104.21.6.209 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.6.209 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1043 - Commonly Used Port, T1056.001 - Keylogging, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1497 - Virtualization/Sandbox Evasion, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1573 - Encrypted Channel, TA0004 - Privilege Escalation

• Tags: a1ginaprincipal, a9dia, aaaa, accept, accept encoding, acint, address, address first, address google, a domains, adware, a fleecy, agent, ai, aig, AIG Claims, alexa, alexa proxy, alexa top, all octoseek, all search, anonymizer, antivirus, api blog, appdata, apple ios, applicunwnt, april, artemis, as13335, as139021, as14061, as14720 gamma, as15169 google, as16276, as20940, as29789, as30148 sucuri, as31898 oracle, as396982, as396982 google, as397241, as40509, as44273 host, as54113, as62597 nsone, as7922 comcast, as8075, as autonomous, ascii text, asn15169, asn16276, asn209242, asn4583, august, awful, back, bank, banker, bazaloader, beach research, beginstring, behav, binary file, blacklist, blacklist http, blacklist https, body, bot, botnetwork, bradesco, brian sabey, camera usage, canada unknown, certificate, checked url, child teen content illegal, chrome, cisco, cisco umbrella, class, classic poems, cleaner, click, cloud computing, cname, cobalt strike, coinminer, colorado, communicating, comodo rsa, conduit, contacted, content length, content type, control server, copy, copyright, core, country unknown, covid19, crack, creation date, critical, customer, CVE-2023-4966, cyber stalking, cyber threat, cyberwar, data center, date, de indicators, de page, de summary, detail domains, detection list, device control, dnspionage, docs pricing, domain, domain related, domains, domains show, domain tree, downer, downldr, download, driverpack, dropped, dropper, ecdhersa, edsaid, emails, emotet, encrypt, engineering, entries, error, et, et tor, et useragents, execution, exit, expiration date, exploit, extraction, facebook, fakealert, falcon, falcon sandbox, february, file, files, files location, filetour, financial, firehol, follow, formbook, for privacy, frames domain, france mail, france unknown, frankfurt, free poems, friendship poems, fuery, fusioncore, gb summary, general, general full, generator, generic, genkryptik, geotracking, germany, get h2, glupteba, gmbh version, gmt content, gmt united, google, gsqueue, gts ca, hacktool, hallrender, hallrender.com, hashes, heaven, heavens, her beam, herself, heur, hidden users, historical ssl, hong kong, host, hosting, hostname, hostnames, hostname server, http, http header, hybrid, icedid, ice fog, iframe, indicator, indicator facts, inject, installcore, installer, installpack, internet storm, iobit, ip address, ipasns ip, ip information, ip summary, ipv4, isotope, january, javascript, jpeg image, js, june, kali, kb image, keylogger, known tor, kong asn, kuaizip, laplasclipper, leasewebuklon11, links certs, local, localappdata, location hong, location united, login, london, love, love poems, mail collection, mail spammer, main, malicious, malicious site, malicious url, maltiverse, maltiverse safe, maltiverse top, malvertizing, malware, malware alibaba, malware host, malware site, march, mark, mark brian sabey, markmonitor, media, mediaget, message interception, meta, meterpreter, metro, milemighmedia, million, mimikatz, mirai, misc attack, mitre attack, monitoring, moved, msie, mwin, name servers, name value, name verdict, nanocore, nanocore rat, network traffic, next, nircmd, njrat, node tcp, node traffic, november, null, nxdomain, open, opencandy, otx octoseek, outbreak, page url, parent parent, passive dns, patcher, path, pattern match, phishing, phishing site, png