104.18.1.145 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.1.145 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: Adversary AI, cyber security, fancybears disguise for APT group?, hiding in plain sight, https://www.virustotal.com/gui/collection/3850db2c9266bf22d11d31, ioc, malicious, neural netw, Nextray, Nubotnet, phishing

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 30 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: unionpersuade.top digiplusmgt.adi.gov.tw de-nl-bj2-sc-34242-enactor-issue.socrates.ssdgws.co.uk qbdraw.com dnvgl.com.au dxctaysgith2wp6uinte.paastest.epimore.com loftpluscabinetco.com m8m-15.com backend.agepass.adi.gov.tw api.agepass.adi.gov.tw imperialselectuseddeals.co.za launchpatients.com test-aws-precious-squirrel-4542.auth0c.com custom-hostnames-fallback-origin.test-aws-precious-squirrel-4542.auth0c.com cnap.city-adm.lviv.ua creamapk.com kristileservice.com h-d.es deranker.at smepass.adi.gov.tw www.premiertechaqua.com apolopag.com payment-homolog.apolopag.com cmi-test-2024.xyz dbbucket.wonderlandmovies.de trace.mjyx.com trace.mjyx.com.cdn.cloudflare.net www.city-adm.lviv.ua agenda.iwceexpo.com dxctadmini80qk6cprep-slot.paastest.epimore.com patch-azure-1mh8-v202351-163-1.auth0app.com springfieldprimarycare.com opendata.city-adm.lviv.ua bitstenmok.com pandora-dr.falabella.io www.enterra-inc.com logs-uat.falabella.io stoic1.co www.cloudflaredev.hawaii.gov vault.falabella.io katzu-docs.tk starosta.city-adm.lviv.ua adobe-report.falabella.io integration.hkscanhoreca.com www.hkscanhoreca.com preproduction.hkscanhoreca.com smtpau.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn2.rwc.com eservice-cd-2wxbumwg2h5n74zl.edge.lmig.auth0.com safeco-cd-i9qbvsc707c8hbzq.edge.tenants.lmig.auth0.com www.blockmage.org enterra-inc.com promos.rwc.com auth.blockmage.org blockmage.org amf-italia.net test2.evenbetgamingsite.enterra-inc.com login.safeco.com oauth-starosta.city-adm.lviv.ua test-portal.paydollar.com edge.lmig.auth0.com edge.tenants.lmig.auth0.com lmig.auth0.com wt.lmig.auth0.com login.libertymutual.com login-np.safeco.com www.brt.it media.decathlon.mq usim.beuat.explorepd1-backend.com usim.uat.explorepd1-backend.com cabinet-starosty-stage.city-adm.lviv.ua newlandchase-fsg.com grafana.skyflow.com demoapps-beffe.skyflow.com stg.api.t-mall.tsite.jp vc.shrublands.au.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn3.rwc.com vc.mwoffice.atl.us.rwc.com training.rwc.com 75jj.net eyelandvision.com 100.adi.gov.tw kingmanpolice.info jenkins-starosty.city-adm.lviv.ua api-starosty-stage.city-adm.lviv.ua evidens.net cabinet.starosty-stage.city-adm.lviv.ua starosty-stage.city-adm.lviv.ua sku-status-prod.falabella.io sku-status-staging.falabella.io www.watershedcabins.com production.hkscanhoreca.com jetcost.nl mobile-app.jetcost.nl sinbandera.com.mx 3pl.falabella.io sku-status-dev.falabella.io www8.city-adm.lviv.ua www.brt.it.cdn.cloudflare.net vc.cherokee.atl.us.rwc.com activesync.rwc.com vc.boardroom.ev.uk.rwc.com formsdev.rwc.com sso.rwc.com vc.boardroom.one.nz.rwc.com vc.boardroom2.atl.us.rwc.com ldapau.rwc.com www.rwc.com news.rwc.com vc.boardroom.mor.au.rwc.com vc.training.dan.au.rwc.com smtp.rwc.com monitor.rwc.com fls03.rwc.com vc.boardroom.ban.au.rwc.com vc.boardroom.eag.au.rwc.com portal.rwc.com vc.boardroom.dan.au.rwc.com forms.rwc.com m.rwc.com vc.boardroom.cul.us.rwc.com 1e1f641feb60a641ea75ac0f323cd09c.vpn.rwc.com servicedesk.rwc.com vc.boardroom.gsa.au.rwc.com vc.boardroom.ca.rwc.com sharefile.rwc.com vc.boardroom.atl.us.rwc.com vc.it.eag.au.rwc.com backup.rwc.com test.rwc.com d24575f16e40cbd811918f57e75f9644.rwc.com mobile.rwc.com test-aws-thin-bichon-2875.auth0c.com edge.tenants.test-aws-thin-bichon-2875.auth0c.com wt.test-aws-thin-bichon-2875.auth0c.com www.tritons.com.br tritons.com.br map.city-adm.lviv.ua whitepaper.black-box.tech doc.grlover.com docs.horos.fi docs.mojor.cc docs.locale-hub.com learntla.eanzhao.com whitepaper.stickdynasty.io whitepaper.lakaninteractive.com docs.pe.media web-dasar.skillfactory.id docs.adamvault.com gitbook.thecod3x.com www.otlegacy.tk docs.farmification.xyz doc.workflow-envy.wiloke.com gitbooks.machi-systems.com docs.tradeapps.id josh0086.gitbook.io docs.cmcdev.net docs.store-square.com docs.ekstremac.com wiki.theside.fr www.docs.thefarmwars.com www.rockyoustar.rocks legal.mc4u.xyz cryptography.mrw0l05zyn.cl docs.riseupgroup.net docs.vicyyn.com docs.fonchain.io rules.slife-rp.fr help.kuroclient.com docscore.desertsolutions.space api.dokumentasi.lapaktelur.com dokumentasi.lapaktelur.com docs.siricoin.org www.docs.siricoin.org uai-lens-mzkwr.docs.citadel.co.jp docs.ddns.cafe docs.keternetwork.com rave.tk stepfunctions.learnsls.com docs.hashman.io api-docs.titanplus.love docs.galaxysthreads.com wiki.yogurtprjs.com f07f8fce40-hosting.gitbook.io 09310ed473-hosting.gitbook.io saecc.onestateroleplay.com policies.onestateroleplay.com faq.pwn.xyz hackthebrain.gitbook.io react-native-components.gitbook.io commands.kuroclient.com carboncommunity.gitbook.io carbonframework.gitbook.io 80760a526c-hosting.gitbook.io help.bg01.tk learn.shortydev.eu learning-java.shortydev.eu learning.shortydev.eu pawnsensing-docs.reticentroot.com wiki.amperhost.pl docs.eminerco.io poco.cum-zone.ru doc.deathstoken.com rudmep.gobnuts.xyz help.botroid.in blog.customfield.tools docs.discordid.cf docs.stabledoin.finance mycroft-ai.gitbook.io rich-nadeau.gitbook.io docs.tankpow.net docs.sheeps.cloud docs.cryptoleague.soccer docs.mtworld.io gitbook.encryptgenie.com insurance-app.dayalmukati.com www.1024cx.top docs.stormersguild.com maher-hasan.gitbook.io docs.unit.network docs.dashgl.com team.darkoakstudios.org docs.thebiztrust.com gitbook.ariscorp.de docs.enjoyer.io docs.trademaxcoin.com designers.junipercreates.com docs-v4-withdraw.gw-paybrokers.com docs.auditlogger.ml ea65b0c6b2-hosting.gitbook.io docs.vendor.mobi wp.tonbirds.xyz wiki.wakilni.com docs.framd.art wiki.cyber-mo.ru about.unknown.solutions