104.21.79.171 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.79.171 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 47/100

Host and Network Information

• Mitre ATT&CK IDs: T1016 - System Network Configuration Discovery, T1027 - Obfuscated Files or Information, T1059.007 - JavaScript, T1071.004 - DNS, T1095 - Non-Application Layer Protocol, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1573 - Encrypted Channel, TA0007 - Discovery, TA0011 - Command and Control

• Tags: 0x1e9f6a, 0x1f264c, 0x2b3861, 0x45b62b, 0x4919e6, 0x4919e6window, 0x574ac1, 0xac498a, 100.0% (.HTML) HyperText Markup Language, analysis, apple, ascii text, Attempts to identify its external IP address, bad traffic, blacklist, category value, codes comments0, communicating, contacted, date, et info, evasive, external ip, failure, file name, file size, files not, file type, flag, found, found network, found sigma, hacktool, historical ssl, html file, html internet, images embedded, info ids, ja3 mitre, magic html, markup language, misc activity, mitre, mitre1 iocs8, not found, Pattern match: \bootstrap@4.4.1, Pattern match: \popper.js@1.16.0, referrer, resolutions, rules not, server, ssdeep, ssl certificate, subdomains, submission, ta0007 command, tag summary, threatfox, tls handshake, toolbar, trid hypertext, uint8array, united, unknown malware, url http, url https, whois record

