104.16.12.8 Threat Intelligence and Host Information

Oct 01, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.16.12.8 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 52/100

Host and Network Information

Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036.004 - Masquerade Task or Service, T1041 - Exfiltration Over C2 Channel, T1055 - Process Injection, T1068 - Exploitation for Privilege Escalation, T1071.002 - File Transfer Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1122 - Component Object Model Hijacking, T1210 - Exploitation of Remote Services, T1415 - URL Scheme Hijacking, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, TA0001 - Initial Access, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control, TA0034 - Impact, TA0040 - Impact
Tags: aaaa, a domains, agent tesla, all octoseek, amazonaes, analyze, apple ios, apple phone, arizona, as14576, as15169 google, as397241, as54455 madeit, as62597 nsone, as8075, attack, avast avg, backdoor, bill, black, blister, body, cancel anytime, china telecom, cnc, colorado, communicating, company limited, computer, contacted, contained, contextualizing, cp cyber, creation date, critical, cryp, crypto, csc corporate, cyber espionage, cybersecurity, cyber stalking, czech, daddy, danger, date, date hash, december, delaware, denver, deuteronomy 28:7, dnssec, domain, domains, domains domains, domains files, dos executable, download, elevated exposure, emails, @emreimer, encrypt, enjoy, entries, error, executable, execution, expiration date, files domain, files files, files related, first, free, generic, generic windos, get dns, get http, group, hackers, hackers for hire, hacktool, hashes, header intel, high level, hijacker, historical ssl, hitmen, hostname, hostnames, http, http method, http requests, hunk, ico rtgroupicon, iextract2, iframe, info compiler, installer, intel, iocs, ip traffic, ipv4, kgs0, kls0, kratona, language, larimer st, malvertizing, malware, malware spreading evader, media, memory pattern, meta, milehighmedia, mind, monitoring, most viewed, moved, msil, ms windows, mtb may, name md5, name servers, neutral, next, nxdomain, open, os2 executable, otx telemetry, pa, passive dns, paste, pattern ips, pe32 executable, phishing, play, porn videos, products id, project, protect, pulse pulses, ransom, record value, referrer, relic, resolutions, resources cyber, risk assessment, rticon neutral, scan endpoints, script, script urls, sdn bhd, search, security, servers, shell code, shinjiru msc, showing, siem compliance, skip, ssl certificate, stalkers, status, strong, submitters, suite, threat, threat round, tofsee, top rated, treats, trojan, trojandropper, tsara brashears, type, united, unknown, unlocker, url http, urls, urls https, utc submissions, videos, views, virtool, watch, whois record, win16 ne, win32
View other sources: Spamhaus VirusTotal

Country:
Network:
Noticed: 1 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: United States of America
Passive DNS Results: www.ppjhpt.cn www.r1o5h.cn hwbd1.cn gengyinpu.cn www.q24fzd.cn nanjiangv30.com www.farrow-ball.com.cdn.cloudflare.net www.speedyfiledownload.com speedyfiledownload.com Static.adzerk.net static.boomerprimenetwork.com static.xconomy.com static.localyokelmedia.com static.ap.bittorrent.com static.opensky.com static.multibriefs.com static.smallwolfbigpack.com static.parisbouge.com secure.adzerk.net static.adsie.co static.mvcreate.multiview.com static.asp.skavaone.com static.tentaculos.net static.realself.com static.moneymappress.com static.newsmaxfeednetwork.com static.redgage.net static.bitmedianetwork.com static.daddyhunt.com static.sophio.com static.pierryinteractive.com static.adstp.com static.valueviewmedia.com static.netsportsmedia.com static.liveonlineservices.com static.mediasea.ca static.gamerati.net static.kytori.com static.gunpartners.com static.9fold.com static.eastlinemedia.com static.multiview.com static.bannersbroker.com static.888media.net static.adzerk.net.cdn.cloudflare.net static.autographcollector.com static.fluidads.co static.ecigmedia.com static.verticalize.net static.shipserv.com static.land8media.com static.messagespaceads.com static.fl-ads.com static.c3ads.com

Malware Detected on Host

Count: 22 1725ff8c9cabfc14132dc2fd239e0d0f45093973465cd8f2c2b901ccc098fdcd 66c0eaae98ca77eaec1786bef7f5824c7a9b982e12ddee7916d5fa89299ac33a 902a124b5987228fec69c5f82d64c3a648793b4888d64e06f900fb9bb615692d be09462057a59e6576149b3fbf42dc6870392330b51ff68efd309966cd312946 da23602a76912bd46fe8fd08738cedbffb57c05c890197a9bab709db01c9b6be 7869f6d31ef02029c5b7e54d962d3050df23c44cf1b3c2efd84811242a45dbc2 3ebe2768932601a36c2f40f383aec03ec505bba004b586ebba70d830bb21a059 33d109eda5aef38b88c7616e69069215db50a8b3f4b26938bd69902789f37733 d4d10ec3b92d9bc81f767afe6088bb174a5f1dec5725486cce4138aa8a948d74 fc1112e84deab9343aa554d661a628fc3baeb08c86f2884b126bdb5f0df69a5e

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2024-09-04
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref: https://rdap.arin.net/registry/ip/104.16.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/CLOUD14
OrgNOCHandle: CLOUD146-ARIN
OrgNOCName: Cloudflare-NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgRoutingHandle: CLOUD146-ARIN
OrgRoutingName: Cloudflare-NOC
OrgRoutingPhone: +1-650-319-8930
OrgRoutingEmail: noc@cloudflare.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: rir@cloudflare.com
OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: rir@cloudflare.com
RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

Share on: