104.21.21.161 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.21.161 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 53/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1055 - Process Injection, T1059.007 - JavaScript, T1068 - Exploitation for Privilege Escalation, T1071.004 - DNS, T1071 - Application Layer Protocol, T1098 - Account Manipulation, T1105 - Ingress Tool Transfer, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1158 - Hidden Files and Directories, T1439 - Eavesdrop on Insecure Network Communication, T1547.006 - Kernel Modules and Extensions, T1566 - Phishing, T1598 - Phishing for Information, TA0011 - Command and Control

• Tags: aaaa, acceptencoding, address, alienvault, all octoseek, analyze, apache, artro, as131316 slnet, as133618, as14061, as22612, as2635, as397240, as44273 host, as45638, as47846, asnone united, aurora, avast avg, body, body length, bq apr, bypass, canada unknown, cape, checkin, click, cname, colorado, contacted, contacted urls, cookie, copy, creation date, cryp, date, date hash, design meta, design og, design trackers, dnssec, domain, dynamicloader, emails, encrypt, entries, execution, expiration date, files, files matching, final url, formbook, formbook cnc, for privacy, germany unknown, hackers utilize, hallrender, hide samples, high, historical ssl, hit, hostname, hostnames, html info, http response, injection, intel, iocs, ip address, ipv4, kb body, keepalive, lowfi, malicious, malware, man, march, markus, m brian sabey, mccormick, medium, men, meta, metro, monitoring, moved, ms defender, msdefender feb, ms windows, name servers, next, notes avast, number, nxdomain, open threat, passive dns, paste, pe32, photos, powershell, protect, pty ltd, pulse pulses, pulse submit, rally, ransom, rc2i, record value, referrer, reredrum, resolutions, rexxfield, rhttps, sample analysis, scan endpoints, scott mccormick, script domains, script urls, search, servers, serving ip, sha256, show, showing, siblings domain, songculture attacked, ssl certificate, status, status code, t1676916559, tags og, targeted, threat, threat roundup, title, title works, tools, trojan, trojanspy, tsara brashears, ucddaocjgah, united, unknown, upgrade, url analysis, urls, urls http, urls https, vendor finding, virgin islands, virtool, whois record, whois whois, win32, win32imali mar, win32upatre mar, windows, woocommerce, wordpress, write, xfbml1, yara rule

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 4 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Australia, United States of America
• Passive DNS Results: websitesbyjim.com ppalabs.cfd northnorfolk.holiday akaneyakobe.com weleshang.com stussyesgood.com v7adaif.store pokerdom-hkh67.buzz gurame138.com 11kk-o.com bet558-0.com comprar-phone-01.today belevec.irish hongyemf.com alhena-design.com swayecomco.com tp9592.com intelliversityprime.com leadlagmediasignal.com interactiveapp.live opalgrace.digital trypentestking.com kindly-sa.com otowp.com ptmigasbatanghari.com deeplearningbiz.de connectionexultant.shop axuhono.info equablefloor.info laasdfpollpp68.wiki canaldigitalacesso.shop cheerstodealstoday.world bestzflt.com goldengateinvesmentvc.com starda250.casino aghomeimprovement.us pinkmechanismmost.pro fanfinderusa.com istanbullescort.online yasmindrospirenone.monster zoomifyhub.com gvqge.today piageliqui.pro free66.asia lacomputerserv.com intumescences.pro 7788betbb.com tombak69id.com tracsbzgqjxbydjhjbe.shop kucoin21.com monkey-floki.com fgrqj.xyz goodgojo118.com privacyglobal.site todagentepodepensar-agoraestaraesperaqueofizessem-podia.beauty e-zpass.com-bzs.xin bear-care.com socialwynz.com v3771.com www.vibranttop.shop vibranttop.shop awavake.info loocidlab.com zundorex.world meetpageonelegal.com moonop.site alohas-sko-norge.com kantatv.com openlabsavvy.com eogtutor.com roitanick.com best-solutoin.icu lfzqc.top sweetlittlepizza.com funthesite.com blrkinc.top solinfoshop.net gorefundid.com deeewii4dd.com savexer.top berzdigitalweb.com orcheshock.pro 128betlogin.com utawetu.info ngjeao.com meetelement.store belaridecor.com mediaspherezone.com davilapros.com sttories.com errorsdetroitpossibly82.sbs 3raja-top01.online musicledan.com 8vv345.com m7.eavesshvs.ru sowas-am-stadtwald.de letspopin.com id6729371.com cloud-services-3401mk.today betkanyon-late.vip yoosat.com.cn c-ka-moi.com klan4dp.sbs haoh3ch.net feminavibe.sbs thetollroads-paytollzmc.world www.coloringink.com arredicurto.it mydreamlolitas.biz jy-jt.cn london-zeebrugge-cruise-package.today br750816.xyz mu888app.com jzcibn.top agenliga88.info xuex3.com z7tkw4q.evajuh.com inbudget.ai ww88bet.dev bananaforscale.app leon-registration-bt3r.xyz gossipmixpage.live smealjourneys.store plinkoaz.club summerslean.de cryptopushka.ru evajuh.com dwnld4.telamon.app rio-token.org sugarsolutions.today bayz-102.site zgbrngn.info nicolaplays.com vibevortexproductions.lat sarangujuujuuju9.click www.scotlandpropertymaintenance.co.uk moving-companies-ch225.today landing.novaljubav.com rtpcuan.website sumo138pop.site cryptoleagues.co.uk chat-gpt-winter-boat-55fa.izzys-imaginarium.workers.dev small-brook-f795.erlingmork7.workers.dev chat-gpt-hidden-credit-67fa.izzys-imaginarium.workers.dev partaplay-kedua.xyz adientus.info institutoumbandista.com.br coaxedfemceegenets.ink userflydates163.uuehvhy.workers.dev userflydates183.uuehvhy.workers.dev worker-bold-band-9e71.hafice2322.workers.dev iybvfakz.xyz t69vip.net leoncasino-cin.top reachtitanfunding.com safetydirect.click xn–360betturky-819e.com qpgtweszjrbv.ltd perocoin.com advents.ltd goatm.thor-123.com autosaolans-1.today commercialtiressale.com calmcoveteam.com gma-iptv4k.site gtekyuwv.life 2iom.com tolemail.obfuscatedgenerated.workers.dev htpzuz.shop circlelanegang.com yubmzsrk.cloud bailbras.com luxuryclothingstyle.online fav77mam.info thor-123.com bemo4dmewah.site inlive.live easy-swapper.com ygvl.proton.fxxkwall.free.hr shoissdaisydee.top nazudo.top hotdealfireoffer0.sbs yiskkye.info mail-fusion.co.in leon-zerkalo-acad.xyz solidvoid.store merterpapim2.site bodopeyes.site bogyismbonsercadging.cloud onchainai.online 3dmarket.uz techvibez.online co.dopaminbet.club pickhyperscalee.com pressak.co dwqmzln.info firstplay88ready.com space77.beauty casinocrystal800.com joinconversioncandy.com extrememarketinggo.com everydaytransfer.com assistedfertilization242048.icu korisa.pl edowezu.info roope.tech umangraja88-ms.site uyecivo.info vacusecurity.report novaljubav.com justintvizle211.pro booksandgiftssw.shop tkstoremall.xyz henryluxury.com guineemaflamedia.com nuckingfutsmama.com www.polefishingusa.com homehub-cloud.com cosmospace289.top agatagiacalone.shop todofisio.blog nucleal.world fantasylead.click makqr.shop tipsformarketer.com lmna-lefilm.com casualsneakers.shop noname-service.issdu.workers.dev hokimotor.site juaiwaichung.cn mjo88offc.shop katiesnjsa.shop time4santa.com userflydates1620.uuehvhy.workers.dev afrotinoel.shop menzpma.shop userflydates200.uuehvhy.workers.dev gebergilliangroggy.sbs olatonpaikingpanacea.cfd 49andmarket.com diorbolagold.com chainly.io ethicalnutrientscashback.co.nz servicioatocha.mx baojzky.com ww-cs-cellphone2.today halva-s-fruktami.com traduzir.ltd bigvu.co bd-win.vip bestcarcarpets-ae.today rockymountaineersignatureclass.today l17egteckwaqkzxnu.com powertopline.com sub.fxxkwall.free.hr avefgnue85.shop connectwithlifeline.com nltwgfxljayb.site takenakabento.shop main01.gundala189.co jakegadgets.com www.embajadasestadosunidos.com dulieumontsmma.com www.adasozluk.com meinbaum.xyz brickshith0use0verglorified10speeds.org asetsemar.online bojaw.top pipedrive.site filialerf.sbs mcveymotorsports.com qqmercyfighter.xyz vectra.store novosti-astro.homes rappersgel.pw us.dopaminbet.club mtadvisorspllc.site oceanclubatmarinabay.com blogcast.app daschboarddgtv.pulsedaz.xyz dkthnzzqjara.site honeysucklestory.online bjicbszol.com inmobiliariasarriko.es craaass.online lifehealthytoday.com my.blogcast.app creditos-hipotecarios-sin-mx.today uggsslovenija.com 040601.xyz hihbm.com ndotostore.shop admin.everydaytransfer.com whisper.cleaning sametceylan.com find-onlineaddictioncounselingdegree-usa.today opyn.club aupokofuror.com gtrzzx2.shop regabet9935.com painel.smbemviver.com.br domonito.com shefindsmom.com peyiykins.com vowingenuity.top 2fwyj3o.top 411349942.com 52hnp.vip brazino777br.online ganhabett.shop muddy-glitter-1ee2.kenzo-sasaki-02.workers.dev trstb-online.com 234togellegend.com check-up.az 3k.1005804183.workers.dev xt.zyunchun.us.kg ppppl.top kimoquu3.pro userflydates169.uuehvhy.workers.dev buylaptopswithlowmonthlypaymentsru794644.icu snufew.xyz l6e5gtab29j.top boslot.rest msslot.club 240812keji.goodday00198.workers.dev dopaminbet.club 18092748976.com ali.1005804183.workers.dev t-w-medical.com lureblue.com mons-frsaakbsa.online selectbouquetsiptv.us france-vacation-from-turkey.today buysnapattack.org pafikabupatenkeerom.org kulinerjakarta.info sarkariyojanalist.org torfish.vip kenbola.xyz 2f8m2s061m6.top hudgins.top betinachristensen.shop mihaylovkasm.date jokiljo.best chimeramusic.xyz iversby.com colaizzi-lawgroup.com aayradesign59.com annescasino.com checkintrocash.com growwithprospx.com worker-xray.908468180.workers.dev summervilleprepacademy.com janeth-lowe.com takanmedical.com jutaglobal.com anluzo.com tryparsing.com teammirl.com nasinnevabaza.com gamestore2.com healthspothk.com manisaspot.com ndpathos.com 72lntterrac-lnstatnpay88.sbs shik-sarov.ru lailarecipe.biz.id expectedvaluetest.com www.tisu4dong.net tpmol.link vulkan24-la23.click coloringink.com accadiam.com migrainereliefsolution.today thxxdynamo.com 3msupermegasale.com echo.issdu.workers.dev 1xbet-fvq.top phoranchocucamonga.com www.bxbsecure.net www.tgwin.life ahuq.shop pinup-casino-9hn4.lol clmxpz.com lisbon-vacation-tour.today hhrl.com.cn youthmusicindustries.com lovelaces.co son5.xyz www.son5.xyz quikrback.markvisitor.com sikeyou.com 177bet.store 0726vcgwios.com www.cuzyky.icu mydsosododo.us nntqyciltw.com mx-smartphones.today autharr.shop steripodguardian.shop pgv.us.kg vipashaverma.com tapaboutlink.pics plkq14weo.xyz aducatestudio.com casino7-ndq.top yyzkge.top v2lw3j9j.top tryjavaburn.co pretravel-usa.com userflydates175.uuehvhy.workers.dev userflydates197.uuehvhy.workers.dev nin.news xx-gifts.com heisingertreeservice.com trhdsjhds.ae0dbc4af2-83f.workers.dev lnter-ac12.homes www.betinachristensen.shop techbuzzmedia.xyz cf10.1005804183.workers.dev ab-test.issdu.workers.dev tryredesignedmedia.com jju311.com 69hot231.xyz explorermind.travel globalizationmbadegrees.online thejewelryidea.com text-to-image.issdu.workers.dev worker-misaka.goodday00198.workers.dev orhangazihaberleri.com.tr kopisanger.top ves.vsboxapp.xyz dw-mc.cn 168cosmomember.com themusicarm.shop focoxdex.shop embajadasestadosunidos.com buyu8065.com furnia.shop luto.asia nutecsciences.com 918superslot.com bahagiaresmi.com www.pandabuyshoe.org www.agriumwholesale.com worker-v23-vahidfarid.goodday00198.workers.dev simon.izzys-imaginarium.workers.dev zacharycloud.tech cashier.dopaminbet.club nodes-ai.events max69nyata.shop hello-world-soft-mountain-21eb.issdu.workers.dev fwwp.xyz brockenergyuniverse.shop justdobiz.online pihole.cavazos-apps.com bxbsecure.net discord-trol.obfuscatedgenerated.workers.dev qqstar88bro.com elangtangkas.skin nhacainbet.net jwnklc.asia cache-clear.issdu.workers.dev gpt.markvisitor.com asjhagcbm.site block-test.issdu.workers.dev 4k.1005804183.workers.dev juivw.asia appid.issdu.workers.dev hello.goodday00198.workers.dev go562.com westsidemusicstudio.com traefik.cavazos-apps.com gambarslott.bond radarr.cavazos-apps.com prowlarr.cavazos-apps.com delstratearthmoving.com.au discord-test.obfuscatedgenerated.workers.dev newlegalkasyno.com acrobateadobedocument.top futurehabitat.homes zhuaivisible.site ms-sahabatslot77.shop cveti-moskva.ru slot39fire.pro ancientmastergaming.com restructure-omnisolutions.com 1xbet-xbjo.click fluid.uk constructioninclusionconference.com gzyyylgc.com missionoffaith.net tgapi.fxxkwall.free.hr data.05utkvei7xsv.com rumourmane.com naveraynplay.com casino-x-elite1.xyz zku.one michisoi.com comp.pandemija.biz

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21