104.16.18.94 Threat Intelligence and Host Information

Oct 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.16.18.94 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 100/100

Host and Network Information

Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1011 - Exfiltration Over Other Network Medium, T1012 - Query Registry, T1018 - Remote System Discovery, T1027.002 - Software Packing, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1033 - System Owner/User Discovery, T1036 - Masquerading, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1094 - Custom Command and Control Protocol, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1107 - File Deletion, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1158 - Hidden Files and Directories, T1176 - Browser Extensions, T1189 - Drive-by Compromise, T1203 - Exploitation for Client Execution, T1215 - Kernel Modules and Extensions, T1222 - File and Directory Permissions Modification, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1480 - Execution Guardrails, T1485 - Data Destruction, T1491 - Defacement, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1543 - Create or Modify System Process, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1552 - Unsecured Credentials, T1553 - Subvert Trust Controls, T1555 - Credentials from Password Stores, T1560 - Archive Collected Data, T1563 - Remote Service Session Hijacking, T1564 - Hide Artifacts, T1566 - Phishing, T1568 - Dynamic Resolution, T1569 - System Services, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1583.002 - DNS Server, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1588 - Obtain Capabilities, T1590 - Gather Victim Network Information, TA0001 - Initial Access, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control, TA0034 - Impact, TA0037 - Command and Control, TA0040 - Impact
Tags: 0 report, 10357, aaaa, abuse contact, accept, access ta0001, access ta0006, a claim, active created, activity dns, acurix networks, address, adobe portable, adobe product, adobe systems, a domains, adversaries, adware, aes128gcm, agent, agent tesla, agenttesla, aig, akamaias, akamaiasn1, Alberta, Alberta Doctors, Alberta Health Services, Alberta Medical Association, Alberta NDP, Alberta UCP, alerts, alexa, alexa top, alf features, algorithm, all octoseek, all scoreblue, all search, amazon, amazon 02, amazon02, amazonaes, americachicago, america flag, american international, analysis, analysis date, analysis ob0001, analysis ob0002, analyze, analyzer paste, analyzer threat, anchor hrefs, and china, android, apache, apple, appleaustin, apple engineering, apple ios, apple notepad, apple phone, apple unlocker, Apple Zero Day, april, a record, artemis, as133618, as133775 xiamen, as15169, as15169 google, as16509, as16625 akamai, as20940, as2914 ntt, as3257 gtt, as3359, as397240, as46606, as54113, as54990, as6185 apple, as62597 nsone, as62729, as6453 tata, as6461 zayo, as714 apple, as7843 charter, as8075, as852, ascii text, asn15169, asn16509, asn20940, asn as45090, asnone, asnone united, asyncrat, atkafij0, attack, attrib, august, avast avg, av detections, awful, axelo, azorult, azure tls, b2931e3f, b467295d, b535, baby, backdoor, bambernek, bank, banker, basic, b body, b document, beijing baidu, beijing gu, ben c, benjamin, best targets, betabot, bitdefender, bitrat, blackguard, blackhat, blacklist, blacklist http, blacklist https, blocklist, blustealer, bodis, body, body doctype, body length, boot, botnet, Botnet, botnet campaign, bouvet island, bq feb, brent kimball, brian sabey, briansabey, browsing, builder, bundled, c0014, c2, ca issuers, capture, cargo, catalog tree, centerchecks, Certificates, cgb stgreater, chaos, china, china telecom, chinese, Christopher Pool, chrome, ciphersuite, cisco, cisco umbrella, city, City of Edmonton, ck id, ck matrix, ck techniques, class, classname, click, clickjacking, clipper dos, close, cloud, cloudflare, cloudflarenet, cname, cnc, cnc feodo, cnc server, cndigicert sha2, coalition et, cobalt strike, Cobalt Strike, code, collection, collections, com laude, command, command and control, command decode, commercial auto, communicating, community https, comodo rsa, comodo valkyrie, company