104.21.16.1 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.16.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1055 - Process Injection, T1057 - Process Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1204 - User Execution, T1480 - Execution Guardrails, T1489 - Service Stop, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1530 - Data from Cloud Storage Object, T1553 - Subvert Trust Controls, T1560 - Archive Collected Data, T1566 - Phishing, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information

• Tags: aaaa, aaaaa, accept, access ta0006, adobe help, adversaries, algorithm, alienvault, analysis no, analysis ob0001, analysis ob0002, anti, apis, ascii text, associated urls, attack, auto-generated security, av detection, azure tls, base64uidenc, bbox, black, body, borland delphi, c2, catalog tree, ca valid, certum code, ciebie, cjutxg, ck id, ck matrix, class, click, close, cname, cnmicrosoft ecc, cobalt strike, code signing, command, community score, control ob0004, control ta0011, copy md5, copy sha1, copy sha256, core, country name, created, creation date, crlf, crypto, cus olet, cus subject, d4 portable, data, datacrashpad, data oc0004, date, defense evasion, delphi, delphi generic, dns resolutions, domain, domain abuse, domain scam, dos borland, dynadot, dynadot inc, dynadot llc, e5 e5, edge, eid1338769034, eid4828312, email address, encodedpixel, encrypt cnr10, entries, error, error https, evasion defense, evasion ob0006, evasion ta0005, exchange meta, executable, extgstate, extra window, falcon sandbox, false, february, file system, file type, flag, format, found, from, g2 issuer, g2 valid, g4 issuer, gandi sas, gecko, general, generic windos, get http, get https, gmt ifnonematch, google, google tag, google update, green, gtmkvjvztk, gtmkvjvztk dl, hellokitty, Hookbot, html, html document, html internet, https dane, hybrid, icmp, ico mainicon, icons library, iframe tags, imi i, impact ta0040, informacje, informative, initial access, intel, internal name, ip address, ip traffic, issuer certum, issuing ca, ja3s, javascript, jelenia gra, jeli masz, june, kb file, keepalive, key algorithm, key info, khtml, learn, levelblue, lf triid, linker, llc name, local, logo analysis, look, ltcgc, Lumma, magia dokument, magic html, malicious, malware, march, memory, memory oc0002, mime, mitre att, ms visual, ms windows, mutexes nothing, name server, name tactics, netherlands, network related, nie po, nie wczeniej, nothing, null, number, ob0001, ob0002 defense, ob0007 impact, ob0012 file, oc0001 process, oc0003 data, oc0006, oc0008, odcisk palca, oid2, omicrosoft c, open threat, os2 executable, overlay, overview dns, path, pattern match, pe32, pe32 compiler, pe64 compiler, Phishing, port, possible, post http, post https, present jun, present may, privacy, privacy create, privacy update, process, process oc0003, productname, proxy, ransomware, rats, redacted for, refresh, registrant fax, request, requests domain, resolved ips, resource, response, restart, ri falsek, rlength, rsa public, rstunf, scan analysis, score, score clean, script tags, search, serial number, server, server ca, setup, sha1, sha256, show, show technique, signer, signing ca, size426kib type, size45b type, span, spawns, ssdeep, stamping, status, stream, strings, stwa lredmond, subid, subject public, submission, submitted, subtypeform, suspicious, sweden, symantec time, system oc0001, system oc0008, t1114, ta0004 defense, ta0008 command, ta0009 command, tad436770, tags twitter, telewizja dami, threat score, thumbprint, thumbprint md5, time stamping, tls sni, tools, trust, trusted network, typ pliku, unicode, unicode text, united, update secure, upgrade, url data, url https, url scan, usage ff, usa o, utf8, utf8 text, v3 numer, v3 serial, validity, verify, version, vhash, viewer file, vis1, we1 wano, whasz, win16 ne, win32 exe, win64, window, window memory, windows nt, xmpg, xobject, z bardzo, zdarzenia, z dnia, zgodnie z

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts

• Country:
• Network:
• Noticed: 16 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: China, Japan
• Passive DNS Results: xpov.us zagu.us qpty.us rajamacau.us xrps.us sg777.us tom-fords.us uiem.us sailensbrand.us millspaugh.us rmradventure.us quantum-ai-trade.us igaustralia.us pantamolle.us moontv.us mahjong500.us moda-mania.us ieefranciscoirazola.us km-products.us localisations-fr.us qriu.us flooringmasters.us elsaraperestaurant.us gogamer.us chinaav.us boostron-co.us automatepros.us bobbypgolf.us 12jepangbet.us achatdirect.us emang-enak-diatas-gini.pages.dev shellebrating-nathaned.pages.dev amankan-toto.pages.dev xocity.xyz arthor.xyz xbsrr.xyz applynetic.xyz aptorobos.xyz antalyasitesi13.xyz cikofb1907.xyz darkman3434.xyz c288b1777.xyz alper1966.xyz alper72.xyz xun87crp.xyz serenaly.yoga ayaduy.xyz xbskhgk.xyz codeandflow.yoga airdrop-fragmetric.xyz chernobil.zone xle2yzkzz2of.xyz arapmustafa.xyz worldlbertyfinancial.xyz alvinter739xtpx.xyz aicryptocore.xyz ataalpyldrm.xyz aliye42.xyz anathematik.xyz brainstormasana.yoga tahax2121.xyz mulia77a.yachts seguzhixue.xyz alperenyilmazzz.xyz ardaa23.xyz teiegran-web.xyz turgay5455.xyz tgy25100.xyz amoikeju.xyz windowe.xyz astravohub.xyz aasd123.xyz starbucks67.xyz txnxx.xyz trigix.xyz try2ddos.xyz tata41.xyz wmart7652.xyz takoso.xyz durandream.xyz tercal12.xyz wira99co.xyz telsgran.xyz tilbekara0706.xyz dogangiris.xyz airpurifierforcigarettesmoke.xyz constantine10.xyz destanamed.xyz dj468935.xyz dersim6233.xyz cayismail.xyz alphacrop.xyz cem323232.xyz cuanxyzen.xyz tahin4108.xyz anantv.xyz dappavailotp.xyz dilekyardimci04.xyz devnesia.xyz topal061.xyz tutdod.xyz apo35.xyz chumtdre.xyz volki9503.xyz alihaydarkocc8.xyz ciguxyzn.xyz volkanbahtiyaaar.xyz albayherdaim.xyz civcivx.xyz web3lumao.xyz cikan34634.xyz alfkd.xyz cenkdrm1912.xyz ahmedzeyden.xyz xwb34w1quwky.xyz shophealth.xyz arbaporch.xyz cnyt919191.xyz alishn6123.xyz play-superace.yachts alican0672.xyz ali017301.xyz testmailtest.xyz vale01.xyz alaattin42.xyz terkir55.xyz alperencakici38.xyz tarjetaoh.xyz cov19.xyz ayibinyollarikayip.xyz davut7676.xyz chatsul.xyz tunyy3467.xyz arslan22.xyz alihamoo1999.xyz tornadoxh.xyz ahmetgzr.xyz cmuzzleatp.xyz cerqan.xyz cmd-stream.xyz alucral.xyz claimfreesol.xyz anafor46.xyz conhguro.xyz servet1335.xyz vaytieod.xyz tkrfer.xyz w5kn73ed.xyz abyssalimpact.xyz doorfor1.xyz alaaddinygli.xyz tecrube54.xyz alitaha.xyz delikaptanhilal.xyz ahmetbetcio.xyz concretorapidoefacilja.xyz do99y.xyz cenbet.xyz dontalk.xyz celestialhighway.xyz aveyla.xyz arif1212.xyz cetzw.xyz c7myqf9l.xyz asec-pro.xyz can472.xyz vtkac109.xyz spxud137.xyz valorantgifts.xyz veysel2131.xyz ardaali.xyz vezir5516.xyz vipcemara.xyz aslan4303.xyz devamkasim.xyz cihanberay35.xyz veysooksk.xyz acesspage.xyz vbsgdcyhs.xyz ceessii.xyz ada3444.xyz akilli73.xyz toeiisk.xyz turhanaksoy.xyz cash60.xyz suleyman211903.xyz cakmak1616.xyz voyagelaugh.xyz travail38.xyz turgay70.xyz tmac3331.xyz theluna.xyz ademkoyunc.xyz sevbeni.xyz timviec.xyz acetujuhtujuh.xyz tsqolik61.xyz dffdjhk.xyz muhammetagiris.xyz serdar1287.xyz multichaintool.xyz cybermine.xyz chromacheats.xyz cyhndnz.xyz cankan75.xyz cagan25.xyz veyso07.xyz canerdemirc.xyz vehbi4242.xyz tornado34.xyz soylu.xyz vyslcn.xyz soner88.xyz suhaaa.xyz trivabetjuara.xyz solar-track.xyz srplipsk.xyz sewkii.xyz tonya6128.xyz serversupergacor.xyz tamer613461.xyz supremehaki.xyz sezer3444.xyz tayf1.xyz diq123369s.xyz sonxyzgan.xyz trynomi.xyz threesixdice.xyz dogu3516.xyz serkan06985707.xyz chemert.xyz taha0210.xyz denagsuiyuh.xyz denizsc7.xyz correoarr.xyz complexo.xyz coskun5506.xyz seyithan19.xyz dlecan47.xyz catdog198767.xyz serseri93.xyz chekan.xyz caiendar-redirect.xyz cableland.xyz