104.16.87.20 Threat Intelligence and Host Information
Jun 24, 2025
ipinfopage
General
IP Address
104.16.87.20
Location
Unknown
Network
AS13335
Threat Score
60/100
Attack Intelligence
MITRE ATT&CK Techniques
T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1030 - Data Transfer Size Limits, T1031 - Modify Existing Service, T1035 - Service Execution, T1036 - Masquerading, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055.012 - Process Hollowing, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.005 - Visual Basic, T1059.006 - Python, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1090 - Proxy, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1110 - Brute Force, T1111 - Two-Factor Authentication Interception, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1122 - Component Object Model Hijacking, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1158 - Hidden Files and Directories, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1189 - Drive-by Compromise, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1222 - File and Directory Permissions Modification, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1485 - Data Destruction, T1491 - Defacement, T1496 - Resource Hijacking, T1497.001 - System Checks, T1497 - Virtualization/Sandbox Evasion, T1518.001 - Security Software Discovery, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1546.015 - Component Object Model Hijacking, T1546 - Event Triggered Execution, T1547.001 - Registry Run Keys / Startup Folder, T1547 - Boot or Logon Autostart Execution, T1552.001 - Credentials In Files, T1552 - Unsecured Credentials, T1555.003 - Credentials from Web Browsers, T1555 - Credentials from Password Stores, T1560 - Archive Collected Data, T1563 - Remote Service Session Hijacking, T1564 - Hide Artifacts, T1566 - Phishing, T1568 - Dynamic Resolution, T1569 - System Services, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow, T1583.005 - Botnet, T1588.004 - Digital Certificates, T1588 - Obtain Capabilities, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0009 - Collection, TA0010 - Exfiltration, TA0011 - Command and Control
Open Ports Detected
2082
Geographic Location
Country
Unknown
City
Unknown
Region
Unknown
Coordinates
0.0000, 0.0000
Geographic coordinates not available for this IP.
Network Information
ASN
AS13335
Organization
CLOUDFLARENET
Network
AS13335 CLOUDFLARENET
WHOIS Information
NetRange
104.16.0.0 - 104.31.255.255
CIDR
104.16.0.0/12
NetName
CLOUDFLARENET
NetHandle
NET-104-16-0-0-1
Parent
NET104 (NET-104-0-0-0-0)
NetType
Direct Allocation
OriginAS
AS13335
Organization
Cloudflare, Inc. (CLOUD14)
RegDate
2010-07-09
Updated
2024-11-25
Comment
Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref
https://rdap.arin.net/registry/entity/CLOUD14
OrgName
Cloudflare, Inc.
OrgId
CLOUD14
Address
101 Townsend Street
City
San Francisco
StateProv
CA
PostalCode
94107
Country
US
OrgTechHandle
ADMIN2521-ARIN
OrgTechName
Admin
OrgTechPhone
+1-650-319-8930
OrgTechEmail
rir@cloudflare.com
OrgTechRef
https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
- Country:
- Network:
- Noticed: 33 times
- Protocols Attacked: Anonymous Proxy
- Countries Attacked: Australia, Belgium, Brazil, Canada, France, Germany, Hong Kong, India, Korea Republic of, Netherlands, Spain, United Kingdom of Great Britain and Northern Ireland, United States of America
- Passive DNS Results: syjytv.cc dusanwenxue.com zsych.net www.ycsytxx.cn m.xingchenggs.com xingchenggs.com tvccc.org gcore.jsdelivr.net gcore.jsdelivr.net.cdn.cloudflare.net www.xingchenggs.com www.aaaing.com api.weibo22.cn dup.133233.xyz www.qchd5.com sd.133233.xyz www.xglm7.com www.mofer.com.cn jsdelivr.codeqihan.com m.tvccc.org jsdelivr.yangzupan.com www.mzysb.com static.clerk.dev www.jsyxjs.com www.weiwuzhi.com phitogether.fun q555.net qtb.co download.zenless.top cf.cdn.zenless.top ahhybkj.com www.3c8848.com tszhktwx.cn www.zewangjixie888.com m.baidupro.vip www.vucamao.com www.lvse114.com www.brialdy.com service.edliu.cn 364951.com www.364951.com www.xing101.com xing101.com qkyy.org www.qkyy.org brialdy.com web.mmll.ml www.ssfnbox.com wdszx.net www.digitalevers.com ssfn.133233.xyz ftsjk.com aplayer.cc fy126.com api.mmll.ml dd-patch.200403.xyz ddapi.200403.xyz www.yycffdj.com