104.16.45.99 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.45.99 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1078.001 - Default Accounts, T1081 - Credentials in Files, T1082 - System Information Discovery, T1110.002 - Password Cracking, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1143 - Hidden Window, T1147 - Hidden Users, T1155 - AppleScript, T1158 - Hidden Files and Directories, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1498 - Network Denial of Service, T1499 - Endpoint Denial of Service, T1553 - Subvert Trust Controls, T1583.002 - DNS Server, T1583.005 - Botnet, T1601 - Modify System Image, TA0005 - Defense Evasion

• Tags: 10357, aaaa, accept, acku new, address, address first, a domains, akamaias, akamaiasn1, alf features, algorithm, all octoseek, allow, all scoreblue, amadey, amazon02, amazonaes, america asn, anchor hrefs, android, a nxdomain, apache cache, apple, applec1z, apple computer, application, april, as133775 xiamen, as15169, as15169 google, as16276, as16509, as19527 google, as19905, as20940, as23724, as29580 a1, as3359, as35280 acorus, as36081 state, as41231, as44273 host, as4766 korea, as4808 china, as4812 china, as54113, as7922 comcast, as8075, as852, as8866, ascii text, ascio, asn as16509, asnone united, assaulter, assistant, atkafij0, atlas, attack, august, authentication, avast avg, ave suite, awful, axelo, azureadmyorg, b body, benjamin c, bitcoin, body, body length, brazil unknown, browse scan, bundled, c-67-181-73-197.hsd1.ca.comcast.net, ca issuers, cdck, cellbrite, cellebrite, certificate, channelsurfcli, china, china as45090, china unknown, chrome, cisco umbrella, city, ck ids, cloud, cloudflare, cloudflarenet, cname, code, code us, collection, com laude, communicating, comodo security, compiler, connection, connector, contact, contacted, contact email, contact made by mark brian sabey, contact made by o’dea, contact phone, continent na, cookie, copy, core, country united, country unknown, country us, create c, creation date, crowdsourced, crypto, cuba, cus cnr3, cus oapple, data, date, date hash, date sat, ddos, dead_host, delete c, del f, description, designer, desktop, detections type, discovery, discovery t1057, dns resolutions, dnssec, dns show, dock, domain, domain name, domain status, domains top, download, duck duck, dynamicloader, dynamics, ec oid, emails, encrypt, endpoints all, enterprise, enterprise open, entity, entries, error, eternalblue, et exploit, evasion ta0005, execution, expiration date, exploit, explorer, facebook, false, false file, fastly, files, file samples, files ip, file size, files location, files matching, file transfer, final url, first ioc, flashpix, forbidden, france unknown, front, full name, g1 validity, game, gandi sas, generic flags, geoip, germany unknown, ghost, github, gmbh, gmt content, google, google tag, hash, hashes, headers date, hichina, hidden, high, highest f, historical ssl, hong kong, hostname, html info, html internet, http, http response, iana, iana ref, iana special, icmp traffic, inc hash, indonesia, ingestion time, initial, installer, intel, internet, Internet Explorer, iocs, ios, ip address, ipv4, ipv4 prefix, ireland, ireland unknown, japan as17676, japan unknown, javascript, key algorithm, key info, khtml, level, level3, linux, linux ubuntu, linux x8664, live, loader, location dublin, location https, location united, login, los angeles, ltd dba, magic html, magika html, magnus, malibot, malicious, malware, malware unread, march, media, media center, medium, meister, memcommit, memreserve, meta, metro, mexico, microsoft azure, microsoft crm, microsoft power, microsoft teams, mini, minute tr, mirai, mitre att, modules, moved, msf style, msie, msr jan, ms windows, mtb jan, mtd1, name, namecheap, namecheap inc, namecheapnet, name security, name servers, net192, net1920000, network, network_icmp, next, nexus category, nolookup_communication, november, number, nxdomain, october, office, olet, orgabusephone, organization, orgid, osquery_detection, otx telemetry, packing, passive dns, pe32, pegasus, pe resource, persistence, phone number, playgame, please, popularity, postal code, pragma, prefix, premium, privilege https, probe, probe ms17010, process32nextw, Program Files, proton, province co, public ev, public url, pulse pulses, pulse submit, purpose p5, push, quasar, query, query type, rank position, ransom, rauschenberg, read c, record type, record value, referrer, regdword, registrar abuse, registrarsafe, regopenkeyexw, regsetvalueexa, related nids, related pulses, request, response, reverse dns, run keys, runresdll, russia unknown, sa victim, scan endpoints, script tags, script urls, search, seen, seen asn, seen last, september, server, server ecc, servers, service, seznam, sha256, share, shared address, sharepoint, show, showing, sign up, slcc2, smbds ipc, social, social engineering, software, solutions, south korea, space, space meta, spaceship, spark, ssdeep, ssl certificate, start, startpage, startup, status, status code, status hostname, subject public, survivor, suspicious, suss, t1045, t1057, t1060, t1082, t1129, tags, taiwan as3462, targets sa, telecom, template, test, threat, threat roundup, title, title rfc, tls web, tools, trojan, trojan features, trojanproxy, tr tr, true, tsara brashears, ttl value, tucows, tulach, turkey unknown, twitter, ubuntu, ukraine, unique tlds, united, united kingdom, united states, unknown, updated, url analysis, url https, urls, ursnif, utc aw741566034, utc redirection, v3 serial, verify, vhash, virgin islands, virtool, visible, web server, whitelisted, whois lookup, whois record, whois ssl, whois whois, win32, win32 exe, win32mydoom jan, win64, window, windows nt, Windows NT, worm, wow64, write, write c, writeconsolea, x ua, yara detections, yara rule, youth

