104.16.18.94 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.18.94 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 100/100

Host and Network Information

• Mitre ATT&CK IDs: T1546 - Event Triggered Execution, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel

• Tags: Apple Zero Day, Christopher Pool, Pool’s Closed, Ransomware, Timothy Pool, WannaCry, accept, agent, algorithm, analysis, android, ansi, apt, chinese, cisco umbrella, click, close, code, collection, comodo valkyrie, data, date, dcry, decrypted ssl, devils work, dns records, dns replication, dos exe, download, dsp1, email, expirestue, facebook, format, general, hosts, httponly, hybrid, ingestion time, ip check, keepaliveyes, key identifier, librouter, local, mac malware, malicious, malware, mirai, mozilla, netgear router, netgear twitter, network capture, nr agent, nreum, online, patch, path, pcap, possible, qakbot, quasar, rana, rank value, ransomexx, record type, referring, registrar abuse, registrar url, registry domain, registry expiry, report domain, router login, sample, san jose, sandbox, security, server, setup, sha256, ssl certificate, strings, submission, submit, suspicious, technology, thinclient, threat level, trojan, type name, united, verdict mobile, vt graph, vxstream, whois, whois record, win32 dll, win32 exe, windows nt

• View other sources: Spamhaus VirusTotal

• Country:

• Network: AS13335 cloudflare

• Known APT: 28
• Noticed: 1 times
• Protcols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: chris.taipei vicly.org ronning.cf test.foxpremium.xyz wstim.okratos.xyz tim.infinityc.xyz www.xn–tiqx99d.xn–kpry57d xn–tiqx99d.xn–kpry57d img.statically.io cdn.imagesimple.co vivo-br.d23.host fontbit.io r.hearty.app c.roodo.com www.b.360kk.top d.nien.com reg.roodo.com friends.roodo.com www2.roodo.com static.roodo.com summer2010.blog.roodo.com reader.roodo.com members.roodo.com summer2008.blog.roodo.com file.roodo.com photos.roodo.com cgi.blog.roodo.com cloudflare.staticallydns.com im.vicly.org ip.hearty.app lionfree.net tim-wsnet.online tim2-wsnet.online rbtimvivo.xyz api5.dnsapi123.com www.soasurs.com beta.hearty.me tim.nerdsvpn.online v2ray.glost.xyz khvs.3cyber.com cdn.3cyber.com 3cyber.com shop.3cyber.com ear-test.3cyber.com victorosx.3cyber.com mirror.3cyber.com mirror-cdn.3cyber.com kweenaythu.tk www.mafengwo.com.tw www.shudo.com.tw cdn.chris.taipei nmrih.chris.taipei map.efoood.org frnci.nien.com shop.efoood.org cpanel.lonslai.com www.startupislandtaiwan.net www.startupislandtaiwan.org nqynet.cn mail.xn–6m1a86p.com cpanel.xn–6m1a86p.com f.hearty.app box.youthwant.com.tw smtp.roodo.com rd.roodo.com sms.youthwant.com.tw mis.roodo.com live.youthwant.com.tw reader.youthwant.com.tw rcwestwood.blog.youthwant.com.tw boggy321.blog.youthwant.com.tw sengo.blog.youthwant.com.tw dc001352.blog.youthwant.com.tw yanpolly.blog.youthwant.com.tw sidiahmad.blog.youthwant.com.tw xuqofu.blog.youthwant.com.tw minatu.blog.youthwant.com.tw blinge301.blog.youthwant.com.tw fotovin.blog.youthwant.com.tw pure17go.youthwant.com.tw doctors.blog.youthwant.com.tw ywpr.blog.youthwant.com.tw superaaa.blog.youthwant.com.tw duck751111.blog.youthwant.com.tw www.starbugs.com.cn www.knews.com.tw www.pinpin.com.tw test.hearty.me cors.api.hearty.app popo.youthwant.com.tw love1.youthwant.com.tw ad.youthwant.com.tw board.youthwant.com.tw indonesia.obuy.tw my2.youthwant.com.tw d9c76515.youthwant.com.tw www.obuy.tw sh2.obuy.tw cancer.health.youthwant.com.tw myph.youthwant.com.tw sh1.obuy.tw funtime.youthwant.com.tw kids.youthwant.com.tw info.youthwant.com.tw gf.youthwant.com.tw mvsp.youthwant.com.tw enews.youthwant.com.tw health.youthwant.com.tw seal.youthwant.com.tw lottery.youthwant.com.tw clipick.iguang.tw meetgee.youthwant.com.tw rd.youthwant.com.tw jpbuy.iguang.tw campus.youthwant.com.tw sp2.youthwant.com.tw adv.roodo.com search.blog.roodo.com flog.youthwant.com.tw mv.youthwant.com.tw intranet.iguang.tw writer.youthwant.com.tw t.iguang.tw reg3.youthwant.com.tw moblog.roodo.com unboxing.youthwant.com.tw sp8.youthwant.com.tw nicegame.youthwant.com.tw wpl.youthwant.com.tw n.roodo.com magz.roodo.com sp3.youthwant.com.tw sp9.youthwant.com.tw statics.iguang.tw xmlrpc.blog.roodo.com pure17go.iguang.tw 88say.youthwant.com.tw jonescup.roodo.com sp1.youthwant.com.tw roodo.iguang.tw blogreader.youthwant.com.tw diy.youthwant.com.tw reg.youthwant.com.tw play.roodo.com cloudprint.youthwant.com.tw cdn.iguang.tw sp4.youthwant.com.tw reg2.youthwant.com.tw sp7.youthwant.com.tw s.hearty.app i.hearty.app lovetaipei.youthwant.com.tw s3.iguang.tw global.youthwant.com.tw guitarcup.blog.youthwant.com.tw sms.roodo.com cliip.roodo.com 17movie.youthwant.com.tw ironman.youthwant.com.tw sp.youthwant.com.tw ezsafe.youthwant.com.tw www.xn–detrkl13b9sbv53j.org www.nien.co www.hearty.me o.hearty.me adm.blog.roodo.com me.youthwant.com.tw go.jianyuan.art share.youthwant.com.tw go.hj.rs www.iguang.tw my.youthwant.com.tw evt.youthwant.com.tw member.roodo.com exam.youthwant.com.tw s.hearty.eu.org topic.youthwant.com.tw www.jiayi.life www.obuy.co www.youthwant.com www.youthwant.com.tw d.hearty.app www.alice.tw www.xn–6m1a86p.com blog.youthwant.com.tw blog.roodo.com sawallows.blog.youthwant.com.tw cf.cdn.aaronlam.xyz 7nc5dlvy2553c3uc46foi4xjinvybou2.c2gtb7i.1.0.ukhwibi7qimje53kbrnuugefiq.ivwssta.dns0.org www.roodo.com m.hearty.me hj.rs hearty.me cdnjs.cloudflare.com origin-south.zenfoliosite.com origin.zenfoliosite.com