www.58mer.com www.lgzz.cc ddapi.133233.xyz www.jbzzdb.com www.hdrzjc.com mofer.com.cn wyh.ovh www.metaysw.com www.gzmlmy.com gzmlmy.com blog.cherry.ga aname.eu.org cdn1.5118cloud.xyz www.gdsnt.com www.19well.com www.sztaile.com m.sjzgdjz.com msywl.com www.lixianla.com nyashop.ga mzysb.com www.nyfhcl.com www.caomin-dy.com www.bjhdfz.com www.djdy.org www.bmmyy.com www.cqbanghe.net cdn.wkkdss.tk erdong.me moyun.eu.org qinglong.wsy741963.eu.org static.lixianla.com img.cai.nu cdn.kemi20.cn www.tvccc.org cdn1.kemi20.cn github.kemi20.cn cdnip.cf down.kemi20.cn gspan.top eshuyuan.me m.shurenenglish.com cdnd.imgq.cn dd-patch.133233.xyz www.3c848.com www.full66.com metaysw.com dui.ink www.0594020.com www.nyashop.top nyashop.top www.nyashop.tk yqksp.tk www.djzdyw.com v7.czwxbyq.com www.lf119.com cq.txyzf.top one.imgq.cn youxiou.com www.youxiou.com lixianla.com 4.141592653.xyz www.51wendao.com www.ylhzzy.com www.fanwenwangzhan.com creatr.xzzte.cn zfile.yunsxzw.com danjihao.com www.danjihao.com steam.133233.xyz herofx.buzz cdn.regenbogenmeer.ltd ku6m.com wuyouyi.me panlndex.gspan.top kodbox.gspan.top www.wukonghd.com blog.wrmit.com www.b7yy.cc hpbbb.com www.gakclr.com rocketx-u1c.dmwglobal.cloud www.qtb.co nyapay.tk pay.nyapay.tk www.nyashop.cf api.haifengnfr.com www.fcwei.com vcahd.lty.name rec.a-soul.cloud www.nyashop.ga nyashop.cf nyashop.tk icp.lty.name h5.haifengnfr.com www.eshuyuan.me ssfnbox.com 3.141592653.xyz 70games.net www.70games.net www.ayvcd.com www.zsych.net cccc.cyou www.smhdyy.com vv.141592653.xyz www.wdszx.net ccrf229.org www.ccrf229.org m.ccrf229.org wukonghd.com miemie.love www.txtbye.com www.q555.net syjytv.net txtbye.com www.acgmovie.net www.kushutan.com www.zhiqihuo.com kushutan.com weibo22.cn zhiqihuo.com cf.yuesekaer.com baidupro.vip syjytv.cn www.syjytv.cn la.amtop.cn vir.amtop.cn www.longvcd.com plex.isong.fun www.dusanwenxue.com cf.p90.top www.p90.top www.home66.net api.miemie.love www.lxxzg.com zfile.gspan.top www.yunsxzw.com cdn.yigui0759.com yy.19bit.xyz fa110.com m.fa110.com www.fa110.com github.xh-ws.com oss.xh-ws.com gravatar.xh-ws.com git.xh-ws.com www.fy126.com iof.im hbzxzq.com litmesh.com www.hbzxzq.com wishsb1.cf wxtlon.com www.wxtlon.com www.kkkk.life www.gogogo.me gogogo.me 115bd.com hk.gonian.cn www.sxgolon.com scw.135e2.eu.org static.mobingc.top mobingc.cf mine.mobingc.top www.wsy741963.eu.org share.wsy741963.eu.org wsy741963.eu.org cloud.wsy741963.eu.org chuanxinfangfadxmaimxd.xyz fpgs.paygilant.com bucket.vues.cn cdn.zenless.top mix.cdn.devhjz.com link.devhjz.com muziwk.top jsdelivr.cdn.devhjz.com jsd.kaitaku.xyz cdn.beilinet.com yiqiexcel.com www.devhjz.com static.js.123113.xyz claro-br.d23.host b2.cdn.devhjz.com 073600.xyz tools.devhjz.com demo.devhjz.com miguelnets.com.br ssheu1.073600.xyz cfcnpages.demo.devhjz.com link.073600.xyz id.devhjz.com jsd.holob.cn jsd.jx-ll.cn api.devhjz.com jsd.gahotx.cn web.devhjz.com status.devhjz.com cloudflare.tc.cloudns.asia cdn.gahotx.cn static1.cdc.exchange test1.jsdelivr.net vicly.org cf.statically.io images-shielding.statically.io cloudflare.statically.io testingcf.jsdelivr.net testing.jsdelivr.net cdn.jsdelivr.net.88.1.8b13f9ac.roksit.net www.nsvue.cn jsdelivr.net.cdn.cloudflare.net.88.1.8b13f9ac.roksit.net cdn.jsdelivr.net.cdn.cloudflare.net.88.1.8b13f9ac.roksit.net testingcf.jsdelivr.net.cdn.cloudflare.net jsdelivr.net.cdn.cloudflare.net cdn.jsdelivr.net li-ping.ml cdn.jsdelivr.net.cdn.cloudflare.net
Malware Detected on Host
Count: 3884 dcf9123cd9bcb550f7b25d26af1badad17728fe1eeb06fa42c371d466b740d70 f20a829f59c7178ba1c5e0c19a15a60f440b5aa1bb702157f7ccc56a5d624d6e 03189611b24362c13fb0f731d1ef1bcf12564beb269f3f00e9a73ea58f1f96f1 9791256f0f316b13f0e0cb2d3cf891681457a39a05e9a401e046131d9960277b cb577668797a8a39a33c232e475d21d8b8332016bdbb5912a37c44382486e779 2ec89fffe409457764f729962635405468cc599ec07c5294771acb6eab4663eb 14e9288321ee8f6fd5f275bb8a2a0f095c2a9d6f7fff847ba14ccbdab35fab0b e3d8cac38f193941b1862925198ecf4dfeff3f4ccf43c5e0f3182d656227062f 7b080d3f872f8c3374343b324ba0257fcf0696ad2f0cebeb636c89dc47849bdc a537173de1c6ae7653c13b68da0998effc9db07af274f5b700ff725d40181fc9
Disclaimer
This page contains threat intelligence information for the IPv4 address 104.16.87.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.