• JARM: 27d40d40d00040d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 11 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Germany, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America, Virgin Islands British
• Passive DNS Results: analytics.ietf.org wiki.tools.ietf.org xml2rfc.ietf.org tools-common.ietf.org dt-dark-mode.dev.ietf.org ws-main.dev.ietf.org projektforge.dev.ietf.org ws-memcached.dev.ietf.org ws-dev-iab.dev.ietf.org ts.dev.ietf.org ka-42.dev.ietf.org ws-wagtail-42.dev.ietf.org dt-postgres.dev.ietf.org szukaj.dev.ietf.org dt-user2person.dev.ietf.org dt-fonts.dev.ietf.org draftforge.dev.ietf.org ws-deploy-iab.dev.ietf.org search.dev.ietf.org dashboard.ietf.org draftforge.ietf.org ws-css-jay.dev.ietf.org dt-iabstatements.dev.ietf.org dt-ciemny-tryb.dev.ietf.org dt-clarity.dev.ietf.org dt-dashboardapis.dev.ietf.org ws-dev-notewell.dev.ietf.org zulip.ietf.org ws-notewell.dev.ietf.org dt-django4.dev.ietf.org dt-rfc.dev.ietf.org ws-dev-ietf.dev.ietf.org dt-main.dev.ietf.org dev.ssh.ietf.org www1.ietf.org sandbox.ietf.org trustee.ietf.org iaoc.ietf.org dev.ietf.org www.tools.ietf.org jabber.ietf.org proxy.ietf.org xml2rfc.tools.ietf.org www.ops.ietf.org www6.ietf.org author-tools.ietf.org xml.resource.org bib.ietf.org trac.ietf.org trac.tools.ietf.org ietf.org tools.ietf.org authors.ietf.org static.ietf.org tools.ietf.org.cdn.cloudflare.net iana-port-experts.privatewikis.ietf.org authors.ietf.org.cdn.cloudflare.net wiki.ietf.org dt.ietf.org auth.ietf.org datatracker.ietf.org.cdn.cloudflare.net datatracker.ietf.org sandbox-cf.ietf.org beta.ietf.org dnssec.ietf.org mailarchive.ietf.org www.ietf.org mailarchive.ietf.org.cdn.cloudflare.net www.ietf.org.cdn.cloudflare.net vip.histoiredor.com.cdn.cloudflare.net trakal.ltz.life

Malware Detected on Host

Count: 3 433fe8e9f9218e4b9d57e4d971a286f7f6f61d900a0a34efe12a2140f8fab1f1 810c44d47266e2d91e08589f5aedc2bd572578b5091d0d5c0acb02d1e583706b a674df2469cb894b79343bdedfb2068c124746003678826f9281f69887200811

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22