• View other sources: Spamhaus VirusTotal

• Country:
• Network: AS13335 cloudflare
• Noticed: 1 times
• Protcols Attacked: SSH
• Passive DNS Results: lastschrift-bestatigen-23.online dexmusk.com trcoexb.com 123jiasu.com aielevateproo.com bhgjnu.top thegouldstandardforrestoration.com o8s4b22.autos www.handtoolsbest.com cutgzreach.life byyule.com ledt-l.com beshealtaly.site ezsbermob1.info myhelpgovtrf.online zerkalo-leonbets2921.xyz zonamenang.org auto-insurance-best-quote.today hearcornellcapitalholdings.com lawncare-jobs-searchers.today avaiai374.xyz handtoolsbest.com mobilepops.site fedflight.com joinpalisade.com cryptomimi.org mowang111.com geng707.com www.midror.xyz trendy-learning.pro snlbarlum.com 90plink.me xtremeaviationsms.com aquarosebeauty.com meinaug.com individualka-kurgana.ru robertafrancis.xyz v6v809.xyz lushbreathtakinggardenoasis.com edukier.com imogenstorm.com toyscaonline.store sseccure24-suupport.shop aze91.com weather-alerting.xyz lianhuawangluo06.xyz 1672.pro leaksforum.ws threefourthreetwo.xyz bijouterieoffres.com situsamanah298.com try.allaboutgaragedoorstn.com 6046.pw sares.app kjndr.website nfdbg.website donghosunrise.com shootingfromthehipbook.com www.shootingfromthehipbook.com creamywhispers.live hbi680.site svrce.top helix-worker.wgall23103.workers.dev giannishouse-bari.it smartsolutiondecent.xyz adm.terrainvestimentos.melver.com.br adm.activtrades.melver.com.br wit.melver.com.br transbrasangola.com chiefliveapartments.today haff.dev fnygo.com livechat.nl arbetypartners.com salcondtar.ml www.shirinonews.ir grupogaroufo.com sakurascrap.ru wildatlas.us coliacapital.mx swenviews.com gqrawpntohwpm.com qrrze.xyz berkahwin88.pics menakarts.top car-etctw.top prospera.melver.com.br inheritageshop.com krishnalokfoundation.org bsyks.site mecvannin.im uacx99.homes arsenlopez.lowojah250.workers.dev hello-world-holy-sun-621a.lowojah250.workers.dev www.monaco.pp.ua monaco.pp.ua t0du313djm.net xnvxcvjf5r.com pacman.plus a678bd.com hntv2365.top lawlikewi.site gyronixcr.su www.casabihotel.com.tr casabihotel.com.tr crm-globeinvest.webtrader-cloud.com crptboss.co www.townoflowell.com www.soroh-entrada.com webtrader-cloud.com dripkazino.com theb0ss.com lojaamaramar.com.br resolute-softball.sa.com cdfyv.info testing-support-keyword.today jensenservicesllc.com 68im2.sa.com defrondo.com g10.melver.com.br buffalogearrental.com www.mosaicpath.co mosaicpath.co simonsinfonietta.org nontondramaindo.com www.toinbox.net aerospaceuae.com shabu999-th.com loywonjadelacla.gq gilbank.net fune11.top sudokupuzzles.printablecalendarr.com alexlitak.com rajacuanid.info wearethebakery.com bcindustries.in oseadkayaking.com tpzlo.com comua.xyz www.rsbhi.com www.luxpetstar.com haoniuyingshi4619.top ivstp.link trendy24.xyz bitofstates.com ro.na-zdravi.site huggiesestonia.com madeell.com lujointimo.vip wyqt.info rosavestigo.com.tr still-dew-a21e.alirzalucifer2408.workers.dev young-bird-49ef.alirzalucifer2408.workers.dev seeyourwebsite.xyz www.meijudou.com verify.toinbox.net www.verify.toinbox.net aria.ymseven.top sockfkxp.site protectklq.buzz distribution-sui.xyz silent-surf-5b38.lkzsaxn6.workers.dev www.pestfreedomcommerce.com devopszirvesi.com panel.aryanai.com hamrah.majid81m174871.workers.dev onecart1.com pestfreedomcommerce.com bgdfbfds.buzz freetest.majid81m174871.workers.dev frosty-hill-49f0.majid81m174871.workers.dev shutell2.myvpn.click jstv1118.xyz hamrah2.myvpn.click irancell2.myvpn.click valeyko.xyz kukuku.store www.phim-sex-khong-che.vip phim-sex-khong-che.vip www.illiniterminalrailroad.com www.socknessocks.com ultracentralbenidorm.com jcksdc.xyz giatslot.org mavikumpanya.com midror.xyz dvinvest.melver.com.br scf2.myvpn.click pass-fire.idwbany.workers.dev crearnegocionline.com globaltripplaces.com hamrah.myvpn.click irancell.myvpn.click greenplate.ru doujinshi.uk townoflowell.com textaufgabenklasse.com www.textaufgabenklasse.com revdeconsultancyservices.com cupidsweddingchapellasvegas.com aoxsevcu.site leonbets-kap1.site www.markas888.com www.havetheystreamedthatwizardgame.com cornwall-learning-partnership.org toinbox.net rough-cell-0b33.lkzsaxn6.workers.dev fonefarmprivate.uk.eu.org theoverall.tech affordablegolfcartsforsaleonline.today www.theoverall.tech yu170c.buzz cqxinman.com drugte.st hkhoqupu.xyz rvkaykracks.com www.staragotowka.pl upholstereddomesticseating.co.uk datadrivenmarketingsol.com admin.maychutot.com api.maychutot.com lost-mode.online panthera.bbs.tr bold-pine-1ad3.emb80792.workers.dev justintvizle4.pro maestrotv.fr getfree.mj-hossein.workers.dev shiny-poetry-6592.mj-hossein.workers.dev findcouponkr.com starlogisticsdelivery.com ketoqenecijilov.fun xn—-ctbkaitzsj.xn–p1ai frq6.cn glouvotssurvey.space sodaragacor.org hideeducati.com outbackbowl.com scf3.myvpn.click probpoperskekee.tk www.ecobella.com.mx we4tw5yrersgfe.shop avejyx.xyz visaedkol.com myjoyjourneys.online vkgolosnnr.tk cpp.careers mahdi.mahdivpnmy.workers.dev revinvtech.cfd czlxbw.com autumnheightsdental.com www.michaelpearcebankruptcy.com michaelpearcebankruptcy.com chatter.idwbany.workers.dev chatgpt.idwbany.workers.dev paributv.com tim.gw.to www.531631.xyz fnhbiw.shop vendasdecursosdominio10.lat fountunecoinscasnio.com prk234.com www.uygunpazar.info uygunpazar.info s1cf.myvpn.click svelte.abmin.dev bmgclfwsgnfn.cf inwest-24.pl luxpetstar.com iccoru.shop xigua75.com timalasci.tk calccoltoura.tk bra.melver.com.br adm.bigmind.melver.com.br xp.melver.com.br metodotonello.melver.com.br tradeaovivo.melver.com.br silvanoformentin.melver.com.br hyy.pe ocean-service.ru fujinku.store demotivers.com ketloskak.shop ariaserve.ymseven.top nas.ymseven.top git-hubs.online rrlibddgheaed.ga alpalart.co.uk ntrjnz.com sushaynehy.tk farzad-shadi.farzad-shadi.workers.dev adm.3xperiencia.melver.com.br edgetestserver.com api.whenworks.co seeclear.beauty destinosmaisincriveis.com pursaklar-ajans.xyz modal.melver.com.br rahnama365.ir animtv.bleach.workers.dev promotionhot.today adm.xp.melver.com.br whenworks.co www.omanazudez.tk www.easytipswiki.com easytipswiki.com files.melver.com.br fundumisrearo.tk havetheystreamedthatwizardgame.com costamezzana.it api.ipify.org adm.melver.com.br ipify.org ci2spi.ml newsazab.in www.newsazab.in nhacaiso31.buzz binance-education.com adm.casaltrader.melver.com.br casaltrader.melver.com.br lakagflp.ml lavatu.tk www.rejuvenecerestetica.com www.rida.serversea.net rejuvenecerestetica.com kiaj.link dotkar.com enfantino.pl termineseusestudos.melver.com.br fightout.space saeedsharifit.ml dslose.com mitlhv.com rustedwarfare.org www.rustedwarfare.org socknessocks.com kz0y0.za.com lilami.lv menady.mom tg-xo.com hxczs.com docs.hyy.pe edyclshh.tk www.artenalinha.net merhiho.com haobottflipenar.ml inpinawetrust.com cfcdn-jkwt-2301.hfwow.com rsbhi.com ecobella.com.mx elite-gartenbau-hamburg.de tiocanggaposana.tk pintar.works anbrisanarmear.tk www.hueni.edu.vn hueni.edu.vn myvpn.click stelatat.ml sipurti.tk suntixx.com wallcellholdca.tk www.melver.com.br akoutumri.tk 5612587.com www.sbn.jor.br nmaisesporte.shop tok.na-zdravi.site api.aniteca.net frinirabdistepap.tk fast888.org sc363305-643020400-2.cf artwildstore.com www.artwildstore.com rectporma.gq detheahalacar.tk darzadiserve.tk diotemagerfiper.ga g00lzech.com fragrancecomplete.sa.com w227tyc.com necourlecampore.ml sarsrolfulbmicthoulo.ml sikaayetvarbildiirimi.ga wplus8now.com www.agrix.agr.br cfcdn-jkwt-06.hfwow.com cfcdn-jkwt-03-04-07-08-09-11-12.hfwow.com cfcdn-jkwt-05.hfwow.com atlepi.info wheelrepair.xyz www.undegasesc.net undegasesc.net tathumbwordculede.tk specesoltremacom.cf arpcem.org srchmitter.com livovande.ga 43q2dd.buzz pragmatichoye55.com glaziersmortlake247.co.uk www.amazingmobilemassage.com agrix.agr.br ketoavugolomons.cyou himmelreich.online magolab.melver.com.br meuplanocrypto.melver.com.br 06688.top misty-king-d464.lemahin114.workers.dev gravinictehnamal.tk siozofensibucont.tk nikoeteo.it frosty-meadow-38ac.hihici1728.workers.dev jotatrader.melver.com.br dulrioprovcono.tk www.magicplaylist.co ilimitz.melver.com.br dw6fi7k.buzz topriderhn.com klendrai40.com grynmmrxvr.sbs danilozanini.melver.com.br cyrela.melver.com.br benndorf.melver.com.br app.melver.com.br adm.termineseusestudos.melver.com.br unrepentan.com 88sidh.info adm.metodotonello.melver.com.br www.advplanet.net adm.blue3.melver.com.br adm.bs.melver.com.br choirsingersareeternal.com subchaba.tk adm.benndorf.melver.com.br 3xperiencia.melver.com.br difnadipolscenre.tk www.10010898.com 10010898.com lawabuqevaxe.tk adm.g10.melver.com.br adm.prospera.melver.com.br adm.wit.melver.com.br beverneubunocur.ml akang.me wlkf0o.cyou fquuw.shop mvys8543.xyz www.hosenstones.com licaresar.cf xdewrsftycgs.cyou cheapstampusale.shop volnhumbtuatily.tk pouldoorsxy.ga tonjakkit123.xyz junkart.co kfvaosyp.tk postal.modsoft.tech thomzynwala.com francisclune.icu otvhtfyw.ga new.drakorflix.workers.dev sighmargwoopapis.gq tech.techyboi.com link.melver.com.br boutiquerug1.com www.techyboi.com techyboi.com sadlertutorial.biz.id finca-bavaria.de inexeneatembut.tk trenculegawal.tk consoftrochmindscot.ml champcashadworld.com srqfashion.us z2a.biz financefeedly.com cmrkw.cn cialistada.com bduvtytm.tk samuelpereiraei.com.br daitan-labs.ca tqkdfn.com vault.himmelreich.online r978.one producifpf.ru.com seosyndjest.ml aslenmembtantcesle.gq scofinbit.cf wmiteqzg.shop ufariglipto.tk bronbactingcacipi.tk themsnymithouroten.gq spawzycl.tk webokverified.online adm.planejacomigo.melver.com.br alevitra.com untermoos-tippt.ch caomania.com.br forzza360.org respectedstoer.com

Malware Detected on Host

Count: 2 42dcc46f9d6e6e8efe3f95bc09dbdfb6206a52a4347dbb652f315cec483a2046 f2062b5e5afc9036f5fe7057772c3410e16d3d283c62512fcabf34b9f40729c9

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN