104.21.80.1 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.80.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003.004 - LSA Secrets, T1003 - OS Credential Dumping, T1012 - Query Registry, T1018 - Remote System Discovery, T1021.006 - Windows Remote Management, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1038 - DLL Search Order Hijacking, T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol, T1055.003 - Thread Execution Hijacking, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1059.001 - PowerShell, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1069.001 - Local Groups, T1071 - Application Layer Protocol, T1076 - Remote Desktop Protocol, T1082 - System Information Discovery, T1090 - Proxy, T1102 - Web Service, T1105 - Ingress Tool Transfer, T1106 - Native API, T1114 - Email Collection, T1115 - Clipboard Data, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1184 - SSH Hijacking, T1185 - Man in the Browser, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1211 - Exploitation for Defense Evasion, T1217 - Browser Bookmark Discovery, T1404 - Exploit OS Vulnerability, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1480 - Execution Guardrails, T1489 - Service Stop, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1530 - Data from Cloud Storage Object, T1553 - Subvert Trust Controls, T1557 - Man-in-the-Middle, T1560 - Archive Collected Data, T1562.004 - Disable or Modify System Firewall, T1562 - Impair Defenses, T1566 - Phishing, T1568.001 - Fast Flux DNS, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1590.002 - DNS, T1590 - Gather Victim Network Information, T1596.001 - DNS/Passive DNS, T1596.004 - CDNs

• Tags: aaaa, aaaaa, access ta0006, acr, acr stealer, adobe help, adversaries, alberta, algorithm, alienvault, amatera, amatera stealer, analysis, analysis no, analysis ob0001, analysis ob0002, analyze, analyze api, Android, ansi, anti, apis, april, apt, ascii text, associated urls, attack, attack surface, auto-generated security, av detection, azure tls, base64uidenc, bayonet, bbox, black, body, borland delphi, Browser, bulk export, c2, Campaign, catalog tree, categories date, ca valid, cavalier, certum code, change theme, ciebie, cjutxg, ck id, ck matrix, class, clearfake, click, clickfix, close, cloudflare, cname, cnmicrosoft ecc, cobalt strike, code signing, command, community score, comspec, config, contact, contact us, control ob0004, control ta0011, copy, copy md5, copy sha1, copy sha256, core, creation date, crlf, crypto, cus olet, cus subject, customers, d4 portable, darknet, data, dataedge cloud, data oc0004, date, defense evasion, delphi, delphi generic, demo explore, discovered ip, dns resolutions, domain, domain abuse, domain analysis, domain scam, dos borland, download, download submit, dword, dynadot, dynadot inc, dynadot llc, e5 e5, eid104, eid1338769034, eid2, eid3, eid4828312, email address, emulation, encodedpixel, encrypt cnr10, energy, entries, error, error https, evasion defense, evasion ob0006, evasion ta0005, exchange meta, executable, extgstate, extraction, extra window, facebook, falcon sandbox, false, february, feed, file, file analysis, filesize, file system, file type, find, flag, footer, form, format, found, free report, from, full report, g2 issuer, g2 valid, g4 issuer, gandi sas, gecko, general, generator, generic windos, get http, get https, google, google tag, google update, Government, Graphite, green, grmsk, gtmkvjvztk, hellokitty, historical dns, Hookbot, hosts, html, html document, html internet, https dane, hudson rock, hybrid, ico mainicon, icons library, iframe, iframe tags, imi i, impact, impact ta0040, indicator of