104.22.24.131 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.22.24.131 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window

• Tags: 0c87j01orwjy, aaaa, accept, acint, adload, a domains, agent, alerts, alexa, alexa top, algorithm, all scoreblue, analyzer threat, android, anonymisation, apache, arguments, arial, artemis, as15169 google, as16552 tiggee, as19527 google, as20940, as22612, as23393, as2914 ntt, as36459, as39122, as397240, as4230 claro, as54113, as8068, as8075, ascii text, asnone united, avast avg, azorult, backdoor, bank, bayrob, behav, blacknet rat, body, body html, brazil, brazil unknown, callee, cdfunction, certificate, cfappsselector, checkin, cisco umbrella, citadel, class, cleaner, click, closure library, cloudflare apps, cname, cobalt strike, code, complete, conduit, contact, contact phone, container, copy, copyright, crack, creation date, cultureneutral, cus olet, cyberlynk, data, date, date hash, ddfunction, default, delete, delete c, deploy now, detection list, div div, dns replication, dnssec, dock, document file, domain, domain name, downldr, download, downloader, dridex, emailworm, emotet, encrypt, encrypt cnr3, entries, error, et tor, execution, exit, expiration date, exploit, facebook, fakedout threat, false, filehash, files, file samples, files matching, filetour, first, footer, form, formbook cnc, function, fusioncore, general, genkryptik, get na, github pages, gmt server, google llc, google team, hash, header click, head title, helvetica, helvetica neue, heur, historical ssl, homepage, html, html5, http request, hybrid, identifier, iframe, info, installcore, installpack, intel, invalid url, ip summary, ipv4, kefunction, keitaro, key algorithm, key identifier, key info, key usage, known tor, lefunction, less see, llc registry, local, look, lowfi, malicious site, maltiverse, malware, malware site, media center, menu, menubutton, meta, million, misc attack, moved, msie, ms windows, mtb apr, mtb jul, name servers, n cloudflareapp, next, ninite, nircmd, nivdort, no data, node traffic, null, number, opencandy, ouno sni, passive dns, patcher, path, pattern match, pe32, pe32 executable, persistence, phishing, phishingms, phishing site, please, pragma, presenoker, preview, promise, public key, pulse pulses, push, ramnit, ransom, ransomware, read, read c, reads, record value, refresh, regexp, registrar, registrar abuse, registrar url, registrar whois, related pulses, relayrouter, request, reset css, restart, revengerat, riskware, rufus, runescape, safe site, sample, samples, scan endpoints, script, scroll, search, selector, server, servers, service, sha1, sha256, show, showing, simda, site, slcc2, span, specificity, status, stealer, string, strings, subject key, subject public, summary, suppobox, suspected, suspicious, swrort, symbol, systweak, tag count, td td, team, tiggre, title, tools, trojan, trojandropper, trojanspy, true, twitter, type name, united, unknown, unruy, unsafe, urls, url summary, v2 document, v3 serial, validity, verify, virtool, virut, visible, wacatac, warbot, webpackrequire, whitelisted, win32, win32qqpass apr, win64, windows nt, windows vps, worm, wow64, write, write c, x509v3 key, xdfunction, xrat, xtrat, yara detections, zbot, zcdixcykgz6p, zeus

