104.21.95.137 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.95.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1027 - Obfuscated Files or Information, T1035 - Service Execution, T1043 - Commonly Used Port, T1056.001 - Keylogging, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1173 - Dynamic Data Exchange, T1176 - Browser Extensions, T1179 - Hooking, T1210 - Exploitation of Remote Services, T1410 - Network Traffic Capture or Redirection, T1423 - Network Service Scanning, T1427 - Attack PC via USB Connection, T1445 - Abuse of iOS Enterprise App Signing Key, T1450 - Exploit SS7 to Track Device Location, T1453 - Abuse Accessibility Features, T1472 - Generate Fraudulent Advertising Revenue, T1497 - Virtualization/Sandbox Evasion, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1573 - Encrypted Channel, TA0004 - Privilege Escalation

• Tags: a1ginaprincipal, a9dia, aaaa, accept, accept encoding, acint, address, address first, address google, a domains, adware, a fleecy, agent, ai, aig, AIG Claims, alexa, alexa proxy, alexa top, all octoseek, all search, anonymizer, antivirus, api blog, appdata, apple ios, applicunwnt, april, artemis, as13335, as139021, as14061, as14720 gamma, as15169 google, as16276, as20940, as29789, as30148 sucuri, as31898 oracle, as396982, as396982 google, as397241, as40509, as44273 host, as54113, as62597 nsone, as7922 comcast, as8075, as autonomous, ascii text, asn15169, asn16276, asn209242, asn4583, august, awful, back, bank, banker, bazaloader, beach research, beginstring, behav, binary file, blacklist, blacklist http, blacklist https, body, bot, botnetwork, bradesco, brian sabey, camera usage, canada unknown, certificate, checked url, child teen content illegal, chrome, cisco, cisco umbrella, class, classic poems, cleaner, click, cloud computing, cname, cobalt strike, coinminer, colorado, communicating, comodo rsa, conduit, contacted, content length, content type, control server, copy, copyright, core, country unknown, covid19, crack, creation date, critical, customer, CVE-2023-4966, cyber stalking, cyber threat, cyberwar, data center, date, de indicators, de page, de summary, detail domains, detection list, device control, dnspionage, docs pricing, domain, domain related, domains, domains show, domain tree, downer, downldr, download, driverpack, dropped, dropper, ecdhersa, edsaid, emails, emotet, encrypt, engineering, entries, error, et, et tor, et useragents, execution, exit, expiration date, exploit, extraction, facebook, fakealert, falcon, falcon sandbox, february, file, files, files location, filetour, financial, firehol, follow, formbook, for privacy, frames domain, france mail, france unknown, frankfurt, free poems, friendship poems, fuery, fusioncore, gb summary, general, general full, generator, generic, genkryptik, geotracking, germany, get h2, glupteba, gmbh version, gmt content, gmt united, google, gsqueue, gts ca, hacktool, hallrender, hallrender.com, hashes, heaven, heavens, her beam, herself, heur, hidden users, historical ssl, hong kong, host, hosting, hostname, hostnames, hostname server, http, http header, hybrid, icedid, ice fog, iframe, indicator, indicator facts, inject, installcore, installer, installpack, internet storm, iobit, ip address, ipasns ip, ip information, ip summary, ipv4, isotope, january, javascript, jpeg image, js, june, kali, kb image, keylogger, known tor, kong asn, kuaizip, laplasclipper, leasewebuklon11, links certs, local, localappdata, location hong, location united, login, london, love, love poems, mail collection, mail spammer, main, malicious, malicious site, malicious url, maltiverse, maltiverse safe, maltiverse top, malvertizing, malware, malware alibaba, malware host, malware site, march, mark, mark brian sabey, markmonitor, media, mediaget, message interception, meta, meterpreter, metro, milemighmedia, million, mimikatz, mirai, misc attack, mitre attack, monitoring, moved, msie, mwin, name servers, name value, name verdict, nanocore, nanocore rat, network traffic, next, nircmd, njrat, node tcp, node traffic, november, null, nxdomain, open, opencandy, otx octoseek, outbreak, page url, parent parent, passive dns, patcher, path, pattern match, phishing, phishing site, png image, poem, poems, poem topics, poetry, pony, pornhub, presenoker, present mar, probe, problems, protocol h2, proud evening, proxy, ps ord, pulse indicator, pulse pulses, pulse submit, python, qbot, quasar rat, query type, radar ineractive, radar tracking, rank, ransomware, record value, redline stealer, referrer, refresh, regex, registrar, related nids, relayrouter, relic, remote attacks, requested, resolutions, resource, resource hash, response ip, revengeporn, reverse dns, riskware, romantic poems, roundup, runescape, sabey, safe browsing, safe site, sample, samples, satellite tracking, scan endpoints, scanning host, screenshot, script, script urls, search, search live, sec ch, secure server, security, security tls, seen asn, seen last, server, servers, service, services, shone pale, showing, site, skynet, skynet bot, soc, social engineering, softcnapp, software, spammer, span, sql, ssl certificate, star, status, status hostname, stealer, strings, subdomains, summary, suppobox, svg scalable, swrort, system, systweak, tag count, tags none, tcp traffic, team, text archiver, than, thomsonreuters, thou bearest, threat network, threat report, threat round, threat roundup, threats, tiggre, tofsee, tools, topic, topics, tor known, tor relayrouter, traffic, trojanspy, tsara brashears, tue apr, twitter, umbrella rank, union, united, united kingdom, unknown, unknown traffic, unlocker, unsafe, url analysis, url history, url http, url https, urls, urls date, urls http, url summary, value, variables, vector graphics, wacatac, waypoint object, webtoolbar, westlaw, westlaw njrat, whois record, whois whois, windows nt, x powered, xrat, x sucuri, xtrat, yandex, yndx, zbot, zeus, zuorat

