104.21.59.149 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.59.149 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1059.007 - JavaScript, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1560 - Archive Collected Data

• Tags: 7jfjrw, alexa, alexa top, bank, befunction, bradesco, cisco umbrella, cobalt strike, coinminer, deepscan, download, emotet, engineering, facebook, formbook, glfunction, http, lkvoid, malicious, malware site, million, mrtk, oid3, pattern match, pfunction, phishing, phishtank, q0o0mahttp, raccoonstealer, redirect chain, service, site, slfrd1, smsspy, social engineering, spammer, stealer, united, vis1, vj75, xpccbgarern6r, xpchgxkc32lbs, xpcyqqhir7yvq, z554903578, zbot, zzvyn6uhsb

• View other sources: Spamhaus VirusTotal

• Country:
• Network: AS13335 cloudflare
• Noticed: 1 times
• Protcols Attacked: SSH
• Countries Attacked: United States of America
• Passive DNS Results: silicon.glitch.cherrysnow.link cbridge.info muskobit.com conditioners-air.today sellrobux.store www.lookit.tw lookit.tw sobatpk88.net jetcredito.com dandtry.shop justgoforward.site tradistolten.online shopbarabasmen.shop freshmeadowswaterdamagerestoration.us help.webrva.com gaapshare.webrva.com cartwright.webrva.com cpcontacts.law-articles.com fellowshiphall.webrva.com stevemoore.webrva.com rrh.webrva.com cpcalendars.law-articles.com vaprivatecolleges.webrva.com parkerclark.webrva.com globalgoals.webrva.com webrva.com intranet.eruptr.com agropol.xyz 1win-mmm-official22.buzz www.freshmeadowswaterdamagerestoration.us hv-mtl.us theoryschweiz.com c-ggp.top private-caregiver.today dinerobotcolombia.pro es-facecream-kwu.today projectmakeup.com portalatendimentohumana.online www.help.webrva.com workbloom.com bighf149.com dovobabade.com zapasnieplany.site eng-alicante.top koibet4dslothoki.com login1.primisbank.me megapizzaplex.net zaksarajevo.net upnsmokeonline.shop gbhna.website jxsdaz.cn naymusic.com tachan-kininaruki.com ggongjura.com riverorca.com t145g.com vfs.vogonfree.com brooqmedia.com cipitsourceify.space www.cipitsourceify.space plugin.wpocto.com wherethehearttravels.com cl0974.com jattpaji.com gdav.tk rifaspena.info www.easydoctorperu.com easydoctorperu.com g20o.top enterprise2023hub.website x75y1354.blikindepannen.nl www.x75y1354.blikindepannen.nl ftp.x75y1354.blikindepannen.nl www.x72y1384.blikindepannen.nl ftp.x72y1384.blikindepannen.nl x72y1384.blikindepannen.nl x73y1374.blikindepannen.nl www.x73y1374.blikindepannen.nl ftp.x73y1374.blikindepannen.nl x76y1344.blikindepannen.nl www.x76y1344.blikindepannen.nl ftp.x76y1344.blikindepannen.nl x78y1324.blikindepannen.nl www.x78y1324.blikindepannen.nl ftp.x78y1324.blikindepannen.nl ftp.x72y1385.blikindepannen.nl www.x72y1385.blikindepannen.nl x72y1385.blikindepannen.nl x73y1375.blikindepannen.nl www.x73y1375.blikindepannen.nl ftp.x73y1375.blikindepannen.nl clarsimpsapoged.tk rttwonder.com klkdaslkatvz.sbs bprlw.info x78y1325.blikindepannen.nl ftp.x78y1325.blikindepannen.nl www.x78y1325.blikindepannen.nl www.x76y1347.blikindepannen.nl x76y1347.blikindepannen.nl ftp.x76y1347.blikindepannen.nl scornqj.online fastballgloves-shop.com 777originals.world snnmssh.xyz api.love.it.eu.org lingcat.com alsersara.com rasadurian19.top theftcrisp.top x13y142.blikindepannen.nl www.x13y142.blikindepannen.nl ftp.x13y142.blikindepannen.nl frpje.life auth-connect07f.com lyxjyhb.com enmapu.gq transportclothes.click jmrljjhmrvavj.com primisbank.me wincatalcala.com rssianscow03.click site.grahasosialbali.org www.site.grahasosialbali.org tiptowkc.net svettak.fun old-cake-d201.wvufqtjbdk4333.workers.dev www.tiktokteenthots.com 784164.me daimengzhibo.com betturkey470.com airbox-drop.com hxcgseodmxesi.net neuropaqus.site brightofficial.online alabtsamhalmasyh.com lenssalesshop.com curetinnitus.online reltopghunhapenfa.cf prtixgp.top skycomp-ru.site dudesrobe.com fullporner.ru xn–jj0bs4cs52arrcb9q.com idelcolesenna.tk pg5999.com jolly-art-88cb.yowocat6327987.workers.dev freevmess.yowocat6327987.workers.dev mequodo.fun server1.alirezatests.store mydentalimplants.today opensupplier.chinastars-iq.com bugunsgorta.online starjitu.com mapper.mybatis.io peelhotel.co.uk hello-world-old-moon-5296.kisila5669.workers.dev shahat.work miaosha6.com motchillhd.com vmessjiedian.cc pay.shahat.work hello-world-delicate-base-6749.tw9urz4u.workers.dev hello-world-shrill-unit-d7d3.tw9urz4u.workers.dev hello-world-lingering-credit-f327.tw9urz4u.workers.dev tilizambrata.ml ngfg.me fisch-laden.com steaumcounmmnunmnity.ru grahasosialbali.org 694807.com ketoewatof368.cloud dseiremovies.asia staging.richmondbclawyers.com keto-gummies-near-you.life lynesledicu.gq fatevari.tk wwwrj.com nicotinina.com.br www.nicotinina.com.br lrthu.za.com humpitndumpit.com super-darkness-0d86.amirreza13821382amir535.workers.dev bitter-cell-9077.amirreza13821382amir535.workers.dev deltinroyale04.cc muddy-flower-7957.alizadehmasoud103923.workers.dev www.salesnowbootsshop.com salesnowbootsshop.com www.richmondbclawyers.com buyrealtyinturkey.com production.richmondbclawyers.com gplcards.store precioustaf.buzz www.tenzowork.com tenzowork.com gowecommerce.com lembrik.ru llctiej.tk rapolmy.tk deviousness-assail.click wp.agenciawebline.com ewrope.biz rfxqi.party denpasar4d.net my-celerbridge.com wiccantimes.co.uk lccmadison.org bionatureguru.site sophiasteddin.com nobipya.fun www.mjbagshop.com tiny-moon-d8bd.9424c4e9ef.workers.dev barfar.barfar2011.workers.dev white-wave-52b6.barfar2011.workers.dev historical-monkey.sa.com spbiotec.com www.softanddata.com.ec softanddata.com.ec anm.waw.pl freedownloaddrivers.net aleusgimmerize.fun www.clothingshop-us.com clothingshop-us.com asideklq.buzz gov-oschad.shop sylvan-lang.org src.sylvan-lang.org ci.sylvan-lang.org www.sylvan-lang.org tietai.co baseballaccessories-s.com www.baseballaccessories-s.com xzomen.store kalir.tech fatcar.pl www.fatcar.pl simelectros.com cafebar-saitensprung.at sleepcomfort.eu www.anyeav998.sbs jxhkt62.top hhkk728.cfd mjbagshop.com www.cutiecbd.com freenode.yowocat6327987.workers.dev www.stroner.store ai.mybatis.io uiewrbdsvhs.mylopage.ml www.mylopage.ml bigmatch-sports.online www.mybatis.io k8s.mybatis.io k8s-api.mybatis.io mybatis.io www.au.edu.gl m.doughman.top siyahi.top odd-wind-8214.barfar2011.workers.dev 663078a.com app.getzowie.com www.jiwaplay.buzz jiwaplay.buzz worker.545567756.workers.dev rooferslocaltome.life mtbconstruct.com 0nthnqiq0l5k4v5gmbq3.xyz ee88hub.site bhmhpwt.xyz bob6x.com wpocto.com au.edu.gl agenciawebline.com purple-wood-a486.aizhlan.workers.dev rapidataconsulting.com armader.pl trnsfertechnology.com stroner.store www.designlighting.shop designlighting.shop vivacondominio.com mute-mouse-83ba.nileshjnadav00321.workers.dev www.kaigai-hoken.info saglamlikraporu.online porcesosempires.online dyenigiris.click senjuartpath.com muglagazete.com.tr eskisehirnobetcianahtarci.com workers.manish-yatra2.workers.dev soft-butterfly-c566.manish-yatra2.workers.dev delicate-dawn-093d.manish-yatra2.workers.dev truthexpedition.com square-lake-646d.pukkuk12238.workers.dev dresscos.buzz tdarr.gucciflix.co.uk nginx.gucciflix.co.uk 696862.com olghjgjghdfvsdgdsgfgfdf.cfd cfphpq.xyz wod4u.com.es client.younic.top presrome.com ashleygabriellehill.net mygovauus.info kstpnews5.com zksend.tech tyinews.in www.bypy.store www.evolutionaryteal.com drive.love.it.eu.org kxkgpt.lyp3314.workers.dev alirezatests.store ciaterrueca.tk wwking9999.com ai.love.it.eu.org cazino-cat-qwi.buzz giadiskatege.tk dineinmarim.com goameyberfcondlabu.gq meilihui12.xyz kizary.eu.org green-fire-0f3a.himadkarimi-h2017.workers.dev