104.25.103.25 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.25.103.25 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: fxmote749.cn www.fxmote63986.cn www.ra3x4lm.vip chgk383.vip xtph943.vip grmn213.vip 2wuhm3h.vip cgcz213.vip fxmote1364.icu www.fxmote2371.icu fxmote0123.icu www.fxmote839.cn www.chgk383.vip www.tcxj907.vip fxmote02191.cn www.zg115xync.live www.759359.xyz l8057ry.vip www.zg015xync.live www.fxmote1409.site ra3x4lm.vip www.yuanshi595.cn fgrc236.vip yuanshi1293.icu fxmote0279.site cdn3.buttrcup.com banners.news1.co.il xn–9t4b29cuvpczd.com www.news1.co.il egy.help m.news1.co.il autobuy.io receitasdepesos.com.br news1.co.il exieer.com moonimmortal.com show-it.tv pbot.app destream.net host.startupscene.com inscoin.co my.buttrcup.com yorkshiremontessorinursery.co.uk admin-api.buttrcup.com claymer.biz mylowritesapp.com buttrcup.com startupscene.com idating.online coveralls.io www.snugpak.com puddledigital.co.uk timothytaylor.co.uk blog.coveralls.io zerocopter.com www.wtwsolicitors.co.uk www.mylowrites.com www.coveralls.io enterprise.coveralls.io ogarras.com snugpak.com help.zerocopter.com www.echobluffstatepark.com echobluffstatepark.com www.mylowritesapp.com walkerfoster.com northroplabelprinters.co.uk www.ogarras.com www.yorkshiremontessorinursery.co.uk wtwsolicitors.co.uk www.timothytaylor.co.uk

Malware Detected on Host

Count: 9 af2de07aabb5cb1dd7523baf324badc99820a30db6a480bbba5c995d473f6bc9 ee4c8335e304ae397023224f76a53df194bf02390dab4e660a66774cb0f0082c b5591ba36a54e9513d866196a6ef373239a739b78d9a6ebe814b40a46110a4c0 fd87a97aa1f249894a16f60e258e7410d2388d09d8b20a44223c376cdd950ba9 364f8437ff65ac047e6f9155ce37807e1e22eb9af3192d9eaed417a30f1c9dbe c4413315ecb850631c740a31da1a0405d0810d8fc1cac32d55e361db042886b8 1cf066cee15b70826c7e6327367daaf3914e099145d8afe67ab9a1f14dbe8db1 b1a7baeb73f9fe203d1e0aa02a5d51fb8d8c51eee2902c39f596d7f8af4fd02b e537aaeecbce6c24f80895dcceb009df07f7e65b5cf5d66bf83fe25db2be259d

Open Ports Detected

2052 2053 2082 2086 2087 2095 443 80 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-06-24