limited, compensation, compiler, computer, comspec, connect azurepc, Connect Care, connection, contact, contacted, contacted circa 10.23.2023-, contacted urls, contact phone, contained, content reputation, contexthub, control ta0011, converter pdf, cookie, copy, copy md5, copy sha1, copy sha256, core, country, country name, Covenent Health, covid19, cq function, crack, crash, create, create c, created, createdate, creation date, creatortool, crime, critical, critical risk, crlf line, cronup threat, cryp, crypto, csc corporate, cuba, current dns, cus cnmicrosoft, cus cnr3, cyber, cyber attack, cyber crime, cybercrime, cyber criminal, cyber stalking, cyberstalking, cyber threat, cyberthreat, daam, dan.com, dangeroussig, dao360, dapato, dark, dark consultants, darkgate, dark power, data, data center, datacrashpad, date, date hash, date mon, debug, december, default, defense, defense evasion, delete, delete c, del f, de page, description, description svg, destination, de summary, detection list, detections none, detections type, detplock, devils work, DGA, digitaloceanasn, discovery, discovery t1057, djvu, dll sideloading, dns, dns intel, dnspionage, dns replication, dns resolutions, dnssec, dock, document, document format, domain, domain address, domain http, domain name, domainpath name, domains, domains ii, domain status, dom get, dos com, downer, downldr, download, downloader, downloadmr, dridex, drivertalent, dropped, dsp1, duckdns, dynamicloader, dynamic report, dyndns domain, e1082 impact, e1203 data, e1564 discovery, ecc domain, ecdhersa, ecdsa, ec oid, edge, Edmonton Police Services, EduRoam, egregor, elqq, email, email document, emails, emotet, emotet ip, emotion, encrypt, energy, engineering, enom, enter, enterprise, entity, entries, erase, ermac, error, et, etisalat misr, etpro malware, et tor, evader, evasion ob0006, evasion ta0005, evil, evil c, exe32, executable, execution, exit, expiration, expiration date, expires thu, exploitation, exploit domain, export, f20b201c, facebook, factory, fakedout threat, falcon sandbox, false, fast web, february, feodo, file, filehash, filehashmd5, filehashsha1, filehashsha256, files, file samples, file score, file size, files location, files matching, file type, filter https, final url, find, findwindowa, firehol, firehol et, first, flag, flash, flashpix, flow t1574, fono, font format, footer, ford mustang, form, format, formbook, for privacy, found, frame, frankfurt, fuery, fusioncore, g4 rsa4096, g5cygkcj7g1, gamehack, gamers, gecko, general, general full, generator, generic, generic windos, geoip, germany, germany unknown, get http, get https, get na, getprocaddress, get response, ghost, github, gmbh version, gmt cache, gmt content, gmt ifnonematch, gmtn, gmt server, gna7hdu, gnu linker, goldfinder, goldmax, google, google safe, gootloader, gopuram, GovAB, graphics image, graph summary, greatness, green, group, gt convertible, gtmkvjvztk dl, guard, gui32, gvb gelimed, hacker, hackers, hacking tools, hacktool, hallgrand, hallrender, hash, hashes, hashes files, hashes hashes, header intel, headers, headers date, headers nel, heur, hidden cobra, hide artifacts, high, highest f, high level, highly targeted, high process, high security, hijacker, historical ssl, history, history first, history http, hitmen, home, host, hosting, host interaction, hostname, hostnames, html, html document, html info, html internet, http, http attacker, http method, http redirect, http requests, http response, https, human, hunk, hunting macro, hybrid, hyperv, hz4urdyi, iana, iana id, iana ref, iana special, icedid, icloud, icmp, icmp traffic, icons library, identifier, ids detections, iframe, ii llc, illegal, impact ta0040, indicator, indonesia, industry_and_commerce, info, info compiler, info header, informative, injection, injection t1055, input, installcore, installer, intel, intellectual property theft, internal, internet, iocs, ioc search, ip address, ip check, ip detections, ips collection, ip summary, ip traffic, ipv4, ipv4 add, ipv4 prefix, ireland unknown, irfan skiljan, isns function, issuer, issuing ca, it consultant, j490s6lkpppw, january, javascript, jpeg, json data, july, june, kb acrotray, kb body, kb document, keepaliveyes, key algorithm, key identifier, key info, keylogger, kgs0, khtml, kimsuky, kit exploit, kls0, known tor, kraken, kuaizip, language, learn, less, level3, lfqprnkje8dni0, liability, life, light, limited, link, linker, link library, linux x8664, lmenlo park, local, localappdata, location china, location united, lockbit, log id, login aig, login myaig, logon autostart, lolkek, look, lookup wannacry, los angeles, lowfi, low software, lscottsdale, ltd dba, mac malware, magic html, magika html, magniber, mailrubar, mail spammer, main, Malcerts, malibot, malicious, malicious file transfers, malicious site, malicious url, maltiverse, malvertizing, malware, malware beacon, malware dns, malware hosting, malware scripting, malware site, malware spreader, manjusaka, march, mark, mark brian sabey, markmonitor, mark sabey, markus, masquerading, maui ransomware, maxage5184000, maxradlinklen50, mb iesettings, mb opera, mb super, media, media center, medium, memcommit, memory, memory pattern, memory scanning, memreserve, meta, metasploit, meta tags, metro, metro hacker, mexico, microsoftcorpas, million, mime type, miner, mini, Ministry of Advanced Education, Ministry of Health, Ministry of Tech & Innovation, minute tr, mirai, misc attack, mitre att, mitre attack, model, models ford, modified, modify system, module load, monitoring, mon jul, moved, mozilla, mr windows, ms excel, msgoptions, msgoriginaltext, msie, ms visual, ms windows, ms word, mtb may, mtb showing, mtb yara, multiple botnetworks, murderers, music, mustang coupe, mutex, mutexes nothing, my boy dan, name, namecheap, namecheap inc, name md5, name server, name servers, name tactics, name value, name verdict, nanocore rat, net192, net1920000, network, network hijacks, network mooooda, network rat, networks, networm, new ioc, next, nina, njrat, no data, node tcp, node traffic, no expiration, none related, nothing, november, number, nxdomain, ob0005 defense, ob0007 impact, ob0007 system, ob0012 file, ob0012 hide, observed dns, observed email, oc0006, oc0006 http, oc0008, october, odigicert inc, olet, ollydbg, ometa platforms, open, openioc, optimizer, orgabusephone, orgid, os2 executable, otx octoseek, overlay, owner exploit, p11642963562, p2404, packing t1045, page url, parent domain, passive dns, password, password bypass, paste, patch, path, pattern, pattern domains, pattern match, pattern urls, pcap, pcidump rasman, pdb path, pdf document, pdf pdf, pdf report, pe32, pe32 compiler, pe32 linker, pe32 packer, persistence, pe section, phish, phishing, phishing site, phishtank, physical threat, pictures, plasma, playgame, play ransomware, please, pony, Pool’s Closed, porkbun llc, pornhub, pornographers, port, post, post http, powershell, pragma, precondition, prefetch8, prefix, premium, presenoker, primary request, privacy, privacy service, probe, problems, process32nextw, processes tree, process oc0003, process t1543, producer pdftk, producer solid, products id, project, property, protocol h2, proton, proxy, psexec, pt mora, pty ltd, public url, pulse pulses, pulses, pulse submit, push, qakbot, qbot, quasar, quasar rat, quasi, query, raccoon, ransom, ransomexx, ransomware, Ransomware, raspberry robin, read, read c, record type, record value, redirect chain, redirected, redline, redline stealer, redrum, referrer, refresh, regbinary, regdword, region create, region update, registrant name, registrar abuse, registrar url, registrar whois, registry keys, regopenkeyexw, regsetvalueexa, related nids, related pulses, related tags, relayrouter, relic, remcos, remote, remote attacker, remote system, replacement, report, request, request chain, resolutions, resolved ips, resource, resource path, response, response final, restart, revenge rat, reverse dns, review, riskware, rmhs article, rmhs og, rocky mountain, Rogers, root ca, rostpay, roundup, rowcycur, r processes, rsih object, rsiw number, runescape, runresdll, sabey type, safe site, sale, sality, sample, samplepath, samples, samuel tulach, sandbox, san francisco, sanitize object, scalable vector, scan endpoints, scanning host, scheme, sc onlogon, script, script tags, script urls, search, search start, sector, secure s, security tls, self, september, server, server