104.18.1.130 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.1.130 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 33/100

Host and Network Information

• Tags: all search, as8075, asnone country, attack, bundled, communicating, contacted, core, creation date, domain related, entries, execution, family, formbook, historical ssl, lockbit, lolkek, otx octoseek, referrer, related domains, scan endpoints, search, show, skynet, ssl certificate, united, unknown, ursnif, whois record, whois whois, xbox

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: learning.onehousing.vn deepvisionapiesb-hangfireprod.telesuredigital.co.za dwd-dev-hangfire.telesuredigital.co.za pfile.betinjp.co kids.solotvino-rada.gov.ua upload.vsn7p.info relaxyourlife.ch microlynx.net api.uat.veohub.net sc-consul.beta.veohub.net amendmentsweb-api-prod.telesuredigital.co.za deepvisionesb-eu.telesuredigital.co.za sc-partnerapi.uat.veohub.net europmedica.net primetool.fr facetec-dashboard.veohub.net sc-gateway.uat.veohub.net proddb-sa.telesuredigital.co.za sc-identapi.uat.veohub.net learning.quantum-computing.ibm.com admin.maissaber.somagrupo.com.br sso.stg.enterprise.ada.com giveunionsale.top fournisseursdesoinsmb.ca hardiesolutions.com squidex-dev-tcp.telesuredigital.co.za babybunting.com stage65-az.thecapeofgoodhopeoxford.co.uk qainehabat.inmotion.corp.inenco.com.au myberkley.wrbmag.com myberkley.wrbmag.com.cdn.cloudflare.net gsmaservices.com moigioi.onehousing.vn prod65-az.thecapeofgoodhopeoxford.co.uk cryptoliteracy.org www.umassglobal.edu cls.vsn7p.info betinjp.co forwomen.telesuredigital.co.za cdn.onehousing.vn onehousing.vn static.vsn7p.info wt.plf-data-silvio-231215-1.auth0sbx.com plf-data-silvio-231215-1.auth0sbx.com edge.tenants.plf-data-silvio-231215-1.auth0sbx.com doc.vsn7p.info api.vsn7p.info report.vsn7p.info cl1.vsn7p.info cl2.vsn7p.info op.vsn7p.info pay.vsn7p.info www.wrbmag.com.cdn.cloudflare.net monaandvarun.com docs.quantum-computing.ibm.com www.umassglobal.edu.cdn.cloudflare.net alt.cnap.solotvino-rada.gov.ua alt.cnsp.solotvino-rada.gov.ua alt.mpo.solotvino-rada.gov.ua alt.kids.solotvino-rada.gov.ua test.quantum-computing.ibm.com graph.stage.amctheatres.com budgetpreprod.telesuredigital.co.za www.psykiatrinordvast.se assets.quantum-computing.ibm.com ffwpreprod.telesuredigital.co.za marketplace.babybunting.com myidmanager.ca budget-full-quote-preprod.telesuredigital.co.za pop.markivska-gromada.gov.ua smtp.markivska-gromada.gov.ua prep.getonpointenergy.com gioocasino.com thecapeofgoodhopeoxford.co.uk uat-share-us.dexcomdev.com ecu567.com deepvisionuat.telesuredigital.co.za callbackadmin.telesuredigital.co.za autogenpreprod.telesuredigital.co.za uat-ffw-digitalamendments.telesuredigital.co.za www.clublifechampionsclassic.com edge.tenants.test-aws-delicate-puma-4312.auth0c.com wt.test-aws-delicate-puma-4312.auth0c.com test-aws-delicate-puma-4312.auth0c.com uat-budget-instantquote.telesuredigital.co.za smartlabel.pfizermedicalinformation.cn omio.lv www.omio.lv www.cnap.markivska-gromada.gov.ua cnap.markivska-gromada.gov.ua telesuredigital.co.za my.cnap.markivska-gromada.gov.ua www.markivska-gromada.gov.ua markivska-gromada.gov.ua alt.markivska-gromada.gov.ua qa-no-car-testfbmvp-10537-overrideredire.az.ssdgws.co.uk www.jamesboag.com.au challenges.quantum-computing.ibm.com pop.solotvino-rada.gov.ua smtp.solotvino-rada.gov.ua www.solotvino-rada.gov.ua alt.solotvino-rada.gov.ua solotvino-rada.gov.ua dialpreprod.telesuredigital.co.za challenges.www-dev.quantum-computing.ibm.com msd-automotive.nl gatesgroup.biz emea20.find.episerver.net dial.telesuredigital.co.za sit-autogen-quote.telesuredigital.co.za dashboardtestapi.telesuredigital.co.za livrariaarnado.pt autogentest.telesuredigital.co.za sit-budget-digitalamendments.telesuredigital.co.za budget2.telesuredigital.co.za digitalapi-test.telesuredigital.co.za pfizermedicalinformation.cn stg.pfizermedicalinformation.cn www.epossound.ch 601ea8fdf58be0aaf156cb6b24bf03a798c8d136.vercel-workers.com ce0eb2775d89422e833f325b5e29f3ce85f1a840.vercel-workers.com 8a0805930c8ceca48c168a4e480cb6ae43ed0fc2.vercel-workers.com secure.pinnacle-ny.com budgetbot.telesuredigital.co.za marketing.telesuredigital.co.za dashboardapi.telesuredigital.co.za wolfycasino.com ml001.csral.net granate.investments pba.com www.pba.com suremedhealth.co.za jack21.com www.test.quantum-computing.ibm.com zionzplay.com www.roadandtrackmotorcycles.com baronbleak.com www.jodylease.com www.pba.com.cdn.cloudflare.net www.sfponline.org auth.quantum-computing.ibm.com amendis.ma www.amendis.ma powerschool.sfponline.org cf.zhstar.win musicaley.com sfponline.org www.epossound.ch.cdn.cloudflare.net www-dev.quantum-computing.ibm.com www.peeingproblems.ca.cdn.cloudflare.net www.cmic.com.ph.cdn.cloudflare.net en.zhstar.win wellnesstracker.com hostinger.hr doumao169.com www.amendis.ma.cdn.cloudflare.net roadandtrackmotorcycles.com quantum-computing.ibm.com letitride215.com weibang2020.com csral.net test.csral.net fastpay-casino6.com int.navico-commercial.com j8z6.muchlingreinri.pro peeingproblems.ca d8l2.muchlingreinri.pro wywx.muchlingreinri.pro pixel.muchlingreinri.pro hemicthong.pro www.jodylease.com.cdn.cloudflare.net www.0gbn.com 0gbn.com

Malware Detected on Host

Count: 2 53147050a3f5fd26d55c175c3f9191898fee2c72af8f44de2f6e8681ba465096 f21c8218f2769258147423f57c36fba9446c7b047430cabb8e9c274748da7146

Open Ports Detected

2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22