104.21.44.14 Threat Intelligence and Host Information

Mar 02, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.21.44.14 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1040 - Network Sniffing, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1119 - Automated Collection, T1129 - Shared Modules, T1189 - Drive-by Compromise, T1203 - Exploitation for Client Execution, T1222 - File and Directory Permissions Modification, T1485 - Data Destruction, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1552 - Unsecured Credentials, T1555 - Credentials from Password Stores, T1564 - Hide Artifacts, T1566 - Phishing, T1569 - System Services, T1573 - Encrypted Channel, T1574 - Hijack Execution Flow

  • Tags: aaaa, accept, access ta0001, address, adobe portable, a domains, adversaries, adware, aig, alexa, alexa top, alf features, all scoreblue, amazon 02, analyzer paste, analyzer threat, apple, apple ios, apple notepad, asnone united, asyncrat, august, awful, azure tls, bambernek, bank, basic, b body, best targets, betabot, blacklist, blacklist http, blacklist https, blocklist, body doctype, body length, boot, brent kimball, brian sabey, catalog tree, centerchecks, china, cisco umbrella, classname, clickjacking, clipper dos, close, cnc feodo, cnc server, coalition et, cobalt strike, compiler, connect azurepc, connection, contacted, contained, copy, core, country, covid19, create, created, critical risk, cronup threat, cus cnmicrosoft, cyber attack, cyberstalking, cyber threat, dan.com, dangeroussig, dark consultants, darkgate, date, date hash, date mon, december, defense evasion, delete, detection list, discovery, dll sideloading, dns resolutions, document format, dos com, download, downloader, dridex, drivertalent, e1082 impact, e1203 data, e1564 discovery, emotet, emotet ip, engineering, entries, erase, etpro malware, evasion ob0006, evil, evil c, exe32, executable, expires thu, exploitation, facebook, fakedout threat, feodo, files, file samples, files matching, file type, final url, find, findwindowa, flow t1574, font format, formbook, fuery, fusioncore, gamers, gecko, generic, generic windos, get http, gmt server, guard, gui32, hackers, hacktool, hashes, header intel, headers, headers date, heur, hide artifacts, high, high level, highly targeted, high process, high security, historical ssl, history, hitmen, host, hostname, hostnames, html, html info, http attacker, http requests, http response, industry_and_commerce, info compiler, info header, injection t1055, installcore, intel, internal, iocs, ip detections, ip summary, ipv4, issuing ca, javascript, june, kb body, khtml, kraken, language, life, linker, logon autostart, mail spammer, malicious, malicious site, malicious url, maltiverse, malware, malware site, manjusaka, media center, medium, memcommit, memory pattern, meta tags, metro, million, mitre att, modify system, mon jul, mr windows, msie, ms visual, ms windows, murderers, my boy dan, name md5, nanocore rat, next, no data, ob0005 defense, ob0007 system, ob0012 hide, oc0008, october, ollydbg, open, os2 executable, overlay, passive dns, pcidump rasman, pdf document, pe32, pe32 compiler, pe32 packer, phishing, Phishing, phishing site, phishtank, plasma, please, pony, post, post http, pragma, processes tree, process t1543, products id, proxy, pulse submit, quasi, ransomware, raspberry robin, redline stealer, redrum, referrer, regbinary, regdword, registry keys, regsetvalueexa, related pulses, remote system, replacement, request, response, review, riskware, safe site, sale, sample, samplepath, samples, sandbox, scan endpoints, script urls, search, september, service, services, serving ip, sha256, shell commands, shelltraywnd, show, showing, site, sites, slcc2, snatch, sneaky server, spawns, spotify artist, sqli dumper, start service, status code, stealer, steganography, stop service, summary, suppobox, t1063, t1189 found, ta0004 process, tag count, tag manager, team, team phishing, team top, telefonica co, threat roundup, threats et, title, title error, tls sni, tmobile, tracker, trojan, tsara brashears, type, unauthorized, united, unknown, url analysis, url https, urls, urls http, urls https, url summary, usd twitter, user, utc google, utc gtmsxrf, vs2003, web open, win16 ne, win32, win32 exe, win64, windows nt, windows service, workers compensation, wow64, write, x8bxe5, yara rule, zbot, zeus

