104.21.96.1 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.96.1 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 23 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, China, Japan, United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 2096, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 5897

Tags

• aaaa
• aaaaa
• abxcde
• accept
• accept encoding
• access ta0006
• acku new
• address
• address google
• address range
• address server
• a domains
• adversaries
• alberta
• Alberta
• Alberta Doctors
• Alberta Health Services
• Alberta Medical Association
• Alberta NDP
• Alberta UCP
• alerts
• algorithm
• alienvault
• allocation type
• amazon
• amazon02
• amazonaes
• amazon rsa
• amazon s3
• analysis
• analysis date
• analysis ob0001
• analysis ob0002
• analyze
• analyze api
• ansi
• anti
• apache
• apis
• april
• apt
• ascii text
• ascio
• asn15169
• asn46606
• asn as16509
• associated urls
• attack
• attack surface
• august
• auto-generated security
• av detections
• base64uidenc
• bayonet
• bbox
• black
• body
• Botnet
• browsing
• bulk export
• c2
• catalog tree
• categories date
• ca valid
• cavalier
• cdck
• certificate
• certum code
• change theme
• checks amount
• ch ua
• cidr
• ciebie
• City of Edmonton
• cjutxg
• ck id
• ck matrix
• click
• close
• cloud
• cloudflare
• cloudflarenet
• cloudfront
• cname
• cnmicrosoft ecc
• cobalt strike
• code
• code signing
• collection
• com laude
• command
• comspec
• config
• Connect Care
• connection
• contact
• contacted
• contact us
• content
• content type
• control ob0004
• control ta0011
• cookie
• copy
• copy md5
• copy sha1
• copy sha256
• core
• country name
• Covenent Health
• created
• creation date
• crlf
• crowdsourced
• cryptexportkey
• crypto
• cus subject
• customers
• d4 portable
• darknet
• data
• datacrashpad
• dataedge cloud
• data oc0004
• data upload
• date
• date checked
• defense evasion
• delete
• demo explore
• destination
• detections
• detections none
• DGA
• discovered ip
• dll windows
• dns resolutions
• dock
• document file
• domain
• domain add
• domain analysis
• domain name
• domain related
• domains show
• download
• download submit
• drop
• drop or
• drowol type
• drow type
• dynamicloader
• dyndns checkip
• e5 e5
• edge
• Edmonton Police Services
• EduRoam
• ef3ghigj
• eid104
• eid1338769034
• eid2
• eid3
• eid4828312
• email address
• emulation
• encrypt
• energy
• enter sc
• enter sou
• enter source
• enter sourue
• entity
• entity amazon4
• entries
• entries http
• error https
• evasion defense
• evasion ta0005
• exchange meta
• exchange og
• exclude
• exclude data
• excluded ous
• executable
• execution
• expiration
• expiration date
• external ip
• extgstate
• extra
• extract
• extraction
• extraction fa
• extra data
• extra window
• extre data
• extr please
• facebook
• facts otx
• failed
• failure
• false
• fastly
• february
• feed
• file
• file analysis
• filehash
• file score
• files domain
• files ip
• filesize
• files location
• files related
• file type
• find
• first ioc
• flag united
• flywheel
• footer
• form
• format
• for privacy
• found
• frankfurt
• free report
• from
• full report
• g2 issuer
• g2 valid
• g4 issuer
• gandi sas
• gecko
• general
• generator
• germany
• get http
• get https
• github
• globalc
• gmbh
• gmt content
• gmt date
• gmt etag
• gmt ifnonematch
• gmt path
• gmt server
• google
• google llc
• google safe
• google tag
• google team
• green
• gtmkvjvztk
• gtmkvjvztk dl
• guard
• handle
• hellokitty
• helper
• high
• hio50 c1
• historical dns
• Hookbot
• hostname
• hostname add
• hostname xn
• hosts
• html
• html document
• html internet
• http
• httponly
• https dane
• http yara
• hudson rock
• hybrid
• icmp
• icmp traffic
• ids detections
• iframe
• iframe tags
• imi i
• impact
• impact ta0040
• include
• included iocs
• indicator
• indicator of compromise
• info
• info malcore
• informacje
• informative
• insight tag
• intel
• intelligence
• intelligence x
• invalid pointer
• ioc
• iocs
• ip address
• issuer certum
• iwin
• javascript
• jelenia gra
• jeli masz
• jquery
• june
• keepalive
