104.21.1.251 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.1.251 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1043 - Commonly Used Port, T1056.001 - Keylogging, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1497 - Virtualization/Sandbox Evasion, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1573 - Encrypted Channel, TA0004 - Privilege Escalation

• Tags: a1ginaprincipal, a9dia, aaaa, accept, accept encoding, acint, address, address first, address google, a domains, adware, a fleecy, agent, ai, aig, AIG Claims, Alberta, Alberta Doctors, Alberta Health Services, Alberta Medical Association, Alberta NDP, Alberta UCP, alexa, alexa proxy, alexa top, all octoseek, all search, anonymizer, antivirus, api blog, appdata, apple ios, applicunwnt, april, artemis, as13335, as139021, as14061, as14720 gamma, as15169 google, as16276, as20940, as29789, as30148 sucuri, as31898 oracle, as396982, as396982 google, as397241, as40509, as44273 host, as54113, as62597 nsone, as7922 comcast, as8075, as autonomous, ascii text, asn15169, asn16276, asn209242, asn4583, august, awful, back, bank, banker, bazaloader, beach research, beginstring, behav, binary file, blacklist, blacklist http, blacklist https, body, bot, Botnet, botnetwork, bradesco, brian sabey, camera usage, canada unknown, certificate, Certificates, checked url, child teen content illegal, chrome, cisco, cisco umbrella, City of Edmonton, class, classic poems, cleaner, click, cname, cobalt strike, coinminer, colorado, communicating, comodo rsa, conduit, Connect Care, contacted, content length, content type, control server, copy, copyright, core, country unknown, Covenent Health, covid19, crack, creation date, critical, customer, CVE-2023-4966, cyber stalking, cyber threat, cyberwar, data center, date, de indicators, de page, de summary, detail domains, detection list, device control, DGA, dnspionage, docs pricing, domain, domain related, domains, domains show, domain tree, downer, downldr, download, driverpack, dropped, dropper, ecdhersa, Edmonton Police Services, edsaid, EduRoam, emails, emotet, encrypt, engineering, entity, entries, error, et, et tor, et useragents, execution, exit, expiration date, exploit, extraction, facebook, fakealert, falcon, falcon sandbox, february, file, files, files location, filetour, financial, firehol, follow, for privacy, frames domain, france mail, france unknown, frankfurt, free poems, friendship poems, fuery, fusioncore, gb summary, general, general full, generator, generic, genkryptik, geotracking, germany, get h2, glupteba, gmbh version, gmt content, gmt united, google, GovAB, gsqueue, gts ca, hacktool, hallrender, hallrender.com, hashes, heaven, heavens, her beam, herself, heur, hidden users, historical ssl, hong kong, host, hosting, hostname, hostnames, hostname server, http, http header, https, hybrid, icedid, ice fog, iframe, indicator, indicator facts, inject, installcore, installer, installpack, internet storm, iobit, ip address, ipasns ip, ip information, ip summary, ipv4, isotope, january, javascript, jpeg image, js, june, kali, kb image, keylogger, kgs0, kls0, known tor, kong asn, kuaizip, laplasclipper, leasewebuklon11, links certs, local, localappdata, location hong, location united, login, london, love poems, mail collection, mail spammer, main, Malcerts, malicious, malicious site, malicious url, maltiverse, maltiverse safe, maltiverse top, malvertizing, malware, malware host, malware site, march, mark, mark brian sabey, markmonitor, media, mediaget, message interception, meta, meterpreter, metro, milemighmedia, million, mimikatz, Ministry of Advanced Education, Ministry of Health, Ministry of Tech & Innovation, mirai, misc attack, mitre attack, monitoring, moved, msie, mwin, name servers, name value, name verdict, nanocore, nanocore rat, network traffic, next, nircmd, njrat, node tcp, node traffic, november, null, nxdomain, open, opencandy, otx octoseek, outbreak, page url, parent parent, passive dns, patcher, path, pattern match, phishing, phishing site, png image, poem, poems, poem topics, poetry, pony, pornhub, presenoker, present mar, problems, protocol h2, proud evening, proxy, ps ord, pulse indicator, pulse pulses, pulse submit, python, qbot, quasar rat, query type, radar ineractive, radar tracking, rank, ransomware, Ransomware, record value, redline stealer, referrer, refresh, regex, registrar, related nids, relayrouter, relic, remote attacks, requested, resolutions, resource, resource hash, response ip, revengeporn, reverse dns, riskware, Rogers, romantic poems, roundup, runescape, sabey, safe browsing, safe site, sample, samples, satellite tracking, scan endpoints, scanning host, screenshot, script, script urls, search, search live, sec ch, secure server, security, security tls, seen asn, seen last, server, servers, service, services, shone pale, showing, site, skynet, skynet bot, soc, social engineering, softcnapp, software, spammer, span, Speader, sql, ssl certificate, star, status, status hostname, stealer, strings, subdomains, summary, suppobox, svg scalable, swrort, system, systweak, tag count, tags none, tcp traffic, team, Telus, text archiver, than, thomsonreuters, thou bearest, threat report, threat round, threat roundup, threats, tiggre, tofsee, tools, topic, topics, tor known, tor relayrouter, traffic, Treaty 6, Treaty 7, Treaty 8, trojanspy, tsara brashears, tue apr, twitter, UAlberta, umbrella rank, union, united, united kingdom, United Nurses of Alberta, University of Calgary, unknown, unknown traffic, unlocker, unsafe, url analysis, url history, url http, url https, urls, urls date, urls http, url summary, value, variables, vector graphics, wacatac, waypoint object, webtoolbar, westlaw, westlaw njrat, whois record, whois whois, windows nt, x powered, xrat, x sucuri, xtrat, yandex, yndx, zbot, zeus, zuorat

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 14 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Bahamas, Barbados, Canada, Georgia, Guatemala, Ireland, Japan, Kenya, Mexico, Netherlands, Panama, Philippines, Poland, Sint Maarten (Dutch part), Slovakia, Spain, Tanzania United Republic of, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: 65392452.demo.tk tokeslotmenang.website zamowienie-52m33xqv2dgg0znb36ryp1.onl scannouncil.com loehe.org cyranovaeli.com ralithonovia.com elcajonaircraft.com www.talab.ma houximei.com firmenscoutweko.com onlineh5club.com dynasty4dtotopp.com neqcm.link bestaccountsiq.com foryoni.com.de dkwin11.com viehomefr.com hh666apps.com summerworld.org amp-7slots-game.top drawprompts.com columbus.com.br 957243.demo.tk www.lardoperdao.org.br lardoperdao.org.br 657423.vip 16244789.demo.tk theebz.co.za wi88k.com npkxoc.beatific.click mikigamingkak.wiki uneswap.exchange ideb6.com lpse.hipmikaltara.org goldenticket.dispensaries.bz mycareervision.live www.montereyfoods.com.au novin-worker.fawsnm.workers.dev besshopiefzjt.shop 4x4bet-vip.net imgapi.click openai-proxy.fenice-653.workers.dev ok9-navi.com wf.sellventures.vip workerip.309338.xyz 86032352.demo.tk www.worldcuphighlightid.top entwine-icohort.eu shfenghongbaozhuang.com 7321345.demo.tk 9075926.demo.tk ssmumbai.com sssaadsmmassmmmmxa.xyz 1227883.demo.tk 19365495.demo.tk 63430177.demo.tk 11102797.demo.tk 23079814.demo.tk atmassurance.com 5221885.demo.tk yellowpress.co bukti2x2.work www.shophomebasicsy.shop serv2.top adsawqewqdsadsa.sbs aphelia.beer rapid-darkness-fde4.pmujbvkv.workers.dev mgmt.inhousesolutions.com www.alexandriafallfestival.com alexandriafallfestival.com hnbainian.com hostmaster.summerworld.org halomot-metokim.co.il fuentelmonge.com torriingru.com www.e-tajiri.com e-tajiri.com beyondajourney.lol butterflinxu.store slotshammercasino.nl worldcuphighlightid.top blazegames.club crabmail.net 9532364.demo.tk www.deboramartins.site lounge.sigmaprojects.org apiideraos.com phsky.win www.phsky.win 9202306.demo.tk playzz-studioo.icu s18-com.com mmj00.com 9096as.com www.mmj00.com briventa.site www.forum-ines.fr avagreenlh.com music.sigmaprojects.org trojan1.nanjiu533.workers.dev angkasapura88.xyz xn–lv0a.tw zhongsenly.com uudda.com mirkohausmeisterservicegarten.de zs65g.cn www.cmillerlaw.click visplorentra.store rankstrgrowthedge.shop shadle.dev epikbahis247.com swap17xlotemax.lat prowlarr.lamoreaux.me movepipelining.com awonder.beer businesskontaktoleamarketing.com enolalo.top cmillerlaw.click wadyt.cn geqohoa1.ru database.dylanburr.page zrjmqsitemaps.summerworld.org super-kwik-bi.com us.stonegatetooling.com gangtw.com dd7865.com sarkarforever786icloud.ltd homeinteriordesignthemes.com dice.mou.me xj54.top cqjieou.com sz-fashion.com 9372389.demo.tk multhub.com.br assets.summerworld.org admin.summerworld.org maylintw.com pk-tot55game.com joinsocialistics.com 90winxxx.com www.hostmaster.summerworld.org www.hamedshirazi.com kjgurl.top diyarbakirescortbayan.net ee9hjz.lol 7come.app.br tiaolv.com.cn padeltennis.pt be-side.ch impactum.group iqxcymg.cn www.linemarkingsydney.au www.marilynpabon.com landslot88burn.link travelwonderlustguide.xyz pixelvision69.top telegnujcx.makeup jam-and-toast.com peap-radius.bbsfirm.com www.elitemetaphysics.com suryakaladimana.com acpayments.ru yzgmhtjmdpmrzgyctcys.shop krolewskie-ranczo.pl dorjeedhondup.com zencrownheadspa.com megawin88.com restopos.ru pinoytvplay.net 395368133.demo.tk zhjccg.com drpliniocorreadeoliveira.info www.avialbikes.com avialbikes.com 8kbet3.eu.com 4283176059.demo.tk kra-34cc.cc www.kra-34cc.cc nutritionforhealthy.com fundolagomonreal.cl bbsport.info 49bet-l.com 565459.demo.tk argoxin.com homeheroservicesusa.com bclmarket.com paybet88link.com yusufmemoglu.com www.dreamweddings-tuscany.com microloan.top would-gntvss.xyz 3iyrhp.icu lingga.asia fcsiteservices.co.uk barcela.it 365642.demo.tk lib.atlas-bilisim.com jellyfin.goldensmp.net jellyseer.goldensmp.net cookuh-hall.icu www.plsbt88.today safinstyle.in tpdjt.com dreamweddings-tuscany.com gosuslugi.onl careerexcellencespot.live hedianyun.cn trading-venture.com 05777b.com feinschmeckerliebe.com cryptozd.iamabdus.com talab.ma paris911.com abovecmd.com 5193620847.demo.tk chinajianzhen.com bajay4d.org viwm.info s7888.top jacobezramiller.com whanmoo569.org www.help.tpdjt.com poppyaii.com mdyik.org genau-hier.online app-0x1.network kentang955ok.site viralify.studio sabongonline.xyz marissa259.sbs forschungszulage-deutschland.com refinedfitnesszone.run mehmetkaya.online e-bike-ratenkauf-ch-2.sbs fi88pro.pro shiba138login.com instavip.top frrza.info suntoza123.com imdianamaria.com ernasto.com jollymorning985.tpahxal.workers.dev pasontek.com dataviewly.info defileshop.com epofuwe.top calculatorturbo.com lockdowndns.net tryaristteam.com consultasalinstanteviaseguraperu.sbs xinpinhuo.com inimaxim178.yachts bugs.kerbalspaceprogram.com.cdn.cloudflare.net cnsanyu.com acessarpagonline.lat wcladee.com schcj.com media-rankzone.com 292dabentle.xyz sazehikco.com scatter123.win crossbodybagsale.us towrbnx.buzz breatheevgroup.com 56wcoma.com keeppass-download.com dmitryklochkov.com consultafaturadezembro.org y6yvguztmttqkbbp.top childcare-in01.today handyholder.shop blr5828.com kesalakberkah.site 2081927.online jarisakti.blog weddingfax.com liuzhouwanbao.com foothippopotamus.com nutribicarahub.com vanture.club sign-uniswap.org detectearlyai.info childcentredcounselling.com ladlejoy.com tagj-dh278.vip greensprout.space stonelithtradence.org consolemarketplace.com zhunchuo.com designtingleform.shop careerexplorertest.com hghgd.xyz healthchampblog.com shophomebasicsy.shop topdouglasvilleplumbing.com saltmilled.com pegasus888b.cfd extraordinaryfloodthis.site sexswan330.click promolert.com gunorisum.com