image, poem, poems, poem topics, poetry, pony, pornhub, presenoker, present mar, probe, problems, protocol h2, proud evening, proxy, ps ord, pulse indicator, pulse pulses, pulse submit, python, qbot, quasar rat, query type, radar ineractive, radar tracking, rank, ransomware, record value, redline stealer, referrer, refresh, regex, registrar, related nids, relayrouter, relic, remote attacks, requested, resolutions, resource, resource hash, response ip, revengeporn, reverse dns, riskware, romantic poems, roundup, runescape, sabey, safe browsing, safe site, sample, samples, satellite tracking, scan endpoints, scanning host, screenshot, script, script urls, search, search live, sec ch, secure server, security, security tls, seen asn, seen last, server, servers, service, services, shone pale, showing, site, skynet, skynet bot, soc, social engineering, softcnapp, software, spammer, span, sql, ssl certificate, star, status, status hostname, stealer, strings, subdomains, summary, suppobox, svg scalable, swrort, system, systweak, tag count, tags none, tcp traffic, team, text archiver, than, thomsonreuters, thou bearest, threat network, threat report, threat round, threat roundup, threats, tiggre, tofsee, tools, topic, topics, tor known, tor relayrouter, traffic, trojanspy, tsara brashears, tue apr, twitter, umbrella rank, union, united, united kingdom, unknown, unknown traffic, unlocker, unsafe, url analysis, url history, url http, url https, urls, urls date, urls http, url summary, value, variables, vector graphics, wacatac, waypoint object, webtoolbar, westlaw, westlaw njrat, whois record, whois whois, windows nt, x powered, xrat, x sucuri, xtrat, yandex, yndx, zbot, zeus, zuorat

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 6 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, Netherlands, Spain, United States of America
• Passive DNS Results: anglerdock.com bin505.com 58r-gg.com tolgaydinn.xyz telegaem.org maxtool.cfd jouni.biz 90pmbet.site veltskur.com infhotsec.com mtbzubehor.com kloch.online 27b-02.com bronic.org axelautoworks.com sztucson.com visionflowgrid.xyz laligastore-eu.shop www.sanyuebariluodi.com www.costguideplatform.com hydro-aero.com drumitor.com scstert.com bospersentoto.com ign188link.com sdachbalkh.com superechelonagency.org bidersd.info transprogress.info aia-eventapp.com idpathway.pro orbitdiscount.com yqnsvcctb1.365javmm.buzz timertodo.com www.msqbj.com glacierglowsolution.pro hrzmocg.info stuttgart-news.xyz stefanihome.eu sanyuebariluodi.com onlinedfdh.xyz costguideplatform.com perdanaslotslot.com tebakkbtc.site caudalie-fr.shop au-sathu.online canakkaleajans.com popgameh5.top scholarivontis.sbs pcfvahac.click 18100m.com vivo303aura.com packages-she.com apaxback.help onzora.info fitnessproadvisors.club chriskrolakdesign.com gc00.xyz studiofordesigners.site msqbj.com alpha-solarwave.xyz com-tiznqsdh.world onaykutusu.com infoleap.info xn–52c4bd2afea6i8a2a0u.com highdesertcpasnv.com pilotbyhs.shop 20okbet.online bakamlaambon.com catedralcfc.com jobs-7-eleven.com webullcpro.info aipo28.top recycle-navi.com asos-trendyclothing.shop morganmaistore.com 825nn.top 1woydx.top macizlevip2367.shop crimebd.news warehouse-sales-2o5k2y2t1h0.sbs amptotoo4d2.com goaiwavemakernow.com skillwavee.com www.aia-eventapp.com growthgenworks.org gdorianmodescale.shop tryvortexadvisor.com seller-gumtree.world hollydurrart.com filatov-pavel.net cyberninja843.top erectile-dysfunction-1z3r0n4q4s3.sbs usehalbert.com vortexshine.online homeoidality.com iocapitalizeapp.com nuxak.top rush.town 4u7cbxyj.top newwebhardrank22.store sagame.shop bybit.review 8dayy.info ee123cpf.com scaphiopodidae.com openpipette.com 9m8r13.info axiata4don.com casinomaxii-giris.com www.smallgiants.agency