104.21.9.4 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.9.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information

• Tags: 1996, abuse contact, af81 http, agent tesla, algorithm, all search, analysis, apple type, april, august, author, blustealer, body length, cisco umbrella, ck ids, comodo valkyrie, contacted, contact email, contact phone, copy, core, created, creation date, critical, crypto, cus cngo, daddy secure, dark power, date, dns records, dnssec, domain name, domain status, email, emotet, evilnum, execution, expiration, facebook, february, filehashmd5, filehashsha1, filehashsha256, first, g2 lscottsdale, hours ago, iana id, indicator role, info, ingestion time, ip address, ipv4, issuer, january, kb body, key identifier, lockbit, makop, malicious, malware, metro, mm28, mnsnj5o7dn7e, modified, msnvh, mt1627120573, mvi4, next, no expiration, nreum, number, otx octoseek, ouhttp, play ransomware, protocol, pulses url, quasar, quasar rat, rank value, ransomexx, record type, referrer, registrar abuse, registrar iana, registrar url, registrar whois, report spam, response final, role title, scan endpoints, search, server, shardbypassyes, show, ssl certificate, status, status code, submission, swisyn, t1071, t1105, threat roundup, ttl value, twitter, type indicator, url http, url https, ursnif, utc http, v3 serial, validity, VBS, verdict, whois, whois lookup, whois record

