104.21.70.25 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.70.25 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 41/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1566 - Phishing

• Tags: acint, agent, alexa, alexa top, all octoseek, allusersprofile, antivirus, api sample, apple ios, artemis, as14153, as15133 verizon, asyncrat, attack, autoit, avast avg, azorult, bank, banker, betabot, blacklist, blacklist http, blacknet rat, bladabindi, blocker, bluenoroff, blvd, body, botnet command, bradesco, chaos, china cobalt, cidr, cins active, cisco umbrella, city, cleaner, cobalt strike, code, company limited, conduit, contacted, control server, core, count blacklist, crack, csv behavior, csv test, cyber threat, dark power, date, date hash, dbatloader, detection list, dnspionage, downldr, download, downloader, dropper, emotet, entries, ermac, execution, exploit, facebook, fakealert, falcon sandbox, family, files, firehol, first, formbook, fri jun, gandi sas, generic, generic malware, genkryptik, gmt0600, hackers, hacktool, heur, host, http, http spammer, hybridanalysis, iframe, info api, installcore, installer, installpack, iobit, ip reputation, ip summary, ipv4, irata, javascript, kb program, keylogger, kleinart, kontakt, laplasclipper, lazarus, lolkek, los angeles, lumma stealer, mail spammer, makop, malicious, malicious host, malicious site, malicious url, maltiverse, malware, malware site, mario, mb acrotray, mb iesettings, mbt, mediaget, metasploit, million, mirai, monitoring, mon jun, mtb dec, name verdict, nanocore, net192, net1920000, nethandle, njrat, noname057, office open, online fri, online sat, online sun, open, opencandy, orgabusehandle, orgabusephone, orgid, orgtechhandle, outbreak, ovh sas, passive dns, phishing, phishing site, phishtank, play ransomware, pony, postalcode, presenoker, programdata, programfiles, pulse pulses, python, qakbot, quasar, quasar rat, ramnit, ransom, ransomexx, ransomware, rc7 bypassed, redline stealer, redlinestealer, referrer, regexpandsz d, relacionada, relic, riskware, roots, runescape, safe site, sample, samples, sat apr, sat jun, sawyer, scan endpoints, score integrate, service, services, siem, site, soar, solimba, spammer, ssl certificate, stateprov, stealer, strike, strike cobalt, submitters, summary, sun jun, sun sep, suppobox, tag count, team, team alexa, team proxy, temp, tencent, text, text edge, text iocs, text query16752, threat report, thu nov, tld count, tot public, trojan, trojandropper, trojanspy, trojanx, tsara brashears, tue apr, turla, type name, tzw variants, union, united, unknown, unruy, unsafe, urls, url summary, ursnif, utc submissions, webtoolbar, wed sep, whois whois, win32 dll, win32 exe, win32qqpass dec, win32upatre dec, windir, w jefferson, wormx, xml document, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: yhoburzcdfi.info dealflowengineai.com satelittogel-win.com masterintelligenzaartificiale.com nutriwisecc.com princesapg-game.com betcris-poland.com tempobet365tr.com xap.lol dunperk.com canadapharmglobal.com dkmbi.us robycaldaie.it democraat.nu yosukata.shop smartvelocityzone.com hikpgme.live 56r-pg.com v4d.ltd qkl84.com winboost-mania.xyz okarun-api.online