weldingpicks.com omegawizard100.top 632195.online foliagegardenpattern.xyz meehloveov.com itwister88b.com ddoscn.com buy-now-tv-4412.today ximaray.com ourlegacy.work yfzjsuq.info shopvn.cyou li-onoliv-ia-69-64.ha-rper3904bear.workers.dev apjujia.com www.funnelfeed.io liga178sports.store bag.astappiev.me feed.astappiev.me nmsanzhi.com snowwhitecleaning.ca www.snowwhitecleaning.ca concernhisadmit.pro shapedpediagong.com bv789bet.com uyzokle.cfd api-spectre.fproject.info owensboroparks.org av8x.xyz nassaustreetconsults.info comptoollearn.com bagvn.icu de3pohjhxpn.site klickboostcloud.com www.tylertracy.shop directtheloudcrowd.info br695826.xyz wescalecompany.com vless.462061235.workers.dev law-help-today.xyz ourspoonfulbox.com bgbook.pro plazetoys.com tylertracy.shop jei.monterhvnm.com hey.monterhvnm.com hiatlanta-jonesboro.com qrcodes.live alcannaj.men monterhvnm.com quiamare.com domisol.site datamacau.network goingtriad.com www.ujubogu.info www.sonela.de sonela.de patient-sunset-a838.i9bj2hrbdbm5.workers.dev mail-gogole.com vtzjnu.info teleglram.makeup helpmatt.org widedebt.mom sukaaacasino-ewa.buzz energytavan.ir olkixxx-32114.com bilatifa.fun foguete-pg.com damostockl.buzz www.hollydurrart.com nguvovifo.shop dvlipnawexko.shop iamparia.dev vavadacasino-top.online bosze.us g2g-899.org reach-kodekloud.com millionwins777.run cryptobeast-presales.com lottogo-casino.com new77rame.sbs ujubogu.info 365javmm.buzz homerepair648744.icu pafinos4d.com tfmsd.club puncak138lux.com dsaer.xyz onhd.site r4lusndts.shop edpons.net vzzz.org peterjutro.com crediy.store 51mailuntai.com ahvsn.club awevud.net opssi.org wtbrrowsd.shop online-dating-h80enya44664.today cirelelijewelers.shop alirugu.info casinopub.org ecostore.asia www.cybertrader.bot pyvex.shop herosimantap.ink gpproapp.com.br tgfjdxlhwqzvc.wiki shop-pz.website epilepsyanticonvulsant060108.icu aliciamjay.com xanderescapes.com tywoguu5.pro zjjiedian.chendong20240413.workers.dev usehockeystackhq.com ayubet.info promo.fuerte-group.com www.promo.fuerte-group.com bk8aus.site sonicgift.cn api.parag-193.workers.dev mindreplica.shop useploomo.com posthogproxy.msione.workers.dev youxyz.xyz mian-a-yang-freevless.hunewton.workers.dev bajeczki.tv cybertrader.bot 116.renxarielle920.workers.dev winter-darkness-afcd.462061235.workers.dev www.dewapokways.org jincanhe.com pegarumcarroeletrico710814.icu natureinteriorrshop.com ukmi.top jeroennoordzij.com yepuhui.vip lovefishing.fun www.twstand.info rgznew.rgzf19.workers.dev fdircgbt.life moving-services-us-en.today porcvqbmlwn.fyi mischei.de perfectbody.com.mx tvhdonline.tv kompetisibakatsangsurya.com fbwotymiy.xyz pthighheel.com trapdheave.com yuanxingfangbaomen.cn nphrxm.motorcycles gaduingaolagegastrea.art naikpria.store edjzecksmulders.xyz proxy-notion.sdelal-prosto-ya.workers.dev appoverlap.com erinanderscn.shop vahiddarbandi.ir www.vahiddarbandi.ir eniyisitelergirisi.click yaletoydrive.com soft-bird-fa66.g6z0g8t0.workers.dev premierstaffings.com api.diagram.zitsoftware.com www.bermudi.dev tuorswey.icu hamsteracing.xyz casibom-resmi.com xhcydl.com workfunnelboost.com vundc.com nhadatngoaigiao.com ampfirstplay88.com renzhengjigou.org titanic.artevault.com anhngusydney.com rcwv.store www.filledwithbarakah.top give-more.world www377coinbar.com qqaxioo.xyz adnanadvertsairdrie.fun zentgraf.co.za www.pakbos77.blog pscpanama.com aegistvlatam.org pellonow.biz parrisqrpc.za.com filledwithbarakah.top online-depression-test-515079.icu tge-hl.xyz ouroptg.com fachanwaelte-wolfsburg.de manvgoty.shop dewapokways.org 360degreephoto.us www.halibuyfashione.shop electrotm.org pakbos77.blog dhlpckg.com injective-network.net solarpanelschinanen.today erectile-dysfunction-zvqq7imaw1640.today inboxpoint.best fitmitjela.de bongoqr.com