IOC Radar
IPMediumSignal 0/100

104.21.80.1

Location
United StatesUnited States
Toronto, Ontario
ASN
AS13335
Cloudflare, Inc.
First Seen
Jan 12, 2025
Last Seen
Jun 18, 2026
Jan 12
First Seen
526d ago
Jun 18
Last Seen
4d ago
7
Reports
source reports
0%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionToronto, Ontario
ASNAS13335
OrganizationCloudflare, Inc.

Feed Intelligence Summary

7 reports0% confidence
7
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This report concerns an Indicator of Compromise (IOC) identified as an IPv4 address, `104.21.80.1`. Extensive analysis, including its explicit whitelist status and a threat score of 0.0, confirms that this indicator presents a benign and negligible risk to organizational security. There is no evidence to suggest this IP address is currently involved in any malicious activities or poses a direct threat. Its presence in various threat intelligence feeds primarily reflects historical data or contex…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
7
Reports
First seenJan 12, 2025
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationToronto, Ontario
ASNAS13335
OrgCloudflare, Inc.
Coords43.6532, -79.3832

VirusTotal

Not checked

WHOIS

description
proxy-proxy_http search result.
raw
NetRange: 104.16.0.0 - 104.31.255.255 CIDR: 104.16.0.0/12 NetName: CLOUDFLARENET NetHandle: NET-104-16-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Cloudflare, Inc. (CLOUD14) RegDate: 2014-03-28 Updated: 2024-09-04 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv Ref: https://rdap.arin.net/registry/ip/104.16.0.0 OrgName: Cloudflare, Inc. OrgId: CLOUD14 Address: 101 Townsend Street City: San Francisco StateProv: CA PostalCode: 94107 Country: US RegDate: 2010-07-09 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/CLOUD14 OrgRoutingHandle: CLOUD146-ARIN OrgRoutingName: Cloudflare-NOC OrgRoutingPhone: +1-650-319-8930 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN OrgNOCHandle: CLOUD146-ARIN OrgNOCName: Cloudflare-NOC OrgNOCPhone: +1-650-319-8930 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN OrgAbuseHandle: ABUSE2916-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-650-319-8930 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN OrgTechHandle: ADMIN2521-ARIN OrgTechName: Admin OrgTechPhone: +1-650-319-8930 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN RNOCHandle: NOC11962-ARIN RNOCName: NOC RNOCPhone: +1-650-319-8930 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN RTechHandle: ADMIN2521-ARIN RTechName: Admin RTechPhone: +1-650-319-8930 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN RAbuseHandle: ABUSE2916-ARIN RAbuseName: Abuse RAbusePhone: +1-650-319-8930 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
references
https://www.cyfirma.com/research/unmasked-salat-stealer-a-deep-dive-into-its-advanced-persistence-mechanisms-and-c2-infrastructure/, Researched: https://hcpf.colorado.gov/, www.onyx-ware.com • https://www.endgamesystems.com/, millet-usgc-1.palantirfedstart.com, https://securityaffairs.com/109671/hacking/50000-home-cameras-hacked.html, https://passwords.google/?utm_medium=hpp&utm_source=google&utm_campaign=sid2023aunonenms, https://passwords.google/?utm_medium=hpp&utm, https://securityaffairs.com/181338/security/google-fixed-chrome-flaw-found-by-big-sleep-ai.html, Researched publicly available information provided by representative of a target’s estate, System has placed affected on multiple policies cancelling private policy without notice., Paid for plan long after entity put target on a state plan. Target audited for making too much money (framed), Provided documented evidence of appealed state issued plan and disclosed financials., Won appeal. Denied stimulus until passing another audit showing taxable income and filed taxes, I hope this goes smoothly. I believe will be a nightmare as witnessed. I hope I’m wrong., State (or random •_- hackers) erased evidence of targets insurance all paid for by target., Target also owned an online brokerage & lead company, was agent & insurance marketer for years., September began with false information, defaulted claims , denials from authorized services rendered years prior., If someone has Medicare it’s wise to check with carrier & providers to see policies generated by AI, http://tvdami.eu/, http://www.tvdami.eu/, https://www.tvdami.eu/, https://www.virustotal.com/graph/embed/g5a4ffbe1307744b29397d2362a7fc0b994dd3808bb3040c7ba30dae382a765f6?theme=dark, https://www.virustotal.com/graph/embed/g72df1f66f38a434195b7f8c2d475c6dac04b4423bb8f4d7abcd640cf4b10e262?theme=dark, sentient.industries affects independent artists. Affects several others., Bethseda Map - Yara Detections Delphi , InnoSetupInstaller, Bethseda Map - High Priority Alerts: ransomware_file_moves ransomware_appends_extensions, Bethseda Map - High Priority Alerts: dumped_buffer2 antisandbox_mouse_hook, Bethseda Map - High Priority Alerts: modifies_certificates ransomware_dropped_files, Bethseda Map - High Priority Alerts: ransomware_mass_file_delete antivm_firmware, Bethseda Map - High Priority Alerts: antiemu_wine banker_zeus_p2p, https://download.mobiledit.com/drivers/setup_cdd_apple_1_0_10_0.exe, https://forensic.manuals.mobiledit.com/MM/how-to-install-correct-apple-drivers, prod.foundry.tylertechai.com • qa.foundry.tylertechai.com • staging.foundry.tylertechai.com •, talos-staging.palantirfoundry.com • tylertechai.com • Palantir Technologies Inc.