wm3geeiu98398q2vihugh9824iuhciu2934.murphy2905.workers.dev wbxm432cji460cplfpoi23498d.murphy2905.workers.dev shopurix966.com cahc.net wmlp1irhgert8979333453gbb3456o30b456.murphy2905.workers.dev vlt0nbr83474.top hrtnzbmdzhtzshtaejd.shop careerdesignlabs.xyz einstein-game.run njoftofalas.com brandcasino555q.online www.fatekeep.com mindbodyupdate.org timeplay88.help www.ethosfight.com annaandjuan.com szreeta.com qahevuzastore.top fetcbpf.shop dewavgsmega1.link bestspiele.com ahdbu55.top sluicecomic.com com-accoucv.icu optimusaffiliates.com ericcorbett.shop syno-msgupathser.info klasfxcrm.com plinkonew-world.site xingkong-xk22.cyou popzec.com kulisbet-allin.vip laymansepistles.com zqypu.cn secure-specialisthub.com srvlinkz.com bongdabk8.net wealthcoretech.com hk-myname.com kmd8888.net ntpccareer.net fantastytown-iq.com leijun1.xyz plozaluha.shop renoverapido-24h.shop goldenoasistravels.com 8215baik777.vip spellwin7.org ffol.cloloudaxis.ru 5p.cloloudaxis.ru circuitnetworkhub.com yakaom.com pev.cloloudaxis.ru aq2j.cloloudaxis.ru kkkjili.skin jvmagnitolavta4cke.click www.hrose.agency goingkitchenguard.com soliterkothrud.com yalla-shoot-fawry.com bkc88b.com kayseriescort.pro imubafa.info createautoai.com telegyitu.blue mpo8080a.net dcrh.cloloudaxis.ru orbex.top directhomeofferschannel.info 4458marsbahis.com ir.advancedcell.com galacticharborx.website online-loans-1u6f2p2i6d2.today classroom-10.us jenniferhardy.shop simplyech.shop www.ericcorbett.shop grandpasabet2227.com api.toolxt.com teleghrpsd.red unifimusicaccess.info cryptoplaycanada.com team-somethinginc.com www.elitedospes.com.br www.coffeeshopon.com thefreeunderwear.com www.fascom.com ref98213hkhfwiu420982hfu287498fj928u34.murphy2905.workers.dev didiparis.com wqujmdfhec.pics dubai-sale-real-estate.today pusta88.vip hellogoavanceonline.info sivyour.dev 168topgameauto.com ufi.cloloudaxis.ru fc918.vip 8day.channel kompas138a.com glossyride.mom bf199.xyz qimraclothing.com xvxuycdoqd.shop fullslot24th.com keensolutions.biz.id modernfix.top sammy888s.com www.emmajohansson.shop sa-noor.com www.f20c.com artteacheredu.org gjad.cloloudaxis.ru virounoticias.com.br traefik.frajerradek.fun www.moon4dmeledak.com find-premium-accurate-wealth-mental-test-uk.today asox-private.pro mupatya6.pro emmajohansson.shop ultrablogtl.shop natalieminternship.com safafruit.ir typebot.roketmarket.com hondagacor24.xyz titanmaconnerie.com construction-jobs-41rqcrwa7y92605.today fencingcontractors167410.icu diesel-mech-job.today jeoganolteubug.today 350bbin.com vinted.confirm1874238.info visionplay1.top confirm1874238.info monggowin37278.com albaikaue24.cfd familytee78.com emsheatingcooling.com psychiatrists-tests.today siki4dsatu3.store ebii.net www.bideaways.com bideaways.com 51-exch.com lukisanbingkai.site braces-dental-ww.today viikwxko.com favoriteteamswear.com frdwrchasielt.es sinarslot.online 4game.com.ua www.4game.com.ua steampowered.nextplaytest.cfd albaikuaedelivery.cfd testosterone-gummies-nl.today m.tp777388.com kxgnbkyuvy.shop cyber-security-training385321.icu sarlog.app iphone-tracking.help dagangminum5.click runningstyleshop.com colapamarket.top nenektogel4djan.com fitnessfirstnews.com yucdfgs.com tissuesatlas.com w0pkcmfkwuehriuyt87238hiuhut876t23gjf856.murphy2905.workers.dev