104.16.160.145 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.160.145 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information

• Tags: accept, akamaias, akamaiasn1, alienvault, amazon02, analysis ob0001, analysis ob0002, as15169, as16509, as20940, as3359, as8075, as852, ascii text, base64uidenc, catalog tree, cjutxg, cname, cnmicrosoft ecc, command, control ta0011, country name, created, cuba, cus subject, data, datacrashpad, data oc0004, defense evasion, dns resolutions, edge, error https, evasion ta0005, exchange meta, facebook, gecko, geoip, get http, get https, ghost, gmt ifnonematch, google, Google, google tag, gtmkvjvztk, gtmkvjvztk dl, html document, html internet, icmp, iframe tags, impact ta0040, indonesia, ip address, ISP, khtml, learn, level3, levelblue, media, mexico, mini, mutexes nothing, Norton, nothing, number, ob0007 impact, ob0012 file, oc0006, oc0008, oid2, omicrosoft c, open threat, Pixel, port, post https, process oc0003, proton, public url, request, resolved ips, response, script tags, server ca, seznam, stwa lredmond, system oc0001, ta0004 defense, ta0009 command, tags twitter, telecom, Telus, twitter, ukraine, update secure, url data, vis1, win32, win64, windows nt

• JARM: 27d40d40d00040d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 50 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: gigapurbalingga.onesignal.com media.onesignal.com circleci-webhooks.onesignal.com media-cms.onesignal.com img.onesignal.com beefree-storage.onesignal.com subdomain.onesignal.com app.onesignal.com dashboard.onesignal.com preview.onesignal.com cdn.onesignal.com onesignal.com api.onesignal.com

Malware Detected on Host

Count: 430 993cdbb09697f58988163d0a8b6beca5b6aa1683c6badf00f43f810c21b1e48a 7c7fc0a7f2b5f465683769864679688e082cb6544eee30cd1424aab1e2cd5c22 62bb46023361f7464570bfd2f37d4c6f2989f64d060b7020c90d64d86e31206b a526de5d1f5e7f996651f6def113b3ead3eb4850f15f8c197d6a713f89afd248 9405ce455e93438bad3f85f192d416f1bd788e910afb01491dae78c39d0e6b7a 2c3237bf57d724483625de7e785c3a9c8ea9ff34b32967c117c24dd692815712 c8ca621426cad001485b13bec405fded4c5c1e4461d0e98caae6400cbf4aac38 a0316063132ed416dde8f3730648864f9c158c19be0e5e9026894a4633d804fb 64ba36d07cc9a85ad25794223de80b3cee84cba909504f1780ae90e1299189f5 2a093e9e27bb2f56a3a68ccb20f6c9ffc7175a7155e11e9a93d111d67fe3e35e

Open Ports Detected

2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-22