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: coinbl_hosts

• Country:
• Network:
• Noticed: 11 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, United States of America
• Passive DNS Results: kvtyd.link first-app.com.ua melbet-ez7.top sheeleigh.com venustotoa.com mtv.258444.xyz ee88.team musiccitybuildingsupply.com paydayloanmichigan.org dwt-api.ovh othrofeet.store 006839.cn projekcijos.lt nodepositbonusslotsofvegas.mom xcarroll.com marelestup.ro www.legoitalialover.it legoitalialover.it app.sunflowersober.com onethousandsmallwins.com pother.casa thalberg2.ch ufabet88888.xyz ahzqw.net semitanker.com petinvest.shop multisys.com.co egoldrabatt.shop carecompas.com bobty62.com boxsafenexavault.com helloonrampfunding.com equalityplus.eu goldyou35.shop buildwithscalexone.com gottoptalent.com nvngd.info xaxyyhq.com msr.vn www.egoldrabatt.shop jnqldrhy.com guwaxe.novatrendspain.com buildcomps.com getpronto.io bharatwin.org xn–36t.e18jtt19.buzz cleverwilliam8795.fa-i-rh-e-nry-bo-ok.workers.dev ngnmrt1.nvngd.info sl96gzwtj.xyz powerliftinguk.com pennhighlandsstatecollege.org ceo.u-store.life app.studyspaces.com xin88.lv the-familyblog.com qusidou.pro playc77.online zlimg.cc www.zlimg.cc wgccontabilidade.com.br ehopuha.top fundingnestpartner6.info forevertt.com travelinsightplus.xyz 163zixun.cn signdesignmorrissey.com bcarey.me config2.wasenderpro.com www.microondas-inox.store crowncentral.net polygon-bridge.net mumbai2melbourne.com msssbet.com earnfastdigital.site professionalfoodpath.food seroquel.email nfsman.cn lezoya.com novatrendspain.com www.mqrquardt.shop housesolutionsprime.com airbet88staycool.biz fuzoku-an.com vxt4g.cfd mnoyeeevrydya-cpaufo.top gooceanedge.info mqrquardt.shop klasfxyatirim.net michelrouenusa.shop slideoutportalmusteri.com verrippleshiswa.com middlemarchacquisition.com pt-lost-son-duke.com jnxykdb218.com symplelendingvj.com 5ssd.xyz confirmation-id88127.com neostrategy47.top ymcdesuxfbk.info questsysbuy.com pg246x.com global-kokoc.com alex07.xyz cleartripsexpert.live easy88ez.com confirmation-id88859.com newzealandspecialistmovers.com serassnomelimpo.site silentsoldier.us www.activespeakershop.com dxw-defender.pro flashiiapppartner.com hls4.monster zephyrionth.com 9oyrjmgx8x.cc wggxrkwcer6.blog springnaillongbeach.com cidone.de jiajiataoci.com yjilife.com m4ufreee.cfd andatogellink.com 96bc4.com xn–gdrjpropertiesbangalore-1cc6t.com approveitoutreach.com 55ffbetpp.com tvoi.chat feilangpump.com aoxwiki.com fktqzl732ewy.com 863389.vip pagakecmojo.org bestvaluetravelplans.live 276428.com mirage-media.online 91878diy.xyz item.u-store.life polospic.site plinkaprod.com www.asiacinta99.online m86w.xyz stepcozy.top haravatat.tools organicsolutionsls.com designworkshopindia.com esenyurtmerkez1.xyz stevanfilms.com eveniet-dolores.site reservationid541264737.com stellerswap.com intellectischpro.com dating-teleconference-system.sbs noxchanger.com hekander.com 396tt.top honebix.com iuxbwa.cyou tomatoqa.shop drill-essentialsninja.com getpuppeteeer.com litigeresolufr.com giochiper.com jtnline.mom ecobuyer.top laptopdealsnow.sbs dexircreener.org alteriusportfolioinsight.info congnghiepbacninh.com threadwear.shop suslazy.com greenstreetfinancialsolutions.com laitoto.org playukslotcasinos.com kacpermnikolajski.com event-venues-for-rent-cl-02x.sbs thenycnomad.net gem-hitclub.lol m.speiyous.com vendrovia.site meet-dominatrix.co.uk thrivegoadvance.help cctv-a7fa.com 91mt479.xyz emirstevspost.live vipanix.com hotbabeszone.sbs iripela.info muafj.club ixosawe.info bet911.buzz avatar13.bet xn–58x.e18jtt19.buzz zeus-01234.sbs jewelry.u-store.life idr777t.cfd appmetreecs.org rotamais.net 9boonmee.me ahwuhe.com mt785.com brighttofu.pro tryredsandscap.com racinggearstore.com atoau.org apexes.ru anjos777.org unikurl.com vickilanger.dev www.quietduke.com gigileetv.com potnshosdfzcp.shop daftar-airbet88.online commercialsolargrowth.com cumberlandroadproject.com 8090bet-e.com tisohopufusacaximive.shop www.blueridgemonitoring.com iw055.com thefindkeeplovejoinone.com bakeryecom.thebakery518.workers.dev ubuntu1.hhl118work.workers.dev delishen.cn tanhua2.org epinafikoj.info injuryattorney163482.icu amana1423.com acbio.org.ar black.u-store.life forumfss.org gg2.gaoyang031.workers.dev birth.u-store.life hurojewexetakipuc.shop manageyourgiftscard.net getipassdse.xin clevestowing.top iahs2022.org app.crossup.ai nicolettoimoveis.com.br bazaar.u-store.life chin.u-store.life arm.u-store.life sunnyday-server.net ninerconcept.com www.kebaya4dbill.com easy.u-store.life e18jtt19.buzz play-gale-haven.xyz ijsy.cn uzpwglc.info szcomponents.jp static-stg.crossup.ai edmvservicecentres.pro wirelesscarolinas.com intersanti.com voicescholar.com eezex17.com best-donor-fertility-clinics-near-me.today getdarksparkconsulting.pro qverge.space fzbbsc.info lunubet-hu.com corruptednetworks.com premiumfabulousevents.com v59xae.top vitalshapeguide.today kitchenremodel-21.today techoasiselectronicsretailer.com