104.16.53.48 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.53.48 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1497 - Virtualization/Sandbox Evasion

• Tags: 002000000, 005000, ac32a, acint, adload, agent, alexa, alexa top, all av, all cve, android, anonymizer, antivirus, apple ios, artemis, ascii text, asyncrat, attack, ave maria, bandoo, bank, banker, blacklist, blacklist http, blacklist https, blacklist sat, body, bradesco, brontok, bundled, cisco umbrella, citadel, class, cleaner, click, cobalt strike, collections, conduit, contacted, contacted urls, count blacklist, covid19, crack, critical, critical risk, cronup threat, cutwail, cve20130074 add, cyber threat, date, date filename, detection list, detection ratio, domaiq, downldr, download, download json, dropped, dropper, ellenmmm cve, emotet, engineering, error, et tor, execution, exit, expl, exploit, exploits, explorer, facebook, fakealert, fareit, file, filerepmetagen, files, filetour, firehol proxy, floxif, fuery, fusioncore, general, generator, generic, generic malware, genkryptik, hacktool, heur, historical ssl, host, hostname, hostnames, http post, http spammer, hybrid, hybridanalysis, ids detections, iframe, installcore, installer, installpack, intel malware, iobit, ip address, ip lookup, ip summary, jul jan, keitaro, keygen, keylogger, kgs0, kls0, known tor, less see, local, mail spammer, malicious, malicious site, malicious url, maltiverse, malware, malware site, matsnu, mediaget, meta, metasploit, million, misc attack, mon jun, msil, nanocore, nircmd, no data, node tcp, node traffic, nymaim, occamy, open, opencandy, open ports, outbreak, oval oval, panama, patcher, pattern match, phishing, phishing site, phishtank, ponmocup, pony, presenoker, psexec, pykspa, ransomware, redirme, referrer, relayrouter, resolutions, riskware, rostpay, runescape, safe site, sample, samples, scan endpoints, secrisk, service, sha1, sha256, simda, site, site safe, site top, smsspy, spammer, ssl certificate, startpage, stealer, strictor cnc, strings, summary, sun jun, suppobox, swrort, tag count, targeted, team, team alexa, threat report, threats et, thu jun, tinba, tld count, tor known, tor relayrouter, traffic, trojanspy, tsara brashears, union, united, unknown, unruy, unsafe, url summary, virut, wacatac, webtoolbar, whois record, whois whois, win64, xrat, xtrat, xtreme, zbot, zeus, zpevdo

• JARM: 29d3fd00029d29d00029d3fd29d29d5a74e95248e58a6162e37847a24849f7

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 8 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Germany, Latvia, Poland, United States of America
• Passive DNS Results: download864.mediafire.com download757.mediafire.com download554.mediafire.com cdn.mediafire.com download1352.mediafire.com download31.mediafire.com download1460.mediafire.com download2134.mediafire.com download2170.mediafire.com download1181.mediafire.com download1466.mediafire.com hostelclub506.mediafire.com download1490.mediafire.com download1485.mediafire.com download1491.mediafire.com download731.mediafire.com download657.mediafire.com download20.mediafire.com download884.mediafire.com download1412.mediafire.com download2018.mediafire.com download1504.mediafire.com download733.mediafire.com wdescargarsnaptubeww.mediafire.com download861.mediafire.com w.mediafire.com premiumsfiles.mediafire.com wwww.mediafire.com download1945.mediafire.com download1614.mediafire.com display.mediafire.com softwares.mediafire.com download1317.mediafire.com download1142.mediafire.com download680.mediafire.com download969.mediafire.com download1716.mediafire.com owe32wew.mediafire.com download807.mediafire.com download1702.mediafire.com download1295.mediafire.com download1602.mediafire.com download1301.mediafire.com download1692.mediafire.com download1103.mediafire.com download1162.mediafire.com download46.mediafire.com download1038.mediafire.com download1917.mediafire.com download776.mediafire.com download14.mediafire.com download1308.mediafire.com download831.mediafire.com download909.mediafire.com download1831.mediafire.com download1010.mediafire.com download2067.mediafire.com download1253.mediafire.com download836.mediafire.com download1943.mediafire.com download641.mediafire.com download1179.mediafire.com download620.mediafire.com download12.mediafire.com download1754.mediafire.com download860.mediafire.com download1608.mediafire.com download1193.mediafire.com ww.mediafire.com download799.mediafire.com download1077.mediafire.com download992.mediafire.com download1163.mediafire.com download520.mediafire.com download638.mediafire.com download813.mediafire.com unicornstaging.mediafire.com download722.mediafire.com troypoint.mediafire.com turbodownload.mediafire.com download1965.mediafire.com download2164.mediafire.com download1023.mediafire.com reacheddownload2431.mediafire.com download1498.mediafire.com download25.mediafire.com download2425.mediafire.com unicorn.mediafire.com 2fwww.mediafire.com download1845.mediafire.com download1568.mediafire.com download1418.mediafire.com download1646.mediafire.com download626.mediafire.com usercontent2278.mediafire.com usercontent2266.mediafire.com usercontent2433.mediafire.com usercontent2272.mediafire.com usercontent2351.mediafire.com usercontent2267.mediafire.com usercontent2392.mediafire.com download1115.mediafire.com dominaconcursos.mediafire.com m.mediafire.com 201708.mediafire.com erenr.mediafire.com blog.mediafire.com fsapps.mediafire.com cdnssl.mediafire.com app.mediafire.com email.mediafire.com ruletest.mediafire.com fjallraven.mediafire.com taxfile.mediafire.com mediafire.com static.mediafire.com www.mediafire.com service.staging.zumba.com strong.preview.zumba.com admin.staging.zumba.com academies.staging.zumba.com api.staging.zumba.com convention.staging.zumba.com strong.staging.zumba.com www.staging.zumba.com www.preview.zumba.com vpn.corporate.zumba.com

Malware Detected on Host

Count: 13 d4ab045691dd07ea16fd35afe192b4aac9cb4ca2351ee1fe07e2e734fd4fe4ca 1e862e875511f28643f75cb7a59e2d4ad642bd9aed4a328a9cbb5304d12aa83e e5d533cc63bcbaa2107f772215deb264dc0840e0b0ebdd1f9b816281a3447f13 9d54fc5584283a0a04c9bbd40e0502259c758dc1066ac2dce4ce4574880019b9 82f4ee8bd7dd7091d38659181d1f689d9e9f434671d58d8c83df350f0300ed53 259c7d2085ec1677fac6214e8fcfdec7ef5554b3038af925ed06df7ec3bd823b bf84597aafd55b449b8d8bda0007c81749d02784f48dde5244bfcdf9dbb1f7e8 f9ec26b6073327c7611a2edfc881885e7debdf0bf0cb997d2d698531f53ea483 9770dd709b5f518a84f00af3890d01f9bcc19013900cbbe51cb51d89cd1fc4c4 a0269ab29877012901e4e37cb5ea70abcd547a16eb17ddee7164ae07d1330ee1

Open Ports Detected

2052 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22