104.21.94.8 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.94.8 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

• Mitre ATT&CK IDs: T1031 - Modify Existing Service, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1156 - Malicious Shell Modification, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, TA0011 - Command and Control

• Tags: aaaa, accept, active, active threat, address, aig, akamai, all octoseek, android, a nxdomain, a poster, aposter, apple, apple attack, apple engineering, apple id, applenoc, as16625, as20940, as24940 hetzner, as58061 scalaxy, as714, attack, authority, backdoor, bahamut, bell south, bellsouth, body, body length, brian, brian sabey, briansabey, browse scan, brute force passwords, bundled, ca, canvas, cellbrite, china, cidr, ck id, ck matrix, class, click, cmd, cname, cobalt strike, communicating, config, contact, contacted, contentencoding, contextualizing, copy, create new, creation date, critical, crypto, cybercrime, cyber stalking, dashboard, dns replication, domain, domain entries, endpoints all, error, et, et cins, execution, expiration, falcon sandbox, false, fear, file, filehashmd5, filehashsha1, filehashsha256, final url, final url summary, forbidden, formbook, general, generator, germany, germany unknown, graph, hallrender, hashes files, headers nel, historical, hostname, http response, https, icefog, icloud, install, installer, iocs, ioc search, iocs kb, ipv4, ipv6, japan national police agency, jekyll, local, localappdata, mail spammer, malicious host, malvertizing, malware, masquerading, meta, metro, mitre, mitre att, mitre attk, mtsub26293293, name, name servers, national police agency japan, network, new ioc, next, no expiration, nuance, nxdomain, octoseek, passive dns, paste, pattern match, pcap, pdf report, pegasus, phishing, pulse use, quasar, record type, record value, referrer, reinsurance, relacion, relay, remote, resolutions, root, root ca, sabey, samples, sandbox, scalaxy, scan endpoints, script, search, serving ip, sha256, showing, show technique, simple, small, span, speakez securus, ssh on server, ssl certificate, ssl hostname, state, status codes, stix, strings, subdomains, subid, submit, submit quasar, tagging, teams api, temp, threat, threat analyzer, tofsee, tracker, tracking, trojan, tsara brashears, ttl value, tulach, united, United states, unknown urls, url http, url https, urls https, verdict, win32, workaposter, xobo

