104.16.55.40 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.16.55.40 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1010 - Application Window Discovery, T1012 - Query Registry, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1070 - Indicator Removal on Host, T1082 - System Information Discovery, T1095 - Non-Application Layer Protocol, T1112 - Modify Registry, T1114 - Email Collection, T1120 - Peripheral Device Discovery, T1486 - Data Encrypted for Impact, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1571 - Non-Standard Port, T1573 - Encrypted Channel

• Tags: bind, click, critical, delphi, dropped file, encrypt, enterprise, error, executor, fail, february, launcher, local, lockfile, malicious, media, memoryfile scan, null, okay resizing, okay sdk, path, rest, riot, riot client, suspicious, team, trojan, unicode, unknown

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 9 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: entitlements.preprod.rpg.riotgames.com prod.api.assets.riotgames.com lq.tr.lol.riotgames.com.cdn.cloudflare.net prod.api.assets.riotgames.com.cdn.cloudflare.net hnykcd.com euw1.cap.riotgames.com.cdn.cloudflare.net recovery.riotgames.com.cdn.cloudflare.net lq.na2.lol.riotgames.com.cdn.cloudflare.net lq.eun1.lol.riotgames.com.cdn.cloudflare.net na.merch.riotgames.com lq.esportstmnt02.lol.riotgames.com lq.esportstmnt03.lol.riotgames.com lq.esportstmnt01.lol.riotgames.com test.config.patcher.riotgames.com.cdn.cloudflare.net prod.config.patcher.riotgames.com.cdn.cloudflare.net signup-api.riotgames.com api.shop.riotgames.com recovery.riotgames.com na.recovery.riotgames.com ap.recovery.riotgames.com eu.recovery.riotgames.com playerpreferences.partner1.rpg.riotgames.com playerpreferences.wr-int.rpg.riotgames.com playerpreferences.riotgames.com apne.pp.riotgames.com.cdn.cloudflare.net lq.jp1.lol.riotgames.com.cdn.cloudflare.net usw.pp.riotgames.com.cdn.cloudflare.net lq.la2.lol.riotgames.com lq.jp1.lol.riotgames.com lq.la1.lol.riotgames.com data-staging.riotgames.com data.riotgames.com email-verification.riotgames.com euc.pp.riotgames.com apne.pp.riotgames.com usw.pp.riotgames.com apse.pp.riotgames.com garena.auth.riotgames.com update-account.riotgames.com engineering.riotgames.com technology.riotgames.com fs.riotgames.com engineering-test.riotgames.com screensaver.riotgames.com signup-api.riotgames.com.cdn.cloudflare.net email-verification.riotgames.com.cdn.cloudflare.net oce.merch.riotgames.com.cdn.cloudflare.net na.merch.riotgames.com.cdn.cloudflare.net ap.recovery.riotgames.com.cdn.cloudflare.net eu.recovery.riotgames.com.cdn.cloudflare.net na.recovery.riotgames.com.cdn.cloudflare.net garena2.auth.riotgames.com.cdn.cloudflare.net euc.pp.riotgames.com.cdn.cloudflare.net data.riotgames.com.cdn.cloudflare.net playerpreferences.riotgames.com.cdn.cloudflare.net engineering-test.riotgames.com.cdn.cloudflare.net engineering.riotgames.com.cdn.cloudflare.net links.riotgames.com login.riotgames.com.cdn.cloudflare.net technology.riotgames.com.cdn.cloudflare.net update-account.riotgames.com.cdn.cloudflare.net merch.riotgames.com.cdn.cloudflare.net screensaver.riotgames.com.cdn.cloudflare.net www.pool4tool.com.cdn.cloudflare.net

Malware Detected on Host

Count: 8 973f43d17da981da069520fc0209ab29583e81e1e911773ac80dca80c46fd3b1 e6d0c4c029cd00e7628276cb00311e1bbf70f8f004c3bf551364fb02aa56814f fe49d5312e6728b1ef6a1d77520ac72efc97edf90beb4f25ec5b00dc0c2dacd4 22d6f632a55d91df4a167d0e280c4c33ae8e62b00b35bf147d5c4d86316e4f0b a339f723d7b7f726d18f2f0a83852f6318578ae3571e53a915a65d0440b9e096 feabbe6c7b7d870d33bac758739687a3ca6ac91472a9ae97db993fe0d92818d1 c946066820e56b6069a026d0aa294e727f673f2e8d4f15824ab6293cdff39104 e9958dcceb2008b272f0c2b0043b5756aad188544ca4ce8972a8578ff1995aee

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22