compromise, info, info malcore, informacje, informative, initial access, intel, intelligence, intelligence x, internal name, ioc, ip address, ip traffic, issuer certum, issuing ca, ja3s, javascript, jelenia gra, jeli masz, june, kb file, keepalive, key algorithm, key info, khtml, learn, levelblue, lf triid, linker, Linux, llc name, local, login, logo analysis, look, ltcgc, lumma, Lumma, lumma stealer, maas, magia dokument, magic html, main, malcore, malicious, malware, Malware, march, memory, memoryfile scan, memory oc0002, mime, mitre att, model, most relevant, ms visual, ms windows, name server, name tactics, netherlands, network related, nie po, nie wczeniej, Nosviak4, ntsockets, null, number, ob0001, ob0002 defense, ob0007 impact, ob0012 file, oc0001 process, oc0003 data, oc0008, odcisk palca, oid2, omicrosoft c, online, open threat, os2 executable, over, overlay, overview, overview dns, path, pattern match, pe32, pe32 compiler, pe64 compiler, Pegasus, Phishing, platform, please, please search, policy terms, possible, post http, post https, powershell, prefetch1, prefetch8, prefetch8 ansi, present jun, present may, privacy, privacy create, privacy update, process, process key, process oc0003, product blog, productname, proofpoint, protect, proxy, ransomware, rate limits, rats, recaptcha, redacted for, refresh, registrant fax, report, reported, request, requests domain, resolved ips, resource, response, restart, results, rhadamanthys, ri falsek, rlength, rock, rsa public, rstunf, sample, Samsung, sandbox, scan, scan analysis, schedule, score, score clean, script tags, scroll, search, search advanced, serial number, server, server ca, service, setup, sha1, sha256, sha512, show, show process, show technique, sign, signer, signing ca, simple file, size426kib type, size45b type, Skynet, slow, span, spawns, ssdeep, stamping, starfield, static, status, stealer, steam, stixtaxii, stream, strings, stwa lredmond, subdomains, subid, subject public, submission, submit, submitted, subtypeform, suspicious, sweden, symantec time, symbol, system oc0001, system oc0008, t1114, ta0004 defense, ta0008 command, ta0009 command, tad436770, tags twitter, target, telegram, telewizja dami, term, third, threat intelligence, threats api, threat score, threats explore, thumbprint, thumbprint md5, time stamping, tls sni, tools, triage, trojan, Trojan, trust, trusted network, twitter, typ pliku, uaaaaaaai, unicode, unicode text, united, Unix, update secure, upgrade, url https, url scan, usage ff, usa o, users, utf8, utf8 text, v3 numer, v3 serial, validity, verify, version, vhash, viewer file, virus, virustotal, vis1, vxstream, we1 wano, whasz, win16 ne, win32 exe, win64, window, window memory, windows, Windows, windows nt, xmpg, xobject, z bardzo, zdarzenia, z dnia, Zeroday, zgodnie z

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts

• Country:
• Network:
• Noticed: 21 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, China, Japan, Spain, United States of America
• Passive DNS Results: media.thomasallen.xyz buyong.pages.dev nusanipa.pages.dev 3a42ad98.devriesmarine.pages.dev amp-webini33c.pages.dev ahmet7118.xyz clickbet88jelascuan.xyz akinn07.xyz xerzy.xyz wnnrmnm.xyz ayse161010.xyz adnnozduygu.xyz xxav2.xyz akifayaz.xyz ahmet7272.xyz securetryit.xyz appsalessk.xyz ampnetwincuy.xyz ceria138online.xyz weedyseeds12.xyz tugend2.xyz alipay-hz.xyz tgrowx.xyz alanyasitesi27.xyz win1131vvip.xyz canersevim.xyz tatigiris.xyz afrikal.xyz albayrak12.xyz whitingtoothspaceuae.xyz azurix.xyz andersenai.xyz aliosman081.xyz xgm2.xyz aloo52.xyz ahmettmbze.xyz dilaver0618.xyz ardaberkay.xyz travelprizenowgames.xyz aliakca.xyz erys.yoga assacdn.xyz abdosehan.xyz tranmas.xyz alphaa21.xyz aybrkztrk.xyz alter1hotspin69.xyz ahmettrhn.xyz alearn.xyz doctor41.xyz apo1926kg.xyz ayas351.xyz deliosman.xyz ayseates123.xyz aslan60.xyz superxs.xyz abdullahoncull.xyz apocalypto1616.xyz dybmrdn.xyz xemtieptronbo.xyz aleyli12.xyz tempfast.xyz ademterzi.xyz acar7867.xyz az234.xyz duqehe.xyz aspirin1111.xyz delideli49.xyz amp-qq188.xyz calmfocushaven.xyz celebi189.xyz aga09.xyz ado75.xyz tyquant-pro.xyz denizxxx.xyz atoo123.xyz ahmettokatt.xyz anqi859.xyz atlnts.xyz tyuytyjkutyk.xyz anthonydela.xyz deniz01.xyz tito1.xyz tuncay007.xyz clickbet88officialmaxwin.xyz ayaz6262.xyz trubix.xyz aydntrnn.xyz tbmlaslan.xyz clm23clm.xyz tex3.xyz avokado57.xyz tarzan93.xyz theking310.xyz artist06.xyz smilie09.xyz sngl5058.xyz aref6800.xyz asefer.xyz aslan19.xyz vipwedepisangemas4d.xyz halo4dtajir.yachts cts-asc.xyz xxkondex.xyz apocuq2.xyz apo5858.xyz aretoto-maxwin1.xyz azizking.xyz winnerkuti.xyz tugkaan.xyz xiexiele.xyz aserin09.xyz drenvoklima.xyz dmr8181.xyz capanoglu.xyz agb99bola.xyz done22.xyz speakinglandrover.xyz chalkaint.xyz tkaplan55.xyz asanli37.xyz superempsm.xyz sevencities.xyz dreygiris.xyz alisvl81.xyz anqi666.xyz denizci124.xyz demirelemir1905.xyz congor4d.xyz deferredforever.xyz cnkszr.xyz ali1984.xyz daftarwinlotre.xyz derya489.xyz seyde555.xyz dreald.xyz aliveli42aliveli42.xyz cg0732.xyz syd20.xyz theagentapi.xyz cplopaikq.xyz dobi35.xyz cumadok.xyz viral88ways.xyz darkmod.xyz tuzak.xyz telegqxwp.yachts sinyor72.xyz dbjuest.xyz ahmetsn19075.xyz akin1055.xyz adanasitesi20.xyz artemisqueenn.xyz steadyassettrack.xyz dimootoken.xyz suatkaplan.xyz taptogo.xyz syrrov.xyz clickbet88soiblumen.xyz sametakca.xyz celik35.xyz chain34.xyz anqi737.xyz sanlorenzo1905.xyz csmysf.xyz serdar12345.xyz skshg1111.xyz abus2772.xyz simbolslot-026.xyz sagibi.xyz atesoglu1907.xyz cemedya.xyz hamza01.xyz cattikyaa.xyz temp-number.xyz diyarakiin1.xyz sanssart.xyz secondretry-ent.xyz skigffyei.xyz skuryas.xyz secil3534.xyz casino-leon-jktlv.xyz acesseur0biicc.xyz canfeda6565.xyz saydek112.xyz tipotube.xyz seher0606.xyz dogus06.xyz dembaba55.xyz sqinlk.xyz tilbecemre.xyz satigftei.xyz semihbekerb.xyz sehnaztango.xyz hakcelik.xyz serhatyt1.xyz huodongshangcheng.xyz semihdnkz.xyz semihmuro60.xyz serenegrowthfield.xyz crazy-plink0.xyz sevi55.xyz hudie2.xyz aliihsan0311.xyz ceyhun3636.xyz serme.xyz sapmaz01.xyz clk3418.xyz serseri25.xyz selo710.xyz snacstore.xyz bozkurt4289.xyz sblelif11.xyz svg3516.xyz shnt4141.xyz tolga142751.xyz meteozden12.xyz chickenwinpk.xyz scorpionel55.xyz clearfundavenue.xyz sondinozor.xyz hyren.xyz sagn28um.xyz tomcurus1983.xyz casinobett.xyz sahin2534.xyz hati41.xyz volkan6767.xyz coooiqj.xyz clickbet88jelasgacor.xyz paykcloud.xyz sml1907.xyz serdarnisanot.xyz telciufuk5560.xyz hsn341919.xyz macchihome.xyz sevoooo.xyz tebar4d2.xyz sercany54.xyz happywoox.xyz suhuoke1.xyz haratama2916.xyz machinemyheadd.xyz hamtoto-ampversion.xyz darvazeh-2025.xyz murattopal8124.xyz salihkanber.xyz mrozkan.xyz hayalet1058.xyz mert07.xyz dkimmorwhat.xyz mekkeliateyiz.xyz messi182.xyz maplefundsource.xyz halil6049.xyz musti9433.xyz sinan656565.xyz tkasia.xyz hmei7.xyz chirina.xyz mpogalaxyok.xyz mars6841.xyz mafiaa.xyz hasan1819.xyz blogublongbefeprincile-bugletmejustubukopr.xyz hijautosca.xyz labartkava.xyz meatgogle.xyz selcuk1453.xyz sarpkoksal.xyz selmankos.xyz sevgin5634.xyz serif26.xyz semih4347.xyz mertalp.xyz musti611.xyz mertbetgiris.xyz mustafa2841.xyz holybet777hoki.xyz sinanbasturk.xyz heval21.xyz zdyvpn.xyz hdthdt.xyz mhmtclk.xyz haldoz.xyz miwx.xyz mcanq.xyz intyiyu.xyz mehmetbatman.xyz mega-win-cl.xyz mezarci45.xyz ismail1442.xyz bucasitesi16.xyz ilkersari5553.xyz mailunwwaanted.xyz