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 9 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Brazil, India, United States of America
• Passive DNS Results: egyesulet.borzsonymentok.hu us.portwest.com user.borzsonymentok.hu www.portwest.com www.borzsonymentok.hu borzsonymentok.hu api.tawk.to windows.tawk.to www.promo.dream.gov.ua dream.gov.ua feedback.tawk.to mkom.nusapedia.tech ilped.bestmpc.my.id portwest.com ctp.nzzprint.ch livechat.tubagus.co.id qa-fi-v9l-caecom-1324-rx-entry-test.az.ssdgws.co.uk nextvpn.xyz ctp-test.nzzprint.ch.cdn.cloudflare.net ctp-test.nzzprint.ch team.tawk.to downloads.tawk.to plugins.tawk.to aquapay.online developer.tawk.to help.tawk.to grow.tawk.to vsb103.tawk.to partners.tawk.to vsb41.tawk.to vsb87.tawk.to vsb117.tawk.to vsb108.tawk.to vsb47.tawk.to vsb16.tawk.to vsb55.tawk.to vsb38.tawk.to vsb84.tawk.to vsb7.tawk.to vsb67.tawk.to vsb119.tawk.to vsb12.tawk.to vsb1.tawk.to vsb115.tawk.to vsb27.tawk.to vsb101.tawk.to vsb111.tawk.to vsb77.tawk.to vsb102.tawk.to vsb61.tawk.to vsb51.tawk.to vsb86.tawk.to vsb57.tawk.to vsb48.tawk.to vsb25.tawk.to vsb91.tawk.to vsb81.tawk.to vsb106.tawk.to vsb6.tawk.to vsb46.tawk.to vsb60.tawk.to vsb66.tawk.to vsb114.tawk.to vsb15.tawk.to vsb21.tawk.to vsb59.tawk.to vsb79.tawk.to vsb14.tawk.to vsb94.tawk.to vsb82.tawk.to vsb99.tawk.to vsb72.tawk.to vsb52.tawk.to vsb113.tawk.to vsb96.tawk.to vsb10.tawk.to vsb104.tawk.to vsb20.tawk.to vsb56.tawk.to vsb73.tawk.to vsb64.tawk.to vsb40.tawk.to vsb62.tawk.to vsb116.tawk.to vsb71.tawk.to vsb110.tawk.to vsb13.tawk.to vsb37.tawk.to vsb88.tawk.to vsb75.tawk.to vsb31.tawk.to vsb74.tawk.to vsb28.tawk.to vsb120.tawk.to vsb112.tawk.to vsb54.tawk.to vsb109.tawk.to vsb24.tawk.to vsb98.tawk.to vsb45.tawk.to vsb85.tawk.to vsb107.tawk.to vsb53.tawk.to vsb29.tawk.to vsb4.tawk.to vsb118.tawk.to vsb50.tawk.to vsb92.tawk.to vsb89.tawk.to vsb26.tawk.to vsb65.tawk.to vsb30.tawk.to vsb42.tawk.to vsb68.tawk.to vsb23.tawk.to vsb35.tawk.to vsb69.tawk.to vsb76.tawk.to vsa35.tawk.to vsa65.tawk.to proxy.tawk.to as.tawk.to vsa73.tawk.to vsa55.tawk.to vsa71.tawk.to vsa99.tawk.to vsa62.tawk.to vsa16.tawk.to vsa70.tawk.to vsa46.tawk.to vsa43.tawk.to vsa108.tawk.to vsa40.tawk.to vsa88.tawk.to vsa90.tawk.to vsa31.tawk.to vsa76.tawk.to vsa105.tawk.to vsa102.tawk.to vsa78.tawk.to vsa28.tawk.to vsa83.tawk.to vsa47.tawk.to vsa101.tawk.to vsa98.tawk.to vsa92.tawk.to vsa79.tawk.to vsa44.tawk.to vsa10.tawk.to vsa72.tawk.to vsa106.tawk.to vsa77.tawk.to vsa97.tawk.to vsa7.tawk.to vsa104.tawk.to vsa115.tawk.to vsa37.tawk.to vsa94.tawk.to vsa23.tawk.to vsa67.tawk.to vsa33.tawk.to vsa75.tawk.to vsa17.tawk.to vsa30.tawk.to vsa20.tawk.to vsa19.tawk.to vsa64.tawk.to vsa111.tawk.to vsa4.tawk.to vsa61.tawk.to vsa9.tawk.to vsa26.tawk.to vsa87.tawk.to vsa32.tawk.to vsa69.tawk.to vsa50.tawk.to vsa38.tawk.to vsa3.tawk.to vsa68.tawk.to vsa57.tawk.to vsa29.tawk.to vsa2.tawk.to vsa66.tawk.to vsa36.tawk.to vsa100.tawk.to vsa95.tawk.to vsa41.tawk.to vsa85.tawk.to vsa118.tawk.to vsa42.tawk.to vsa96.tawk.to vsa53.tawk.to vsa107.tawk.to vsa25.tawk.to vsa84.tawk.to vsa45.tawk.to vsa113.tawk.to vsa15.tawk.to vsa14.tawk.to vsa49.tawk.to vsa11.tawk.to vsa5.tawk.to vsa51.tawk.to vsa80.tawk.to vsa116.tawk.to vsa82.tawk.to vsa86.tawk.to vsa109.tawk.to vsa103.tawk.to vsa1.tawk.to vsa114.tawk.to vsa120.tawk.to vsa39.tawk.to vsa18.tawk.to vsa110.tawk.to vsa93.tawk.to vsa27.tawk.to vsa52.tawk.to vsa12.tawk.to vsa91.tawk.to vsa60.tawk.to vsa81.tawk.to vsb43.tawk.to vsa63.tawk.to vsa48.tawk.to vsa89.tawk.to vsa21.tawk.to vsa112.tawk.to vsa24.tawk.to vsa74.tawk.to nosupport.tawk.to vsa22.tawk.to vsa54.tawk.to vsa34.tawk.to vsa8.tawk.to vsa56.tawk.to vsa58.tawk.to vsb34.tawk.to vsa117.tawk.to jin66.club vsa119.tawk.to vsa13.tawk.to vsa6.tawk.to vsa59.tawk.to vsb105.tawk.to vsb100.tawk.to dashboard.tawk.to www.tawk.to vsb39.tawk.to static-v.tawk.to va.tawk.to vsb80.tawk.to vsb95.tawk.to vsb83.tawk.to vsb97.tawk.to vsb93.tawk.to vsb19.tawk.to vsb70.tawk.to vsb8.tawk.to vsb78.tawk.to vsb22.tawk.to vsb17.tawk.to vsb32.tawk.to vsb90.tawk.to vsb11.tawk.to vsb5.tawk.to vsb9.tawk.to vsb33.tawk.to vsb49.tawk.to vsb58.tawk.to vsb36.tawk.to vsb44.tawk.to vsb3.tawk.to vsb2.tawk.to vsb18.tawk.to vsb63.tawk.to tawk.to embed.tawk.to