• key usage
• khtml
• learn
• length
• level3
• levelblue
• levelblue open
• lf triid
• libs
• link
• llc address
• local
• location united
• login
• lookup
• lowfi
• ltd dba
• Lumma
• magia dokument
• magic html
• main
• malcore
• malware
• malware unread
• manually add
• media center
• medium
• memcommit
• memory
• memoryfile scan
• memory oc0002
• memreserve
• meta
• meta http
• Ministry of Advanced Education
• Ministry of Health
• Ministry of Tech & Innovation
• miss x
• mitre att
• model
• monstroid2
• most relevant
• moved
• mozilla
• msie
• ms visual
• ms windows
• mtb apr
• mtb yara
• mutexes nothing
• namecheap
• namecheap inc
• namecheapnet
• name servers
• name tactics
• net3128001
• net3168001
• netherlands
• network name
• network related
• next
• next associated
• nie po
• nie wczeniej
• no expiration
• none google
• none indicator
• none related
• Nosviak4
• nothing
• nsisdl
• number
• ob0001
• ob0007 impact
• ob0012 file
• oc0006
• oc0008
• odcisk palca
• oid2
• oidrop
• oiprop
• omicrosoft c
• online
• open ports
• open threat
• org domains
• otx telemetry
• ouno sni
• over
• overlay
• overview
• passive dns
• path
• pattern match
• pe32
• pe exe
• persistence
• Phishing
• platform
• please
• please search
• please sub
• policy terms
• port
• post http
• post https
• pragma
• prefetch1
• prefetch8
• prefetch8 ansi
• premium
• present apr
• present dec
• present jul
• present jun
• present may
• present nov
• present sep
• private name
• process
• process32nextw
• process key
• process oc0003
• product blog
• protect
• proxy
• public key
• pulse
• pulse pulses
• pulses
• pulses none
• pulse submit
• push
• query
• ransom
• ransomware
• Ransomware
• rate limits
• rats
• read
• read c
• reads
• record value
• referral url
• referrerpolicy
• registrarsafe
• related nids
• related pulses
• related tags
• report
• reported
• request
• resolved ips
• resource
• response
• response ip
• results
• review data
• review io
• review los
• ri falsek
• rlength
• road city
• roboto
• rock
• Rogers
• safe browsing
• sample
• sandbox
• savbwcd
• scan
• scans record
• schedule
• script domains
• script tags
• script urls
• scroll
• sc tenn
• search
• search advanced
• sea x
• sec ch
• seen
• se extraction
• serial number
• server
• server ca
• server response
• service
• se source
• set cookie
• sha1
• sha256
• sha512
• share
• show
• showing
• show process
• show technique
• sign
• signer
• signing ca
• simple file
• slcc2
• slow
• solutions
• spaceship
• span
• spawns
• ssdeep
• stamping
• starfield
• static
• status
• stixtaxii
• stop data
• stream
• strings
• stwa lredmond
• subdomains
• submission
• submit
• submitted
• subtypeform
• sugges
• suggestealous u
• suspicious
• sweden
• symantec time
• symbol
• system oc0001
• t1055
• t1114
• ta0004 defense
• ta0009 command
• tag manager
• tags
• tags twitter
• target
• telewizja dami
• Telus
• tenkau
• term
• texurag
• third
• threat
• threat exchange
• threat intelligence
• threats api
• threats explore
• thumbprint
• thumbprint md5
• tima
• time stamping
• title
• title error
• tls handshake
• tlsv1
• tools
• trackers
• Treaty 6
• Treaty 7
• Treaty 8
• triage
• trojan
• trojandropper
• trust
• trusted network
• tucows
• twitter
• twitter running
• type
• typ pliku
• uaaaaaaai
• ua full
• UAlberta
• ua platform
• unicode
• unicode text
• unifiedlayeras1
• unique
• united
• United Nurses of Alberta
• University of Calgary
• unknown
• unknown ns
• unknown soa
• upatre
• updated
• update secure
• url add
• url data
• url hostname
• url https
• url or
• urls
• urls show
• url uk
• usage ff
• usa o
• us creation
• users
• u suggested
• utc gcfezl5ynvb
• utc google
• utc gtmkvjvztk
• utc linkedin
• utc na
• utf8
• utf8 text
• v2 document
• v3 numer
• v3 serial
• value
• vary
• vhash
• virus
• vis1
• vxstream
• we1 wano
• whasz
• whitelisted
• whois registrar
• whois server
• win32
• win32 exe
• win32qqpass apr
• win64
• window memory
• windows
• windows nt
• worm
• wow64
• write
• write c
• x amz
• x cache
• xcache error
• xmpg
• xobject
• yara detections
• z bardzo
• zdarzenia
• z dnia
• zgodnie z

