104.21.39.232 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.39.232 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1090 - Proxy

• Tags: aaaa, adaptivebee, a domains, agent tesla, alexa, alexa top, all octoseek, anonymizer, artemis, as15169 google, asn owner, azorult, bank, binder, bitrat, blacklist http, blacklist https, certificate, cisco umbrella, cobalt, cobalt strike, collections wow, communicating, contacted, copy, core, crack, critical, dark power, date, dbatloader, detection list, downer, download, dridex, dropper, emotet, et tor, execution, exit, exploit, fabookie, facebook, files, formbook, fuery, genkryptik, hacktool, hawkeye, heur, highly targeted, historical ssl, html, installcore, installer, iobit, ip address, kgs0, kls0, known tor, lolkek, lumma, lumma stealer, malicious, malicious site, maltiverse, malware, malware site, mediamagnet, meta, metro, million, name verdict, nanocore rat, netwire, node tcp, outbreak, passive dns, pe resource, phishing, phishing site, pulse pulses, quasar, quasar rat, ransomware, record value, redline, redline stealer, referrer, relacionada, relayrouter, remcos, riskware, runescape, safe site, sality, scan endpoints, search, september, service, shell, site, small, ssl certificate, stealer, swrort, team, threat roundup, tor known, tor relayrouter, traffic, trojan, trojanspy, trojanx, tsara brashears, union, united, unruy, unsafe, urls, ursnif, videosdewebcams, wacatac, webshell, webtoolbar, whois, whois record, whois whois, wiper

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 7 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Germany, United States of America
• Passive DNS Results: abo7islandsmot.site springpipelinesignup.com ytoeesaeuulcy.website tryberrynow.com www.kfz-kapfenberger.at ageco.biz cjuhi.biz pufjl.biz cjswp.com yonuva.com autnihilo.xyz refpalrlmp.top insanrembulan.site museroom.top mengetech.com myrocketgrowth.com secretclass.fun www.exapro.dk chitatypg.com daemony.rocks lebonvoyant.com 65t9.com ktkiqju.live louersbenkers.top verify-order487374.world ln-du83.sbs dlslldndnu.mariorohner.com hkrh.xyz rimugtonep.pro travisfootwear.com trueelixir.org espensl.mom recipeta.com threesodsbrewery.com www.come-scegliere.it artistsandthings.com www.cityornmedia.fr albertomourao.com ironwoodsys.com rtpirit4d-maxwin61.lat arch2.fast43bot.cfd deepseekai68.top gascostcalculator.org greenbarns.store fitotoe.cfd carousell-delivery.sbs gothestratabuiltnow.com nashfinplan.com media.fast43bot.cfd harvestgate.store qg8.org proscrescendo.com bjzjgd.com mpxcr.com mmnbet-jogospg.com thothinterpreter.org stake2596.buzz jili1.onl adcviethung.com kindergartq.store adrianapavesi.shop kondmatexapp.click k8bcc.com vehiglo.com getminimee.com formydab.run smartledgeraccountingworks.xyz movingboxesboy.shop jhbet-br.com sloat.stream ahalabstrategyfocuslaunch.com regalnailsvancejackson.com launch-drop.xyz epicplinn.live saag-group.com vg882.com laromni.com glintveil.space discoverygleeful.shop chargepedal.today instasync.xyz supermaster591.shop reedroux-bot.xyz bothcottondetermination.space clicktivatedstream.info techsaleratorfuturehub.com gundaco.com baggallini-france.com schilher.icu sg345.xyz tumuedu.com droppboxx.org cinkobet119.com top1haiti.com gh.016166.xyz next.016166.xyz secco-stobie-doubt.space monstersurvivors.work nonwoventaschen.com silap.xyz feqmm2db33sbfrhs.vip monstergames.click vivaz2.com hartloanadvisory.com novalegend842.top vjtghzfa.xyz crhost.store betclass193.com tiny-limit-a8ad.vxyu82505-665.workers.dev onlydfort.shop koko138z.live matomo.rasolo.net golfinhoty.org garuda4dslot.org mamanafali.pl a1.m1907.cn english-private-driver-jobs-25m5.today garlandbusinesscenter.com villasambuchi.it ztduc.top logs-device.us dsp2secu.com serralheriaembauru.com.br demon138asli3.shop centurion-audio.nl www.bbi.net.nz supporto-online.com.de autobeadhub.com compare-emotional-health-tools-1.today aurivexnetworks.com brintexpro-platform.pro elfin-glass.com afineeur.shop benedixcera.online dbbat.info skinhealth.me play-warden-core.xyz estacionzafiro.com.ar 777slotorbet.co.ua fcharoenkit.co www.1xfa1.com casinoluckcasinonodeposit.click bxx2zxsig.top todamoon.xyz 1xfa1.com eda-bea.es www.eda-bea.es www.raovat6s.com www.redaelli.nl redaelli.nl ts-escorts-near-me-scotland.xyz axim-7777.com xqybwjkg.xyz meetbrookestonefunding.com osistas.com cubitiingrayreka.com empoweracademy.in portalguarabira.com pnconst.com wawasanitu.com personalloans6w0m0w1y3t7o.today pos4dtototogel40.com stillplay.space kgw5.info graciousdryer.info sawdustandcoffeewoodworking.com wjcasino-jogo1.com directdevice.online christinekelly.shop bahis680.com acmbusinessgroup.us bit4eu.cc jiuli-europe.com recaudpromocclar.com greasetrapcleaningprescottvalley.com rtphokijpmax.cyou teeth-aligners-vrv.today electrician-jobs-80778.today mia88.store twaja.asia www.srconceptandsolutions.com tilzy.top recharge-mobile-bsnl.org qsb250106026.icu indisorriso.cfd asconstruction.be englishelitebcd.lol bashusolici.sbs minos.repel.life rosasdechocolate.es eyidahi.info ppnards.com 7k-games.top efps.christmas proullajohnson.shop drop-cache-wp-new.cf-winportcasino.workers.dev towingmagnolia-ky.top beijinglinkibs.com meethealthdubai.com generationspureclean.com iameyeconicindia.in hazn.net thermoscup-pl.com dtogb.info crispnews.top quuuuick-onliiiineeeeeee-loooooanns-pl.today mainsedanghoki.skin catur4dsx60.lat lobelskitchen.com cityornmedia.fr wulijivuzerizife.shop usegradhire.com docushift.io emaraje.info pedro77.org havensphere.online 1-win-bookmeker.click garagematteojo.com h7819.cn amlchecker.website eye-bag-removal-sg-abc.today esavise.biz spinluckywso.biz mashariiq.com basyxx.net.cn onlineinventory.cyou 0vh43e.world vubdeuexsvg.xyz flow.actviser.com 341919900.xyz igramjp.com admwzaz.info lodivcpghby.info ctrlworkssolutions.info virgingames.cfd pesona80577.asia salterartappraisals.com mariorohner.com aghoki.site www.michaelkors-tr.com spdentistryfulshear.com engulfenteredepirot.blog tungguapalagi.com 578888a.com r154q2aof.com lagusantai.xyz numblesoffereeorblike.cloud salewala.in vg0k.lat bayviewvillas.info lidvermeskick.fun nettruyenvit.net jesseykadinekalian.cloud betivecasifreespins.click haozhan6.com juara102.bond bitkingz.au imtechskills.ie mitaotv.xyz malefoot.store chatertest.online jqtcvwfv.click animeflix.bond funeralagencies844090.icu tailgatechefs.com s360digital.es jackstyle.store nbhealthllc.site xera88ku1a.shop acmemundo.com 10jilia.com onwardandupwardapp.com oiwa.cn best-same-day-glasses.today rc44labour.org darlkja.shop kovxvmn.cn poly-track.org uselegu.info srconceptandsolutions.com saleshondamotorbandung.biz.id www.saleshondamotorbandung.biz.id sql.cityornmedia.fr kriti1.gr thebookofanswer.info vignettestraining.com jarwaremx.shop m1907.cn slots17queen.cyou alpha-proadmin.boothmaven.com exchange-app-scroll.xyz echopartnersglobaladvisorysuccess.com www.junkthatcar.com samenwerkactie.nl ayurpad.com jpcuan22official.com gm80.cy-ip.cn gm.cy-ip.cn 601crystalway.com accept-payment.world vonuria.xyz nvuywhziemf.homes 3.vtm.cn app.opensletter.com prod.geospatialdefender.com shweizhong.cn punta-cana-vacation-package-deal.today jojogirisler.info growlocks.today leandrolinageslipuria.cfd www.employeeive.top coyurecongoescovary.sbs worker-dawn-dream-cb4b.manewa3154.workers.dev spinit-android.com gadgetmarketing.ir scriptcafe.in elihkihnbatih.online synthixv.ru carawin005.xyz revue.life empresainteligente.mx 1.vtm.cn pipeflare.bz sseedee.makeup markas138-main.vip ororoschweiz.com stronuflex.org 951.1000sails.org auctiongoz.top dreamakqa11.com varunkalia.ca usps.com-trackjrp.top numesbering.com knotkindz.shop wa-talentnest.com d1.techhyip.shop actviser.com www.actviser.com centralatendimentobradesonline.site movysoo0.pro top-hit-ranking.com raovat6s.com hoohootvv30.store hasidhealthyhewett.sbs market469-support469-fbauto469.click cintaskor88.xyz akhbarnaonline.com tjmkzbuxcwi.pics d9.techhyip.shop sns-couture.com trcdatarecovery.com mainascentadvisory.com g-dfarmsji.shop markgaughanllc.site staging.latitudeinnovation.com.my www.papystreaming.mov 100ming.top findhedwig.one livekarbala.com doktertan.shop bontv79.com theboxfiveclub.com pipecleaningre.today www.aspurforever.com triple8-slot.com baseblock.fun nwmcdev.com perspektiva86.com utnee.com extendedcatalogue.ie aefena.es boothmaven.com nextcloud.teletolumby.com add.storesynca.shop storesynca.shop pointofview.gr mycontent.work fenuneo6.pro dgiris190039.shop dopointel.sbs routing.lol smsj18.buzz teh4daj.com jobbidesh.com tardivedyskinesiatreatment194485.icu beststartthailand.com shop.eglebabilaite.art hotleatheretro.shop quadril-joelho.com.br scylabs.fr yu-na-photo.k-tigerblue.net bksbet.pro registarkompanija.online guiageneral.agn.gob.mx idr168angkasa.com www.apksmost.com kent-casino-lxv.buzz apatohu.za.com lendprousa.com niggafile.lol mantul138-138.com worker-old-cell-ab1f.bot1234.workers.dev watejye2.pro 99se82.xyz papystreaming.mov aislotpgpg.xyz r0191.xyz main.cunma.wiki kinghakim.site hremploymentengagement.com phongthuynonnuoc.com toplocalaffairs.com yunfan365.com fishion-nyc.com kodse.com gallso.com danfubuy.com zs6999.com klatreudstyrd.com bestkoszula.com rwxbike.com beastplayking.com account.bit4eu.cc shengxuyx.com elitescortsirinevler.xyz rec1688.live flashalertapp.com daxbroker.com glucoodefender.com haberdunyasi.shop ezvisiting.com cobracash.fun bitlike8.com j118jfsfrhh.cc blogspotinfo.com techhyip.shop cogilstar.shop long-haze-6135.blinkcard-in.workers.dev qgf7.com employeeive.top portal15.com.br ffkin9.xyz sipafipcindramayu.org ibexbetet.com sex.kazanputanu.top beautybykatia.ca capillariesedchestnutes.pro most-bet-az.com s-dosyg.life three.byued05u27.filegear-sg.me itsekson.info aha1000gacor.space uhgrkjsgesund.buzz pafikabupatenberau.org pttgovyj.top watercoins.xyz hkjccsddkz.xyz lapostegr.sbs compatiblehomes.org bancodelapampa.info ha2266.com gufen05k.top panteracapitai.com rtp3-duniawin77.shop storepulse365.store tugnet.org 20ur6w7ay96wh.icu bestwon203.com drjavadieh.com lucy-shop.com apksmost.com goldfishkag.xyz profitmagic.top gratisbubble.com urbane.urbane66796227.workers.dev wurstforum.net jkr-global.com recommendedconclusioned.pro tjyyys.cn tikatoka.de jinbolaa.com nbzj.com.cn poker-doms.reisen zruo.com www.zruo.com mistartasdechuches.shop clickgenius19.info detskoe-vdohnovenie.pics app.teledoctorfelix.com ftp.laptopsieure.com dishd.co.uk ml-auth.xinnks.workers.dev michaelkors-tr.com tuhamworld.com attic-insulate.today smartswiftlaneaccess.com poezdnoe.cc loctop.org shareplan.online backend-sigpada.agn.gob.mx

Malware Detected on Host

Count: 9 c0bd465f2ed68f0ef8428eaa6651bbe80c7f5b6a823c0fd7ba154384abc4a56b 3ffc588a38b1fe65118ec9985a9d61a38f9b383a13f528b93dae7275083de9d1 8b4371cf0cbac98aa39030f470237dbc5393e6992c8d862ca4a2e47852ff70d7 007b38b0addfa14d1ac88a1bd7b884a63f82090b116e3e50f7391579e351fd78 6caa2fda9dea81921cf1dd79449c12307607b78e03e8158ac679d18938c3452a 07fa2628336e346ef1523f7e7f5b39da47935e2a70d992da8a16804ed8e5bb81 bf8ae6d4f7b74f274f3ca1891d47e7be8852ade28c0c9344c5adf5bbd16fdd29 9bb5a38a7584feee671e7967b91d01a93ec9489b5ddd6837086d178f3228b038 c7959c1ec61f981f851296bd92f727b2ff60e74d636e6fa06d78530910041b54

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22