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network:
  • Noticed: 2 times
  • Protocols Attacked: SSH
  • Countries Attacked: China, Japan, United States of America
  • Passive DNS Results: www.luckyones-pokies.com www.online-seguridad.net www.ayadata.ai cdn.wpxdata.com foodprospect.shop digitalnomadground.sbs htht.coswork.one hello-world-still-brook-f176.joseluisbracho0.workers.dev toto888xjp.xyz kjkkk.kjkkk.workers.dev mvibtgo.vip hbbfmj.com www.ifanshoes.com vpndey.mohsenalizadeh932.workers.dev www.demonia-cult.es metin2priv.pl jade-best-deal.xyz geniuskitz.com www.cd-lf.com utama88u.monster betnef551.com leanonmccu.com pgsikabbulukumba.org chefwisdomsource.digital www.dajjad.com login6.keongtogelnew.com probeecho.com helpwithchef.com aristodogs.dotlog.gr gruposamericanos.com floravantis.com drgaryscheinin.com omhassan.com northholdings.co holymarket.club 1grandpashabe.top nerired.rest afpnp.com www.afpnp.com view.safenongamstopcasinos.com spacemanbot.id wbs1.cn stromeacre.club www.apartmanadalta.cz apartmanadalta.cz ballinapoolshop.com eagle.royal378otp1.icu royal378otp1.icu coinlivewatch.com bavorev.win goldenvaults.shop lasejetxmoibeware.ahlitshina6017.workers.dev wade.enola364956171.workers.dev guildbot.org wnvesmontanma.top www.qualitea-ceylon.com qualitea-ceylon.com scriptguard.io gamerealm567.info obobsa.homes zeon-reach.com sol-multiply.xyz apple-iphone-maps.info figsoku.net vpn2.lokegep225.workers.dev emoryriverconstruction.com samshoppre.shop www.mybudgetplumbing.com www.w53333.com 99666524.com stig.uk.com wuerzbacherweg30.de yv19.com greenbridgecapitallbusinesscapitalsolutions.com wandering-rice-2ac7.fkedvg55.workers.dev podpivas.top prairie-ops.com centrosuites.gr citronashenfall.shop www.bumperboots.com www.cndeltatech2.com iterco.click news-sgportal24.cfd evljqr.ru.com momento-vivo.com energiaimy.pl www.energiaimy.pl avahash.com ing-biz-com.pro power-house.online list.safenongamstopcasinos.com mute-truth-88ca.9ndbdqtw.workers.dev gaom.70hdxto.com www.transformadoresdevoltaje.com tr18.wesdfrt567yu.gq lssxwhcm.com atc96aff1.com app-gestion-accesoweb.com qqhesyh.com www.focuswealthadvisers.com focuswealthadvisers.com inboxautomationmetrics.info www.qhpure.com canadaautopolicy.com modularraios.shop www.pdrmbya.top date-format.frudens.com m.bqg8190.xyz www.bqg8190.xyz izd.pogmates.sa.com schattenlaeuferingenieur.website kormantellia.one pyreldoexion.com asn168ff.com sweeterkw.com plane.siliconecb.dev old-thunder-1b83.1437578291.workers.dev cdn.hexwave.ai dexora.finance globalposts.us finalexpenseauthority.com muflon.fun grigorjanadvocaten.nl strong-akeystroke.de johnriver.anthonybegley1921.workers.dev nydanya4.com careerscenteruber.com remininisapks.com dashboard.imgseo.net vulkan-iuhfo.buzz nextspin168.bet wildoutings.com jalinx.com gatexoil.com www.frudens.com www.santabarbaratrafficlawyer.com vantaiphuthanh.com hbdwzq.com www.75239.net 75239.net baweidu.cn nelvarentis.space mlwbd.online vish7r.cyou www.shunlimachinery.com www.ecopureks.com ecopureks.com whitelist-billions.network tsjordan.com coswork.one webrajadewa.cc www.webrajadewa.cc clubelideresofertas.com 0256bet.com www.ryzeiccoffee.com a6720578.com 