• View other sources: Spamhaus VirusTotal

• Country:
• Network: AS13335 cloudflare
• Noticed: 6 times
• Protcols Attacked: SSH
• Countries Attacked: Canada, Netherlands, Spain, United States of America
• Passive DNS Results: cskfbh.cn ideanova.fun personalinjuryremedy.com www.loginoh01.com jpserver4d.top nanbluesky.com northhighlandsupholsterycleaning.us ee060.com b007.vip kingsite88.net spadock.com 671wbl.com oiuang.shop v7hi88top.today unmitikvvu.store mmahaa4d.org adlexsolicitors.co.uk cpcontacts.ledin.gr blog.fuping.site kiran.travailler-a-montreal.com derektdix.com sieudam18.net greenpek.com gogoboy.com.br politary.xyz sparkwins.us consultarbonodesarrollohumano.com cxvmnbvdu.motorcycles likki-engineering.com best-asian-spa-near-me-us-0001.today gamedinamit4dvip.online hqrk1.top scibera.com bikerosy.com splonline-post.click goodspov.life fitness-app1.today hotelbogatyr.site rc3hearingtestusa.today www.adlexsolicitors.co.uk adaxmac22.live khanesepid.com divergencerp.com guvenilir-slot-siteleri.com sao22r.win casibom551.com globalcontrol.group pragueses.pro coscienzios.com getvisualz.shop crack001.com sanjose-plumbing-pro.com zonedrust.world avocadobananas.com qasqs.com braz777.org celestiz.top mpo555mampir.xyz bensetimes.shop xstream.cloud betibomtv.com encoresurpriseforyou.com plushcoatshop.com coosbaycityjail.org tobamaxwin.com pragmatic4d88.com resilienceandefficiency.com gocuan69.vip vns55020.vip staemcomrnunity.com emwaisotzwooltiodisc.tk ai.dickyagustin.workers.dev magrezza.com ntnbookstore.shop msc863.com fyp4dsigma.com barmasunasimi.tk oceanicgiri.pw searchandsave.org promenadazegrze.pl salesminifan.com angzhikai.dev darkwizard13.click whereiseverybody.movie nanalivenet.com sool-1d.org pmc-zn.com tokosb88.xyz tlemcenia.com ratukingac.com sun52club.pro cikaslot.fun magebeatys.com iptvsiempre.com ksmoney.online ny83.xyz homciom.shop finnoticiasdehoy.com 888111.win gneama.org.sa loginoh01.com jean-jacques-lafon.com app-maveric.space fostergcjr.space prontolabour.com shilbuliram.com sampleheadquarter.cfd ytg24.vip guncelgiris35949.shop zvezdochka26.com forlifetravel.com jopysebudobo.top jeanssales-official.com efidel8p247.com workers-todo-still-cloud-9ef5.shashinoorghimire13.workers.dev thybeen.shop rowbarkershoes.shop muz320.com kilaubos.com inlayrings-store.com market-0327.store joycasino-officialnyi742.win diabetes-management-seek.today xn–bb0bw4mo7f.kr inauguratebuddhist.top aise381.xyz makaugacor.pro online-verification.icu shopfancybands.shop cybercasino.games pqqhjk.cyou crosmisdowngasi.tk gamewingacor.pics butamim.tech subdp.mnetmj.xyz bibeklamichane.com.np vps.nblyj.link thesupplyteachingagency.net hello-world-yellow-poetry-47fa.hastisohrabi1620.workers.dev haoniuyingshi8200.top gazeta-stanczyk.pl upf.fr tg-oauth.com antirungkad.today appgo88.vin www.appgo88.vin revistatenerife.com eeffecttivetrrusst.online kelincibiru.com sunfromrun.site getx-wola.sbs wiering.eu fom.tools daniel.lawrence.lu analytics.iperf3serverlist.net missgv.sbs liyewitravelandtours.com pxl.searchandsave.org my.searchandsave.org dev.searchandsave.org moorskincare.com www.piraciserv.com.br ipanite.shop img.plitix.com hvrhst.com fungamewin.online powerballdosa.com muraselon.com www.muraselon.com