ca, servers, service, services, services1, service tool, serving ip, setupns, seznam, sha1, sha256, shared address, shell code, shell commands, shelltraywnd, show, showing, show technique, siblings, sibot, site, sites, size, skynet, slcc2, slider plugin, slug, snatch, sneaky server, soc, social engineering, softcnapp, soldier, song culture, source file, space, space meta, span, spawns, Speader, spotify artist, spreadsheet, sqli dumper, sqlite version, ssdeep, ssl certificate, stalker, starizona, start, startpage, start service, status, status code, stcalifornia, stealer, steganography, stix, stop, stop service, strings, subdomains, subject key, subject public, submission, submitters, sucurisec, summary, summary iocs, suppobox, suricata, suricata ipv4, susp, suspicious, suspicous ip, swiftwill, swiftwill2, swisyn, system oc0001, systemroot, t1045, t1057, t1063, t1189 found, ta0004 defense, ta0004 process, ta0007 command, ta0009 command, tag count, tag manager, tags, tags none, target, targeting, team, team malware, team phishing, teams, teams api, team top, technical city, telecom, telecom italia, telefonica co, Telus, temp, template, textarea, thebrotherssabey, then brothers sabey, threat, threat analyzer, threat network, threat roundup, threats, threats et, thumbprint, Timothy Pool, title, title data, title error, title rfc, tld count, tls sni, tlsv1, tls web, tmobile, t-mobile hacker, tofsee, tools, tor known, torrent trecker, tracker, tracking, traffic, Treaty 6, Treaty 7, Treaty 8, tree, trickbot, trim, trojan, trojanclicker, trojanspy, trust, tsara brashears, ttl value, tulach, tulach.cc, tulach exploits, twitter, type, type mimetype, type name, UAlberta, uk collection, ukraine, umbrella rank, unauthorized, unicode text, union, united, united kingdom, United Nurses of Alberta, University of Calgary, univjos, unknown, unlocker, unsafe, upatre, url analysis, url data, url history, url http, url https, urls, urlshortner dec, urlshortner sep, urls http, urls https, url summary, urls url, ursnif, usage, usd twitter, user, users, utc google, utc gtmsxrf, utc http, utc submissions, v3 serial, value, variables, verdict, verified, verify, vhash, vidar, videos, video streaming, view, virtool, visitor object, vmprotect, vs2003, vt graph, waltham, warrior, web open, webtoolbar, white, whitelisted, whois, whois file, whois lookup, whois lookups, whois record, whois sslcert, whois whois, win16 ne, win32, win32 dll, win32 dynamic, win32 exe, win32mydoom feb, win32pcmega jan, win32upatre may, win64, windows, windows nt, windows service, wininet c0005, wiper, withheld, wordpress, workers, workers compensation, worm, wow64, wpbakery page, write, write c, writeconsolea, x509v3 key, x8bxe5, xor ddos, xorddos, xport, yara detections, yara rule, years ago, youth, zbot, zeus
View other sources: Spamhaus VirusTotal

Country:
Network:
Known APT: 28
Noticed: 50 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Ireland, Japan, Kenya, Lithuania, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Slovakia, Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: oyjewelry.store www.8awc5.cn 4y0xm.cn wcad.shop file.cxs.pw chris.taipei vicly.org ronning.cf test.foxpremium.xyz wstim.okratos.xyz tim.infinityc.xyz www.xn--tiqx99d.xn–kpry57d xn–tiqx99d.xn–kpry57d img.statically.io cdn.imagesimple.co vivo-br.d23.host fontbit.io r.hearty.app c.roodo.com www.b.360kk.top d.nien.com reg.roodo.com friends.roodo.com www2.roodo.com static.roodo.com summer2010.blog.roodo.com reader.roodo.com members.roodo.com summer2008.blog.roodo.com file.roodo.com photos.roodo.com cgi.blog.roodo.com cloudflare.staticallydns.com im.vicly.org ip.hearty.app lionfree.net tim-wsnet.online tim2-wsnet.online rbtimvivo.xyz api5.dnsapi123.com www.soasurs.com beta.hearty.me tim.nerdsvpn.online v2ray.glost.xyz khvs.3cyber.com cdn.3cyber.com 3cyber.com shop.3cyber.com ear-test.3cyber.com victorosx.3cyber.com mirror.3cyber.com mirror-cdn.3cyber.com kweenaythu.tk www.mafengwo.com.tw www.shudo.com.tw cdn.chris.taipei nmrih.chris.taipei map.efoood.org frnci.nien.com shop.efoood.org cpanel.lonslai.com www.startupislandtaiwan.net www.startupislandtaiwan.org nqynet.cn mail.xn–6m1a86p.com cpanel.xn–6m1a86p.com