104.19.187.97 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.19.187.97 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1023 - Shortcut Modification, T1040 - Network Sniffing, T1060 - Registry Run Keys / Startup Folder, T1081 - Credentials in Files, T1082 - System Information Discovery, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1204 - User Execution

• Tags: accept, a domains, all octoseek, apache x, apanas, as15169 google, as21928, as29873 newfold, as3786 lg, as39962 pretecs, as46606, as4766 korea, as9318 sk, attempted brute forcing, backdoor, basic human rights, body, body length, brain sabey, canada unknown, canvas, china as4134, china as4837, citizenship, class, client body, code, collision, collusion, communicating, contacted, contacted urls, content type, cookie, copy, creation date, cultureneutral, cyber threat, date, default, delete, delphi, destination, digital, dlink router, dsl2750b rce, emotet, encrypt, entries, error, etpro trojan, et trojan, execution, exploit, explorer, external, files, file type, final url, form, gafgyt, get hello, gmt server, government, gtm5h8hdq3, hall render, headers, high priority, historical ssl, html info, httponly, http response, https://myaccount.uscis.gov/, human rights threat, icmp traffic, ids detections, immigration, intel, ip address, ipv4, junk data stuffing, kb body, known hostile, lifeweb, lifeweb server, malware, malware infection, media center, meta, meta tags, mirai, moved, mozilla, msie, ms windows, next, nsisinetc, otx telemetry, passive dns, path, pe32, persistence, policy http, port, possible virut, pragma, present dec, pulse pulses, pulses, read, read c, referrer, regsetvalueexa, related tags, relic na, remote handler, resolutions, scan endpoints, search, self, server, sha256, show, slcc2, source source, south korea, ssl certificate, status code, stream, strings, sysv, tag manager, temple, title, toolbar, top destination, top source, trackers new, trojan, trojandropper, united, unknown, urls, us citizenship, utc google, virustotal, vitro, wabot, whois sslcert, win32, win32dh, windows nt, wordpress login, write, write c, yara detections

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, Canada, Cyprus, Hong Kong, India, Ireland, Japan, Sweden, United States of America
• Passive DNS Results: commcloud.prod-bhcc-scarsonbroadway-com.cc-ecdn.net webservices.rushmorecorrespondent.com fusion.rushmorecorrespondent.com portal.rushmorecorrespondent.com www.rushmorecorrespondent.com rushmorecorrespondent.com files.rushmorecorrespondent.com cookielaw.org cdn.cookielaw.org www.astellas.cz www.astellas.cz.cdn.cloudflare.net

Malware Detected on Host

Count: 17 a96e61cc3f4940a56625a464835fa68ea89eedc907705acb0e901f2d17b10dda 1174ab7c306c456c9c8579d6e05dec34a561bfa93be18e8e1b15dd747f0f870f e12a9e696d9bf807e8b431a2033b56a063eacff36acedc8fa1ad5089eaea8be0 d64c458ee06dbb5208a39883bb6eb66e3b4b03c8fa78b24a724ff95ea21fb269 56f478cfe57d27574fcacd4a650259ebda569ff29f0cf71fe93b4e2ceb66566f 786501d34a73c549fba691cb43fffe85818f7c18d9e3d83b57c8504f3a4c9674 1bd8ff3fe08a2b9085a08ff67c87f074004196c48eb130897e4f0d9f2bc7a41b c7bec2388d386f6731e53919eb3cd9053b43fe8c6ac7c0959c3a85b32ae06653 337e2cef7c103cb2a58e8091f70e06650d34301cb8c657c2072f6b45ad0edbd2 5c91d201b34722a8f6b17fc14fdb5e764615d10246982d5967a19924c6416079

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22