400pu.com thrift-mall.net tilamon.icu ndw629.sbs vista-promenade.com melbourneincentives.com.au coisadebela.com.br www.zysoftgoods.com zyfhkj.cn 0173410.cn sora.aimakex.workers.dev cashimashi-fr.com citronhygiene.ca pgkslot.net outbound.clck.com.au bringvincenthome.org bqg8190.xyz cpanel.finzobaseonline.xyz cpcontacts.finzobaseonline.xyz sheltonforsdsenate.com 69dy.net datasheetmarket.com www.panel-bending-machine.com fitnessinsightspro.club judolbet88aoo.xyz 595p.top yolvaris.icu eggamo.com www.aorvethospital.com voltaicshop.com accuratefueling.com pkvfb.icu comebackmac.com 77374444.cc staging.fuchs-eule.dev zelmaronflixeron.world betslotz5.com addisgaragedoorrepairdallas.com lightning925junkhaulremoval.com toysupplyhub.com adsbarq.com m4kingslot.org libra188asik.xyz order-9273.world nzfunplatform.online pulchritudebynana.com invitaeboston.buzz thewavetalk.site wymetoz.com.ua jarnipalexia.store remotetalentcape.co.uk elitebet.net ravunelix.autos crazy777betd.com four.clash2024.ddns-ip.net www.pluvynqua.pro netteru.com olivegraceministries.org targetonstarvision.info www.jfblockmachine.com rahiri.today naturalbloom.sbs keongtogelnew.com curly-king-ae7e.holzberg-jason.workers.dev sexbeachbet69z.xyz es.teaorya.com ait.uk.net 99happy.com.cn sbo789.org traveldedicatedfocus.cyou www.crushonai1.com timebusinessesnews.com unitedlifestylebrands.com m98play.site de-book.life vicimediateams.pro www.worldkyczone.com worldkyczone.com 360enginedelta.digital www.play101.atmeplay.com play101.atmeplay.com casinobuenosaires.forum silqlogic.digital nyeh.in collectionsaintlaurent.shop email.partnershiprank.com www.value-tcg.com gentlefrog.site kbwmka.info zenithdepot.com www.medgrillluton.com medgrillluton.com in-mobile.eu bonafiideheallth.online partnershiprank.com xinxingxiaoxue.com carelife.it.com trydiverselabs.co efarbs.shop infopijar.com www.cityvetsairdrie.ca ort-picardie.net ryzeiccoffee.com www.xmcrcp.com idlicorner.com letitrologue.press brandlogickz.com dalgainsan.org virtuousbake.digital partnerslumengroup.digital internazionalilaquila.com www.razermagyarorszag.com obac.cn berkenwinningesthetica.be mindescapepodcast.com www.sitemagazine.net www.luncurindo-pools.net gameglory200.top avovalo.top 48233.top orderdelivery.today podcastatoz.com stagemode.io lotek.nu euroturkserver.xyz tejegmnspy.red staging.santabarbaratrafficlawyer.com usermahnualplatform15.site anichin-tv.my smallsystems.co airup-slovenija.com razermagyarorszag.com oguhovi.top astralbloom.bar ygkkk.liujun19890604.workers.dev shenglanmusic.cn tablerone.app globalcharlottean.org hls.sportsteam25.com hgspjqx.xyz slot-zeus-8-8.xyz dawn-scene-cca4.tebiye5932.workers.dev yeabn.top i9bet.camp 287zirvebet.com sitemagazine.net fotobaron.net bahis-sitesi-2025.club josep-tarradellas.com fff88f.com fivenet.cloud cekdigindo.com trycaracal.com afrihosttelevisionrepairs.co.za teiegrolinm.net goldmansachsandgod.ink auth.npmjs1s.com breakingnewstoday.eu www.breakingnewstoday.eu westover.lol portainer.prairie-ops.com premiumgeostar.com technoanalitiks.com vzi730.top esolarpower.info m-90win.com boba303slot.com www.hlshe.com rukoijo.life ovaripicci.de finzobaseonline.xyz gwen.com worker-withered-mud-08c3.riyajo8564.workers.dev chiopouji.sa.com annetshaakcreaties.nl gerisis.com 68gb78jk.cfd issuebee.app 2255bet8.com www.graxta.com graxta.com gemeentelogin.nl bidvauult.com paracovers.pro johnturnbulljr.com cenvitic.com uscout.com xyzs.name.ng fwf-automation.com ihanuwu.top bstarxxx18aluck.shop indiandir.com 9kwsfdgks.cc yalu.wang cryptoboss-efv.top nfptcx.info 39314.cn old-father-thames.co.uk sanook333.pro phinavigateknit.com 99ynxn.com ruamchok24.co omni360core.sbs bkgamingd.com 9156918.com www.bringvincenthome.org cinderellaflower.com www.lifeplusdepot.com 4yqz4wa9nmync.xyz www.82tech.com qafydocamu.pro news.gwangju.kr www.npmjs1s.com www.internationalbudoacademy.com internationalbudoacademy.com izceas.xyz stguangda.com upttsw.info centriodatacore.digital kimnet.cloud usyk-vs-dubois.com muslimx.id robyn.thequicks.co.uk datinglandia.com pluvynqua.pro hawanim.shop radicalnrg.co.il c2csurfschool.com www.24romantic.site unetuse.info www.onnxconverter.com softgardenroad.sbs hdm0369.biz josefrancisco.ruta.work floresevt.tur.ar cool-bar-3e28.921202792.workers.dev kuanchiang.shop lcoztezsocsnryuqvjat.info alverioo.com finoracapital-invest.com gebyurberkah.terasdakwah.com www.savetheperishing.com casibom2546.com w53333.com textilescomp.com braventiora.com xps.pogmates.sa.com trojanwk.1437578291.workers.dev prime360mesh.sbs infinitedealsnetwork.com lifeplusdepot.com playfever-planet.club glink3d.com sc-tex.ru chickenroadjo.site sagedesigns.shop yatirimrehberi.life amcommercialservices.ca transporttec.com.pe www.transporttec.com.pe btcnuvix-70.com nerverelief.website 69cuan.design lcrs-politica.com qqpppe.lol bergweltenexplorers.com matbt-ruby.vip www.smartrisevelocity.com smartrisevelocity.com risecloudsynergy.click getyoursmartsite.com inscrevefundatec.com dock.drobotv.cc hyperallianceall-iance.digital flowfuturepartners.buzz giftbbc.com app.omnirio.com www.omnirio.com omnirio.com test.drw.gg pollackpeacebuildinginstitute.com 474bet33.com gopeoplecontent.com dd19th.com www.perasourcing.com yg8060.top casketetcetera.com commone.xyz www.63hotph88.com uzuyinlari-w-onlain.cfd machine-cat.space belusso.com.tr miklynch.live grand899-th.com babyzixun.cn vipwinn.living 969blogin.com skyfieldpet.com bao21yu.space sakxi2024.enola364956171.workers.dev incognitum.dev xindajiadian.com omahiwa.top slaythirsttrap.com pusatgame.vip jili88com.com guhegevaka.pro 650betpk.com r6v21lt.com okchy.stguangda.com www.lasdjio.sbs azerros.ru nextlevelbizcqv.shop rivencapitalsolutions.info 63hotph88.com m.d8816.com www.d8816.com facereconsequatur.cfd plmvip.com meetcollabaxis.co lipathk.space mainasianwin88.shop ytbdcheckinglegends.pawarexol1985.workers.dev lamerni.shop writingworkshopsdallas.net sketch-world.icu www.cjsaneqw99567dwa02hqwe-weqje.top www.cryptalithia.com zenstorm.site directfundsdeal.com btc-25.today apexxparttn.com dazhongxinge.com senvix-investment.com hoki878.com ddgitaliaenergia.com gogodagame.com smilsokker.com cryolumaveon.com gg584.top elevateflowworks.sbs redirect.frudens.com medicalscrubswholesale.com www.ynwm001.top

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

Links to attack logs

****** ******

Share on: