104.25.174.15 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.25.174.15 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 36/100

Host and Network Information

• Tags: all octoseek, amadey, apple, apple ios, apple phone, artro, awful, blacklist, body, cobalt strike, compiler, contacted, contacted urls, copy, core, cpm fun, cpm network, creation date, critical, cyber warfare, date, detection list, domains, download, emotet, entries, exe32, execution, expiration date, exploit, files, file type, final url, getcursor getdc, google safe, hacktool, header intel, headers date, highly targeted, historical ssl, hostname, http, http response, info compiler, installer, intel, ip address, ip summary, ipv4, june, link library, malware, malware stealer trojan evader, maui ransomware, meta name, monitoring, ms visual, ms windows, name md5, name servers, nanocore, next, none related, open, passive dns, password, pe32 compiler, pe32 executable, phishing, powershell, privateloader, products id, pulse pulses, quasar, ransomexx, referrer, related pulses, relic, resolutions, sample, samples, scan endpoints, script, search, september, service, shell code, showing, siblings, siblings domain, sides with, ssl certificate, status, status code, summary, tags none, threat report, threat roundup, tmobile metro, tracker, trojan, tsara brashears, united, unknown, unlocker, upd4, url http, urls, urls http, url summary, urls url, ursnif, vs2013, vs2013 upd4, whois record, win16 ne, win32 dynamic, win32upatre jan

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: www.mjsluxci.tw www.jujqvgtl.tw www.nunbzpkv.tw www.clcmfbog.tw www.fuhjdncf.tw jujqvgtl.tw yqhmkayi.tw www.yqhmkayi.tw www.miqfvlte.tw www.ukyqoiwt.tw www.wftzsbte.tw www.fastfwd.com pro.cgfirst.com studybees.de libertyriskappetite.com cgfirst.com hush.to fastfwd.com keynellcovert.co.uk grid.space dev.adfoc.us cdn1.videolb2.videarn.com www.videarn.com images1.videarn.com static.videarn.com www.adfoc.us cdn1.videolb.videarn.com cdn.adfoc.us images2.videarn.com static3.videarn.com kilroy.dk groups.kilroy.dk www.travels.kilroy.dk www.kilroy.dk embed.videarn.com forum.grid.space videarn.com cherokeespirits.com static2.videarn.com thumbs.videarn.com travels.kilroy.dk blogs.kilroy.dk deals.kilroy.dk education.kilroy.dk adfoc.us www.qtptutorial.net.cdn.cloudflare.net

Malware Detected on Host

Count: 25 407547a213ab4b29d2c49ae7e40918b04d7607cc7c2c5fa24694b9897753b525 58cba5184dfdc01ab6925959a14facf20e9f05dcbf2f58bd9218aaf7e990223f 0fb913b816303c269986fddcb2626018c970f4a22c985076be61c2920b69c0a9 f5ac3189b6ce79245e0762bce9266014020613a501dbcc3268bb86258f7dfb93 c6821df3bfaed0cf9c3b139847124abd114d6f3babc09ae0a7a84e35f7ac8304 7d2e4bcb88522db742cb26b369c8966caa441b4627ac13ae2c15f91c3259afe9 a58492c45fba06c03ae72870f69e005233387c23cfd0ac4b4e50a6b9b86e4c28 e5b6c70b4f6523d2c155d16c3788e91c2178682b9c366d0cd6c51052ccb056b9 94b4c2f1f168d0f22c40653ab8064edc3eb6a3e1603f2208b274f6080a15d2f8 af33f87f550122c607be42572bad6822ab2210e9c8365b4fc94b1c173dc57bd6

Open Ports Detected

2052 2082 2083 2087 2096 443 80 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-06-24