www.en.muraselon.com en.muraselon.com namebrangsysz.shop plitix.com api.iperf3serverlist.net vavada05.info spring-base-2ad9.qw32.workers.dev nazarehpyo.site solvebest.cf bioproducts.store agenliga88.bio dosoncalerele.tk bidikbet.com win-online-now-2ii.click escrowned.com bankinter.es-virtuales.com xdsmvuwyms.com links.wipeoutdiabetes.com toutiao777.com asgecont.com justbiochem.com.au m.227227544.com www.227227544.com shopstextiles.com livpurefit-pro.shop couponrani.za.com atbshop1.com moyaferma.club vet-assistant-work-3.today boc5r.shop liquidhosting.xyz 41fxm15xcgm.com aldkfj.xyz aon888x.com minimal.pp.ua msipodcastshow.net korealawtodaynews.mom zz4.gossipgeek.net suhaaganserial.com igadgetbox.in c.cloud.mnetmj.xyz rudely-disappear.club destnurdamoba.ga aluesoen.top forwardhyln.click wwwwilsonfamilyvineyard.com memberslasvegasrealtors.com treats-chronic-migraine-a.life ll697.com wovke.com frame-event.com zz0.gossipgeek.net zrxicwazirx.com www.yunhu868.com yunhu868.com championtrackdays.org a-great-gulf-countries-laser-hair-removal.fyi cyberdrop.pro butclench.top wyyxacie0551.com butiicshop.biz.id lokaj-entruempelung.de restless-term-95c8.bvwkarulej8370.workers.dev url.gossipgeek.net mojawizytowka.eu qs781xt.top wyyxtxy9603.com cool-hill-1d69-irancellll.lakzkqqg2957.workers.dev ld85.tv nffuke.com vibeeducacional.com lamodetendances.com klohjerd.store c660423-9.click runewsonline.ru medgeek.tech www.tool88.pro mabenhome.com sefugedabblearte.tk hotvideo9534.store otiaxizei.com guide.otiaxizei.com digimobilee.ir iliketowatchtoo.nl holzmajass.tk wmdksjdns0412.asia 6d1ow.info ccbb999.xyz 250capricorn.com www.cvjetnepoljane.info sahil.travailler-a-montreal.com stone-riser3.sa.com 888-sh.com ketorofasez.ru.com def-ywkrq.boats www.danskerejseselskaber.dk e-event.kz www.e-event.kz noh.9reza.ml fullcarts.site yglocvoracticon.tk piraciserv.com.br iagoepietratelecom.ml www.zc5hxtnk.one maponocde.cf snowy-wind-f043.lakzkqqg2957.workers.dev www.jamesjustinandco.com zc5hxtnk.one yoncavillapark.com lkvkv.sa.com binance2222.com patient-sun-c3f5.lakzkqqg2957.workers.dev holy-hat-4f92.lakzkqqg2957.workers.dev clicenabinmat.tk nqqwag.com fakazalive.com office.qw32.workers.dev graceglassanddoor.com uotxvh.xyz pesporc.store eyebrowbabyaddressraccoon.online 221b.science sammysoapsuds.com fastfuturevpn.com medicsul.com.br sportito.mx lifebeat.bio wipeoutdiabetes.com 366444ca.com iptv.gratis tokocrpton.top shrircm.com 99dh4.xyz steep-paper-8e24.hamndtrkbp.workers.dev aged-base-1212.qw32.workers.dev super-sky-a8c3.qw32.workers.dev hrbranding.ru gpt.qw32.workers.dev cronicadeltitulo.com coverehale.com www.oldcj69.com oldcj69.com green-tooth-ade8.tprpc.workers.dev muddy-smoke-c4fe.qw32.workers.dev hidden-flower-45b6.qw32.workers.dev www.adulxtok.pics ancient-bird-882f.qw32.workers.dev yandex-give.ru tg-groupportal.cfd diffsuppweltaporan.ml rajakeris4d2.ink wearray.shop szsmim.com www.szsmim.com signstaller.com banne.shop handclevpulboldkib.cf thebiblefamily.com masanto.my.id js081678.com luchoqt.com sanramonairductcleaning.us robertoperilli.com www.robertoperilli.com whatindiawant.in mafangous.com amov.net hve2gti.fun www.cg2.fun cg2.fun greatdesign.store druckerei-bernau.de ykbservice.com luxloseacv-us.shop modturbo.top swghppsk.ml www.growmeer.com ar.architectexpo.com yanjiu.link cosmetics-dental-implants.life dl.ndit.se deprem20.cfd adulxtok.pics hhkk949.cfd haber-karsiyaka.com.tr cf-topspeedv10.uk www.chungcunumberone.com chungcunumberone.com fision.ga teamhhgs.com nitavior.com www.sexygaming.id sexygaming.id freeforall-development.com travailler-a-montreal.com devo-email.dickyagustin.workers.dev jacobdolecki.com prefeast.com mnumarketing.com nihaotm.com thetigerclub.co.uk pravo-family.ru upxecommerce.com centre.claims bitonnyse.com vpndeluxe.com kodebyi.biz nn-tiensshop.ru meglikesmoney.com ylhjpau.shop www.skincarebykarin.com ryanair.site black-cheatz.com hatchgesuponeg.ga wkavekfu.tk 227227544.com cvjetnepoljane.info www.elabuelofamilyrestaurant.com elabuelofamilyrestaurant.com getsearchfor.com www.cheftalal.com cheftalal.com lituaparabea.cf throbbing-resonance-4bf8.dickyagustin.workers.dev red-poetry-8ea8.cs6u5afje5.workers.dev conshoravan.tk cloud.linuxoops.com pantone-color.com pma.astrox-hosting.com xfgqhyzd.tk freemyiran.tk de.freemyiran.tk www.m-linksassociates.com m-linksassociates.com www.danhgiabet.net danhgiabet.net tool88.pro optoptoptoptoptoptoptoptoptoptoptoptoptoptoptoptoptop.top yzllknjm.ga brunchhypothesis.cyou shaheed4u.space somalab.ru panel.astrox-hosting.com astrox-hosting.com pfiirx.ml www.jakartakonveksiabadi.com wild-dew-ac1b.jcfmdjj7222xr2.workers.dev outibprin.tk turnerelectric.xyz www.finemu.com ruckingabout.com www.charlottevibe.com charlottevibe.com hemengecasises.ga clipsexgaidep.pro passportage.com finemu.com rehberbursa.net qra-beauty.online dwstore5719.vip aniketkotal.me lydajasperxi.cyou hmvps465.com twaynemusic.com 9xfs37.xyz subbooksvotic.tk rexcomputer.ru www.rexcomputer.ru jakartakonveksiabadi.com cibeho2.site www.stradekeya.tk worchave.com pmh7aw.tokyo sarojbajagain.com.np xlikeskaufen.de owenzoiethe.cyou www.cursos-imss.mx lr80xd.cyou welovefun88.com jacobcolinn.lt emaax.tw vascreapciatorichec.tk darienaracelydi.cyou 34sp.top icchomicdialima.tk kingratdiala.tk likefast.ga quilymrilar.tk sciaticadoctorinahmedabad.com www.playbet77slot.org and1canada.com vajetsca.ml rezcwnj.top panel.primusforex.net www.superstardj.org www.womanpilot.com gutensucon.tk staging.outsider.si minelyum.com.tr www.minelyum.com.tr troupanberkers.ml ye500edzq.rest ketotonami.cyou weq93.ink mobilesoft.pro zeromaxgmbh.com felenayo.life inovralo.tk desktop-nfx.foundation pjort.tk lzgpdq.com chuzzpubposeramean.ml zoomdev-marketplacefront-cf-devm.zoom-cdn.workers.dev zoomdev-marketplacefront-cf-dev.zoom-cdn.workers.dev service-marketplacefront-cf-devm.zoom-cdn.workers.dev sobtadencaparaf.tk mart-s-mart.ru bywx.cc 0bu8p9.buzz sydrbottle.top wwwopenmypremierecard.net 2jvcyl.tokyo sibary.net omabet88.com etherealfev.cyou techslooth.com poast.gay www.gregoryshirt.shop gregoryshirt.shop zoom-gomarketplacecontent-cf.zoom-cdn.workers.dev kixsftz.sa.com

Malware Detected on Host

Count: 1 c64221fbc0b862195900f2c05717a0692a91529bddecdfc97977a4fa5a00a539

Open Ports Detected

2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2021-05-26
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2021-07-01
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

****** ****** ******