104.18.0.145 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.0.145 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: Adversary AI, cyber security, fancybears disguise for APT group?, hiding in plain sight, https://www.virustotal.com/gui/collection/3850db2c9266bf22d11d31, ioc, malicious, neural netw, Nextray, Nubotnet, phishing

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 30 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: unionpersuade.top digiplusmgt.adi.gov.tw de-nl-bj2-sc-34242-enactor-issue.socrates.ssdgws.co.uk qbdraw.com dnvgl.com.au dxctaysgith2wp6uinte.paastest.epimore.com loftpluscabinetco.com m8m-15.com backend.agepass.adi.gov.tw api.agepass.adi.gov.tw imperialselectuseddeals.co.za launchpatients.com test-aws-precious-squirrel-4542.auth0c.com custom-hostnames-fallback-origin.test-aws-precious-squirrel-4542.auth0c.com cnap.city-adm.lviv.ua creamapk.com kristileservice.com h-d.es deranker.at smepass.adi.gov.tw www.premiertechaqua.com apolopag.com payment-homolog.apolopag.com cmi-test-2024.xyz dbbucket.wonderlandmovies.de trace.mjyx.com trace.mjyx.com.cdn.cloudflare.net www.city-adm.lviv.ua agenda.iwceexpo.com dxctadmini80qk6cprep-slot.paastest.epimore.com patch-azure-1mh8-v202351-163-1.auth0app.com springfieldprimarycare.com opendata.city-adm.lviv.ua bitstenmok.com pandora-dr.falabella.io www.enterra-inc.com logs-uat.falabella.io stoic1.co www.cloudflaredev.hawaii.gov vault.falabella.io starosta.city-adm.lviv.ua adobe-report.falabella.io integration.hkscanhoreca.com www.hkscanhoreca.com preproduction.hkscanhoreca.com smtpau.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn2.rwc.com eservice-cd-2wxbumwg2h5n74zl.edge.lmig.auth0.com safeco-cd-i9qbvsc707c8hbzq.edge.tenants.lmig.auth0.com www.blockmage.org enterra-inc.com promos.rwc.com auth.blockmage.org blockmage.org amf-italia.net test2.evenbetgamingsite.enterra-inc.com login.safeco.com oauth-starosta.city-adm.lviv.ua test-portal.paydollar.com edge.lmig.auth0.com edge.tenants.lmig.auth0.com lmig.auth0.com wt.lmig.auth0.com login.libertymutual.com login-np.safeco.com www.brt.it media.decathlon.mq usim.beuat.explorepd1-backend.com usim.uat.explorepd1-backend.com cabinet-starosty-stage.city-adm.lviv.ua newlandchase-fsg.com grafana.skyflow.com demoapps-beffe.skyflow.com stg.api.t-mall.tsite.jp vc.shrublands.au.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn3.rwc.com vc.mwoffice.atl.us.rwc.com training.rwc.com 75jj.net eyelandvision.com 100.adi.gov.tw kingmanpolice.info jenkins-starosty.city-adm.lviv.ua api-starosty-stage.city-adm.lviv.ua evidens.net cabinet.starosty-stage.city-adm.lviv.ua starosty-stage.city-adm.lviv.ua sku-status-prod.falabella.io sku-status-staging.falabella.io www.watershedcabins.com docs.evocswap.com production.hkscanhoreca.com jetcost.nl mobile-app.jetcost.nl sinbandera.com.mx 3pl.falabella.io sku-status-dev.falabella.io www8.city-adm.lviv.ua www.brt.it.cdn.cloudflare.net vc.cherokee.atl.us.rwc.com activesync.rwc.com vc.boardroom.ev.uk.rwc.com formsdev.rwc.com sso.rwc.com vc.boardroom.one.nz.rwc.com vc.boardroom2.atl.us.rwc.com ldapau.rwc.com www.rwc.com news.rwc.com vc.boardroom.mor.au.rwc.com vc.training.dan.au.rwc.com smtp.rwc.com monitor.rwc.com fls03.rwc.com vc.boardroom.ban.au.rwc.com vc.boardroom.eag.au.rwc.com portal.rwc.com vc.boardroom.dan.au.rwc.com forms.rwc.com m.rwc.com vc.boardroom.cul.us.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn.rwc.com servicedesk.rwc.com vc.boardroom.gsa.au.rwc.com vc.boardroom.ca.rwc.com sharefile.rwc.com vc.boardroom.atl.us.rwc.com vc.it.eag.au.rwc.com backup.rwc.com test.rwc.com d24575f16e40cbd811918f57e75f9644.rwc.com mobile.rwc.com test-aws-thin-bichon-2875.auth0c.com edge.tenants.test-aws-thin-bichon-2875.auth0c.com wt.test-aws-thin-bichon-2875.auth0c.com www.tritons.com.br tritons.com.br map.city-adm.lviv.ua whitepaper.black-box.tech doc.grlover.com docs.horos.fi docs.mojor.cc docs.locale-hub.com learntla.eanzhao.com whitepaper.stickdynasty.io whitepaper.lakaninteractive.com docs.pe.media web-dasar.skillfactory.id docs.adamvault.com gitbook.thecod3x.com www.otlegacy.tk docs.farmification.xyz doc.workflow-envy.wiloke.com gitbooks.machi-systems.com docs.tradeapps.id josh0086.gitbook.io docs.cmcdev.net docs.store-square.com docs.ekstremac.com wiki.theside.fr www.docs.thefarmwars.com www.rockyoustar.rocks legal.mc4u.xyz cryptography.mrw0l05zyn.cl docs.riseupgroup.net docs.vicyyn.com docs.fonchain.io rules.slife-rp.fr help.kuroclient.com docscore.desertsolutions.space api.dokumentasi.lapaktelur.com dokumentasi.lapaktelur.com docs.siricoin.org www.docs.siricoin.org uai-lens-mzkwr.docs.citadel.co.jp docs.ddns.cafe docs.keternetwork.com rave.tk stepfunctions.learnsls.com docs.hashman.io api-docs.titanplus.love docs.galaxysthreads.com wiki.yogurtprjs.com f07f8fce40-hosting.gitbook.io 09310ed473-hosting.gitbook.io saecc.onestateroleplay.com policies.onestateroleplay.com faq.pwn.xyz hackthebrain.gitbook.io react-native-components.gitbook.io commands.kuroclient.com carboncommunity.gitbook.io carbonframework.gitbook.io 80760a526c-hosting.gitbook.io help.bg01.tk learn.shortydev.eu learning-java.shortydev.eu learning.shortydev.eu pawnsensing-docs.reticentroot.com wiki.amperhost.pl docs.eminerco.io poco.cum-zone.ru doc.deathstoken.com rudmep.gobnuts.xyz help.botroid.in blog.customfield.tools docs.discordid.cf docs.stabledoin.finance mycroft-ai.gitbook.io rich-nadeau.gitbook.io docs.tankpow.net docs.sheeps.cloud docs.cryptoleague.soccer docs.mtworld.io gitbook.encryptgenie.com insurance-app.dayalmukati.com www.1024cx.top docs.stormersguild.com maher-hasan.gitbook.io docs.unit.network docs.dashgl.com team.darkoakstudios.org docs.thebiztrust.com gitbook.ariscorp.de docs.enjoyer.io docs.trademaxcoin.com designers.junipercreates.com docs-v4-withdraw.gw-paybrokers.com docs.auditlogger.ml ea65b0c6b2-hosting.gitbook.io docs.vendor.mobi wp.tonbirds.xyz wiki.wakilni.com docs.framd.art wiki.cyber-mo.ru about.unknown.solutions emacs-lisp.ivory.cafe guide-react.form.gov.sg cmw.gitbook.io knowledgebase.iguverse.com graduation.jessy-mlch.studio docs.lebo.finance whitepaper.johnclot69.com chuyendoiso.vpay.exchange agreement.read2n.com info.sapphirerdc.com docs.olympiapad.com docs.dckappim.com docs.runpod.io docs.ethwns.com 548a18463b-hosting.gitbook.io croissant-games.gitbook.io vercine-pelis-hd-online.gitbook.io vangardem.gitbook.io vabuta1207.gitbook.io docs.nationsgloryrp.fr docs.vpay.africa docs.fuksus.com docs.eulithrpc.com wikitemas.eficazmarketing.com docs.vowol.io expanse.shieldchapter.com www.scallop.lol docs.aytlo.com docs.airapi.io docs.railgun.org docs.deploy.bluetarget.ai oliverburris50.gitbook.io docs.stater.finance docs.departmentofweb.com docs.ultime-software.fr usercard.athenatools.xyz guides.polyflow.co ru.swishfish.io es.swishfish.io whitepaper-goals.genesisleaguesports.com docs.otl.labs.dnexo.net docs.hextopus.app docs.zeskoogarcia.com wiki.rosabe.fr docs.jujube.finance docs.daoscape.one gitbook.yuhaowei.com docs.nectara.ro ms.farmerontitle.com doc.bonloyalty.com docs.truthcollective.xyz guides.tapihq.com docs.astordao.com yahagi-network-solutions.gitbook.io 87f5605925-hosting.gitbook.io rocketry.gitbook.io wiki.tripleconfirmation.com docs.ebisusbay.com docs.djlite.dj-dj.be 2019.istvs.org www.popsofun.com docs.wallet.pontem.network docs2.demountain.finance docs.padprotocol.org xn–wcvq47b.xn–qprx60hq4c.art faq.bonloyalty.com docs.atlas.xyz docs.lariatdata.com docs.responso.com whitepaper.depeg.io docs.fornaxswap.com docs.onramp.money icondev.io docs.oneiroiuhc.fr docs.endhost.ml weed-1.gitbook.io warsimulator.smartdevelopment.tech docs.syrax.au whitebook.plugchain.io docs-ch.coin2fish.io bcsosop.codelifejustice.net docs.protocol.art docs.decenta.xyz wiki.schalker.ru docs.meandao.org 2023.istvs.org about.modalityapps.com reign-of-terror.gitbook.io docs3.demountain.finance 2021.istvs.org labs.mitiendafacil.co docs.sportsmania.io docs.gobnuts.xyz docs.freightblox.ai docs.ensuro.co docs.chaingotech.com wiki.immortalplugins.net privacy.artfungible.io help.smartxsp.io whitepaper.universalsportsfinance.com docs.honorland.io docs.superhedge.com docs.spaceharvest.co docs-developers.push.org docs.defyca.com wiki.continuum.world blogs.pingproxies.com precios.atariaprojects.com docs.rabbitx.io code-of-conduct.g360dao.io blog.maya.shopping docs.clar.io docs.grsoluciones.com docs.jinghanyu.xyz docs.pheme.media wiki.seasonsofcs.org tractatus.earthen.io docs.cryptominerapps.com docs.boii.dev tradingcards.sarhatabaot.net docs.starburstfinance.io connect.docs.xinliutong.com docs.greenit.fr shelahola.gitbook.io hdsd2.entrade.com.vn docs.hydrozen.io wiloke-post-categories-avenue.wiloke.com docs.freegamesbot.xyz docs.maxifaxipaxi.eu docs.247casinobot.xyz docs.polyverse.fun docs.financex.pro doc-api-elearning.icma.edu.pe simply.windmillsoft.kr admin.snoopershop.xyz docs.arbiyield.finance stafftraining.wholuhc.com docs.astrolescent.com wiki.keycraft.it www.xiaowuleyi.com docs.crankhouse.net feewiki.com us.feewiki.com wiki.ninth.gg rj.999808.xyz docs.suipad.xyz learn.breadstick.ca docs.makeliveevents.com whitepaper.betgosu.io docs.starklink.io everything-everywhere-all-at-onc.gitbook.io nreal.gitbook.io lester123.gitbook.io docs.ploxdk.lol info.a2zdao.com dev.mcsetups.dk peachypings3453.valiant.biz docs.goracle.io wiki.dbt-play.ru docs.azaharapp.com awesomebook.a1phaboy.tech docs.a1phaboy.tech docs.bestarz.io security.screendesk.io docs.zkasino.io docs.sendly.co.uk whitepaper.ratchetraccoonsride.com tricks-ua.bodik.tech docs.9.game docs.luckyfi.xyz emrsn.8i5.net www.remembership.one docs.n4onion.xyz docs.wiki.xiaojiuzhi.xyz wiki.gateofabyss.com docs.repool.com docs.jonlo.co apisix.gitbook.io docs.aera.finance docs.allforone.app www.lisppad.app wiki.furina.network docs.xgmenu-wiki.asia docs.forcedevs.ml docs.kidofinance.com python.docs.skyant.dev iplawnotes.zanna.dev docs.wakilni.com www.ephraimndoro.com docsaws.code-cloud.dev laborlawnotes.zanna.dev help.wakilni.com docs.scenario.app laokk.eu.org docs.skyant.dev whitepaperen.digitaliga.com docs.nanoaio.com 1c.marola.md whitepaper.tewachain.app docs.peanut.to whitepaper.britaria.io docs-cn.heroestd.io docs.journei.games docs.ziggyverse.com docs.spaket.in docs.ariesmarkets.xyz docs.light-protocol.com docs.bitlend.fi docs.cakewswap.finance terms.zspot.io whitepaper.zspot.io writeup.kitton.tech blog.kitton.tech book.grg.mobi id.sgdcg.com docs.badastrosociety.com docs.sailorsale.finance khronokernel-3.gitbook.io docs.damm.finance docs.eco.org armorycomicwhitepaper.rybot.net be.exploited.wtf universidade.xmenu.com.br docs.y2r.finance alpha-genesis.gitbook.io alphabot-docs.gitbook.io docs.lanilabsc.top ajuda.socialhub.pro book.modnar.zone wp.regage.com golang.com.tr wiki.wordnetwork.io doc.publc.com docs.inventory-connect.com help.cycle.app docs.siera.animo.id doc.23700.top docs.opthy.com help.happynothings031.xyz docs.gudusoft.com whitepaper.paydirt.game whitepaper.dater.com docs.initialmn.io web101.leandronsp.com docs.apesport.io docs.siperdev.xyz fase.privada.ml docs.decod3rs.com docs.matyrobbrt.com docs.trickortreatinu.com dev.trymetro.xyz docs.penguplatform.com www.agastyafxtd.com 715a1253fe-hosting.gitbook.io wiki.anarchynetwork.eu docs.cyntaxwallet.com docs.veefi.io wp.oceanverse.game dx-tech-challenge.tpximpact.com wiki.catnet.cc docscn.heusxpay.com docs.terradomains.xyz docs.panthea.eu docs.nftwswap.com

Malware Detected on Host

Count: 9 ecc8618b141117dd43853a4d06c3c54b11f6adff7e6ef3dc9bebe6dd22138a17 4cbbe6c8da029dd921e4d9bc35eecfaaed895f5e67cfdaafebaeda50b7058b17 9d2c5523d1e4fa15496bf92ff42909705735e5ec983cd975b934e0eb00b50c6a 54a3c24c9df163a402b40c40768d2a986aa9e583106716a9fd60cdc2cbf084c8 bcbe10d761d33a6e05870a3e856554c4f3d5e19f7bc3dd1d9227b9527b62805f 1b6495022b0e9efb9e6b503b0e46e818204d49d14ea8cb80263eed7ff7db3dec e15c214dde98dbe20a50882cded6cd9619cd7e5c996e92cfdbc03e3acebdf600 6fc2395ed5f4dcaf81315100f1592b43212843173676184c81f8b91c2667e59d d521775b360fc6fe2da8977706ec617e19b4c738c68442ff1c0e1f0e3d27a3ae

Open Ports Detected

2052 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

****** ****** ******