104.22.0.232 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.22.0.232 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1053 - Scheduled Task/Job, T1055.012 - Process Hollowing, T1055 - Process Injection, T1056 - Input Capture, T1059.005 - Visual Basic, T1059.006 - Python, T1059.007 - JavaScript, T1071.004 - DNS, T1071 - Application Layer Protocol, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1110 - Brute Force, T1111 - Two-Factor Authentication Interception, T1112 - Modify Registry, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1491 - Defacement, T1497.001 - System Checks, T1497 - Virtualization/Sandbox Evasion, T1547.001 - Registry Run Keys / Startup Folder, T1552.001 - Credentials In Files, T1555.003 - Credentials from Web Browsers, T1583.005 - Botnet, TA0011 - Command and Control

• Tags: aaaa, accept, accept encoding, all octoseek, amadey, android, apple, apple ios, apple phone, application/binary, as15169 google, as44273 host, asyncrat, body, body length, botnet, botnet command and control, bundled, colorado, com cnt, communicating, contacted, contacted urls, content type, core, crypto, cyber attack, darklivity podcast, dem fin, diamondfox, dns, dofoil, domain, download, downloader, early iowa, el0kpmhlfz, emotet, entries, execution, february, final url, first, formbook, gmt etag, gmt server, gov int, hacked by phone call, hacker, hacking, hacktool, headers, historical ssl, html info, http response, iframe, information, injection, installer, ip address, ip summary, ipv4, january, Jays Youtube Bot.exe, jomax, july, kb body, kgs0, kls0, lumma stealer, machinename, malicious, malware, march, meta tags, michael roberts, monitoring, nav onl, network, next, nginx, no data, nxdomain, object, passive dns, password, password bypass, pcname, phi, phone hacking, phy pre, pii, pitman and or dentisthired roberts obvi, pragma, probe, pulse pulses, pulse submit, pur sta, python connection, q0gpyr1balpdgpo, qakbot, qdkxgr24yz, raccoonstealer, ransom, ransomexx, ransomware, rat, record type, record value, redline stealer, redlinestealer, referrer, relacionada, relic, remote, replacement, resolutions, ruthless, sample, samples, scan endpoints, search, september, server redirect, sha256, smoke loader, smokeloader, snatch, song culture, ssl certificate, status, status code, summary, suspicious, tag count, threat report, threat roundup, thu apr, tofsee, tracey richter, trojan, tsara brashears, ttl value, tulach, unauthorized, united, unknown, urls, url summary, whois record, whois sneaky, whois whois, win32, worn, youtube, zfglddkl58a url

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 7 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: aftermarket.com sms.cutt.ly erico.io mu92.com qa-au-pvc-caecom-2761-adyenaddresstransf.az.ssdgws.co.uk qa-dk-oag-testpentesting.az.ssdgws.co.uk qa-dk-mmi-urefbmvp-6369-slowsdi.az.ssdgws.co.uk www.valpeo.com www.valpeo.com.cdn.cloudflare.net qa-dk-qmu-fixfbmvp-5585-fixcachingbug.az.ssdgws.co.uk mcqua.de glb.guru www.churz.ch chattalent.me 5945.club andritolion.com privatemail.social www.cutt.ly fe26.io chap.al cdn4.chelonian.org cdn3.chelonian.org cdn1.chelonian.org cdn2.chelonian.org www.chelonian.org cdn.chelonian.org zubl.xyz cutt.ly www.nursingtestbanks.co chelonian.org nursingtestbanks.co digitalstormonline.com

Malware Detected on Host

Count: 90 a62342b0af69ae3074de1516a6d2daf908c2f72391ad57b4c252295f96f4f18c ea5834669e2abf8cb2b1743bde1d357e9b3a1de08571591ff540787b130e532b 066fe4bb2fe09cad7df4e01f0eacc046faa304c9eb76812a636811acb44e936d a9aaba66b191dee34a523245a612d3e1e5de6f02aa35ad81e6557f0471d1dc25 9bfdc52b831580814de4552fe875bda74fa15307c41ef00d4a1a728bac38ecb6 a5a1824856f48a518bf8b5fd31e250382ea045218ab24d077129ac5201abd027 a55f80ab22163578a6bde371241a08f60f208a30efc16da800adaa48890880ea a8ab18bee82cac5908b58d2334aa048564a34bce6c00abe3628930bc40e4ea90 f8669995a5120f7d7e2b9ffb9009c33155b4ac793f01d90ea8eb94efbe82de14 0f22dbfc34686ed25826f0fa7e451386d87fe316b2456fe525a913907bc136a7

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22