marketnl.space worker-empty-sun-50d0.zxxooxxoo.workers.dev d.885511.xyz worker-gentle-waterfall-fd81.zxxooxxoo.workers.dev www.dragon4dsee.com vham3ru.mom 0125.renxarielle920.workers.dev worker-mute-brook-0b44.p3x2tkp3.workers.dev www.accuraggrosamish.cfd accuraggrosamish.cfd dz-digitalmarketing.today product.qasimhussain.com empty-frog-9a79.462061235.workers.dev artemiaedizioni.it fquiz.ir merigianstudios.com gopnp.sbs donations.coreyjmahler.com bflexpress.online imgbak.site www.jobshiringnow128488.icu fullte.com miscalmohwamosul.shop www.bioacela.com sonetio.com flixaroma.com apk20bet.com parkourrun.com mochaseo.com map.artevault.com jomiba.net godsgardenldn.com urhudsonvalleyseed.shop showtimeplay.com api.artevault.com kamagipratas.com.br host-ov.info outreachnuant.com complaint.rooms1329.info e-muzik.net ekah-nidir.online sociosocultos.com.br resepmaxwin.info kingsleylzx.com www.resepmaxwin.info www.nelsongodbey.shop rooms1329.info www.mymanikuroff1.ru mymanikuroff1.ru challenge.vut.vn dentaltreatments-jp-02.today jobshiringnow128488.icu www.flashoffer.fuerte-group.com vint.website islamnusantara.com lifehealthdisabilityinsurance.net www.lifehealthdisabilityinsurance.net videoview.com.br parkingukgovgc.top ipv4.army keid.ikigai.id www.keid.ikigai.id 65889522.vip festalallegiance.shop www.facilit8.com.na pmgv.es docs.owkor.com osmicblogstamed.rest fivegysdiscounts.lat immich.channonballs.com bazarr.channonballs.com connectsnow.digital warehouse-services-es-pa.today cuevanaseries.pro www.digitalassetvaultx.com restedcocktails.com br-pay.io www.lmkwph.asia goodnike.shop ferrariworldtour.com www.taiwanbigsctrshop.shop www.03032001.xyz felixvanlocadora.com facilit8.com.na dagan.co.uk m-asyabahis975.com view-transition-scroll-animation-demo.amir4rab.com drscm.ikigai.id www.drscm.ikigai.id taiwanbigsctrshop.shop mksport.casa messi-11.com www.messi-11.com www.chigoft.com chigoft.com fitnesstonres.com drierterry.xyz dingyue1.mailabs.pp.ua gmqthjralsy.best 1.renxarielle920.workers.dev parasitic-giver.live dealtcoin.com jobsinwarehouse-nl.today nbhh.lxfnb.sbs 117.renxarielle920.workers.dev nelsongodbey.shop 1209.renxarielle920.workers.dev kevy.in hypergamingsphere.com craftcontentcreative.com savarae0.ru eavamart.sbs paymentnetworkpro.com power25.click joinmesrapkr.site hyperdrome.net slidoalternative.com hmiaom.com kmwlws.com 8-link.com jjaeogov.com njjifangkongtiao.com withaheartyhello.com artevault.com ahc2o.com 7047vip55.com debaihui.com qqzb178.com lauzaro.com unitedstatestaxcourts.com positivebusinessbalance.com aihypeman.com geneome.net letsplayshop.xyz emixcotech.online www.sman1jember.sch.id 1227.renxarielle920.workers.dev gongwuyuankaoshi.com.cn micehotspots.com dongdong.chendong20240413.workers.dev www.lourdeshotelmed.com bdhvg.link scf-airdrop.info file.owkor.com platform.artevault.com flashoffer.fuerte-group.com www.newsquake.org reddragon888z.com honestybargains.sbs chentequintanilla.com weubwz.com juergen-uthleb.com app.dappwebnetwork.com hello-world-floral-boat-9320.zxxooxxoo.workers.dev worker-silent-bush-28ae.zxxooxxoo.workers.dev service24x7.email 4.renxarielle920.workers.dev 3.renxarielle920.workers.dev beeinspiedclting.shop coinapitaltrust.sbs leftia.info j6m8k3l7.autos photographed.uk creer-la-vie-de-ses-reves.com yinjiaohuan.com pgjaya.vip gloveshq.shop generalcontractorsbirchrun.com unikbetusus.site calsavers.one shoutfactoryes.shop fow2025.club zapateraxia.shop bhuoplrgtyh.cyou 43corlaslot-4d.xyz ms-cabemanis88.live 177777777.xyz serverm77.world orangeretro.shop ovo280.vip mastermpoo.com sixtwelvefourteen.com

Malware Detected on Host

Count: 1 5a45d0fafb2c02ddf79a6f3d08a6b7160a93ab461772bb67363fef8d63a359ff

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22