emacs-lisp.ivory.cafe guide-react.form.gov.sg cmw.gitbook.io knowledgebase.iguverse.com graduation.jessy-mlch.studio docs.lebo.finance whitepaper.johnclot69.com chuyendoiso.vpay.exchange agreement.read2n.com info.sapphirerdc.com docs.olympiapad.com docs.dckappim.com docs.runpod.io docs.ethwns.com 548a18463b-hosting.gitbook.io croissant-games.gitbook.io vercine-pelis-hd-online.gitbook.io vangardem.gitbook.io vabuta1207.gitbook.io docs.nationsgloryrp.fr docs.vpay.africa docs.fuksus.com docs.eulithrpc.com wikitemas.eficazmarketing.com docs.vowol.io expanse.shieldchapter.com www.scallop.lol docs.aytlo.com docs.airapi.io docs.railgun.org docs.deploy.bluetarget.ai oliverburris50.gitbook.io docs.stater.finance docs.departmentofweb.com docs.ultime-software.fr usercard.athenatools.xyz guides.polyflow.co ru.swishfish.io es.swishfish.io whitepaper-goals.genesisleaguesports.com docs.otl.labs.dnexo.net docs.hextopus.app docs.zeskoogarcia.com wiki.rosabe.fr docs.jujube.finance docs.daoscape.one gitbook.yuhaowei.com docs.nectara.ro ms.farmerontitle.com doc.bonloyalty.com docs.truthcollective.xyz guides.tapihq.com docs.astordao.com yahagi-network-solutions.gitbook.io 87f5605925-hosting.gitbook.io rocketry.gitbook.io wiki.tripleconfirmation.com docs.ebisusbay.com docs.djlite.dj-dj.be 2019.istvs.org www.popsofun.com docs.wallet.pontem.network docs2.demountain.finance docs.padprotocol.org xn–wcvq47b.xn–qprx60hq4c.art faq.bonloyalty.com docs.atlas.xyz docs.lariatdata.com docs.responso.com whitepaper.depeg.io docs.fornaxswap.com docs.onramp.money icondev.io docs.oneiroiuhc.fr docs.endhost.ml weed-1.gitbook.io warsimulator.smartdevelopment.tech docs.syrax.au whitebook.plugchain.io docs-ch.coin2fish.io bcsosop.codelifejustice.net docs.protocol.art docs.decenta.xyz wiki.schalker.ru docs.meandao.org 2023.istvs.org about.modalityapps.com reign-of-terror.gitbook.io docs3.demountain.finance 2021.istvs.org labs.mitiendafacil.co docs.sportsmania.io docs.gobnuts.xyz docs.freightblox.ai docs.ensuro.co docs.chaingotech.com wiki.immortalplugins.net privacy.artfungible.io help.smartxsp.io whitepaper.universalsportsfinance.com docs.honorland.io docs.superhedge.com docs.spaceharvest.co docs-developers.push.org docs.defyca.com wiki.continuum.world blogs.pingproxies.com precios.atariaprojects.com docs.rabbitx.io code-of-conduct.g360dao.io blog.maya.shopping docs.clar.io docs.grsoluciones.com docs.jinghanyu.xyz docs.pheme.media wiki.seasonsofcs.org tractatus.earthen.io docs.cryptominerapps.com docs.boii.dev tradingcards.sarhatabaot.net docs.starburstfinance.io connect.docs.xinliutong.com docs.greenit.fr shelahola.gitbook.io hdsd2.entrade.com.vn docs.hydrozen.io wiloke-post-categories-avenue.wiloke.com docs.freegamesbot.xyz docs.maxifaxipaxi.eu docs.247casinobot.xyz docs.polyverse.fun docs.financex.pro doc-api-elearning.icma.edu.pe simply.windmillsoft.kr admin.snoopershop.xyz docs.arbiyield.finance stafftraining.wholuhc.com docs.astrolescent.com wiki.keycraft.it www.xiaowuleyi.com docs.crankhouse.net feewiki.com us.feewiki.com wiki.ninth.gg rj.999808.xyz docs.suipad.xyz learn.breadstick.ca docs.makeliveevents.com whitepaper.betgosu.io docs.starklink.io everything-everywhere-all-at-onc.gitbook.io nreal.gitbook.io lester123.gitbook.io docs.ploxdk.lol info.a2zdao.com dev.mcsetups.dk peachypings3453.valiant.biz docs.goracle.io wiki.dbt-play.ru docs.azaharapp.com awesomebook.a1phaboy.tech docs.a1phaboy.tech docs.bestarz.io security.screendesk.io docs.zkasino.io docs.sendly.co.uk whitepaper.ratchetraccoonsride.com tricks-ua.bodik.tech docs.9.game docs.luckyfi.xyz emrsn.8i5.net www.remembership.one docs.n4onion.xyz docs.wiki.xiaojiuzhi.xyz wiki.gateofabyss.com docs.repool.com docs.jonlo.co apisix.gitbook.io docs.aera.finance docs.allforone.app www.lisppad.app wiki.furina.network docs.xgmenu-wiki.asia docs.forcedevs.ml docs.kidofinance.com python.docs.skyant.dev iplawnotes.zanna.dev docs.wakilni.com www.ephraimndoro.com docsaws.code-cloud.dev laborlawnotes.zanna.dev help.wakilni.com docs.scenario.app laokk.eu.org docs.skyant.dev whitepaperen.digitaliga.com docs.nanoaio.com 1c.marola.md whitepaper.tewachain.app docs.peanut.to whitepaper.britaria.io docs-cn.heroestd.io docs.journei.games docs.ziggyverse.com docs.spaket.in docs.ariesmarkets.xyz docs.light-protocol.com docs.bitlend.fi docs.cakewswap.finance terms.zspot.io whitepaper.zspot.io writeup.kitton.tech blog.kitton.tech book.grg.mobi id.sgdcg.com docs.badastrosociety.com docs.sailorsale.finance khronokernel-3.gitbook.io docs.damm.finance docs.eco.org armorycomicwhitepaper.rybot.net be.exploited.wtf universidade.xmenu.com.br docs.y2r.finance alpha-genesis.gitbook.io alphabot-docs.gitbook.io docs.lanilabsc.top ajuda.socialhub.pro book.modnar.zone wp.regage.com golang.com.tr wiki.wordnetwork.io doc.publc.com docs.inventory-connect.com help.cycle.app docs.siera.animo.id doc.23700.top docs.opthy.com help.happynothings031.xyz docs.gudusoft.com whitepaper.paydirt.game whitepaper.dater.com docs.initialmn.io web101.leandronsp.com docs.apesport.io docs.siperdev.xyz fase.privada.ml docs.decod3rs.com docs.matyrobbrt.com docs.trickortreatinu.com dev.trymetro.xyz docs.penguplatform.com www.agastyafxtd.com 715a1253fe-hosting.gitbook.io wiki.anarchynetwork.eu docs.cyntaxwallet.com docs.veefi.io wp.oceanverse.game dx-tech-challenge.tpximpact.com wiki.catnet.cc docscn.heusxpay.com docs.terradomains.xyz docs.panthea.eu docs.nftwswap.com

Malware Detected on Host

Count: 6 47a243fffbf90bd933079fbbe871b1401e271a59e62c8c45542b806b8112f9da 04f535922328152deb39ee531d5f79165da8536394f0b1670471c3cc5908a3f9 eabd0a315f6e873e8f04cfb8e7ea54dda1359a872d6af60d21718ef0eec902ee df24b6330163414c3be3cf7bdab8a2e43072aeed398a9cc6ee3b6b4951d6bc7a e15c214dde98dbe20a50882cded6cd9619cd7e5c996e92cfdbc03e3acebdf600 f1330fa57945d2ba6d126e9356c69c498b23733d7dca222f85390918d9db16e6

Open Ports Detected

2052 2053 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

****** ****** ******