Malware Detected on Host

Count: 11476 37372754721500ac0736ee2162c790cc5abe4669af8723ac1c6ec61f3bfc317d 8f5fa4b7b315b659881261bced828dc1c94d56f72762a6ac924a86e9a9fe8c39 c8f180fa1d08cdf7255009cb7d9ab18936efca198cf228bf8a968f016a238bc6 81ad4d9c29d6362b1abc5938801ba60e5e1e902b5dd3948d72b57b4fdf256f09 0b4c861ac39684727095cec4a35086c5fd815a88f9942432a5007d161d22359c 8d3b7f1945369fcc7de235537f2cb426be52a5a6149efdfd52b2fd3a3bf41d83 7fc6384b923bf49293ed11614f34860e4f7410a1d06e374fc119f7de29408eac ef1f964615293715b0b201727e61a037ba3e235e3cf2538a8b05d57067c25038 7e6d5aa6b2c684edf7cd8ac538bb9f388080425341c3eef21451a288e66782cd 0d5fd272895c3c5986bb2c1635acc5f11a8579c19bde764328415a8ad29f0cd6

Open Ports Detected

2082 2083 2087 2096 443 80 8080 8443

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: [email protected]
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: [email protected]
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: [email protected]
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: [email protected]
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: [email protected]
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: [email protected]
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: [email protected]
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-07-26