fattytokens.info onebox63.lol 5526betbet.com eoyces.top bkbetkk.com gongchandang.xyz filbet.pics bk8-trangchu.top danquez-ray-cyber.com vntfr.me aerosolesrya.shop zzqyjnjo.vip p1j3j1.org.cn www.cifasnc.info carta4dramalan.com www.jordanshoeshat.shop mpk19.cc cpf777app.com wrtzw.com green-planetts.icu smpviral1.store winsupperchamp.com multibankservices.com vault-alexbecker.xyz slnsnsmandre.com youradaptfolio.com tool.xxn1.cn bandannaanything.com ecarkhana.com mar8bfx6mm.ebtbpbygqpyuhmcy.top maaycgtc5k.ebtbpbygqpyuhmcy.top apxt5gsvgx.ebtbpbygqpyuhmcy.top zglcjx.com th5eg.com 88surveys.com www.xgnr.ir 2ginvok7v3b.top indoslotasia.boats ebtbpbygqpyuhmcy.top enchantedtalisman.com tkyierpoyjrs.com 115673.demo.tk brightex.com.au 8.comingcanvasonce.pro pensiongroup.org shophermediacontacts.com gransinos.co.uk ojol77ertepe14.xyz cair33.id www.cair33.id overcsfavi.com jintao.shop kanan23.my.id weekdaysgames.com goldpagebest.com asxeng.me hes-goals.one wigubasolazuguyode.shop tradballs.com ulti700pas.shop bt365vv.com www.maak102.nl maak102.nl ipv6.maak102.nl nextgenbriefing.site distribution-amzn.com www.iamabdus.com kxqqde.info grubysms.net jetticaser.com rlqgen.top gardeningadventureteam.xyz dailydoseclubapp.click repo-storage-buildings.today xjbnstpqyr.shop istormquest.shop xazygvdczytsmvajfuj.shop gnqnsi.info uduwetu.info globaltravelperks.com bb.aiinit.workers.dev theonemall.co.kr pepeto88net.site glasgowreal.co.uk msystem.online liveoldworldchristmas.shop bbvvplataforma.com okjl.plus mkhv.io management-oneonline.co digiedge.me postnid.sbs biabradescprime.digital jordanshoeshat.shop kalestory.online hedge-funds-iq-uskw-902.today ufabetbet93.com tkkengineering.co.th treasury-sharpe.com pancakeswapmobi.icu xnybw.com www.atlas-bilisim.com whm.atlas-bilisim.com chemicalsciencelab.click soft-fire-06b1.yingxi-he2146.workers.dev idc88roat.com 235388945.demo.tk 34347646.demo.tk 301561.demo.tk square-band-6b58.daniel-fan.workers.dev x99a1904.xyz relplessrea.xyz comingcanvasonce.pro 0.comingcanvasonce.pro winddorstore.com adianevip.kayne.workers.dev killbugs.fr snalkorsord.sbs kkkf21fv3.com vitrinecomprefacil.com salewaromania.ro tokolsa.xyz yagne.top biqgfs.rest cretinhughieraves.live ysmdhr.top edge-io-htpasswd.thredbo-queueit.workers.dev jgrurs.com idsell.cn i-dushka.ru lll.allofplayer.net cloud1.bytii.cloud haltengkab.go.id sethtwematdrsz.site cosmo168.live greasetrapcleaninglebanon.com rumahsahabatkeluarga.org vasyan.cloud 309338.xyz autophonixhub.com 5879124.demo.tk bo-py-convertible-sofa-beds-3d.today iowarescare.com hdslave.pro caribcatinachamlet.art usatruckers.net padelproshop-sale.click contactoutreach.com www.intldrivingpermission.com wa-eliteforge.com status.tkhaial.com fibx.faralya.digital cifasnc.info yhzq8596.vip pipe-forte.eu goi4gthaga.com forum-ines.fr wwfvddqc.world fdgl0baltcu1.sbs lendercatchinfo.com kapalbet.sbs pokakasihmenang.cfd ajax1clump.space demotogel.icu www.paideiaacademics.com luppitermarketing.com wnjukdbs7.top www.baltichopelatvia.lv youngathletetraining.co.uk 4jnru.top jwskuw.chat torondolspeed.site vavada-choumei.space kryptonitegz.shop chathab.online www.jrmywauters.shop bjcxe.com health-and-wellness-10th-edition-gordon.culturesite.org pyrrylpivotsplayoff.cfd myriade-math-matique-3eme-correction-pdf.culturesite.org hellogaptool.com 2015-kx450f-owners-manual-pdf.culturesite.org primaryinboxdigital.buzz pense-tete.com 5gaqs.xyz werawamire.culturesite.org rule-number-5-pdf.culturesite.org joy-casino-play-9.top kurumakaitori.today literature-review-on-diabetes-mellitus-t.culturesite.org chapter-10-study-guide-accounting-aplia.culturesite.org andre-maurois-el-arte-de-vivir-pdf.culturesite.org manual-sugar-cane-press.culturesite.org squad777c.shop diversitynews360.com kinok.culturesite.org shopnrpjones.com lineaxe.com

Open Ports Detected

2052 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN