104.21.19.246 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.19.246 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 52/100

Host and Network Information

• Mitre ATT&CK IDs: T1023 - Shortcut Modification, T1031 - Modify Existing Service, T1040 - Network Sniffing, T1045 - Software Packing, T1060 - Registry Run Keys / Startup Folder, T1129 - Shared Modules, T1143 - Hidden Window, T1155 - AppleScript, T1399 - Modify Trusted Execution Environment, T1598 - Phishing for Information

• Tags: 2017cv030026suppressed, alerts, alloymedia, all scoreblue, as134548 dxtl, av detections, bank, ben l, brashears, brashears accepts, brashears prevails, brashears-tsara-claims-upheld, brashears-tsara-v-reimer-jeffrey, browse scan, case, case 2017cv030026suppressed, contact, cookies, copy, county, court cases, dangerous data collection, dashboard, date, default, district, dock, docket, domainpath name, douglas county, downloader, endpoints all, export graph, facebook, gameprofitshack, general full, get device, hash, historical ssl, hong kong, hsp boolean, hstcran, hsusertoken, ids detections, industries, ipv4, jeffrey scott, judge, korplug, kwan o, legal, legal case, leutwyler iii, litigation, loader, lung, main, malware, malware beacon, module load, money, name value, ns nxdomain, oribili boolean, p2p zeus, parked, parked uri, passive dns, popper, protocol h2, referrer, regbinary, reimer, reimer dismissal, reimer dpt, reimer-jeffrey-claim-dismissed, reimer-jeffrey-paid-tsara-brahears-settlement, reimer-jeffrey-v-brashears-tsara, reimer paid, related pulses, resource, reverse dns, robert r, sa victim, scan endpoints, search, security, security tls, september, service, settlement, shane, show, showing, smartdata, so false, state court docket, suspicious, t1129, theakkas, tips, trojan, tsara won, united, upatre, webstudio, write, x function, yara detections