skycarteknology.xyz serkan2655.xyz lookingforyou.xyz mustafa1658.xyz mudah-baper.xyz muzy48.xyz maitrodhotel71.xyz memocan2138.xyz yasko192535.xyz yd261.xyz lq-tdw.xyz skandal06.xyz yfbyfb.xyz chelchelyosss.xyz yavuzctn97.xyz phonescope.xyz zeyno143.xyz yd483.xyz mnuriakat.xyz zlayear.xyz lovengamk.xyz lussia92.xyz patenx-mpo2qqqu.xyz investoryx.xyz ireemm.xyz checker-purnpfun.xyz yd836.xyz mehmetbuhur09.xyz memo0753.xyz leonbets-casino-2usr6.xyz bynprof2754.xyz ceilocie.xyz serkan1636.xyz sado2691.xyz mexicanfighters.xyz hymn6793.xyz zynl2112.xyz linelineokok.xyz vales2701.xyz zhexiaomei.xyz mutlu16.xyz micozgiris.xyz itsaudrey.xyz mehmet3455.xyz lawuwu.xyz malibu522.xyz leon-casino-47ikz.xyz leventc62.xyz markius60.xyz prigfytuj.xyz premiumfiles.xyz plinkopurplede.xyz pegas85.xyz senangselaludiclickbet88.xyz mrv1992.xyz pagarpintubesar.xyz ibrhm35.xyz lababie.xyz pagescope.xyz yygzz05.xyz yelda58.xyz srkkann.xyz steadyrise.xyz yunus3472.xyz yd642.xyz panzehir07.xyz haklierd00.xyz mehmetosman.xyz ydbj41.xyz bjgsh.xyz yu99yu.xyz pools303-jalur-efektif.xyz yamka67.xyz zultranovix.xyz passanger.xyz leagueofftraders.xyz bilentur.xyz quietgrowthlane.xyz lanayaapk.xyz halil391.xyz partagoemailbreach.xyz hakancamci.xyz hakann26.xyz eyfel41.xyz hdsgf03.xyz hakcap06.xyz hamit10.xyz hwayawayl19.xyz berkantul.xyz marhgsdy.xyz yemre51.xyz bedirhantunc.xyz bonjoy192.xyz youngid.xyz yenal8187.xyz yd830.xyz mstafaaplt.xyz muhammet1681.xyz yetisbey.xyz baran7.xyz messi74.xyz japanslot88website.xyz isasavas.xyz pst77main.xyz bookofb.xyz battalbb.xyz baran1928.xyz babayaga07400.xyz grbzcna.xyz berketlg.xyz yozaza12.xyz zapsforfree.xyz berlian-aren.xyz merkurgame.xyz grovanta.xyz gadbestsm.xyz mmtdmryrk.xyz zyvorell.xyz eda123.xyz baro24.xyz inrtutyj.xyz guney1010.xyz instftej.xyz gokhanglchn.xyz berk1990.xyz loginnovus188.xyz hmz2017.xyz pgpg9h.xyz hcahca.xyz burhan3455.xyz julietgiris.xyz i6x.xyz bedihkurt.xyz osintitalia.xyz jexlan.xyz qisat7ob.xyz onrsbl61.xyz jwym.xyz genesis39.xyz longvest.xyz gocap123tro.xyz jaguar081.xyz ufuk1234.xyz gorkemkrks16.xyz ognucmaz.xyz eskisehirsitesi17.xyz bilaaal28.xyz 666e.xyz umut6.xyz betasus82.xyz okan241907.xyz yunusemre1241.xyz oajjju.xyz galley-masternav.xyz bozkurt5807.xyz eyey48.xyz ozhanbey.xyz erme17.xyz esodeniz.xyz batuhanaydn.xyz plinkovluefr.xyz poldi45.xyz lawhubai.xyz bjkibo.xyz enesyldz.xyz nm61.xyz isa6464.xyz glfdn58.xyz jawawinslot.xyz barkincaliskann.xyz jesusaa1.xyz lovister.xyz paulpogba6.xyz qadocofu.world brightreturns.xyz yd403.xyz bemol411.xyz ozanemrebilgic.xyz ufuk343434.xyz muratb355.xyz barancuma.xyz u-guru.xyz umt1260.xyz onderozkan.xyz yldz282828.xyz yrbyseber.xyz yasinclz.xyz moyangkita.xyz gmnlv.xyz ergn.xyz esma5858.xyz bluu16.xyz bisarkidaha.xyz plinkohe.xyz gvplayer.xyz birazcikspor20.xyz untungxera88.xyz openlisten.xyz nzfby.xyz eren6666.xyz gaddan45.xyz bytboyzserver.xyz yese02.xyz edny.xyz emin72.xyz

Malware Detected on Host

Count: 2871 14830e26e928bc1a809c9aca05ef61e6f92ac558641da2f3ce0d49608a259f0a 8cf9b6fe757e1a3a24d9d91e285cea40438e2f3876c17653aaca461fa8c71d5c 3758909dc0cdc39fa72d0e76c88044682bf5811b9b4e45cd467dbea20301d966 2956b85bbb8482d78e96d1ad002c667986371a6600317a35004fa4fd32f84116 79997eb9e72ad9a22ac76f8a72ec30879d662d119923d2ad16607ba64d61d344 7962e2028bde455200f3659ab558dbb670c50264c30a25b5c7953ad6916a62ae 460265938bff5011c1b01ee009b74880e241f83aa5b14f0ce97d4a8324e9c0ef 69bd6910a4a1c55325ab59454dae3c407bc8aa84b50b7dc8f73e0f0a3011154a a21ead4d595f7a468dcd04df98503167ded34f7296af02dc76a13277712ba7df f3a3ce6f83f4106bf4f26915cfa9947774575a14ebd9eccb051e5627a4d93d67

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21 ****** ****** ******