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1012 - Query Registry
• T1027 - Obfuscated Files or Information
• T1036 - Masquerading
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1057 - Process Discovery
• T1060 - Registry Run Keys / Startup Folder
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1090 - Proxy
• T1105 - Ingress Tool Transfer
• T1112 - Modify Registry
• T1114 - Email Collection
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1143 - Hidden Window
• T1217 - Browser Bookmark Discovery
• T1480 - Execution Guardrails
• T1489 - Service Stop
• T1491 - Defacement
• T1497 - Virtualization/Sandbox Evasion
• T1518 - Software Discovery
• T1530 - Data from Cloud Storage Object
• T1553 - Subvert Trust Controls
• T1560 - Archive Collected Data
• T1562 - Impair Defenses
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1573 - Encrypted Channel
• T1583 - Acquire Infrastructure
• T1590 - Gather Victim Network Information

Passive DNS

• dullesrobotics.com

Attack Log References

• anonymous-proxy-ip-list-2025-06-30
• anonymous-proxy-ip-list-2025-07-02
• anonymous-proxy-ip-list-2025-07-18
• anonymous-proxy-ip-list-2025-06-23
• anonymous-proxy-ip-list-2025-06-26
• anonymous-proxy-ip-list-2025-06-27
• anonymous-proxy-ip-list-2025-07-13
• anonymous-proxy-ip-list-2025-07-11
• anonymous-proxy-ip-list-2025-07-15
• anonymous-proxy-ip-list-2025-07-30
• anonymous-proxy-ip-list-2025-07-01
• anonymous-proxy-ip-list-2025-07-06
• anonymous-proxy-ip-list-2025-07-24
• anonymous-proxy-ip-list-2025-07-07
• anonymous-proxy-ip-list-2025-07-14
• anonymous-proxy-ip-list-2025-07-23
• anonymous-proxy-ip-list-2025-06-22
• anonymous-proxy-ip-list-2025-06-28
• anonymous-proxy-ip-list-2025-06-29
• anonymous-proxy-ip-list-2025-07-05
• anonymous-proxy-ip-list-2025-06-24
• anonymous-proxy-ip-list-2025-07-27
• anonymous-proxy-ip-list-2025-07-12
• anonymous-proxy-ip-list-2025-07-17
• anonymous-proxy-ip-list-2025-07-22
• anonymous-proxy-ip-list-2025-07-28
• anonymous-proxy-ip-list-2025-07-31
• anonymous-proxy-ip-list-2025-08-01
• anonymous-proxy-ip-list-2025-08-02
• anonymous-proxy-ip-list-2025-07-09
• anonymous-proxy-ip-list-2025-07-19
• anonymous-proxy-ip-list-2025-07-04
• anonymous-proxy-ip-list-2025-07-08
• anonymous-proxy-ip-list-2025-07-10
• anonymous-proxy-ip-list-2025-07-29
• anonymous-proxy-ip-list-2025-07-03
• anonymous-proxy-ip-list-2025-07-25
• anonymous-proxy-ip-list-2025-07-16
• anonymous-proxy-ip-list-2025-07-20
• anonymous-proxy-ip-list-2025-07-26
• anonymous-proxy-ip-list-2025-06-25
• anonymous-proxy-ip-list-2025-07-21

Whois Information