104.18.0.89 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.0.89 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 18/100

Host and Network Information

• Tags: tsec

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 4 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: acphospitalist.acponline.org rmed.acponline.org powellbrokerage.com qa-fi-aau-fbmvp-24354-anoncollectionspen.az.ssdgws.co.uk digitalnomadstart.de mobile-keybank.identity.security auslots.com shopcart.ca.identity.security portal.identity.security sentry.fryday.ai bo.ripleypuntos.com.pe casino-manager.int.rolljar.plus www.camelai.com es.topmelhores.com thewoodstockarmsdidsbury.co.uk theelijenkinscardiff.co.uk webauthn.identity.security imperialfordcapetown.co.za www.sophiawealthllc.com knaufinsulation.co.kr unleash.identity.security camelai.com wt.test-sre-aws-override-shep2.auth0c.com test-sre-aws-override-shep2.auth0c.com edge.tenants.test-sre-aws-override-shep2.auth0c.com signin.identity.security signin.identity.security.cdn.cloudflare.net tfdev.securethethings.xyz www.colquittga.gov sch-sf81dxctadmf9k7dprep-slot.paastest.epimore.com sch-sf81dxctadmf9k7dprep.paastest.epimore.com sch-sf81dxctadmf9k7dprod-slot.paastest.epimore.com corum-epargne.com phmacao.mom klavenesscombinationcarriers.no www.advokatkurset.no advokatkurset.no www.teledyneoptech.com ripleypuntos.com.pe hinesmillwork.com cdn.epicstream.com www.sumedico.com equitalyon.com.cdn.cloudflare.net www.equitalyon.com.cdn.cloudflare.net formation.lourugby.fr www.plutonesunplaneta.org ivancaatest.plutonesunplaneta.org wamcfdev.plutonesunplaneta.org wamcfqa.plutonesunplaneta.org eagleinvest.firstrepublic.com www.eagleinvest.firstrepublic.com sumedico.com ccbm.bkqx-dev.cc-bm.net admbroker.fxddtrading.com secure.fxddtrading.com custportal.fxddtrading.com adm.fxddtrading.com fxlive.fxddtrading.com livereg.fxddtrading.com tradefair.com www.tradefair.com qa-nl-vpa-fbmvp-13056-add-sce-wiremocks.az.ssdgws.co.uk www.equitalyon.com qa-ca-osd-apd-472-hashrangeupdate8.az.ssdgws.co.uk www.hellofresh.ie.cdn.cloudflare.net uplinq.qualcomm.com qa-ca-fa2-caecom-5657-enable-dk-componen.az.ssdgws.co.uk lotoland.mx qa-dk-ifn-fbmvp-12918-nl-redirect-change.az.ssdgws.co.uk discountid.com origin-dev-fod-cf.faa.gov plutonesunplaneta.org getomegawifi-handyventures.com video-beta.tacxtraining.com drgerrysotomayor.com dxctngnadxcr7ls4prod.paastest.nl static.hellofresh.ie www.hellofresh.ie track.hellofresh.ie bob.hellofresh.ie epicstream.com www.ich-bin-drin.com splunk.jobcase.com ich-bin-drin.com tap.stage.wppgrouph.net tos.stage.wppgrouph.net icms.stage.wppgrouph.net www.jobcase.com www.newealthmanagement.com jde.wppgrouph.net dashboard.wppgrouph.net cvn.jobcase.com russian-origin.people.com.cn.cdn.cloudflare.net cookbook.fivem.net dashboard.stage.wppgrouph.net sentry.fivem.net www.topmelhores.com russian.people.com.cn wah.valleystrong.com www.hypedc.com www.hypedc.com.cdn.cloudflare.net staging.jobcase.com keymaster.fivem.net stagingwidgets.getwisely.com www.seabreezeresortfl.com webforms-dev.acponline.org servicesng-green.ideal.dbs.com dfkdfsie.zljsjld.com webforms.acponline.org webforms-test.acponline.org servers-frontend.fivem.net prod.bainandcompany.fi bondibet1.com git.fivem.net dxctngnadxcxi01yprod.paastest.nl ladd-cf.faa.gov www.bainandcompany.fi changelogs-live.fivem.net idms.fivem.net www.stottecompagniet.dk adastraperaspera.cf topmelhores.com docs.fivem.net lambda.fivem.net fivem.net servers-live.fivem.net mirrors.fivem.net runtime.fivem.net servers.fivem.net www.jobcase.com.cdn.cloudflare.net www.bondibet1.com azucardominomex.com www.bainandcompany.fi.cdn.cloudflare.net i360api.com www.newealthmanagement.com.cdn.cloudflare.net www.retailmenot.com sage-music.com ffxiv.zam.com.cdn.cloudflare.net www.stottecompagniet.dk.cdn.cloudflare.net prod.bainandcompany.fi.cdn.cloudflare.net zhuobangzhu.com www.u86r.com www.z44q.com z44q.com 7lt1.com www.t9ax.com u86r.com www.m6xk.com www.c51q.com t9ax.com c51q.com

Malware Detected on Host

Count: 12 564ea7e117931e67b80f52be9799fc02265b83871c2b71d09c9b5b0261b39807 9c4849bcd18fd2b4c0ebc29598e580ad5244d19933621c0cbe8e14f624193926 e3d6ac9d570f33e5a90565f33dd5acd5216a59bb198c167028957b1cc215f5b3 2f186bf3e2ebea6c0af75c5fb6a22eb110ff55efc9c475bc6a6352db88261de0 8f83f77cd8fcc49ef79d1ae431540bd6531ff3bf7a6ccb506ddc996106b26c46 77175316b6c1ae8faaef9df2caa2ddccb6c4c6f975277d8f107a4f10834d4b24 32b72cb83c731db020580d285ce3a4a3ef632aef3b7bd129e760e02238fdc91f ed91c1de6271c9827651135c76c44a2afe858ebbf218a9c5c1d9ad5ac742f983 54f48c94cdde30d6558b2204a2946c607140486ab2985248b0d76aa41aea9664 986130c08954f305f7bed73ae11c1787ce1c19cd586ec2d18d5b2aed1cff14bc

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22