104.25.2.4 Threat Intelligence and Host Information

Share on:
Jul 31, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.25.2.4 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_de, blocklist_de_ssh, cleanmx_viruses, haley_ssh, hphosts_ats, hphosts_fsa, hphosts_psh, stopforumspam, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_90d

  • Country: United States
  • Network: AS13335 cloudflare
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Passive DNS Results: reap.insitehome.org www.reap.insitehome.org www.jira.insitehome.org.cdn.cloudflare.net reap.insitehome.org.cdn.cloudflare.net www.reap.insitehome.org.cdn.cloudflare.net jira.insitehome.org.cdn.cloudflare.net qa-wiki.insitehome.org.cdn.cloudflare.net unoju.top www.protennislive.com pres.learningjquery.com learningjquery.com www.besthomefashion.com 8ivrloop9s5qbr0qamt9as6lpb2m33.embed.www.digitaleprodukter.dk www.vidcon.com vidcon.com c9dd.com pariga.co.uk rgmadmin.com live.vidcon.com www.proformfitness.fr proformfitness.fr www2.korbit-test.com lottery.vidcon.com securesend.io nexhit.com www.newhousing.com.au www.coreless-stretchfilm.com qa-workflow.bitwire.co dev-workflow.bitwire.co www.adprocrm.com adprocrm.com static.newhousing.com.au img.newhousing.com.au www.visionifp.co.uk pay.korbit-test.com www.nexhit.com www.pariga.co.uk www.fitnessequipment4u.co.uk www.destockage-fitness.com coreless-stretchfilm.com destockage-fitness.com www.securesend.io quotes.nexhit.com digestivemedicalsolutions.com www.nordictrack.it www.cosywool.com newhousing.com.au analytics.nexhit.com korbit-test.com bitwire.co api.korbit-test.com www.snipjournal.com cosywool.com towncontractors.com www.c9dd.com www.korbit-test.com www-qa.korbit-test.com www-mobile.korbit-test.com api-qa.korbit-test.com api-mobile.korbit-test.com sandbox.bitwire.co www.towncontractors.com start.bitwire.co launch.bitwire.co www.bitwire.co test.bitwire.co pages.digitaleprodukter.dk

Malware Detected on Host

Count: 3 bcfcea47fac4e61330fec7c6c221cc926f4f90dd43891cecdd2995c8ff937d2a f6989defe237b01af5e3b1f4a3763330c2791894372e5bb70001df9502f36c74 757f2c62637765cbc8c7b9f5f63ed4ab00f34485f516a66b2a81b4edfb731920

Open Ports Detected

2052 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

  • NetRange: 104.16.0.0 - 104.31.255.255
  • CIDR: 104.16.0.0/12
  • NetName: CLOUDFLARENET
  • NetHandle: NET-104-16-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS13335
  • Organization: Cloudflare, Inc. (CLOUD14)
  • RegDate: 2014-03-28
  • Updated: 2021-05-26
  • Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  • Ref: https://rdap.arin.net/registry/ip/104.16.0.0
  • OrgName: Cloudflare, Inc.
  • OrgId: CLOUD14
  • Address: 101 Townsend Street
  • City: San Francisco
  • StateProv: CA
  • PostalCode: 94107
  • Country: US
  • RegDate: 2010-07-09
  • Updated: 2021-07-01
  • Ref: https://rdap.arin.net/registry/entity/CLOUD14
  • OrgTechHandle: ADMIN2521-ARIN
  • OrgTechName: Admin
  • OrgTechPhone: +1-650-319-8930
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • OrgRoutingHandle: CLOUD146-ARIN
  • OrgRoutingName: Cloudflare-NOC
  • OrgRoutingPhone: +1-650-319-8930
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgNOCHandle: CLOUD146-ARIN
  • OrgNOCName: Cloudflare-NOC
  • OrgNOCPhone: +1-650-319-8930
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgAbuseHandle: ABUSE2916-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-650-319-8930
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • RTechHandle: ADMIN2521-ARIN
  • RTechName: Admin
  • RTechPhone: +1-650-319-8930
  • RTechEmail: [email protected]
  • RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • RNOCHandle: NOC11962-ARIN
  • RNOCName: NOC
  • RNOCPhone: +1-650-319-8930
  • RNOCEmail: [email protected]
  • RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
  • RAbuseHandle: ABUSE2916-ARIN
  • RAbuseName: Abuse
  • RAbusePhone: +1-650-319-8930
  • RAbuseEmail: [email protected]
  • RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2022-11-16 bruteforce-ip-list-2022-10-10 vultrwarsaw-ssh-bruteforce-ip-list-2023-03-07 anonymous-proxy-ip-list-2023-06-28 anonymous-proxy-ip-list-2023-07-15 anonymous-proxy-ip-list-2023-07-28 vultrparis-ssh-bruteforce-ip-list-2022-11-29 anonymous-proxy-ip-list-2023-06-29 anonymous-proxy-ip-list-2023-07-18 anonymous-proxy-ip-list-2023-07-19 dofrank-ssh-bruteforce-ip-list-2022-08-04 vultrparis-ssh-bruteforce-ip-list-2022-08-20 vultrparis-ssh-bruteforce-ip-list-2022-08-31 dotoronto-ssh-bruteforce-ip-list-2022-09-28 vultrparis-ssh-bruteforce-ip-list-2023-02-22 vultrmadrid-ssh-bruteforce-ip-list-2023-06-25 dotoronto-ssh-bruteforce-ip-list-2022-07-31 vultrwarsaw-ssh-bruteforce-ip-list-2023-07-14 anonymous-proxy-ip-list-2023-07-26 anonymous-proxy-ip-list-2023-07-27 bruteforce-ip-list-2022-04-29 vultrmadrid-ssh-bruteforce-ip-list-2022-06-18 vultrwarsaw-ssh-bruteforce-ip-list-2022-08-11 vultrwarsaw-ssh-bruteforce-ip-list-2023-03-08 vultrmadrid-ssh-bruteforce-ip-list-2023-04-05 dotoronto-ssh-bruteforce-ip-list-2023-05-08 dolondon-ssh-bruteforce-ip-list-2023-06-06 anonymous-proxy-ip-list-2023-07-10 dolondon-ssh-bruteforce-ip-list-2022-06-23 bruteforce-ip-list-2022-08-24 vultrwarsaw-ssh-bruteforce-ip-list-2022-09-11 bruteforce-ip-list-2023-04-19 vultrwarsaw-ssh-bruteforce-ip-list-2022-12-10 vultrmadrid-ssh-bruteforce-ip-list-2022-12-17 dofrank-ssh-bruteforce-ip-list-2023-03-14 vultrwarsaw-ssh-bruteforce-ip-list-2023-04-10 anonymous-proxy-ip-list-2023-06-30 anonymous-proxy-ip-list-2023-07-16 vultrparis-ssh-bruteforce-ip-list-2022-07-03 dofrank-ssh-bruteforce-ip-list-2023-04-14 dolondon-ssh-bruteforce-ip-list-2022-07-01 dolondon-ssh-bruteforce-ip-list-2022-07-30 dosing-ssh-bruteforce-ip-list-2022-07-14 dofrank-ssh-bruteforce-ip-list-2022-12-05 vultrparis-ssh-bruteforce-ip-list-2022-12-07 vultrwarsaw-ssh-bruteforce-ip-list-2022-12-27 vultrparis-ssh-bruteforce-ip-list-2023-03-14 anonymous-proxy-ip-list-2023-07-08 anonymous-proxy-ip-list-2023-07-09 dolondon-ssh-bruteforce-ip-list-2022-06-19 anonymous-proxy-ip-list-2023-07-30 bruteforce-ip-list-2022-08-21 dolondon-ssh-bruteforce-ip-list-2023-01-12 anonymous-proxy-ip-list-2023-06-22 anonymous-proxy-ip-list-2023-07-02 anonymous-proxy-ip-list-2023-07-03 dolondon-ssh-bruteforce-ip-list-2023-07-18 vultrwarsaw-ssh-bruteforce-ip-list-2022-06-23 bruteforce-ip-list-2022-10-17 dolondon-ssh-bruteforce-ip-list-2023-04-11 bruteforce-ip-list-2023-05-22 anonymous-proxy-ip-list-2023-07-13 bruteforce-ip-list-2022-07-22 anonymous-proxy-ip-list-2023-07-21 vultrparis-ssh-bruteforce-ip-list-2022-09-09 dolondon-ssh-bruteforce-ip-list-2022-10-03 dolondon-ssh-bruteforce-ip-list-2023-04-29 anonymous-proxy-ip-list-2023-07-14