• View other sources: Spamhaus VirusTotal

• Country:
• Network: AS13335 cloudflare
• Noticed: 2 times
• Protcols Attacked: SSH
• Countries Attacked: Canada, Netherlands, United States of America
• Passive DNS Results: localdocseek.com 66kbetvip.club www.vcube.live mdjarvis.com astonrugcleaning.us uz-reward.homes xn–propetespaa-beb.com habnl.cn kombrkdy.site lztchengxin.cn lxuigz.top monroe-locksmith.us mainwheelspin.xyz techways.us sustainablesuapply.com yl12088ylfc.com dgxinliang.com xn–80aaaoafq3bsaohs0o.xn–p1ai pnupmob-kaz.click www.babybloomau.store babybloomau.store candy99hoki.skin authmankokeys1.pro boswin.org myaowei.com file.kisexu.com winter-bird-f69d.hlwqpzrokm9986.workers.dev thefruitextract.com powershangcheng.com moonlightinnme.com checkad247.com otggroup.org warmyworld.shop newinfoclub.com myapplianceinstall.com health-wellness-degree.today get-data-analytics-degree.today eavesdropsalt.fun vanish-rp.online ykymqv.com qixilove88.top ampmimpi88.pro bjptop.click gasungbi.com uniteamproject.com flitcash.com hedgeepoch.top grook.store locasbet-uz.com telegramop.com www.telegramop.com cornerstonedt.com savingsforcreditcard.com investmentineconomics.com pest-controles.pro financingoptions373151.life asliraja787.com mythical-champion.com dealstylishhub.com bullcoin.site aiiplex-activation.com kv88.org danza-recruit.com tuic.ytnodeset.com catur777mu.com qdlt10010.com west-palm-beach-appliance.net growthechat.yachts pepieworld.com mveboutique.shop sanfxtop2.site kesefondemand.com ceskapostacz.win bottom-pays.site lunaon.xyz boranetfile10.store pozyczki-osobiste-0.today tngrecs.com silentrivermedia.com kodaworld.win muq-acg.com ytnodeset.com krpooe.life pinkfilm.bond 820xpll9h.top x88a896.xyz hokimaju.com jaykay.top joustbusta.com wish-stone.com jeravae.shop wyzwaniajawiedza.quest thedalecurrygrill.co.uk stehprof.buzz shoppun88.com baba-motabar90-orginal.buzz jgyvdndjvyfbvfmg.bond gamingjoyzone.top highhurricane.top es2fwx6.cyou durateston.com eshupygen.com kumsaliptv.life ferrarielectromecanica.com www.stocks.id.au chihuahuathreads.com avtovykup-kiev.com untappedsinuous.com uniquebeautysa.com nin139oxmm.top guncelgiris02769.pw sasa5.click simplecoinx.com rrcgr.info www.petsupcenter.com 1lnch-dex.com booiz.top square-wood-479a.eadspgbahab.workers.dev broad-firefly-75ff.eadspgbahab.workers.dev rebelwilsonweightloss.website singullaritydao.top rooganujo.shop collhell.xyz kingpatrick.shop drinkoasisstore.com www.crystalfactory.com.au honktoberfest.com disgusted-reason.shop wyyxcac6123.com 21zixun.com nfedigital-eletronica22.com cloudcareersuccess.com risk-free-assets.pro rtpidx.info rieprovotpinotor.cf buy.risk-free-assets.pro primor.makeup tl-vosong.us brglogistics.com fish-says.com evmetermalta.com archiveofzootopia.com rx-stor.com freedbavs.xyz rv-finance-options.today riomaconlockplumcont.tk cdn.tredstep.com bty4qi.com tratinlohlealosi.tk round-smoke-7403.hamidps930.workers.dev divine-wave-4d12.hamidps930.workers.dev www.jardin-entretien-pelouse.com wjfwk.top www.discusmeeuwsen.nl svmeixev.xyz apple.abmeobras.tk tiktokh.xyz mindsports.online superjetadenographvynn.life practilingo.com www.hopestanacres.com earthtxt.net webulluk.net farroadtires.co.uk www.farroadtires.co.uk meiqiea.vip guatemala.bancert.org drawyxexin.tk ivorisel.com discusmeeuwsen.nl redaleart2dl.com walton1993.eu.org igenicertainasterby.com beaconfuneralandcremation.com kirinfl.life cosmopolitan-vehicles.co get-trpinsite.click ifcdex8.com kinghalina.ga alahvarykaras.net calyeung.com cloud.rubingrube.de www.flaijailingerie.com.br tuelirobudtiti.tk geolase.tk emilygunson.com sanfernandobeautyacademy.com www.demihushop.com plausible.corrently.workers.dev magicsecret.org viowitgo.gq lilikama.click croccogwiga.tk promarketing.ga rss.tomgroup.date kckfa.link proud-cherry-dcd0.barbod17906422.workers.dev rrcdpmyh.ml drtarunsolanki.in shrill-dawn-00b6.eadspgbahab.workers.dev autumn-leaf-22d4.eadspgbahab.workers.dev www.facecorner.lv sintandriesrun.be appx7qw9.space hzyq1.buzz mainblackbox.com 38casinoturka.com qunjrq.xyz harborfreight.my.id 949777.com zcqwine.com p83wop.cyou duefuab.online geographicalsales.com thanhlynhanh.online www.cowboybootsssale.com xn–11297-26q9a9jbs8a7ac3a4da1e9dqzd51c.com slowly-hide.college 1i68tiw16.com chicwearstuff.com feran.pw www.highhillstours.com tnaydq.xyz kairosthelabel.com trainingrind.com wwwdrydenfuneralhoneheflinal.com bianfu-download001.top klohn.eu werker2.sharoor4044455.workers.dev shahid-mbc.org yellow-breeze-8a18.sharoor4044455.workers.dev xn–8-9d8fa737f.com tredstep.com mega888malay.net www.ocnwears.in warungcode.cyou petsupcenter.com starefonadabcrout.ga gldhrwy.com www.ufagamesvip.com labrestvincgulchea.tk adam.gasowski.dev still-flower-a73d.hamidps930.workers.dev divorce-attorneys.life sormosalink.tk livres-et-brocante.fr www.soldemateriaux.com soldemateriaux.com georgespizzaii.com gaokeyan.xyz shy-brook-690e.ansari-reih.workers.dev test.tomgroup.date test1.tomgroup.date www.yuekai.tk base-4978.click www.zhuanjishebei.com fdsbec.com cykloservismalik.cz huldaseamuswi.shop taxizierikzee.nl delabs.club usetalentcrowd.com www.dajb.fun sfpkwzhc.xyz staging.brainsupportnetwork.org sun86v.club hinjfgdfjsdbfsdkfus.cfd wallpaper4u.site betway-disposal.com beakthroughguitar.com holy-frog-85ce.hovoere.workers.dev aeugengpacking.com www.moonsilver-eg.com moonsilver-eg.com polka-starter.online forum.simpolium.com t10u.co vivifya.de metrotowerofficecomplex.net fav-today.fun www.fav-today.fun muaypakyok.info guyqltiw.gq notlos-acvlux.shop staging.theblondcook.com hoohuuy.xyz klinefam.org nameless-cloud-b047.eadspgbahab.workers.dev wandering-bread-828c.eadspgbahab.workers.dev silent-bar-dbce.eadspgbahab.workers.dev noisy-frost-e87d.eadspgbahab.workers.dev cold-pond-2861.eadspgbahab.workers.dev odd-frog-bdbc.eadspgbahab.workers.dev demihushop.com newfairfieldhomespot.com massyxx.com www.grupoeurocampus.com grupoeurocampus.com kralbet377.com ketolugoweni.buzz orange-flower-d91b.eadspgbahab.workers.dev cool-fog-fd91.eadspgbahab.workers.dev muddy-snow-3d73.eadspgbahab.workers.dev shy-snowflake-c55f.eadspgbahab.workers.dev ancient-block-9e45.eadspgbahab.workers.dev little-mountain-08bc.eadspgbahab.workers.dev sparkling-cherry-c7a6.eadspgbahab.workers.dev floral-queen-6afc.eadspgbahab.workers.dev steep-band-56a6.eadspgbahab.workers.dev dry-pine-6a5e.eadspgbahab.workers.dev broken-sea-787d.eadspgbahab.workers.dev fragrant-night-caf6.eadspgbahab.workers.dev fragrant-hall-bb80.naznazin.workers.dev soft-sea-e33d.eadspgbahab.workers.dev esvnatural.com oogubid32eu1.beauty toselrim.com sunwin99.top letve-pecnik.si kangnakeji.com arbitrum.is www.arbitrum.is www.ur-choise-4.com ur-choise-4.com 7qcjh.buzz vnorozece.shop gerenciador-web-oficial-b-b.top hxhvzz.xyz deankemp.com gaschecker.tk roeleocokit.cf cowboybootsssale.com snowy-bar-df4d.naznazin.workers.dev mltest.win www.wormzonemodapk.com charmetant.org myverifingsecured.top smahmud.xyz formersafv.buzz leymedevelu.tk pisworkcerbubb.tk www.thecodeplayer.com heavyuteracy.shop turis.id fibselancobbmen.tk www.vasquezfashop.com vasquezfashop.com frequency.run wxshzvcqhw.cyou adhdcanada.ca thjedab.xyz id686825.icu iphone.play1.tk broken-recipe-fd04.sizulajwhr.workers.dev torrent-inc.com kayapremiumcasino553.com rhri.health wealthbuffectglu.xyz hgghgfh.tk www.hgghgfh.tk icamau.org sunnytrailers.com.au monoffer.monster highhillstours.com vipbahisgiris.win loveshoes.net agriturismo-arcobaleno.com 6rc5q.top sorrentocarservice.com tyja.link eletricista.dialuz.com.br ketosovego.cyou solanaart.info thenigeria.top vcube.live secure.mikewhiteinterviews.com renaldiong.com fannieurbanthu.cyou wwwuhaozu.com www.mostbet-kazino.website liunardy.com taiviedrugiznip.gq canadianpharmacystock.com twogyn.shop eafmsshn.xyz diyanethacumreseferleri.net test.amfalasa.site hlte.info silverfitnessstudio.com orod.xyz descroundvemepho.tk oktogel.co regularizeja.co luckyjackevents.com cadjcocaseni.cf www.providencetnc.com providencetnc.com keto-olkd.cyou hamedcloudavali.tk ijwhfrgw.ga vacaysify.com mabpahistdos.ml zhxx.jishanhz.cf l.frapkalot.motorcycles cdn.frapkalot.motorcycles maggiejohannci.cyou superlists-ci.liunardy.com v-all.com begcotercraver.gq bitter-rain-1b2a.aaroncohn.workers.dev koverothalltusi.tk www.capitaleventrentals.ca super-poetry-e4a9.yeashin-dynamic440.workers.dev pakernia24.pl www.asv-transports.com thedebtbox.xyz frapkalot.motorcycles ixglobal.thedebtbox.xyz bold-waterfall-1764.jevascweb.workers.dev cludurgedney.ml blue88.live caselio.amfalasa.site berana.amfalasa.site aliandra.amfalasa.site ididkalobullprot.gq filepress.sbs www.fotoscomlegenda.com www.haaram.com.br kixreny.bar viacrabungiborhri.tk 22222348.xyz buytorotr.shop wormzonemodapk.com www.lgspuanhesaplama.net fernandobjrtx.luwebs.com profclinic.org slep-sluzba.biz nikhilbhave.com uazcenterforinnovation.com rcu5auth.click www.gametownstore.com xn–iiq540h.com atleana.tk casibomail.com ydv9cx.cyou vigendbide.cf csew.xyz jardin-entretien-pelouse.com ufagamesvip.com ketoqyqato.cyou gebucathotel.com betting-1x-ten.top webengage-io.demoapiserver.com courthidirirea.cf dailyuniquestore.com icovicel.gq webmyotex.demoapiserver.com apimyotex.demoapiserver.com 2022ketoytohony.ru.com doormatic.co jft.nu xmcdf.com 2023ketmetoazadedal.cyou koodakan.cf ocnwears.in dimpampjohhdysra.ga 91jd1pl.shop www.brainsupportnetwork.org reidlzfgi.luwebs.com lasgenttang.cf ciaciledelanrou.cf arbkiralama.xyz argo-sech-vpn-goh.tk winter-pine-f483.vgetzbyxsf.workers.dev cool-lab-934f.krnybjehvf.workers.dev dolmenmovimientos.com socalkayakfishingclub.com fisopqld.tk clocetmenri.gq www695grandbetting.com www.philemon7ministries.com ybydnxqy.ml aridtimacpu.ga tl3hbd.ml lcmch.mbbsguidance.co.in masboroorachetpa.tk gizmotechone.com smpowersol.com narteigloblerock.tk play1.tk nima.hurad.workers.dev terrifichome.website holy-flower-132a.hurad.workers.dev nama.tv knm5789.zh55789.cyou hydsumisfili.ga cache-service.ml bestintvs.com findmyiphone-apple.support pl48rr.cyou

Open Ports Detected

2052 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

****** ****** ******