• palantirfoundry.com, Affects : Kailula4 , scnrscnr, SongCulture, Tsara Brashears & associated, ScrnrScrnr , dorkingbeauty, Interesting widgets: https://myid.canon/prd/1.1.30/canonid-assets/gcid-widget.html, http://link.monetizer101.com/widget/custom-2.0.2/templates/1, https://widget-i18n.tiktokv.com.ttdns2.com/ • https://stella.demand-iq.com/widget, widget-va.tiktokv.com.ttdns2.com • http://widget-i18n.tiktokv.com.ttdns2.com/, http://link.monetizer101.com/widget/custom-2.0.3/js/load.min.js •, https://link.monetizer101.com/widget/code/595.js • https://link.monetizer101.com/widget/code/1343.js, https://link.monetizer101.com/widget/code/1511.js • https://link.monetizer101.com/widget/code/mirror.js, https://link.monetizer101.com/widget/code/dailystaruk.js, https://forensic.manuals.mobiledit.com/MM/how-to-install-correct-apple-drivers (ASP.NET), Interesting Strings: https://pro-api.coinmarketcap.com/v2/cryptocurrency/quotes/historical, (Can't access file- Malware infection files), Potential reparations: Spyware , Trojan , Pegasus , DNS , Graphite , Paragon , NSO Group , Endgame , Cloudfront, constellation.pcfrpegaservice.net (Pegasus related? idk), On behalf of pcfrpegaservice.net owner Name Servers NS-1477.AWSDNS-56.ORG Org Identity Protection Service, TrojanWin32Scoreem - CodeOverlap [616fc7047d6216f7a604fa90f2f2dd0ad5b12f1153137e43858d3421ba964ea4], I have to breakdown this enormous post over time. I’m going to repost a potential hackers similar post, Remotewd.com devices, If you find anything interesting please research it., https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs, https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649, https://www.proofpoint.com/us/blog/threat-insight/amatera-stealer-rebranded-acr-stealer-improved-evasion-sophistication, https://www.virustotal.com/graph/g9155e32765e8465eb4c422d9abc5dcc8c830fa9dc83e40a99c0b1c6fb56e098c, https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv, https://github.com/Abjuri5t/SarlackLab/tree/main/IOCs.csv/, https://abjuri5t.github.io/SarlackLab/, https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore //, https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_ste, https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat // ak, https://threatfox.abuse.ch/export/csv/recent/, https://hybrid-analysis.com/sample/b0221df98cf7c8cbb752166c2942167038905c6ce60cd4289bee7d6c9d9c9981/67e70010db76da6d2704fa75, https://tria.ge/250328-yq3hrsz1c1/behavioral1, https://www.virustotal.com/gui/domain/alberta.ca, https://pulsedive.com/indicator/?iid=9866511, https://www.filescan.io/uploads/67e70367631830704a8a8a0c/reports/0cb06032-68da-40e4-8f2a-f2ef06384df8/ioc, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce = Domain Analysis (refer to databreaches), https://intelx.io/?s=alberta.ca, https://www.hudsonrock.com/search?domain=alberta.ca, https://polyswarm.network/scan/results/url/8f3e04dffd9a4447667ca0135138ca8da321c66c9dbd6be815c17e2aa6e6f292, https://www.urlvoid.com/whois-lookup/, https://app.pentester.com/scans/U2NhblR5cGU6NjM1NDk1OA==, https://cwe.mitre.org/data/definitions/79.html, https://www.virustotal.com/gui/domain/alberta.ca/relations, http://ci-www.threatcrowd.org/domain.php?domain=alberta.ca, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce, https://www.hybrid-analysis.com/sample/9b22c3771c435ce35bd0d8c766594a7e01156167829b60155e028d8852c69ba2/681974f451849933040662f6, https://www.filescan.io/uploads/68197523c7418694c8a5dcd3/reports/ae06283d-f5d8-426d-a32c-1a04566e7635/ioc, https://www.virustotal.com/graph/ga2cbe65d6dd24a1d89b584b5cc892ab0afc7a87a74a549a9b77c9c343461fd7f, https://viz.greynoise.io/analysis/3ee52cc0-002c-400c-b5bf-49b44f, https://report.netcraft.com/submission/onYIimeiqmyGDgi99MNXQbDv4, https://hybrid-analysis.com/sample/5cf02c9ccde7be1c7137618d79d5b, https://www.filescan.io/uploads/67da192f01edd28374b3e4bc/reports, https://app.validin.com/detail?find=Login%20-%20Nosviak4, https://app.validin.com/detail?find=HOOKBOT%20PANEL, https://app.any.run/tasks/823b1d92-3ada-45c1-93be-a0a2d788c5bc

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 7 threat reports