Malware Detected on Host

Count: 121 0d9037562fc3d0f132ba6e00d6534116f36e24526c1d2d2c95dc5a1810d41fce 09e9dee5328cb5fc34aba8c760a82bf8e5366256ffb02bcf34a1814c71104b3f 8e963f3cdbe96f52a82491a26ee0f43365afb6e5ed004624111e788e7183efd2 bd24bbbaa53ca223c057995f07f0c40651aebf8b135d9fbe94eb085cd934a199 0870a463ef8e4531103e3fc6579b497fdd76ffd0ec8d434be912ddc764d10b64 54167d64e1112c6b3fd8ff3d8ad62f32e102f7926a880cf048b28b38fd1ca571 68e7326de3cb1024207200e776d493992cbd3b94f7ce415a93451ac59014c92e 007deb4c7b83a13f513a0d831d5585aa9e90fedb8f9a1d880d3fec2fde0c0728 ae1cc8312b0007a79739b8a45d49c2d75730fadfd56d9851efebecebb676c173 e689f5b996d7e3dea7770d3cb7fe6e15d27ce07341ca92f907c1f875d84494ca

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-07-02 anonymous-proxy-ip-list-2024-04-05 anonymous-proxy-ip-list-2024-04-10 anonymous-proxy-ip-list-2025-07-13 ****** anonymous-proxy-ip-list-2024-04-04 anonymous-proxy-ip-list-2025-07-11 anonymous-proxy-ip-list-2025-07-15 anonymous-proxy-ip-list-2024-04-08 anonymous-proxy-ip-list-2024-03-29 anonymous-proxy-ip-list-2024-03-27 anonymous-proxy-ip-list-2025-07-06 anonymous-proxy-ip-list-2025-07-07 anonymous-proxy-ip-list-2025-07-14 anonymous-proxy-ip-list-2024-03-28 anonymous-proxy-ip-list-2025-07-05 anonymous-proxy-ip-list-2024-04-02 anonymous-proxy-ip-list-2024-03-26 anonymous-proxy-ip-list-2025-07-12 anonymous-proxy-ip-list-2024-04-12 anonymous-proxy-ip-list-2024-04-09 anonymous-proxy-ip-list-2024-04-13 anonymous-proxy-ip-list-2023-07-08 anonymous-proxy-ip-list-2023-07-09 anonymous-proxy-ip-list-2024-04-07 anonymous-proxy-ip-list-2024-04-03 anonymous-proxy-ip-list-2024-03-31 anonymous-proxy-ip-list-2025-07-08 anonymous-proxy-ip-list-2025-07-09 anonymous-proxy-ip-list-2025-07-10 ****** anonymous-proxy-ip-list-2025-07-03 anonymous-proxy-ip-list-2025-07-04 anonymous-proxy-ip-list-2024-03-30 anonymous-proxy-ip-list-2024-03-25 anonymous-proxy-ip-list-2024-04-01 anonymous-proxy-ip-list-2025-07-16 ****** anonymous-proxy-ip-list-2024-04-06 anonymous-proxy-ip-list-2024-04-11