f.hearty.app box.youthwant.com.tw smtp.roodo.com rd.roodo.com sms.youthwant.com.tw mis.roodo.com live.youthwant.com.tw reader.youthwant.com.tw rcwestwood.blog.youthwant.com.tw boggy321.blog.youthwant.com.tw sengo.blog.youthwant.com.tw dc001352.blog.youthwant.com.tw yanpolly.blog.youthwant.com.tw sidiahmad.blog.youthwant.com.tw xuqofu.blog.youthwant.com.tw minatu.blog.youthwant.com.tw blinge301.blog.youthwant.com.tw fotovin.blog.youthwant.com.tw pure17go.youthwant.com.tw doctors.blog.youthwant.com.tw ywpr.blog.youthwant.com.tw superaaa.blog.youthwant.com.tw duck751111.blog.youthwant.com.tw www.starbugs.com.cn www.knews.com.tw www.pinpin.com.tw test.hearty.me cors.api.hearty.app popo.youthwant.com.tw love1.youthwant.com.tw ad.youthwant.com.tw board.youthwant.com.tw indonesia.obuy.tw my2.youthwant.com.tw d9c76515.youthwant.com.tw www.obuy.tw sh2.obuy.tw cancer.health.youthwant.com.tw myph.youthwant.com.tw sh1.obuy.tw funtime.youthwant.com.tw kids.youthwant.com.tw info.youthwant.com.tw gf.youthwant.com.tw mvsp.youthwant.com.tw enews.youthwant.com.tw health.youthwant.com.tw seal.youthwant.com.tw lottery.youthwant.com.tw clipick.iguang.tw meetgee.youthwant.com.tw rd.youthwant.com.tw jpbuy.iguang.tw campus.youthwant.com.tw sp2.youthwant.com.tw adv.roodo.com search.blog.roodo.com flog.youthwant.com.tw mv.youthwant.com.tw intranet.iguang.tw writer.youthwant.com.tw t.iguang.tw reg3.youthwant.com.tw moblog.roodo.com unboxing.youthwant.com.tw sp8.youthwant.com.tw nicegame.youthwant.com.tw wpl.youthwant.com.tw n.roodo.com magz.roodo.com sp3.youthwant.com.tw sp9.youthwant.com.tw statics.iguang.tw xmlrpc.blog.roodo.com pure17go.iguang.tw 88say.youthwant.com.tw jonescup.roodo.com sp1.youthwant.com.tw roodo.iguang.tw blogreader.youthwant.com.tw diy.youthwant.com.tw reg.youthwant.com.tw play.roodo.com cloudprint.youthwant.com.tw cdn.iguang.tw sp4.youthwant.com.tw reg2.youthwant.com.tw sp7.youthwant.com.tw s.hearty.app i.hearty.app lovetaipei.youthwant.com.tw s3.iguang.tw global.youthwant.com.tw guitarcup.blog.youthwant.com.tw sms.roodo.com cliip.roodo.com 17movie.youthwant.com.tw ironman.youthwant.com.tw sp.youthwant.com.tw ezsafe.youthwant.com.tw www.xn--detrkl13b9sbv53j.org www.nien.co www.hearty.me o.hearty.me adm.blog.roodo.com me.youthwant.com.tw go.jianyuan.art share.youthwant.com.tw go.hj.rs www.iguang.tw my.youthwant.com.tw evt.youthwant.com.tw member.roodo.com exam.youthwant.com.tw s.hearty.eu.org topic.youthwant.com.tw www.jiayi.life www.obuy.co www.youthwant.com www.youthwant.com.tw d.hearty.app www.alice.tw www.xn--6m1a86p.com blog.youthwant.com.tw blog.roodo.com sawallows.blog.youthwant.com.tw cf.cdn.aaronlam.xyz 7nc5dlvy2553c3uc46foi4xjinvybou2.c2gtb7i.1.0.ukhwibi7qimje53kbrnuugefiq.ivwssta.dns0.org www.roodo.com m.hearty.me hj.rs hearty.me cdnjs.cloudflare.com origin-south.zenfoliosite.com origin.zenfoliosite.com

Malware Detected on Host

Count: 11476 37372754721500ac0736ee2162c790cc5abe4669af8723ac1c6ec61f3bfc317d 8f5fa4b7b315b659881261bced828dc1c94d56f72762a6ac924a86e9a9fe8c39 c8f180fa1d08cdf7255009cb7d9ab18936efca198cf228bf8a968f016a238bc6 81ad4d9c29d6362b1abc5938801ba60e5e1e902b5dd3948d72b57b4fdf256f09 0b4c861ac39684727095cec4a35086c5fd815a88f9942432a5007d161d22359c 8d3b7f1945369fcc7de235537f2cb426be52a5a6149efdfd52b2fd3a3bf41d83 7fc6384b923bf49293ed11614f34860e4f7410a1d06e374fc119f7de29408eac ef1f964615293715b0b201727e61a037ba3e235e3cf2538a8b05d57067c25038 7e6d5aa6b2c684edf7cd8ac538bb9f388080425341c3eef21451a288e66782cd 0d5fd272895c3c5986bb2c1635acc5f11a8579c19bde764328415a8ad29f0cd6

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2024-09-04
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref: https://rdap.arin.net/registry/ip/104.16.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/CLOUD14
OrgNOCHandle: CLOUD146-ARIN
OrgNOCName: Cloudflare-NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: rir@cloudflare.com
OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
OrgRoutingHandle: CLOUD146-ARIN
OrgRoutingName: Cloudflare-NOC
OrgRoutingPhone: +1-650-319-8930
OrgRoutingEmail: noc@cloudflare.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: rir@cloudflare.com
RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

Share on: