94bbb4941cd95f536ca345cc91ee2bafb16e5c3dbc10638e7f9 8d1c22e2acfa60fb696a647dc9bb87d2cef759b59d06461155c478e8d05019c4 98434b37834d0792ceabf2168d9c1649658950b51b7311bfce488b07abdf4bdc c1c9f7c1aba6ab44aa3cf646cee853f7df93883cc77696993cc69d5c3c309f96 b38b33c09518300854274aa62f22bac7b49da080575250c4dd2f6fa4581458f0 247dc2e221d50a3e12058cb4134592a71b4698d0f5a3fd19600a49ec2cd607cc f4ad76d9d16485005ecd8b080d4fbbf33a4699adb27b5ba0a75204825d580a7b

Open Ports Detected

2052 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

  • NetRange: 104.16.0.0 - 104.31.255.255
  • CIDR: 104.16.0.0/12
  • NetName: CLOUDFLARENET
  • NetHandle: NET-104-16-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS13335
  • Organization: Cloudflare, Inc. (CLOUD14)
  • RegDate: 2014-03-28
  • Updated: 2021-05-26
  • Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  • Ref: https://rdap.arin.net/registry/ip/104.16.0.0
  • OrgName: Cloudflare, Inc.
  • OrgId: CLOUD14
  • Address: 101 Townsend Street
  • City: San Francisco
  • StateProv: CA
  • PostalCode: 94107
  • Country: US
  • RegDate: 2010-07-09
  • Updated: 2021-07-01
  • Ref: https://rdap.arin.net/registry/entity/CLOUD14
  • OrgAbuseHandle: ABUSE2916-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-650-319-8930
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • OrgNOCHandle: CLOUD146-ARIN
  • OrgNOCName: Cloudflare-NOC
  • OrgNOCPhone: +1-650-319-8930
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgTechHandle: ADMIN2521-ARIN
  • OrgTechName: Admin
  • OrgTechPhone: +1-650-319-8930
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • OrgRoutingHandle: CLOUD146-ARIN
  • OrgRoutingName: Cloudflare-NOC
  • OrgRoutingPhone: +1-650-319-8930
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • RNOCHandle: NOC11962-ARIN
  • RNOCName: NOC
  • RNOCPhone: +1-650-319-8930
  • RNOCEmail: [email protected]
  • RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
  • RAbuseHandle: ABUSE2916-ARIN
  • RAbuseName: Abuse
  • RAbusePhone: +1-650-319-8930
  • RAbuseEmail: [email protected]
  • RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • RTechHandle: ADMIN2521-ARIN
  • RTechName: Admin
  • RTechPhone: +1-650-319-8930
  • RTechEmail: [email protected]
  • RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-07-13