104.21.12.7 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.12.7 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059.007 - JavaScript, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1218 - Signed Binary Proxy Execution, TA0011 - Command and Control

• Tags: alexa, Alexa SANS Internet Storm Center, alexa top, anonymizer, apple, attack, av detection, bank, banker, Bank of America Corporation Malware Download, blacklist, cisco umbrella, class, click, cobalt strike, communicating, contacted, contacted urls, control server, core, crack, critical, CVE-2017-11882, date, default browser, detection list, dnspionage, download, downloader, dropped, Embarcadero Delphi, emotet, execution, exploit, facebook, fakealert, FireHol, firehol proxy, general, generic, guest system, hacktool, heur, hybrid, icmp, installcore, installer, ip address, ip summary, keylogger, laplasclipper, malicious site, maltiverse, malware, malware site, markmonitor, MCI Verizon Block, metro, million, monitoring, name server, NaN, netsky, noname057, opencandy, parent parent, Pexee, phishing, phishing site, presenoker, proxy, Proxy, ramnit, redline stealer, referrer, relic, resolutions, safe site, sample, samples, september, service, site, ssl certificate, stealer, steam, strings, summary, team, threat report, trojanspy, union, united, unknown, unsafe, url summary, whois record, whois whois, windir

• View other sources: Spamhaus VirusTotal

• Country:
• Network: AS13335 cloudflare
• Noticed: 1 times
• Protcols Attacked: SSH
• Countries Attacked: Canada, United States of America
• Passive DNS Results: kitchen-renovation-ipt-ukj-01.today study-australia-with-scholarship.today mypreeminent.com bty1015.com hat-onsalestore.com fieldstofeasts.com www.3apetshop.com www.warmideal.us www.qualityhealthg.com markjamesphoto.com qualityhealthg.com m.365nhanh.com gghsahdi.com barbershopmezzacapo.altervista.org.cdn.cloudflare.net swift-media.net 3apetshop.com regseeline.lol trgoals459.xyz www.themezodermacream.com warmideal.us evooteam.com he0022.zz7333333.workers.dev gisi.top originalcasinoy1.xyz momyvideo.site aliengirl.club berkat.click rwc2wm.buzz maskvpn.vip themerchanttiler.co.za orladeyosupportprogram.com brigadeirodelicia.com www.theotctool.com theotctool.com travelkido.com iimvvic.xyz www.chatgptpets.com ftvalue.shop havffp.com xn–4oq11rc0ny30b.shop themezodermacream.com ballarr271.tk fishinglinegear.com ohokbd.one flyer-7.com daddychoke.me calmgolfpro.com nagarchasmaghar.co.in pariindaplaycasss3-app.com fasternet.org 7usc7.com highaliens.com avcatsoda.buzz lpaalqrxnydqh.com dresden-dollsde.lol rapidroofs.pro pusatmenang99.info trustai.fun www.drscotthume.com auctions-culdesac.click helle.franfoto.com theav70.com fine-accessory.com minifootballshop.com drscotthume.com keefersands.com turreart.shop eedui.cn newsexyadultcostume.com digital-bullion.com gkirito.com hroilhasoarlembrancasa.shop www.liberstore.cl megasaverparadise.shop carcleaningspray.today bvr75r.com leisureemulate.top tlsktlsltstklnm.net emailpartnersrecruteurs.com rvc-free-roof-replacement-uk-d.today www.trendytrouserssales.com trendytrouserssales.com 247onlinenews.com taherabdelhameed.com aio-hat.com nogomi.ru downsubsretigenis.tk repository.aio-hat.com crataludeavchitgu.gq yjs014.top www.gkirito.com graybet.net seiderbedenreemp.gq 91x814.xyz rkdelivery.com mastergeniuss.site dancehalljamz.com faded-steam.club butterflyschmink.shop 99weixiao.com teglanoterp.tk servitein.nl www.servitein.nl mdwaraxe.gq izmircasinoadres.org bizsizisi.net www.glasgowheatpumps.co.uk grade1learning.com terkidocomsa.tk tiny-mode-615f.ualvrdoptb5337.workers.dev schedule.magicalcat.xyz odjacchahosanti.ml teladi.cf vpower33.com voteus-up.site watchcartoons.xyz keptphotography.com xbgovz.xyz classifiedads.nl ethanswright.icu eac8a53f.2bcb4c7692c67c77fe1fd7ad.workers.dev www.amppcommq.info amppcommq.info givemeringtone.com livescore.inagaming323.com stats.inagaming323.com gjiro.uk qwoii.net tgdnxx.com zjxspvtziy.com legal-shade.store wolmboex.tech peskado.pl toopmoosttrrusst.biz kesterprint.com opposedtwin.net v42bhp.cyou blog.madridhifi.com end000.xyz upinformatics.quest heavenlymedia.icu folkodds.com nog.nogomi.ru 1.dimd-two.buzz lfl-apsny.ru ebayf.org freenode.ashkan-habibnejad.workers.dev doubleli.top frosty-rain-ca6a.ramin1-divar-ir1791.workers.dev netlb.ramin1-divar-ir1791.workers.dev 999171.vip 4s.wtf apsunlocks.com articleasia.shop hiring-remote-now.life oeqfutzezg641187fc3c556.verot.ru betvn68.com dxtzz1rhjc6420ae401b001.verot.ru jmzuhz04q6642247f57db4d.verot.ru madridhifi.com xewsvnye.com rough-hat-4d5f.osevixyvyd4323.workers.dev www.lngcash.com sv24.online guncelgiris48579.site allbee.com.tr www.allbee.com.tr packsxxx.lol liberstore.cl square-fog-53a1.imfing.workers.dev salmonadvantage.com rainicadlurest.tk cloudrafay.com souism.co blue-wave-0e76.shaun-antony8924.workers.dev 786994olakino.com newvitalhealthproducts.com tod69.life www.classeat.com classeat.com csinvestmaza.com floleyd.xyz fogofortuna.online win.nbeeh.io shengshen.online walkcustoms.world lifecaution.com kv.sithu-greentech.workers.dev vercel-gpt.gkirito.com laked.pl initialyze.com finte.com.br lngcash.com file.ruangizin.id www.9null.me adeebhub.tk parliertowing.us sol-casino-keds.top www.sknerus24.com.pl autumn-bird-4c57.imfing.workers.dev proud-silence-39f3.imfing.workers.dev lisuserarroilau.gq eppheroun.ga quadri.fr ih059v.cyou e7lrr4.buzz anhsami.cfd kingdomofgleannabhann.org www.look-fantastic.cfd look-fantastic.cfd millane.com.br speckace.com glasgowheatpumps.co.uk kly1bns.fun marketingmaisveloz.com.br cybesport.com vistars2dfashion.com growthcurrency.co topcasino888.com divine-meadow-12a8.sardari74saleh.workers.dev onestoryaway.net yuf84ewgfv.management member.ruangizin.id cdccargas.com.br pleasex05.buzz angelicadate.com app.sealcareers.com www.witsawa444.xyz giyhdh.ru.com hanzasmart.com theplantjournal.org sealcareers.com evoprototype.space 5.dimd-two.buzz 6.dimd-two.buzz apilbzy7.com www.easypress.shop www.rickihastings.com toads-mdvmmm.xyz file.mkazuki.com www.hqluxs.top hqluxs.top catpaid.com niorthosurgeons.com lesspasita.ml oemmcjb.tokyo chatgptpets.com sparkling-field-d113.lyu63651.workers.dev b810groupit.com topnewme.icu variouscd.com eukb.info ace33.xyz hoirtu.com welfree.studio opeosea.io h.20211021.xyz magnetcontents.net www.laventelibre.com vspyhivanie.yachts hs781kd.top chillismenus.com indirimlercenneti.com.tr humuxie.fun kalendaroneninefive.com dimd-two.buzz 3.dimd-two.buzz 2.dimd-two.buzz conslectbiglaresi.ml luchuan88.com purso-escort-israily.cf www.shibailabs.network shibailabs.network tembsoremanmi.gq zumtawesthand.tk nouschoucorntetic.ml paysafecheckin.com gopsdtsd.ga admin.paysafecheckin.com cool-wave-5cab.sithu-greentech.workers.dev mainwebsite.adeebhub.tk docs.adeebhub.tk boafree.life groupe-orca.com www.dionkeon.shop www.e7tiagatak.com fler-cazino.pro thebromomarathon.com r.2dxyh4.cyou www.kimzimmerlaw.com.cdn.cloudflare.net nora32giris.xyz vamosoriente.us www.test.alpha-solutions.in test.alpha-solutions.in psn.group www.werkmania.hu bymyside.app pivo-offer.com download.milkteacat.gq binance1688.com stopscam.space www.peakstoneglobal.com peakstoneglobal.com alpiiean.com brunatsibhealthbe.tk www.9hz3.top firmdexyrenn.tk trainlookup.quasarhusky.uk familist.com tjyg.info iexplainers.com tetertivasong.tk alanwarpress.com kmdhk.ru www.23902280.xyz mation.gq terrasse.cyou lcaribbeanpresscenter.com contiefredcent.gq brillenarena.de www.justinforce.info kpqdng.cyou witdiamulseepe.ga wkup.us av1234567890.info chancejeramiebe.cyou jocoret.tk witsawa444.xyz vexplore.net 23902280.xyz retesua.tk eslahora.com passupppergenes.cf flutzanacatholo.cf heals-awearawf.shop farby-proszkowe.com juncwebtece.ga easypress.shop bondic-mrandmrsfixit.com elacprot.tk nikkhilsharma.tk mdmedicine.net gdub.vip robuxo.cf inspiredphotos.gr ticket-machines.co.uk www.retenshy.com subdimehnyro.ga ez-360.com jquerycache.live test.oymed.edu.do dgnet.tech bigessays.com ligx4z.buzz joon-nnt-ok-kn-3672.tk aged-glade-fed3.kesakap754.workers.dev dqappdev.dfnest.com dqdaisydev.dfnest.com redirect.sithu-greentech.workers.dev gravecountyjail.net salon.salonify.gr long-sun-3129.sithu-greentech.workers.dev solitary-mud-ccf1.sithu-greentech.workers.dev curly-snowflake-3c53.sithu-greentech.workers.dev www.fc-mostovik.ru retenshy.com yhsegcvdfbyhxacxfcfzvcgdcd.cyou it9g6d.buzz notes.quasarhusky.uk verify.daon.xyz hhknkl.com gafpreps.ru k2qp1r.buzz a2wjw.buzz starolaralledge.cf sjyyvj.com vulca.co ataraxiawellness.in hungvestsabmitotear.gq tgcfvutms.info bastudio.tk ketoreguny.ru.com shy-lake-1cc6.sithu-greentech.workers.dev daon.xyz gamehub23.ga fraeio.com.au duoxuexiao.com phosfepounquidermeee.gq fc-mostovik.ru sjalfbaertisland.is system-official.click kuzbass-deti.ru l3yck.store niksogis.tk dtamprojectselfassesment.eu www.xn--fucaleitos-y9a.com nutun.co.za s.parfana.net w.parfana.net njfanyu.cn roweh.fit www.sahaihelpline.org sahaihelpline.org fanshionby.shop xn–p5t725cqsa.com czoxzcek.cf argosor15.cf 51gaokk.com kj7s.shop subscomppreseg.ga meta-solana.net gdstxin.com worldofcycles.co.uk tienda.franfoto.com xn–izmirimkarttlykle-g3b.net enrichlife.club painclusionconference.com www.canonguide.com teaftsubslutol.tk namjaidham.com moatasem.cf insell24.quest laventelibre.com tarotangelparveen.in tutunsatinal19.com theresourcesdepot.com litarocuzep.cf shoppassion.co.uk greatgate.sa.com barssipudis.ga ofaow.lol relindinner.bar almaherperfumes.com petgobbles2.alpha-solutions.in yjffaumn.quest wrigonkarheds.ml ipict.lk o24dycge.cfd vco4dmm.us lp.activateyourcollagen.com saglase.tk lipulni.tk problem.jptip.info ha.cloudbutt.net portfoliobots.management esocilour.cf 7777520.net skedcomthe.ga civilexaminationsacademy.com sicatinhomullawn.cf digihimachal.com sonicelec.com wispy-thunder-cc17.ayangyyds.workers.dev qfg7.shop metaspace.tech predawn.digital funcfoundnoret.tk wordprotlutmortsubspa.gq simmax.xyz bogosemi-az.com cncnlush.buzz regsembkomptic.cf alralroll.tk analytics-garden.io imherterptingmantpe.cf jalanhoki.net mausellgeranu.tk blasesun.tk bmx4d.info metaplay.ai rosminsmebamatdu.tk lygdiascalruwork.tk liamadacapqui.tk rechibigilot.tk rumbbacranoncomsto.ml lonver.click salesweatshirt.com jogakerepkleanews.tk kerenzaz.shop www.433brasfoot.com www.bamminproductions.com www.mkazuki.com mkazuki.com activecode.turoisherego.xyz turoisherego.xyz dropsofgod.com nettime.site vatocmeusirad.ml tisbsucksaqmisspa.tk nbywoncencialei.tk thirdtuconfpermant.tk alfusep.gq tlinalpulnori.cf toxmod.xyz bud-invest.info surveillanceaesthetic.cn bitcoinsociety.net datingatho.me app.mkazuki.com linyfeli.gq

Open Ports Detected

2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN