104.19.222.79 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.19.222.79 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1031 - Modify Existing Service, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window

• Tags: 1996, aaaa, aaaa nxdomain, accept, accept encoding, added active, address, a domains, af81 http, all scoreblue, all search, a nxdomain, apache, april, arial helvetica, artro, as10906, as11284, as13414 twitter, as14061, as15133 verizon, as15169 google, as16276, as19527 google, as22612, as30081, as31034 aruba, as31898 oracle, as36459, as397240, as397241, as46606, as54113, as62597 nsone, as7296 alchemy, as8075, as9009 m247, ascii text, asn as36459, asnone united, aurora, author avatar, backdoor, beginstring, bladabindi, body, brazil unknown, brute force, certificate, checkin, chrome, class, click, cname, code, collisionbox, command type, contact, copyright, crazy doll, created, creation date, crlf line, cryp, date, days ago, director, div div, dnssec, document file, domain, domain name, dotcisoffer, east, emails, emotet type, encrypt, entries, error, error all, error f, expiration, expiration date, expiresthu, false, filehashmd5, filehashsha256, files, files ip, files location, files related, flag united, formbook cnc, gameoverpanel, gecko, germany, github, github pages, gmt cache, gmt content, gmt contenttype, hack type, health type, hostname, http, httponly, httpsupgrades, hybrid, idlogin sep, ieedge chrome1, incapsula, ip address, ip check, ipv4, ipv6, italy, italy unknown, khtml, lanc type, less whois, linux x8664, local, location united, look, markmonitor, mcig sep, meta, meta http, meta name, miori hackers, mirai, mirai type, mm28, mnsnj5o7dn7e, moved, mozilla, msie, msnvh, mt1627120573, mtb aug, mtb description, mtb sep, mvi4, name servers, net168, net1680000, nethandle, next, nextc type, ninite, null, nxdomain, orgid, orgtechhandle, orgtechref, overview ip, passive dns, path, pattern match, porn type, pragma, pulse pulses, pulses email, pulse submit, pulses url, ransom, record value, redirect, refresh, registrar, related nids, related pulses, related tags, report spam, request, request id, restart, reverse dns, robots content, roleselfservice, role title, runner, russia, sameorigin, scan endpoints, script urls, search, sea x, secure, secure server, servers, service, sha1, sha256, shardbypassyes, showing, size, smoke loader, softcnapp, span, status, strings, telper, tools, trex, trojan, trojanclicker, trojandropper, trojanspy, tulach type, twitter, type indicator, typeof, types of, ucha, uid38009, unis, united, united kingdom, university, unknown, url analysis, url http, url https, urls, utf8, v2 document, VBS, verify, veryhigh, virtool, whitelisted, whitelisted ip, win32, win32 type, win64, worm, x ua

• JARM: 27d40d40d00040d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Aruba, Canada, Italy, United States of America
• Passive DNS Results: www.whatismyipaddress.com comclst.net forums.whatismyipaddress.com static.whatismyipaddress.com redir.whatismyipaddress.com off-line.655659.xyz cdn.whatismyipaddress.com whatismyipaddress.com

Malware Detected on Host

Count: 1070 91ef55870b077606206ffe3b7c71667f6c37ba53c69a3593c09195a3da5b3d6c 6d126edf9ccb3849945e29774fc37fed5c6ed0a9271101245e7146718026d0e5 edeacdb1bc8dc381ef8fc8b4c788f9dec7daa4ecdbfae547f50159a2cfc6c60e 4ba137b73e022be1da4b9640cc00faaa4002d0d581d99d3744e894eba08bc697 dd48e5d051cf932f2340b4ecc88f23ad50d906ae5d8a065d892db130a9db92df f98a848beba891ebac2d722bfe3a1598ee626a3a79a8301f554745f5487caec6 2d54e347f5d1725cfffd611bafbdd68cd6510e37040686e6c06d48de69b87809 1e4e8b3429483874972b1efac01c7dd8d3e23aed93bb7a82cec5a7f2a96e35e2 95c5f82cad6e88ca4ce8206ecba7cd9f5a237e3013676da7ac8759db872b257a 9ee81f23b6f339fe8f586983ea3c9d20d3e88e6f1ee6934417fa064000286ae8

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22