104.21.112.1 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.112.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1055 - Process Injection, T1057 - Process Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1129 - Shared Modules, T1217 - Browser Bookmark Discovery, T1480 - Execution Guardrails, T1489 - Service Stop, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1530 - Data from Cloud Storage Object, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1566 - Phishing, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information

• Tags: aaaa, aaaaa, access ta0006, acku new, adversaries, alberta, algorithm, alienvault, amazon02, amazonaes, analysis, analysis ob0001, analysis ob0002, analyze, analyze api, ansi, anti, apis, april, apt, ascii text, ascio, associated urls, attack, attack surface, auto-generated security, base64uidenc, bayonet, bbox, black, body, bulk export, c2, catalog tree, categories date, ca valid, cavalier, cdck, certum code, change theme, ciebie, cjutxg, ck id, ck matrix, click, close, cloud, cloudflare, cloudflarenet, cname, cnmicrosoft ecc, cobalt strike, code signing, collection, com laude, command, comspec, config, contact, contact us, control ob0004, control ta0011, copy, core, creation date, crlf, crowdsourced, crypto, cus subject, customers, d4 portable, darknet, dataedge cloud, data oc0004, date, defense evasion, demo explore, discovered ip, dns resolutions, domain analysis, download, download submit, e5 e5, eid104, eid1338769034, eid2, eid3, eid4828312, email address, emulation, energy, entity, entries, error https, evasion defense, evasion ta0005, exchange meta, extgstate, extraction, extra window, facebook, false, fastly, february, feed, file, file analysis, filesize, file type, find, first ioc, footer, form, format, found, free report, from, full report, g2 issuer, g2 valid, g4 issuer, gandi sas, gecko, general, generator, get http, get https, github, gmbh, google, google tag, green, gtmkvjvztk, hellokitty, historical dns, Hookbot, hosts, html, html document, html internet, https dane, hudson rock, hybrid, iframe, iframe tags, imi i, impact, impact ta0040, indicator of compromise, info, info malcore, informacje, informative, intel, intelligence, intelligence x, ioc, iocs, issuer certum, javascript, jelenia gra, jeli masz, june, keepalive, khtml, learn, level3, levelblue, lf triid, login, ltd dba, Lumma, magia dokument, magic html, main, malcore, malware, malware unread, memory, memoryfile scan, memory oc0002, mitre att, model, most relevant, ms visual, ms windows, namecheap, namecheap inc, namecheapnet, name tactics, netherlands, network related, nie po, nie wczeniej, number, ob0001, ob0007 impact, ob0012 file, oc0008, odcisk palca, oid2, omicrosoft c, online, open threat, over, overlay, overview, path, pattern match, pe32, Phishing, platform, please, please search, policy terms, post http, post https, prefetch1, prefetch8, prefetch8 ansi, premium, present jun, present may, process, process key, process oc0003, product blog, protect, ransomware, rate limits, rats, registrarsafe, report, reported, request, resolved ips, resource, response, results, ri falsek, rlength, rock, sample, sandbox, scan, schedule, script tags, scroll, search, search advanced, seen, serial number, server ca, service, sha1, sha256, sha512, share, show process, show technique, sign, signer, signing ca, simple file, slow, spaceship, span, ssdeep, stamping, starfield, static, status, stixtaxii, stream, strings, stwa lredmond, subdomains, submission, submit, submitted, subtypeform, suspicious, sweden, symantec time, symbol, system oc0001, t1114, ta0004 defense, ta0009 command, tags twitter, target, telewizja dami, term, third, threat, threat intelligence, threats api, threats explore, thumbprint, thumbprint md5, time stamping, tools, triage, trojan, trust, trusted network, tucows, twitter, typ pliku, uaaaaaaai, unicode, unicode text, united, updated, update secure, url https, usage ff, usa o, users, utf8, utf8 text, v3 numer, vhash, virus, vis1, vxstream, we1 wano, whasz, win32 exe, win64, window memory, windows nt, xmpg, xobject, z bardzo, zdarzenia, z dnia, zgodnie z

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 15 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, China, Japan, United States of America
• Passive DNS Results: ahmet7118.xyz clickbet88jelascuan.xyz akinn07.xyz xerzy.xyz wnnrmnm.xyz ayse161010.xyz adnnozduygu.xyz xxav2.xyz akifayaz.xyz ahmet7272.xyz securetryit.xyz appsalessk.xyz ampnetwincuy.xyz ceria138online.xyz weedyseeds12.xyz tugend2.xyz alipay-hz.xyz tgrowx.xyz alanyasitesi27.xyz win1131vvip.xyz canersevim.xyz tatigiris.xyz afrikal.xyz albayrak12.xyz whitingtoothspaceuae.xyz azurix.xyz andersenai.xyz aliosman081.xyz xgm2.xyz aloo52.xyz ahmettmbze.xyz dilaver0618.xyz ardaberkay.xyz travelprizenowgames.xyz aliakca.xyz erys.yoga assacdn.xyz abdosehan.xyz tranmas.xyz alphaa21.xyz aybrkztrk.xyz alter1hotspin69.xyz ahmettrhn.xyz alearn.xyz doctor41.xyz apo1926kg.xyz ayas351.xyz deliosman.xyz ayseates123.xyz aslan60.xyz superxs.xyz abdullahoncull.xyz apocalypto1616.xyz dybmrdn.xyz xemtieptronbo.xyz aleyli12.xyz tempfast.xyz ademterzi.xyz acar7867.xyz az234.xyz duqehe.xyz aspirin1111.xyz delideli49.xyz amp-qq188.xyz calmfocushaven.xyz celebi189.xyz aga09.xyz ado75.xyz tyquant-pro.xyz denizxxx.xyz atoo123.xyz ahmettokatt.xyz anqi859.xyz atlnts.xyz tyuytyjkutyk.xyz anthonydela.xyz deniz01.xyz tito1.xyz tuncay007.xyz clickbet88officialmaxwin.xyz ayaz6262.xyz trubix.xyz aydntrnn.xyz tbmlaslan.xyz clm23clm.xyz tex3.xyz avokado57.xyz tarzan93.xyz theking310.xyz artist06.xyz smilie09.xyz sngl5058.xyz aref6800.xyz asefer.xyz aslan19.xyz vipwedepisangemas4d.xyz halo4dtajir.yachts cts-asc.xyz xxkondex.xyz apocuq2.xyz apo5858.xyz aretoto-maxwin1.xyz azizking.xyz winnerkuti.xyz tugkaan.xyz xiexiele.xyz aserin09.xyz drenvoklima.xyz dmr8181.xyz capanoglu.xyz agb99bola.xyz done22.xyz speakinglandrover.xyz chalkaint.xyz tkaplan55.xyz asanli37.xyz superempsm.xyz sevencities.xyz dreygiris.xyz alisvl81.xyz anqi666.xyz denizci124.xyz demirelemir1905.xyz congor4d.xyz deferredforever.xyz cnkszr.xyz ali1984.xyz daftarwinlotre.xyz derya489.xyz seyde555.xyz dreald.xyz aliveli42aliveli42.xyz cg0732.xyz syd20.xyz theagentapi.xyz cplopaikq.xyz dobi35.xyz cumadok.xyz viral88ways.xyz darkmod.xyz tuzak.xyz telegqxwp.yachts sinyor72.xyz dbjuest.xyz ahmetsn19075.xyz akin1055.xyz adanasitesi20.xyz artemisqueenn.xyz steadyassettrack.xyz dimootoken.xyz suatkaplan.xyz taptogo.xyz syrrov.xyz clickbet88soiblumen.xyz sametakca.xyz celik35.xyz chain34.xyz anqi737.xyz sanlorenzo1905.xyz csmysf.xyz serdar12345.xyz skshg1111.xyz abus2772.xyz simbolslot-026.xyz sagibi.xyz atesoglu1907.xyz cemedya.xyz hamza01.xyz cattikyaa.xyz temp-number.xyz diyarakiin1.xyz sanssart.xyz secondretry-ent.xyz skigffyei.xyz skuryas.xyz secil3534.xyz casino-leon-jktlv.xyz acesseur0biicc.xyz canfeda6565.xyz saydek112.xyz tipotube.xyz seher0606.xyz dogus06.xyz dembaba55.xyz sqinlk.xyz tilbecemre.xyz satigftei.xyz semihbekerb.xyz sehnaztango.xyz hakcelik.xyz serhatyt1.xyz huodongshangcheng.xyz semihdnkz.xyz semihmuro60.xyz serenegrowthfield.xyz crazy-plink0.xyz sevi55.xyz hudie2.xyz aliihsan0311.xyz ceyhun3636.xyz serme.xyz sapmaz01.xyz clk3418.xyz serseri25.xyz selo710.xyz snacstore.xyz bozkurt4289.xyz sblelif11.xyz svg3516.xyz shnt4141.xyz tolga142751.xyz meteozden12.xyz chickenwinpk.xyz scorpionel55.xyz clearfundavenue.xyz sondinozor.xyz hyren.xyz sagn28um.xyz tomcurus1983.xyz casinobett.xyz sahin2534.xyz hati41.xyz volkan6767.xyz coooiqj.xyz clickbet88jelasgacor.xyz paykcloud.xyz sml1907.xyz serdarnisanot.xyz telciufuk5560.xyz hsn341919.xyz macchihome.xyz sevoooo.xyz tebar4d2.xyz sercany54.xyz happywoox.xyz suhuoke1.xyz haratama2916.xyz machinemyheadd.xyz hamtoto-ampversion.xyz darvazeh-2025.xyz murattopal8124.xyz salihkanber.xyz mrozkan.xyz hayalet1058.xyz mert07.xyz dkimmorwhat.xyz mekkeliateyiz.xyz messi182.xyz maplefundsource.xyz halil6049.xyz musti9433.xyz sinan656565.xyz tkasia.xyz hmei7.xyz chirina.xyz mpogalaxyok.xyz mars6841.xyz mafiaa.xyz hasan1819.xyz blogublongbefeprincile-bugletmejustubukopr.xyz hijautosca.xyz labartkava.xyz meatgogle.xyz selcuk1453.xyz sarpkoksal.xyz selmankos.xyz sevgin5634.xyz serif26.xyz semih4347.xyz mertalp.xyz musti611.xyz mertbetgiris.xyz mustafa2841.xyz holybet777hoki.xyz sinanbasturk.xyz heval21.xyz zdyvpn.xyz hdthdt.xyz mhmtclk.xyz haldoz.xyz miwx.xyz mcanq.xyz intyiyu.xyz mehmetbatman.xyz mega-win-cl.xyz mezarci45.xyz ismail1442.xyz bucasitesi16.xyz ilkersari5553.xyz mailunwwaanted.xyz skycarteknology.xyz serkan2655.xyz lookingforyou.xyz mustafa1658.xyz mudah-baper.xyz muzy48.xyz maitrodhotel71.xyz memocan2138.xyz yasko192535.xyz yd261.xyz lq-tdw.xyz skandal06.xyz yfbyfb.xyz chelchelyosss.xyz yavuzctn97.xyz phonescope.xyz zeyno143.xyz yd483.xyz mnuriakat.xyz zlayear.xyz lovengamk.xyz lussia92.xyz patenx-mpo2qqqu.xyz investoryx.xyz ireemm.xyz checker-purnpfun.xyz yd836.xyz mehmetbuhur09.xyz memo0753.xyz leonbets-casino-2usr6.xyz bynprof2754.xyz ceilocie.xyz serkan1636.xyz sado2691.xyz mexicanfighters.xyz hymn6793.xyz zynl2112.xyz linelineokok.xyz vales2701.xyz zhexiaomei.xyz mutlu16.xyz micozgiris.xyz itsaudrey.xyz mehmet3455.xyz lawuwu.xyz malibu522.xyz leon-casino-47ikz.xyz leventc62.xyz markius60.xyz prigfytuj.xyz premiumfiles.xyz plinkopurplede.xyz pegas85.xyz senangselaludiclickbet88.xyz mrv1992.xyz pagarpintubesar.xyz ibrhm35.xyz lababie.xyz pagescope.xyz yygzz05.xyz yelda58.xyz srkkann.xyz steadyrise.xyz yunus3472.xyz yd642.xyz panzehir07.xyz haklierd00.xyz mehmetosman.xyz ydbj41.xyz bjgsh.xyz yu99yu.xyz pools303-jalur-efektif.xyz yamka67.xyz zultranovix.xyz passanger.xyz leagueofftraders.xyz bilentur.xyz quietgrowthlane.xyz lanayaapk.xyz halil391.xyz partagoemailbreach.xyz hakancamci.xyz hakann26.xyz eyfel41.xyz hdsgf03.xyz hakcap06.xyz hamit10.xyz hwayawayl19.xyz berkantul.xyz marhgsdy.xyz yemre51.xyz bedirhantunc.xyz bonjoy192.xyz youngid.xyz yenal8187.xyz yd830.xyz mstafaaplt.xyz muhammet1681.xyz yetisbey.xyz baran7.xyz messi74.xyz japanslot88website.xyz isasavas.xyz pst77main.xyz bookofb.xyz battalbb.xyz baran1928.xyz babayaga07400.xyz grbzcna.xyz berketlg.xyz yozaza12.xyz zapsforfree.xyz berlian-aren.xyz merkurgame.xyz grovanta.xyz gadbestsm.xyz mmtdmryrk.xyz zyvorell.xyz eda123.xyz baro24.xyz inrtutyj.xyz guney1010.xyz instftej.xyz gokhanglchn.xyz berk1990.xyz loginnovus188.xyz hmz2017.xyz pgpg9h.xyz hcahca.xyz burhan3455.xyz julietgiris.xyz i6x.xyz bedihkurt.xyz osintitalia.xyz jexlan.xyz qisat7ob.xyz onrsbl61.xyz jwym.xyz genesis39.xyz longvest.xyz gocap123tro.xyz jaguar081.xyz ufuk1234.xyz gorkemkrks16.xyz ognucmaz.xyz eskisehirsitesi17.xyz bilaaal28.xyz 666e.xyz umut6.xyz betasus82.xyz okan241907.xyz yunusemre1241.xyz oajjju.xyz galley-masternav.xyz bozkurt5807.xyz eyey48.xyz ozhanbey.xyz erme17.xyz esodeniz.xyz batuhanaydn.xyz plinkovluefr.xyz poldi45.xyz lawhubai.xyz bjkibo.xyz enesyldz.xyz nm61.xyz isa6464.xyz glfdn58.xyz jawawinslot.xyz barkincaliskann.xyz jesusaa1.xyz lovister.xyz paulpogba6.xyz qadocofu.world brightreturns.xyz yd403.xyz bemol411.xyz ozanemrebilgic.xyz ufuk343434.xyz muratb355.xyz barancuma.xyz u-guru.xyz umt1260.xyz onderozkan.xyz yldz282828.xyz yrbyseber.xyz yasinclz.xyz moyangkita.xyz gmnlv.xyz ergn.xyz esma5858.xyz bluu16.xyz bisarkidaha.xyz plinkohe.xyz gvplayer.xyz birazcikspor20.xyz untungxera88.xyz openlisten.xyz nzfby.xyz eren6666.xyz gaddan45.xyz bytboyzserver.xyz yese02.xyz edny.xyz emin72.xyz 95122.xyz yolo247wf.xyz yd647.xyz bestnosvs.xyz yameapp.xyz

Malware Detected on Host

Count: 2805 86cb594e436989f13ae3dcaf6b761ffa1e7f47f5505a84fd33e6a51be1c82efb e771644c18b0d566705f08dc425021115532fa4f99c2d262e551f65447c9873f 020b2e2b6dfb04d44c708afc338d99a1dc8863b1ae35723f702f68505338d721 954fedec7d520a61eaf0d80ec74dbd2244223a3cb28de5032ef60ec35f33e9c7 2956b85bbb8482d78e96d1ad002c667986371a6600317a35004fa4fd32f84116 90f483f1f5a493a91660a7ebf5ec008604e5ef3184c13a39e5769b0a1167bc22 3b4f9aa58592becb485aa282b0c4b7459b6eb71fb1de924234ab9adf7a25dcf0 1e587fb7628fd16358219cbfd71310278dfe4ffe91bf1955e593fbdb94515b25 fa4146403c0131ab55798fae513b445d9149465054598bd91ccbf960aed3ef9d b2951b53c3587de020703bb0d43565cf582f526fff6515c1187d8561d3e563fb

Open Ports Detected

2052 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21