cnbz6767.xyz tumer22.xyz sezercik1651.xyz simaytt.xyz serser1.xyz trkz003.xyz capital-top-dealfunds.xyz thexcompanion.xyz simsim992.xyz taladro123.xyz ademkrts.xyz tufan3404.xyz tberber41.xyz dnzdk.xyz dodobaba6141.xyz devletdevlet.xyz cantok01.xyz serdarelban09.xyz serkan3675.xyz serdar291.xyz celik27.xyz van16.xyz vulcan-role.xyz serdarsvk17.xyz viralbet88quasar.xyz ssp748.xyz suleymanelmez.xyz sinemcee.xyz moamall.xyz shopforhealth.xyz sinan2431.xyz slot90bagus.xyz scorrpion.xyz serkoo10.xyz harun5151.xyz sek0159.xyz sabri11.xyz sezerert.xyz mucahid67.xyz serko78.xyz memetx12.xyz minikimx.xyz mrtkmr17.xyz macurlu.xyz hasanucn4.xyz mami211.xyz hasan152.xyz mekansiz75.xyz melikeco27.xyz halil1978.xyz hddmm31.xyz sertansk.xyz hulagirllamps.xyz marka57.xyz miravionna.xyz hayrialp.xyz hasanzeyt.xyz monticello-online.xyz hasancik1651.xyz merviz46.xyz hami55555.xyz lfx92vth.xyz zibidi1233.xyz huseyinnalc.xyz leon-zerkalo-ay2ev.xyz hsyngny.xyz sakal4141.xyz lucky-je1.xyz hami008.xyz hasan5356.xyz mertsemih.xyz murattoprak0147.xyz myeka99.xyz mustafafb06.xyz milyonlukbebek.xyz myhomelab03.xyz ysf66.xyz miustore.xyz miami10.xyz hexapulse.xyz hsyndgn2733.xyz mermerkral.xyz hasanege2023.xyz hamza010.xyz mito34.xyz hulyaaraz.xyz momoli1.xyz myindusface.xyz muhammetkayacan.xyz mahmutcelikk3735.xyz haticeatik.xyz homeofficeltd.xyz invprog.xyz halilll.xyz muratdas0707.xyz sektor99.xyz hsyn-ozgn.xyz senanurbrs.xyz medas34.xyz lishuaihang666.xyz hakancollak1.xyz yasincancelik.xyz paddress.xyz projet-suisse.xyz yunnu58.xyz izlman24.xyz pisanggorengslot123.xyz istanbulsitesi41.xyz sahin2525.xyz immortal23.xyz hayri2727.xyz mertturann.xyz hamza298.xyz mustafabektas.xyz sbikcdusy.xyz linwnas.xyz pelin0000.xyz mrtakdmr1903.xyz mehmet2222.xyz sambalterasislot123.xyz muh5mm3t.xyz polanang.xyz senad16.xyz indusfacehubs.xyz ysnbrbr370837.xyz masikeuhsad15.xyz baron060.xyz ysav834.xyz polyfear08.xyz backexc.xyz o2wzjwngonjv.xyz ysav823.xyz gulbenege23.xyz bediratiniz1.xyz pavyonsahibi.xyz halilbstn.xyz masikeuhsad7.xyz plinkowa.xyz yamactezcan.xyz saykogiris.xyz icelala.xyz hasan22.xyz osmaniye80.xyz yezidh.xyz mustafa1766.xyz huseyin2834.xyz halil123.xyz berkan1043.xyz samgiris.xyz samiisert.xyz iknberkilau.xyz perkedelslot123.xyz masikeuhsad19.xyz berat2961.xyz edaaa94.xyz blogmachine.xyz hsn1905.xyz murathan42.xyz munzur62.xyz y5eqszvyh8dz.xyz sametbuyuksahin71.xyz onurakbas.xyz yasin2909.xyz sedanurkya.xyz 100btc-ua.xyz zabada.xyz haticekrmtc.xyz zerkalo-leonbets-xe01h.xyz yweq30lx.xyz humanityprotocols.xyz muratiskender.xyz burhanesila.xyz motionlink.xyz beerk10.xyz mahsun2716.xyz melihadymn.xyz masikeuhsad16.xyz birkul23.xyz 3b2osn0rdevv.xyz gkhan4889.xyz genting138cosmic.xyz magnushome.xyz mostbet-wip5.xyz ibrahim75.xyz metyan.xyz b97xulom.xyz humantiy.xyz hllibrzn3.xyz herkimbo6123.xyz seckinmedya.xyz mascarano11.xyz yusuflotus.xyz metehank93.xyz sbn67.xyz barundi.xyz hakan2727.xyz mp77cstvip.xyz enisturgut.xyz bersah42.xyz pbattle.xyz zv58rwnc.xyz jinbet4d.xyz zce9p8kz1lhi.xyz ygtcnylmz.xyz hsnabtml.xyz oflu1961.xyz jackpot001.xyz huaxin23.xyz ysnnerkis.xyz barlas0211.xyz hgny8.xyz masikeuhsad10.xyz salo1986.xyz eskup.xyz ozgenur1.xyz zfujfmng54.xyz lahomeoffice.xyz leon-casino-tema3.xyz jancker007.xyz ozklc.xyz uyurgezer1818.xyz japon54.xyz yunee2.xyz leito1223.xyz onurkya25.xyz omerfsevinc1.xyz otmaxx688ok.xyz incandescent10.xyz efes5498.xyz babangida86.xyz ytyayf071.xyz baycann.xyz pnrb.xyz injegfheo.xyz interestingstory.xyz indusfacenow.xyz burhan0909.xyz yxmcpguf.xyz metederli.xyz emdel61.xyz ikos35.xyz gbk040911.xyz enginkaran34.xyz yek01.xyz ersibel.xyz zduymaz46.xyz gpox.xyz mhmtzkngk.xyz mertcan76.xyz mimi01.xyz b2j7cnwp.xyz metesrdr53.xyz mklt.xyz matlight-milano.xyz mkmehmet.xyz ibrahim190325.xyz

Malware Detected on Host

Count: 3123 8fb207e67c4ccc3a94301a4af2f72d7b94c4d345bd9b0466e72b42e6e779840b b7b7c3fde8ef58348639d7b04a56f992cb25af4bad65a04523dbe2ae311148c8 fedd7aedc1e6f29b4fc4dc9c8a34a7df56288c83d9a97dca7c17d0df8fb2ae60 fe0160b09a2b3aeadca14bc1ff9ee929a497faa935c2875e32c0e0e0d708690c 4fd170260013846dc7c337f6de1d26287e90c8708e2770e567dbc8d874588dc1 442193f7e1110c84fc6d779811d6f46cace326740a6bccb9cfa46d704a489fd8 530e32c3a21000578167fb1dcd19d5ffcac639de83c7a533c2b193484d6fd7ef 9839058073231fdb8d148a225bd47935289bf19c00c4e059b9c6dcb5a6ca534f 56dd5e30024791d0240babaf7110454704ecaa0936bdde1c7a3e626b89a6c7cb 1a57cec622ce579509f7b264c2a6f61246e9d0f3df4a47958da2f7b6a8593634

Open Ports Detected

2052 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21 anonymous-proxy-ip-list-2025-06-23 ****** anonymous-proxy-ip-list-2025-06-22 ******