moslem-javad-parve.sofasew401.workers.dev long-firefly-055f.alexlinn-burma69.workers.dev lspnxtka.xyz yio104.com web.yio104.com www.yio104.com koutrojan.happyboygrl.workers.dev bgieson.com whdtamxx.com s3.roketmarket.com scottsilvermaninc.com dh123.top lifecelebrations.co.uk gbwhatapp.in bvsqkjwpin.club pudqypenquins.com delivery-v.live aminoidlemurialycopus.info eprbreclaedea.forum asianpiexxx.com rtpbwo303spesialcrismas.space paymentpage.digital aroeiracitolascookdom.org writenoww.click meta-ai-case-view-6826268266.space 28ac73ese65p476s.us play-and-win.biz code8d9.vip vinango.com veiuo.top www.alvzart.com xpl2kjghet7863875jhgsdfuyt873453.murphy2905.workers.dev warehouse-services-675527.today ukmarketdb.com disevv.com truebrandhub.org goforgreatness.net interwithdraw-online.icu delenfun.click everum.cfd uniconexch.com attentionuk.org crispigermany.com 616y.top temu-srbija.net does.solutions muffsmussuknewsom.cloud vkusulits.ru jhvpg.club castconquer.autos jauenb.com bootox.store what-is-crohns-disease.today runawuy.site owegopalmerpetrick.cloud turn-inward.com denariidhamnoodiapers.blog linshihui.top vouchersbar.shop tfsaxrugzci.info wealthwise.cfd luya3.vip tktk77a.quest weblunder.com eniyisinde.tr electriciannapervilleil.com vmepgyxt.rest bytrellusonlineconnect.info poleneparis-ph.com bdgwinvip6.com graniphoto.store www.graniphoto.store museumseoul.com www.alegriashoef.shop education.achoyo.xyz blog.nripee.space ezudimu.info spectrumshadeshub.cyou 6rpg7b.test-askay.pl 34ws8o.test-askay.pl dy2s98.test-askay.pl 67imqk.test-askay.pl nuox7d.test-askay.pl 49bn0m.test-askay.pl sz4ylb.test-askay.pl qdm3z5.test-askay.pl jpa06r.test-askay.pl ks0pde.test-askay.pl f0w3ql.test-askay.pl ji60l9.test-askay.pl eg8fp3.test-askay.pl 4yk1i5.test-askay.pl qs1peu.test-askay.pl ktyi07.test-askay.pl 8jkw2z.test-askay.pl 4yj29q.test-askay.pl j6pilq.test-askay.pl yjnp20.test-askay.pl zx2y8g.test-askay.pl tc24j6.test-askay.pl t94e3u.test-askay.pl 08pzt2.test-askay.pl 783dki.test-askay.pl 6wnsbt.test-askay.pl 8evntu.test-askay.pl sqby5p.test-askay.pl 9xzj38.test-askay.pl dl81fq.test-askay.pl l3vizk.test-askay.pl 9cg3vl.test-askay.pl s8153l.test-askay.pl qf5bzc.test-askay.pl f9bpwa.test-askay.pl wbs3iy.test-askay.pl aqku2d.test-askay.pl 1ar46k.test-askay.pl z9ks4x.test-askay.pl ufbi4r.test-askay.pl 921a0w.test-askay.pl 9dskf0.test-askay.pl kmix3r.test-askay.pl ros0d5.test-askay.pl btkfzd.test-askay.pl eylqao.test-askay.pl 2ywj6c.test-askay.pl gu507q.test-askay.pl novgi3.test-askay.pl jygiw4.test-askay.pl mp8eyt.test-askay.pl bp78n9.test-askay.pl 1fwemz.test-askay.pl wragfo.test-askay.pl vs6qhl.test-askay.pl w40fpq.test-askay.pl 5y6grt.test-askay.pl 6wbuql.test-askay.pl ykrw9c.test-askay.pl ukc2hx.test-askay.pl hdj490.test-askay.pl 7iwd4g.test-askay.pl fgep1n.test-askay.pl 7grq4h.test-askay.pl ih70xj.test-askay.pl cakfhj.test-askay.pl 96xj3v.test-askay.pl qw3spu.test-askay.pl f7b4zw.test-askay.pl 0uidex.test-askay.pl n8tq74.test-askay.pl crpl0f.test-askay.pl qt9ejz.test-askay.pl dx417r.test-askay.pl 2xjut4.test-askay.pl f3pgnu.test-askay.pl 7e2j43.test-askay.pl 1srmi5.test-askay.pl 7n0urv.test-askay.pl 5k3hrs.test-askay.pl q7kd4r.test-askay.pl v0jadz.test-askay.pl vxjsho.test-askay.pl