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: nomura-jp-rgg.top yjao6.info betvip-p.com motechventfa.shop ggjudisuper.top simplyslam.com 525games.com arseno.website mpl99.link pcf-components.com rgekd.biz hejmielec.help vozolkit.shop octastylos.com tajikbook.com new88.asia tuoshuiyanbao.com gcrchxl.enkatu.love thebaobabnetworks.com stwshkajhakjhapi.com lpapav.enkatu.love sstbdgy.enkatu.love ptvvn.enkatu.love raga81.sbs qlwzxd.enkatu.love eunnara.com ecofarmafrica.com lyeqi.enkatu.love urologistpaintingviolinist.info friendsandfamilysurman.com salam88komi.site serverlogin.space 1973.digital www.josefinkarlsson.shop www.acygroup.com velocityids388.com filmmakinesi.ink fencerentalpittsfield.com coolshopp496.shop yb7119.com vyzivasrovnovahoua.info pzprs.xyz kodynext.com udrpinfo.com hauteprecisionfrch.com telegdbfr.beauty bevorai-claim.xyz 8aa-w.com queville.shop wolfden.site vipertogelu.cfd getaquaknightpressurewashing.com weddingcherishmoments.beauty brandcraftsocialhq.com eshraqah1.com cbddelivery.info flagman200.buzz 658gg.top omniful.cfd seguraabril.shop colonic-hydrocarbons.click olukdyz.cfd jackpotlucky.quest jaliyahyoung.shop fafavipidk.com dubaixtpolice.com quixylen.site rumbletop.com 744ee.top starblaze.icu pokervegas.quest cypruscualerts.org apptomorow.com kisiselbasarim.com bdtravelar.com easylottopick.com bluveraketamineclinic.com pixelwarrior891.shop patagonia-connection.com tristensmiddy.shop pacificventuresorganization.com clockcustoms.com halutoto88.com lenixos.ir snapnovagrid.xyz urlkisaltici.com thecustomeroutboundjedi.xyz jerryhughes.shop www2.epees.fr shemalekings.com jivivpn.online 7oel.cn mejahoki.day bets10-happy.vip hoh-admin-qqdewatoto.com paytolluysi.vip undefinedrealities.org hydrogenlosd.com eufallsfest2022.eu sitewebondemand.com qrmqw.com tg852.org iranrepo.com lwlfix.top 1hotpieceofglassh.shop vse-medspravki-4.org sbobetfun15.com 888b-game.top agen62b.space www.agen62b.space rrrehnx.xyz sheerup.shop ankeidc.net cuevano3.com ultimatepornhub.com vkxkgw.enkatu.love uujwdxg.enkatu.love ormczi.enkatu.love hawitie3.pro lions-europe-symposium.eu macantogela.com trysaltydonuttoday.com thetollroads-paytollof.xin 64a.org zbvaw.xyz magnaiptv.com id941242.com kedou558.cfd pay.primelabsupplementusa.com relizabe.asia shopstah.xyz pinterwait.click chungcutuhiepplaza.vn seek-egg-donor-clinics.today talentstreamcareers.com www.pestajackpot.live cuk77.today aequianboeotialiniest.com faxev.store thbet4.info velvetechgroup.com twljynfvqu.club severemigrainetreatment898591.icu icearenakings.com gigabit-fiber-internet-885820749.today e2betvipp.com status.skrn.workers.dev ufes.jp www.stubitcoin.com tarotbytoni.com 110.vg z888999.top yeticasinobonus.com csboss.cc thinning-hairstyles-nl-2778.today carimobilhebat.biz fuel-app.run preventionofnafld915154.icu smrtpays.com ploramix.com kompaklive.xyz kingdomace.sbs useintervals.com www.nappies.co.nz herbalismdistributor.com kangjagalnih7.click nld9eur9ser9.homes sink-haoup.hstars.workers.dev technectstore.com dukan-elec.com tksashop.com auth-businesscentral.com proxyforgemini.gfking.workers.dev www-stanley-burdaa-tekliff-24-gec.com missup-it.com precisionautopartsandsupply.com weightloss140653.icu yashunbio.com gdrwnkjaxuq.info proposals-lombard.finance bariiqksa.com zhenaihuangyan2.cn impactauthority.co spaylv.com gdcen.info search-used-trucks.today www.betonred-avis.fr betonred-avis.fr saqatirh.icu pestajackpot.live debserv.gay stubitcoin.com hentaivn.tube leon-casino80.top hailey-shop.com lzuuyd.info yxss06.xyz indoporn.live fufu4dglow.xyz soapshaver.com dabarufustore.buzz kierunku.shop devilleroyandboch.com chamadageralnews.com.br nsjsd97.live sqs2.com mybeautyshopping.com krpc.net www.pocketfare.com www.dutymanaged.nz dutymanaged.nz lattinlibkinlimbeck.blog znfgjgcvma.site kuebalado.guru tomsnota.dev winwin17club.com josefinkarlsson.shop but.us.kg www.100free.ph cakarnagaring.shop utlatande.fi whiteswansecurityhub.com mc-doc-1.org kamfpnoushr.info electric314.com seniorlivingsp9mygfe.today secondbloom.me shinneplas.com cdn.musicinsimple.ir sawsalvage.top omarun.ae seawitchimages.com.au nzfwg.enkatu.love www.usfurniturefactory.com t.8th.us.kg smpn1pagelaranmalang.sch.id www.23ba.cc chplays.asia frnchie.shop gentleleafwhisper.pro apple-servise.ru www.apple-servise.ru fbxproedx.com onlygram.pics omfamd.club the-humas-togels.click subscription.sky2016cn.workers.dev 24openaiproxy.gfking.workers.dev belgiumlornajanejogginghose.com www.club-tiamo.ch club-tiamo.ch camojeans.com www.camojeans.com legalgoalzz.xyz takeitfast.sbs dykeddinglydiseurs.sbs eightelmphoto.com kfgbl.link bit.takeitfast.sbs miniluxes.net somisstartlystauk.fun stein-zaphrentid.com lappageleanerslevon.sbs mayerw.com digitsnyt.org heattpumpbenefits.today modernearthbeat.shop pcc241019-18.icu wertyu.amir-gazal.workers.dev ys642.xyz asgko.sbs instanthugefreebiesfest.com www.servimudanzaszaragoza.com