104.16.248.249 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.248.249 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1113 - Screen Capture, T1114 - Email Collection, T1129 - Shared Modules, T1480 - Execution Guardrails, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1568 - Dynamic Resolution, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information, TA0011 - Command and Control

• Tags: $RTD4NQU.exe, aaaa, accept, accept encoding, added active, adobe portable, adversaries, agent tesla, akamaias, akamaiasn1, algorithm, all octoseek, am, amadey, amazon02, america flag, android, apple music, apple tv, application/binary, as15169, as15169 google, as16509, as20940, as3359, as44273 host, as8075, as852, ascii text, attack, aurora, australia, authentihash, azorult, body, body length, botnet, bundled, c2 server, chi2, ck id, ck matrix, ck techniques, class, click, clickfix, collection, colorado, com cnt, command, command decode, communicating, compiler, contact, contacted, contacted hosts, contacted urls, content type, control ta0011, copy md5, copyright, copy sha1, copy sha256, created, creation date, critical, csc corporate, cuba, cve cve20170199, cyber attack, cyber defense, darklivity podcast, date, dded active, defense evasion, dem fin, detections type, distribution, dkey english, document format, domain, domain address, domain name, domains, downloader, dropped, dynamitelab, early iowa, ejkaej saBey k7-^Oa, emails, emotet, english us, entity, entries, error, et tor, executable, execution, execution att, exit, expiration date, facebook, fast corporate, file, filehashmd5, files, files domain, files location, file type, file viewer, final url, firm collection, first, flag, flag united, format, formbook, from, g4 code, general, generator, generic, geoip, ghost, gmt cache, gmt etag, gmt server, google, Google, gov int, hacker, hacking, headers, headers nel, historical ssl, hostname, http, http response, hybrid, igmp, imphash, indicator role, indonesia, informative, injection, installer, ioc iocs, ioc search, ip address, ipv4, ireland, ISP, Jays Youtube Bot.exe, jomax, june, kb body, known tor, learn, level3, list for, local, location united, logistics, lord krishna, lumma, lumma stealer, machinename, magic pe32, malware, manager, manipulation, markmonitor, media, meta, mexico, michael roberts, mini, minutes ago, misc attack, misha, mitre att, mozilla, ms windows, mystic, name, name server, name servers, name tactics, nav onl, new ioc, next, nisis, no data, node traffic, no expiration, Norton, nsis, nxdomain, object, oc0006 http, octoseek report, online pcap, open, overlay, passive dns, path, pattern match, paulsmith, pcname, pdf document, pe resource, phishing, phy pre, pitman and or dentisthired roberts obvi, Pixel, powershell, pragma, present apr, present feb, present mar, problems, project, proton, public url, pulse pulses, pulse submit, pulses url, pur sta, raccoon, ransom, ransomware, rats, record value, reddit, redline, redline stealer, referrer, related nids, related pulses, relayrouter, replacement, reserved, resolved ips, reverse dns, rgba, rhadamanthys, rich pe, right, roboto, root g4, runtime process, ruthless, sameorigin, scan endpoints, search, search otx, sections, secure, serial number, server redirect, seznam, sha1, sha256, sha256 file, sha384, showing, show technique, signing rsa4096, size, smokeloader, song culture, spam author, spawns, ssdeep, ssl certificate, stage, startpage, status, status code, strings, sub domain, summary, suricata ipv4, suricata udpv4, suspicious, ta0007 command, tag count, teams api, telecom, telegram, Telus, thumbprint, titan, tjprojmain, tracey richter, tre att, trid win64, tsara brashears, tulach c2, twitter, type type, ukraine, unauthorized, united, united kingdom, unknown, url http, url https, urls, valid from, vhash, vidar, vt graph, whois record, whois sneaky, whois whois, win32, win32 exe, win64, windows, wininet c0005, xml rtmanifest, youtube

• JARM: 27d27d27d00027d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 9 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: mozzila.cloudflare-dns.com nao8.com rimou.com s2go.com erxuan.com vians.com 2icp.com zixing.org qezi.com tiangai.com fattone.com 91sh.com jiujiuyuan.com 51nq.com zhde.com fohon.com pingxu.com c03ofsw68.com vm365.com cnjsw.com shanghaihunsha.com beiyo.com yipiantian.com 52hd.com zayao.com czhost.com uriz.com 17qx.com tuolai.com jgshop.com huanmou.com zhihuimen.com laqo.com laodiaoya.com hongpishu.com doutan.com d-k-s.com cnlawyers.com littleplus.com unhoused.com recong.com outdooralliance.com pelove.com renchong.com spotclub.com its4us.com erbiao.com chinavendor.com 91zj.com santiao.com b-ray.com net-store.com nihuan.com sangtong.com lunk.net tangguang.com jianfeiji.com hua.ge c02pkhn43.com tailplane.net tailplane.org c03ofsw68.xyz asgca.xyz www.91xj.com hanliufeng.com nianmeng.com 2gua.com laopianyi.com vhang.com beijinghunsha.com sifuqi.com ke99.com 021jj.com guangnuan.com aigouwang.com fmeng.com zhongyibaojian.com 99jb.com 51tl.com 17xm.com 91fy.com jxbaby.com zhangjin.cn zhangjin.com louzhou.com yuanmazhijia.com 91tl.com huo3.com heiwai.com west4.com 0531jc.com nvyuan.com tijun.com s4tv.com 17qz.com juanye.com langbuluo.com kmass.com oneclicksite.com tsren.com intuitivetrader.com mmpet.com liang3.com zgbiz.com qyuc.com xafcw.com koulou.com eshujia.com 52er.com pakou.com liuxingba.com thecattle.com guangcha.com roboticstore.com dengpian.com xibiz.com wjing.com 24baby.com jn0537.com ikz.net houtui.com cdnchina.com ci88.com pingkuang.com 91sg.com 91fj.com uxud.com 51kn.com jinbaihui.com cntw.net 91yd.com menteng.com jingpinba.com gelove.com ripiao.com 3lun.com faqin.com 91tk.com changdiao.com diy9.com panxu.com zgji.com tushao.com luanjian.com 91zh.com duoteng.com neiti.com fenlou.com anquanyou.com zalei.com kojon.com chengci.com pujon.com 86go.com thelostlands.com inmyschool.com online-drive.com secureyournetwork.com thundernetwork.com okkp.com xapg.com basui.com employonline.com chongzhiba.com chinafiles.com game4me.com sangdan.com thelazy.com oqis.com xn–nf1a.com benmen.com thecarbroker.com popfire.com miong.com mux.cn smartlifesolutions.com ztravels.com shaoba.com ajiman.com pc4free.com 3ddv.com kummers.com handsolution.com stone4u.com fast2net.com mynewlove.com 4salenow.com 91ah.com 2pf.com 1111.cloudflare-dns.com 91py.com 91ts.com dekou.com shuori.com jianwangzhan.com thewifi.com 21zj.com erpai.com kalf.com shuxiangwu.com zaoci.com xasl.com mba365.com 17pt.com langzhuo.com micro-server.com 0531gou.com zhanri.com 51sr.com xmirror.com laodongzhe.com mailao.com guangfen.com otcl.com liuce.com sangta.com yitc.com 91xj.com goproxy.net aofei.org tengsuo.com dotnn.com kunmu.com a.cloudflare-dns.com www.cloudflare-dns.com tailplane.apple-banana-pear.com bjfu.io shengaofei.com corestate.com asga.xyz aofeisheng.com gixieclock.com marimar.xyz blog.byxiaorun.com bbs.byxiaorun.com qr.byxiaorun.com con.byxiaorun.com xr.byxiaorun.com one.byxiaorun.com www.byxiaorun.com byxiaorun.com dns.byxiaorun.com 1dot1dot1dot.cloudflare-dns.com tunnelbear.cloudflare-dns.com qamozilla.cloudflare-dns.com cloudflare.cloudflare-dns.com 1dot1dot1dot3.cloudflare-dns.com mozila.cloudflare-dns.com muzeipixivsource.cloudflare-dns.com chrome-security.cloudflare-dns.com 1dot1dot1dot2.cloudflare-dns.com commozilla.cloudflare-dns.com odoh.cloudflare-dns.com 1doc1doc1doc1.cloudflare-dns.com tls.cloudflare-dns.com family.cloudflare-dns.com cdn-ajax.xuexi.icu azure.cloudflare-dns.com connectmozilla.cloudflare-dns.com mozilla.cloudflare-dns.com chrome.cloudflare-dns.com cloudflare-dns.com

Malware Detected on Host

Count: 41 90368efed1cb835dcb06176b71d5309dc4c46e414812013ecfc72178ba8498d3 c865f24e4b9b0855b8b559fc3769239b0aa6e8d680406616a13d9a36fbbc2d30 64715ba7b2610c380885375f3e3e965189a02db9db3c2bc397eae1bbf3f4eed0 39705f7bef4ace3fb6f3970c2d954c721b31975f0a6e975bc32a023afd680c6e a5cf685e24e82a5ef35f4d5d34ec0be2e31922034f140fa2175bcf23d10ae9c6 b08edef361a8de49aa972cac34e7881862fefbeecd7c9d0659cada45565b8b99 6b81d548c0fbd7a2275bb0d29deca0de96c1584ce7aadaf4f5dac3cb28ee9c29 b55b1947a11de7ee2cb3aaede12ce15c85abf2b607d1ebd8f5ed56e3a6ef7c43 b26426ea30828cf02d85c220b9706b80f11528adf6ce27947f11aa42fb5e08f9 a0e32c178f4fedf577f4c5a55601ad1baddb92d18d499c0d8c67d7a6d5d362ea

Open Ports Detected

2053 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22