rough-base-5deb.himadkarimi-h2017.workers.dev rough-mountain-8e77.himadkarimi-h2017.workers.dev lingering-paper-01de.himadkarimi-h2017.workers.dev kuhni-klassika.online bucontmusvamote.ml daxinvesting.com 10playgoo.buzz jaycp.homes maximuscaps.com www.podcastmais.com.br cinecalidad.pizza slotvcasino28a.store sunshopst.com anyeav998.sbs minmepenveto.tk toflef.icu quick-instal.win soft-term-2253.9424c4e9ef.workers.dev ixixqw.xyz perksls.com.au aged-bonus-60b2.9424c4e9ef.workers.dev porncom.9424c4e9ef.workers.dev icy-limit-bb2a.9424c4e9ef.workers.dev twilight-thunder-fcc2.9424c4e9ef.workers.dev long-shape-038d.9424c4e9ef.workers.dev morning-dawn-2215.9424c4e9ef.workers.dev xn–doma-idn-test50120-fnc47f.waw.pl prosportsconsulting.net bemestarpet.com oasis-111.com securityamckzldcloud.bgfghgm.com shopsellt.com thedaniel.house hidrolopes.com.br www.hidrolopes.com.br chatgptte.com yakcub.shop fd.545567756.workers.dev abandonedhouses-us-2023.life conslletuner.com top-kekeop12.icu wernondpiverness.tk canlimaclar3.buzz cjhu.info hhhjftytgfhjk.ml www.teachy.co.il v.love.it.eu.org compulsorycrumble.cyou 724467.org steptotop1.com 1xbet-registracia-nnm.site offdud.com tabernadelduende.cl stg.juchi.jp juchi.jp aiminds.digital galerix.pl rabbit.headsmartprime.com overwatchus.com thershutchsuanlisamgirl.gq grassigned.com www.thietkenoithathanoi.vn www.toptown.co.za toptown.co.za shy-sky-15fb.squi2rel.workers.dev www.dellabetdeneme.com dellabetdeneme.com quandlamoursecreuseuntrou.com www.apkdl.pw managerbest.net ksh1594.com api.getzowie.com deutschehoerakustiker.de salutebellezzaonline.it www.salutebellezzaonline.it sophiewheatleytraining.com www.getzowie.com configura-devx.com siocrochar.ml lobby-iq.com www.autoworxlp.com www.pornedu.online letsgohavesome.fun gucciflix.co.uk plesk.chinastars-iq.com qdoehqyn.ga ur-backup.tech gmjyxmtu.ml map-o-tofu.com niaoge9.cfd esunmupas.ga familychiropracticinc.com www.rep.eruptr.com rep.eruptr.com tmstore6375.com reunish.store ha.egonmeijers.com smartsafedefense.com www.egonmeijers.com clairvoyant-factory.com online11.live atlas-trogir.net oasistogel.ink killcitinarebolt.tk mialaserleri.tk tripundriniv.tk 0994.vip minemendero.tk pin-up-aa19.click www.ra-profygroup.ru poiloilas.xyz teachy.co.il hustcencenalni.ml tryreassuringpossessor.shop sioflagpagoul.ga openedgevievpeygatewey.info www.balikesirescorttr.site c4rcd.biz giasusodasestworth.ga blenderbloo.shop zirjf.com daybetterkon.click loarehur.ml avatour.vn www.avatour.vn ra-profygroup.ru sportestates.shop crablisubsmun.ga asanalun.ga app-macoquiare.com quideicrunit.tk www.lifetutors.com spieleraum.net thietkenoithathanoi.vn 01090103.tk quabedoosrinoge.ml kingfaucet.men bypy.store tetracyclines.top balikesirescorttr.site cleareasven.tk lifubelryko.tk 0.her22.workers.dev www.chinastars-iq.com handlabefi.tk wanochen.cf camillefvrs.fr lifetutors.com next.storerocket.io catoninetail.com replays.app alinicolaysen.eu.org bunnyhans.com cccbydl.com hwmhshenghuo84.com apkdl.pw www.keyfresh-it.co.uk dspwvhn.com m5jau8l.shop twitkinceotricthi.cf pf.qureshi.me shareyourwork.org www.tritanims.info kingpinsalleylatham.com kaigai-hoken.info phz.jp kellynailsmemphis.com footshop.ua www.footshop.ua files.footshop.ua static.footshop.ua shop.footshop.ua freecasinoland.com 17akas.shop www.elkoliveira.com fusioncarbrand.com 65ee.net phixrpxj.cf

Malware Detected on Host

Count: 1 7600b8d58034bc755d19b3eb68c3c5f5018f077d064a68fab982b625bd5aeb2b

Open Ports Detected

2082 2083 2086 2087 2096 443 80 8080 8443 8880

CVEs Detected

CVE-2017-8923 CVE-2017-9118 CVE-2017-9120 CVE-2021-21703 CVE-2021-21704 CVE-2021-21705 CVE-2021-21706 CVE-2021-21707 CVE-2021-21708 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-37454 CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN