104.25.8.5 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.25.8.5 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal
• Contained within other IP sets: hphosts_fsa

• Country: United States
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: go.tenorshare.com rpc.tenorshare.com plppq.top ppwyt.top download.windowspasswordsrecovery.com wailung.com www.orionconcepts.net.cdn.cloudflare.net www.bugged.ro apix.tenorshare.com www.tenorshare.com forum.bugged.ro www.windowspasswordsrecovery.com tenorshare.com tenorshare.net cuffelinks.com.au www.tenorshare.net cms.tenorshare.com www.appletonsweets.co.uk download.tenorshare.net forums.tenorshare.com images.tenorshare.com cast2.tv beta.cast2.tv download.tenorshare.com cbs.tenorshare.com api.tenorshare.com kibana.golookup.com styckie.com bulkwholesalesweets.co.uk appletonsweets.co.uk bugged.ro 104.25.8.5 blog.styckie.com blog.tenorshare.com www.blog.windowspasswordsrecovery.com chaplin24.biz lostwindowspassword.com www.lostwindowspassword.com blog.lostwindowspassword.com blog.windowspasswordsrecovery.com windowspasswordsrecovery.com vultrpanels.bugged.ro www.cast2.tv play.bugged.ro safe.golookup.com staging.goingconcern.com blackpanel.bugged.ro whitepanel.bugged.ro goingconcern.com www.bulkwholesalesweets.co.uk theitravelchannel.tv reports.golookup.com www.styckie.com gostatic.com.es wandnfsf.com golookup.com portal.nevayatv.net yellowpanel.bugged.ro www.goingconcern.com m.goingconcern.com www.yegnatube.info yegnatube.info zamuti.cc www.zamuti.cc www.orionconcepts.net www.chem24.biz www.chaplin24.biz www.ice24rc.biz ice24rc.biz chem24.biz betapanel.bugged.ro cabinet.abonent.plus www.vanndigital.com greenpanel.bugged.ro panel.bugged.ro redpanel.bugged.ro orangepanel.bugged.ro bluepanel.bugged.ro audiobuy.co.za so.dh0599.com dh0599.com abonent.plus

Malware Detected on Host

Count: 99 50df2930f47d09f92a7c169033ca83cdf03b8d7d755029a3b6e4c56ffc980e84 58705ff0f62cd9e3ba254c183ef18d84386f6f7143b7bf10b8d9dff6d9b143cd 89bd47a6dbd6ba6fd8a23f9ff0bab2553c6c36a093c1220901b050e101e4352e 451eacf9eb2440cf949d669c9f139f23baef05ddd6161ea772887cd84f39f714 251ba86fde12b2b5216a04fab806890bea3fa119e3b4d9bdc3357d463b8a115b c3cfa4df38856915cd809bd452550259ac857f09a125b8a7343215985c9925da df515acf7d264da05892ce80f7cd432c0e640d1159dcacf1908cce5a3db20be9 cdc9b1237d750b1135f45928e141af1a388185799d5d37af3bc53a17f1bbb730 182f6a104c62b4660bb8c8c858d39787397ff13ee83787d00e18d2415a265b26 95a48e25f1239b919a60fb731c78541c362b17a2c783d717defe289280bf144d

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22 anonymous-proxy-ip-list-2025-06-24