104.16.85.20 Threat Intelligence and Host Information

Share on:
Jun 23, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.16.85.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Mitre ATT&CK IDs: T1546 - Event Triggered Execution, T1566 - Phishing, T1573 - Encrypted Channel
  • Tags: 5555, Activote.net, Baidu.com China’s Big Brother, Ballotpedia.org, CSA_TTPs-of-Indicted-APT40-Actors-Associated-with-China-MSS-Hain, Christopher Pool, Dominionvotingmachines.com, GOOGLE DRIVE ABUSED IN DOCUMENT EXFILTRATION OPERATION AGAINST A, IOT Reset Attack, Mail with office attachments contain malware (EternalBlue Probes, Mueller Report IOCs Expanded, Music.ly (Chinese App), Pool’s Closed, Ransomware, Smartmatic.ru, Timothy Pool, Trafficmanager.net, Unsubscribe (384)Talos - InSideCopy: How this APT continues to, VoteTravis.com, WannaCry, accept, algorithm, analysis, android, ansi, apt, bootstrap.libp2p.io, channelofficial, cisco umbrella, click, close, code, comodo valkyrie, cruz-crew.com, data, date, decrypted ssl, dns records, dns replication, dns request, dns response, dos exe, download, email, expirestue, flow, flow start, format, general, hosts, httponly, hybrid, in cname, ingestion time, isnetfw2true, isupgradefalse, j1579079770442, key identifier, keycode1591, librouter, light, local, malicious, malware, mozilla, netgear router, netgear twitter, network capture, nr agent, nreum, online, osspsp1, osverwindows, path, process flow, rank value, record type, referring, registrar abuse, registrar url, registry domain, registry expiry, router login, runtime data, s603, sample, san jose, sandbox, scytl.com 11.14.20, security, server, setup, sha1, sha256, size, ssl certificate, strings, submission, submit, suspicious, technology, tenus, thinclient, threat level, tls flow, tmos, trojan, type, type name, verdict mobile, vxstream, whois, whois record, win32 dll, win32 exe, windows nt, x.bidswitch.net, yixun.com (assets.DonaldJTrump.com)

  • JARM: 27d3ed3ed0003ed1dc42d43d00041d6183ff1bfae51ebd88d70384363d525c

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS13335 cloudflare
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: Israel, United States of America
  • Passive DNS Results: dup.133233.xyz www.qchd5.com sd.133233.xyz staiyue.com www.mofer.com.cn jsdelivr.codeqihan.com m.tvccc.org jsdelivr.yangzupan.com static.clerk.dev www.weiwuzhi.com phitogether.fun q555.net qtb.co download.zenless.top cf.cdn.zenless.top www.3c8848.com m.baidupro.vip www.brialdy.com xawerlimit.tk service.edliu.cn 364951.com www.364951.com www.xing101.com xing101.com qkyy.org www.qkyy.org brialdy.com web.mmll.ml www.ssfnbox.com wdszx.net www.digitalevers.com ssfn.133233.xyz aplayer.cc fy126.com api.mmll.ml dd-patch.200403.xyz ddapi.200403.xyz ddapi.133233.xyz mofer.com.cn wyh.ovh www.metaysw.com www.gzmlmy.com gzmlmy.com blog.cherry.ga aname.eu.org cdn1.5118cloud.xyz www.lixianla.com nyashop.ga www.djdy.org www.bmmyy.com www.cqbanghe.net cdn.wkkdss.tk erdong.me moyun.eu.org qinglong.wsy741963.eu.org static.lixianla.com img.cai.nu cdn.kemi20.cn www.tvccc.org cdn1.kemi20.cn github.kemi20.cn cdnip.cf down.kemi20.cn gspan.top eshuyuan.me m.shurenenglish.com cdnd.imgq.cn dd-patch.133233.xyz www.3c848.com miaotudmw.com tc.miaotu.vip www.full66.com metaysw.com dui.ink www.0594020.com anti-limit.ml www.nyashop.top nyashop.top www.nyashop.tk yqksp.tk www.djzdyw.com v7.czwxbyq.com cq.txyzf.top one.imgq.cn youxiou.com www.youxiou.com lixianla.com 4.141592653.xyz www.51wendao.com creatr.xzzte.cn zfile.yunsxzw.com danjihao.com www.danjihao.com steam.133233.xyz herofx.buzz cdn.regenbogenmeer.ltd ku6m.com wuyouyi.me panlndex.gspan.top kodbox.gspan.top www.wukonghd.com blog.wrmit.com www.b7yy.cc hpbbb.com www.gakclr.com rocketx-u1c.dmwglobal.cloud www.qtb.co nyapay.tk pay.nyapay.tk www.nyashop.cf api.haifengnfr.com www.fcwei.com vcahd.lty.name rec.a-soul.cloud www.nyashop.ga nyashop.cf nyashop.tk icp.lty.name h5.haifengnfr.com www.eshuyuan.me ssfnbox.com 3.141592653.xyz 70games.net www.70games.net www.ayvcd.com www.zsych.net cccc.cyou www.smhdyy.com vv.141592653.xyz www.wdszx.net ccrf229.org www.ccrf229.org m.ccrf229.org wukonghd.com miemie.love www.txtbye.com www.q555.net almertin.guard.eu.org wsclaro.okratos.xyz syjytv.net txtbye.com www.acgmovie.net www.kushutan.com www.zhiqihuo.com kushutan.com weibo22.cn zhiqihuo.com cf.yuesekaer.com baidupro.vip syjytv.cn www.syjytv.cn la.amtop.cn vir.amtop.cn www.longvcd.com plex.isong.fun www.dusanwenxue.com cf.p90.top www.p90.top www.home66.net api.miemie.love www.lxxzg.com zfile.gspan.top www.yunsxzw.com cdn.yigui0759.com yy.19bit.xyz fa110.com m.fa110.com www.fa110.com github.xh-ws.com oss.xh-ws.com gravatar.xh-ws.com git.xh-ws.com www.fy126.com iof.im hbzxzq.com litmesh.com www.hbzxzq.com wishsb1.cf wxtlon.com www.wxtlon.com www.kkkk.life www.gogogo.me gogogo.me 115bd.com hk.gonian.cn www.sxgolon.com scw.135e2.eu.org static.mobingc.top mobingc.cf mine.mobingc.top www.wsy741963.eu.org share.wsy741963.eu.org wsy741963.eu.org cloud.wsy741963.eu.org chuanxinfangfadxmaimxd.xyz fpgs.paygilant.com bucket.vues.cn cdn.zenless.top mix.cdn.devhjz.com link.devhjz.com muziwk.top jsdelivr.cdn.devhjz.com jsd.kaitaku.xyz cdn.beilinet.com www.devhjz.com static.js.123113.xyz claro-br.d23.host b2.cdn.devhjz.com 073600.xyz tools.devhjz.com demo.devhjz.com ssheu1.073600.xyz cfcnpages.demo.devhjz.com link.073600.xyz id.devhjz.com jsd.holob.cn jsd.jx-ll.cn api.devhjz.com jsd.gahotx.cn web.devhjz.com status.devhjz.com cloudflare.tc.cloudns.asia cdn.gahotx.cn static1.cdc.exchange claro-wsnet.online test1.jsdelivr.net vicly.org cf.statically.io 99.hukanyy.com 7.hukanyy.com images-shielding.statically.io cloudflare.statically.io testingcf.jsdelivr.net testing.jsdelivr.net cdn.jsdelivr.net.88.1.8b13f9ac.roksit.net www.nsvue.cn jsdelivr.net.cdn.cloudflare.net.88.1.8b13f9ac.roksit.net cdn.jsdelivr.net.cdn.cloudflare.net.88.1.8b13f9ac.roksit.net user.netfix.buzz testingcf.jsdelivr.net.cdn.cloudflare.net dns.xunav.info cdn.jsdelivr.net jsdelivr.net.cdn.cloudflare.net 2-01-2cd3-000f.cdx.cedexis.net li-ping.ml cdn.jsdelivr.net.cdn.cloudflare.net

Malware Detected on Host

Count: 3877 27f3bfef41c8fb4cc97c6d4e28ce052722d0ad88d56ed876b390f37e0894997f cffa750438fca34607e99edb86ab8850bde7d031134d3ec4bea6c059e4c7f40e 8356bed98f502ba29402041c450af6a4e540b5f776a9a937101ed7ab73b3cc43 01d69b5cf09169a765d1681b4a623c4c8b138837540ffe4f5210ce4f32b5983f 5e44d5c2177807d15675752eab7e4799ec9f0e13b7f22996ecd5d565c2b8eab1 d7fc6e2bb668eb1c28e00c181c05060b72a4d4c1fd9055539b13c13af7e65382 3b9d476642b39a19411d46afbebde4b40ce4eb616316a48aa5e01539589d46c2 c61deca57b2df23d6bf40af741124b22edec0fbe3f39d96dc376ce79403ac17a c8be0e5878a49125d3e20289899677b48e82d7497280a1d4b49d84c4ca552b82 05924b64fcf03da8232b4927d288d9c46aa37f762aa9a6a657d45d8185b54409

Open Ports Detected

2082 2086 80 8443

Map

Whois Information

  • NetRange: 104.16.0.0 - 104.31.255.255
  • CIDR: 104.16.0.0/12
  • NetName: CLOUDFLARENET
  • NetHandle: NET-104-16-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS13335
  • Organization: Cloudflare, Inc. (CLOUD14)
  • RegDate: 2014-03-28
  • Updated: 2021-05-26
  • Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  • Ref: https://rdap.arin.net/registry/ip/104.16.0.0
  • OrgName: Cloudflare, Inc.
  • OrgId: CLOUD14
  • Address: 101 Townsend Street
  • City: San Francisco
  • StateProv: CA
  • PostalCode: 94107
  • Country: US
  • RegDate: 2010-07-09
  • Updated: 2021-07-01
  • Ref: https://rdap.arin.net/registry/entity/CLOUD14
  • OrgAbuseHandle: ABUSE2916-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-650-319-8930
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • OrgNOCHandle: CLOUD146-ARIN
  • OrgNOCName: Cloudflare-NOC
  • OrgNOCPhone: +1-650-319-8930
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgTechHandle: ADMIN2521-ARIN
  • OrgTechName: Admin
  • OrgTechPhone: +1-650-319-8930
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • OrgRoutingHandle: CLOUD146-ARIN
  • OrgRoutingName: Cloudflare-NOC
  • OrgRoutingPhone: +1-650-319-8930
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • RNOCHandle: NOC11962-ARIN
  • RNOCName: NOC
  • RNOCPhone: +1-650-319-8930
  • RNOCEmail: [email protected]
  • RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
  • RAbuseHandle: ABUSE2916-ARIN
  • RAbuseName: Abuse
  • RAbusePhone: +1-650-319-8930
  • RAbuseEmail: [email protected]
  • RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • RTechHandle: ADMIN2521-ARIN
  • RTechName: Admin
  • RTechPhone: +1-650-319-8930
  • RTechEmail: [email protected]
  • RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-06-22