intdp.info fragfarmers-team.com misiamadrid.shop web3.ehzyil.xyz laopinionxyz.com.mx game-store.art mofumi.cloud resinfloorsit.today putejia8.pro bestaffordablecommercialgaragedoora644937.icu www.hostingtechniques.com hostingtechniques.com play-casino-core.xyz images.heterodoxacademy.org cfworker-base.gfking.workers.dev copywritingforgeeks.com www.midefensapenal.cl sexyfemale18pro8.shop www.giantholidaysafaris.com steep-mode-ee77.8441few.workers.dev parkingpoe.top managementcoursemanagementtrainingco279368.icu schaeferanwaltskanzlei.de albbscp.com ewtamusable.info tokyo-heritage-inheritance-906682907.today hmabe.link play-quantum-circuit.xyz jeuxfrancais.top farmatel.shop funeral-price-list-655153956.today cavalhero.shop yugserv3.ru huypulas19.xyz pragmatic777game.buzz blog.wasabiwallet.is www.mekika.com teamsshiring.com 31xx303.xyz mariarusticloaf.online www.mariarusticloaf.online flexicaja.com microfeed-media.herewithhno3.us.kg receita-fazenda-govbr.com www.174953-coinbase.com 174953-coinbase.com www.a2zcontactsapp.com wwwesbet218.com celtabetdemo.com initsrv.com doingly.ca quintanagalleries.shop sunxtest1.cfd hut4dadm.com magnus-pro.shop ludo-game-2012.com a.popbit.net usfurniturefactory.com optimalketo.net betflikracha.net senseipublishing.com cazinor7-ww.buzz skindesign-frankfurt.de 888b.africa logindewa66.autos games.tantentin.com docs.loaf-scripts.com newadmin.tantentin.com admin.tantentin.com email.sakthidbtechnology.com tantentin.com sakthidbtechnology.com.sakthidbtechnology.com bestact.info www.24hourlocksmithyonkersny.com marcel-sigl.dev www.cubichecouture.com marketing-und-vertrieb-international.com gzxstgjg.com agriculturalfertilizersmaddock.com jebol.site tpoas.cfd fastcurrencycoin.com www.maocroner.com worker-young-paper-19f2.younglok.workers.dev broadcomchip.net bearthreads.co.uk www.vacationsofafrica.com blog.vacationsofafrica.com indiaheraldin.com hbcu.space vip.tantentin.com konvelocampaign.com vless.dmncyzxi.workers.dev godaviator.com todo.190430221.workers.dev ftp.24hourlocksmithyonkersny.com 24hourlocksmithyonkersny.com pop.24hourlocksmithyonkersny.com pttgovlc.top nlolkcfqstw.com rough-moon-61c1.5kji4.workers.dev populardatingsites.xyz wethinkapex.com streamonsportclick.us electrician-services-us-da-os.today alternatifgdsgacor.ink mar-mp.xyz cerberuscheat.xyz postaus.xyz wordbnn.amir-gazal.workers.dev ooidaonlineeducation.com theylovewar.com claycharteracademy.com cubichecouture.com pocketfare.com oreohair.com gogettergrub.com unilandcapital.com giacmothantai.com phillippassinjurylawyersgroup.com inventivelink.click hello-world-winter-resonance-0cef.jiabo0968.workers.dev medicine-degree-us-51-bh.today chipblo.com cenotesdehomun.com timberlend.shop sidyba.top pattersontvmountingservice.us dj881.com tj.110.vg www.binevip.com kalendraigptapp8509.online j200mhits.today binevip.com giantholidaysafaris.com nodscoin.com bets46.pro bo-lima-lima.xyz kafetiera.today turkuazboutique.com sunsunnews.com avatars.marcel-sigl.dev surefirewebhost.com labixiang.com subpar.sky2016cn.workers.dev workspace117780.icu www.toko6688.xyz 99re417.top adnll.com azvtmylt.enkatu.love bgyibxxo.enkatu.love ejjn.enkatu.love degf.enkatu.love dfyar.enkatu.love gruitodwe.top smart-tvs-lookup.today cosmiccarousel.pro kjpk.enkatu.love jjrylyri.enkatu.love xxklat.enkatu.love alpp.enkatu.love hmlwwgez.enkatu.love ssoab.enkatu.love rvya.enkatu.love tyjywtxa.enkatu.love aoobpn.enkatu.love utxu.enkatu.love ssiukc.enkatu.love fuwkzyxz.shop luminokinz.com psp-m5.biz wwwsuperbahis631.com www.juliennehappi.shop juliennehappi.shop ucantouch991.top pink-balls-blue.site spplffj.top mx-manufacturing-automation-glob-112.today glomerins-n.buzz mobile-game-testing-jobs-11.today guestline.digital universalmusic.club capitalcity.credit cleardeskplatformhq.com rtp-pisang123.lol https-briansclubs.com enkatu.love umbrellahavens.shop cu5869.com bets10turkeyblog.online delta805.online smokinroseoftexas.com nizaome.com fsourf.icu hulcote.com water-coin.site elevador-de-escada.today cafeteriaatodavela.com toptieressentials.shop clubsportsplay.com wforceintro.com aaamir.amir-gazal.workers.dev bandarbetvipwin.site docs.wasabiwallet.is www.wedeslotini.mom aibing.jiabo0968.workers.dev xn–82cx5cyg.xn–12co0c3b4eva.xn–o3cw4h airconditioningservices-us-26.today rivertownes.org latexparse.jellow.work dreamsitegurus.com winufey6.sbs prekybamediena.eu www.yieldcrest.online sexdepqua.net www.carnivalsoccer.com tusole.skin mumcj.top ncjsxy.net.cn fun88hay84.com www.fwu.cc fwu.cc cofferica.com dockerhub.hstars.workers.dev delunaslot6.co gampangcair.online valosen.fun

Malware Detected on Host

Count: 3 e62f7b899531e33ff5a52a8d041d966462ce8af153c7d0823f090b4c62709f16 65021bd921fadc10692d8f8724077867d2aa3638a9aa593fd0ba24f5df152f2f 0399d145282736f86088186283d8037cc77fa5bb32c1fb9baea1eec0706bf9ee

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21