h51yc2.test-askay.pl j0rpm9.test-askay.pl bd0mle.test-askay.pl zhkgy9.test-askay.pl 5eh1mj.test-askay.pl oymvpb.test-askay.pl 0weha6.test-askay.pl sm7vyo.test-askay.pl puo5tq.test-askay.pl n7a3bt.test-askay.pl 6xfacs.test-askay.pl 5dnwre.test-askay.pl xfltk3.test-askay.pl ipl03e.test-askay.pl ntaysl.test-askay.pl mn647e.test-askay.pl kgjvwl.test-askay.pl wztka3.test-askay.pl isjh98.test-askay.pl kajiramar.guru 9fl0zx.test-askay.pl 8b9wuv.test-askay.pl 3romc0.test-askay.pl sgpwbk.test-askay.pl i9bkey.test-askay.pl 7q46ws.test-askay.pl 7x69r8.test-askay.pl w8vm9s.test-askay.pl 7dv4hf.test-askay.pl 9e01n6.test-askay.pl wg8k5e.test-askay.pl q6uewk.test-askay.pl vzyh7q.test-askay.pl qcw20t.test-askay.pl fotekx.test-askay.pl qnz1es.test-askay.pl h4i9qj.test-askay.pl g406ak.test-askay.pl 3itmc0.test-askay.pl qpoc3r.test-askay.pl vcafm6.test-askay.pl a6t7po.test-askay.pl 751qh0.test-askay.pl goah7f.test-askay.pl z6s3ji.test-askay.pl fyo1rd.test-askay.pl c9wmv8.test-askay.pl p7h3sg.test-askay.pl ehlzx1.test-askay.pl dfem57.test-askay.pl g3nard.test-askay.pl lgcifj.test-askay.pl hiw4ms.test-askay.pl jkwob0.test-askay.pl an5zo0.test-askay.pl oxai20.test-askay.pl cy7dqa.test-askay.pl ha9p2w.test-askay.pl v8wdl3.test-askay.pl u4e7wc.test-askay.pl ymg05h.test-askay.pl xs58m7.test-askay.pl 8p6uze.test-askay.pl oxqj7r.test-askay.pl r5sl6m.test-askay.pl j0cwal.test-askay.pl 7mtyko.test-askay.pl htp31n.test-askay.pl 0clmsq.test-askay.pl 4xhvr6.test-askay.pl 23htik.test-askay.pl o1k7d6.test-askay.pl jfoiqe.test-askay.pl d29phy.test-askay.pl kl9pfe.test-askay.pl av4dp5.test-askay.pl 1mtpio.test-askay.pl l98an5.test-askay.pl luswt0.test-askay.pl bmeix9.test-askay.pl 19kvmc.test-askay.pl qpb4wl.test-askay.pl 9z3pxl.test-askay.pl nm4psi.test-askay.pl 6ypqvn.test-askay.pl 05qo2h.test-askay.pl 0d9hz5.test-askay.pl tjurh8.test-askay.pl 52t7bm.test-askay.pl c2sjt6.test-askay.pl n6zhx9.test-askay.pl nl5fh7.test-askay.pl r43id1.test-askay.pl dg3pil.test-askay.pl ty48vl.test-askay.pl 83divl.test-askay.pl q4sejn.test-askay.pl dvrwpy.test-askay.pl onuxk3.test-askay.pl 3g1qnp.test-askay.pl df4wgl.test-askay.pl f8ydu7.test-askay.pl yt0guv.test-askay.pl r9efnw.test-askay.pl tadnbi.test-askay.pl sgk7zo.test-askay.pl xpwjr8.test-askay.pl wkcgba.test-askay.pl e26ky8.test-askay.pl 9os14t.test-askay.pl gz0xwo.test-askay.pl za89bg.test-askay.pl it35xz.test-askay.pl gc0eyn.test-askay.pl 4pq0dr.test-askay.pl 2emlo5.test-askay.pl owju3f.test-askay.pl en45w7.test-askay.pl j2m9gc.test-askay.pl c8xdjr.test-askay.pl j0k7pt.test-askay.pl ltrx5k.test-askay.pl r4azly.test-askay.pl g3670e.test-askay.pl iuzcdy.test-askay.pl ho1ta4.test-askay.pl bsdn6h.test-askay.pl uyoeh8.test-askay.pl 9dfz75.test-askay.pl wxrdv5.test-askay.pl mgl7dz.test-askay.pl zk1gdy.test-askay.pl v9tsu5.test-askay.pl f1xubh.test-askay.pl 3bzl68.test-askay.pl 25987u.test-askay.pl gpmx2f.test-askay.pl 5qm83j.test-askay.pl zpr7xf.test-askay.pl nfbthg.test-askay.pl nordicnexuz16.com 0f1mes.test-askay.pl vhcq4k.test-askay.pl oeb5x6.test-askay.pl mjya8z.test-askay.pl t5x1o4.test-askay.pl wb4akq.test-askay.pl 5we2jf.test-askay.pl b8dpuw.test-askay.pl u72csd.test-askay.pl

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 ****** anonymous-proxy-ip-list-2025-06-22 ******