gold-investment-usa-now.today cipesolutions.store solokaf.com r862.top www.bladesfans.com www.florencehealth.com.br florencehealth.com.br dojrpgaming.com coinspeed146.com restaurantcustomerretention-2.today coqueenboiseur.shop monimania.pl www.oces.com virtualdear.world unisex-healthcare-jobs-uae.today keep.u-store.life xfcoder.com 543s.top vsb929.com 651marsbahis.com izawa-towel.com elyday.dev tasiq.top connecticuthealthcoverage.org athomebuzz.com leewardmost.com cyoust.com betakecare.com full.u-store.life ovelha777.xyz whyglossgenius.com vavada001.fun newporn.store audio-ausek.com akds.us.kg shopgiaolien.online asiacinta99.online iloveu.fereshte-ard76.workers.dev vprzone.shop tunnel.zlb568765.workers.dev xg9zlls0v4.vip prosek.websolutionsbeta.com bgvillage.websolutionsbeta.com new.gaoyang031.workers.dev app-colmontion.site bpb-0713.pecala9700.workers.dev cheflucianagomes.com.br trandau59.site suedeshoesstore.com docker-img-895047059.lyq705.com vpnacho.news ozogije.info pafisumbabaratkab.org www.pafisumbabaratkab.org usps.com-ggfdnhb.vip furryhavenz.com forteravo.com besttitancredit.com laihoo.com sykw.com.cn tbyas.com nodeiiy-rewards.com hdgnxpek.life rewb.cc haemophiliabtreatment562653.icu kotakinbox.com www.izawa-towel.com logindewa688.art kebaya4dbill.com www.phobeyond.com freshscentx.top opsintacct.us shellharbourac.nsw.edu.au buck.u-store.life play-hero-cavern.xyz xn–m2ebepu3c0a4x4a7dqs4l.net pc-2024.net culgeedahledanese.art mitsui.u-store.life www.freshscentx.top induscares.com emporioarmani-pl.com weltreisepro.com pede4do.site static.crossup.ai doranstarssw.shop ocorug.cyou salam88buse.site uspuretextiles.com hipwin.site yok4d-w.com wow388.lol premium-seller.ru viralrecap.com www.viralrecap.com betreels.cfd kahunastikibar.com dingle-dangle.cfd uniqlotiendasespana.com links.logidroflex.com michaeljbehrens.com vthelpguestin.info totalsuccess365.com pamni.info ijuvape.info eyebugu.info edgefyxerexchange.com descansoyplacer.cl surveyzchang.shop gasidr45.com harvynest.store oces.com jetwinamp.site roofrepair393971.icu bladesfans.com onefabenepizza.com vufoyeqimuzucovono.shop strenaxbitapp.trade ctrlgen.xyz www.proaviationinsights.com proaviationinsights.com cnsy.highyptylea.com mandimanliermarxism.shop as213851.net agenziastella.it wrds.com order72828.live parssystem.top cg88vn.com simbyl.de doldsowe.tk danubebayz101dubai.com converterjd.store paduka77.xyz aionnorthreporting.co 140212.xyz www.billingflow.app 4kwang26.buzz www.flowercity.xyz gamecoolquest.com billingflow.app miraclejugar.com winteriscomings.com streamspeedymostthe-file.top pemujagg.autos hra.websolutionsbeta.com holidayimageparty.com s1.wasenderpro.com hesap.tr apotheek-deschrijver.be www.apotheek-deschrijver.be accessibleholidayhomes.co.uk byd.privaflirt.com www.iesanfernandoamaga.edu.co search-car-loan-near-me.today fxtradingtoolsxq.shop flavedoflexivefootboy.sbs trompletunedturing.sbs vsz23a.com www.usshopsandals.com corinacrottlecupola.fun xajingxuan.com whisperingwaveswonders.uno irl.community book.lyq705.com www.lakewoodgolfcc.com www.szkunguan.com instaladorsolar-instaladorespaineissolareslisbon2024portugal.today draasian1.eu test2.betterwork.ai kkgato.vip window-tinting-near-me-au-02329487.today ultiuduin.shop w8loss-store.com 377811.com quest.nexus kqehoe.space tt7.me tophananchannel.shop mtrblg3.top pictureframingwashingtondc.com.cdn.cloudflare.net relationship-coach-grusohv0q59.today fobyxee.info etonlnine.com pechenaya-morkov.com tocabocaapk.ph mingjiushijie.com settingcontactusstandard.com spirittunek.store movingservicingnear.today chivaree.ca n4d83.site blockauth.pro guccimerch.com agdfrisco.com judolbet88fix.xyz ayolab.pro www.iahs2022.org search-waterproofing-building01.today www.kapalslotok.com asnbet77.skin wsdgf.com srvsocket.wasenderpro.com pcljjdof.shop jugvpakyxch.beauty confidentspeakers.org esteh777.tv italiashoppingmall.com 9bet-login.com bestofferings.shopping saletdouivera.click maximtech.store viceprodej.cz fuu33.com microondas-inox.store xddesignhrvatska.com quietduke.com 5belegendbet.com meadowcollier.com khasiat.susugita.com 86518.cc opuswear.org 62xd.com aiqecomm.thebakery518.workers.dev bronxville.websolutionsbeta.com nextdns.hhl118work.workers.dev www.afiliados.lojagrupoorganica.com.br afiliados.lojagrupoorganica.com.br oppenheimer-1945.punter-ponder.workers.dev www.miraclefaceerase.com hades88-wheel.com sllte-mygovse3cured-tax1.com sjkt1.top

Malware Detected on Host

Count: 7 6ba75d531e84d9c4a3718249e032c48b128ef8a6874ceaeedd5b9661300a7a24 b2be737417f31d7b43c3c7fdb649288dbaf2a89454d3c324f815d7ac2fbeae49 880d9b3f176434a686ddb2d06e45e2e204c879599706521709a8f337248202d6 4008461125729cd409d161e30a537c475675c996f45d48fbafc2a1215033b441 45f55fc4c09bf0dd79b2ced98ed07f78311aaeff5a71cc715599db7325b28ac3 23c54a38905be30925e07ef51475e47f1a7e3964821c27f1cce6430f4a084287 3dc272634de85d6feb1f038f880c8c908da82ed31cd052ec36e5909e739d7cf2

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

****** ****** ******