104.18.11.39 Threat Intelligence and Host Information

Share on:
Jul 27, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.18.11.39 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1012 - Query Registry, T1546 - Event Triggered Execution, T1566 - Phishing, T1573 - Encrypted Channel

  • Tags: Christopher Pool, Jeeng, Pool’s Closed, Timothy Pool, :\http://dl.baofeng.com/baofeng5/bf5_new.exe\match: , accept, algorithm, analysis, ansi, antivm_memory_available, apt, array, body length, chaos, child, cisco umbrella, class, click, close, collection, collection ii, comodo valkyrie, contact email, contact phone, contacted, contacted urls, copy, creates_exe, cus cngo, daddy secure, data, date, dead_host, decrypted ssl, dns records, dnssec, domain, domain name, domain status, dongfangtoutiao, download, email, entries, error, execution, factory, first, format, function, g2 lscottsdale, general, higeshi, historical ssl, hostname, hostnames, hosts, hybrid, info, ingestion time, injection_resumethread, ip address, issuer, kb body, kcor, key identifier, kuaizip, lenovo ideapad, local, malicious, malware, microsoft, mumo, nenet, network_http, network_icmp, nreum, null, number, online, openresty, openresty web, ouhttp, path, pcap, pcap processing, pseudo, quasar, rank value, ransomexx, record type, reference, referrer, regexp, registrar abuse, registrar iana, response final, sample, sandbox, seen, server, sha1, sha256, showing, size, ssl certificate, status, status code, strings, submission, submit, sufeffxa0, suspicious, suspicious_powershell, suspicious_process, swisyn, thank, threat level, tim pool, timcast, trojan, ttl value, typeof b, url https, url3, uses_windows_utilities, utc http, v3 serial, validity, verdict, vxstream, welcome, whois, whois record, whois whois, width, windows nt

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS13335 cloudflare
  • Noticed: 1 times
  • Protcols Attacked: Anonymous Proxy
  • Countries Attacked: United States of America
  • Passive DNS Results: es.appisgreat.com www.appisgreat.com support-uat.angelone.in www.calpol.co.uk.cdn.cloudflare.net test-aws-shy-pig-0218.auth0c.com dl.appisgreat.com support.angelone.in clearsettle-admin.com commcloud.dev-bjcl-sistemastp-com-mx.cc-ecdn.net cfdemolab-zone-0000000245.cfdemolab.xyz www.destrucssuper.com destrucssuper.com rmtgw.kno2fy.com delivery.kno2fy.com changans.ga commcloud.stg-bgzf-nonib-com-au.cc-ecdn.net teezotouchdown.com deptagency.com qa-gb-udx-cmsrd-641-strippeddownpipeline.az.ssdgws.co.uk www.angelone.in spc-winsfr.com mi-ke.tsite.jp wt.singaporepower-ap-dev-1.auth0app.com singaporepower-ap-dev-1.auth0app.com edge.tenants.singaporepower-ap-dev-1.auth0app.com angelone.in stg.mi-ke.tsite.jp sst.deptagency.com poltronafrau.com.cn documents.deps.epam.com staging.documents.deps.epam.com qa.documents.deps.epam.com 1.akrab.line.pm andonego.com www.berkleyriskcaptives.com berkleyriskcaptives.com www.calpol.co.uk calpol.co.uk docs.kno2fy.com qa-gb-wka-cmsrd-405-fetch-latest-content.az.ssdgws.co.uk qa-ca-c3p-apd-925-consolidate-tf-apply-s.az.ssdgws.co.uk cochranelibrary.com web3-quest.deptagency.com haircaretransformed.com smart-life-insurance-rates.com halebreathing-leadinginvention.com www.cochranelibrary.com xl.line.pm www.imperialbrands.be.cdn.cloudflare.net www.deptagency.com www.imperialbrands.be jutodflix.tk qa-ca-vxl-caecom-2707-welcomebackerrorha.az.ssdgws.co.uk akrab.line.pm jstvchannel.ml ybhash.xyz systest3.jula.no.cdn.cloudflare.net nyimak.xyz uxinim-client20.com www.kno2fy.com systest3.jula.no wss.moonriver.moonbeam.network wss.moonriver.moonbeam.network.cdn.cloudflare.net rpc.moonriver.moonbeam.network.cdn.cloudflare.net rpc.moonriver.moonbeam.network rpc-new1.moonriver.moonbeam.network ddneduvip.flassh.tech www.voller-messestand.de.cdn.cloudflare.net autopoint-hoorn.nl wfmonitor.kno2fy.com bruce-fp-sk.production.eu.fintech.deliveryhero.com kno2fy.com justboom.co.uk www.vidaxl.ch www.voller-messestand.de interface-01.kno2fy.com www.justinwine.com bruce-fp-my.production.asia.fintech.deliveryhero.com ws.kno2fy.com us.production.fintech.deliveryhero.com octopus.cloudflaresso.com admin-py-py.staging.us.fintech.deliveryhero.com api.kno2fy.com steamdeck.com www.steamdeck.com monitors.kno2fy.com auth.kno2fy.com kmweb.kno2fy.com app.kno2fy.com fr.vidaxl.ch de.vidaxl.ch www.hwfa.com staging-de.vidaxl.ch beta-de.vidaxl.ch development-de.vidaxl.ch development.vidaxl.ch admin-fp-ph.production.asia.fintech.deliveryhero.com www.wadleyhealthathope.org admin-fp-bg.production.eu.fintech.deliveryhero.com admin-fp-hk.production.asia.fintech.deliveryhero.com admin-cd-co.production.us.fintech.deliveryhero.com admin-fp-la.production.asia.fintech.deliveryhero.com public-api.production.eu.fintech.deliveryhero.com www.tiptonclean.com vidaxl.ch www.thai-rewards.com thai-rewards.com test-de.vidaxl.ch eu.staging.fintech.deliveryhero.com home.vidaxl.ch api.production.asia.fintech.deliveryhero.com cltest.amretbank.com cacerts.geotrust.com cacerts.digicert.com cacerts.digicert-cn.com cacerts.digitalcertvalidation.com us.staging.fintech.deliveryhero.com www.6black.com www.joesgarageeugene.com test.vidaxl.ch test-fr.vidaxl.ch us-south.wh-bcdco.dev.watson-health.ibm.com wh-bcdco.dev.watson-health.ibm.com acc-fr.vidaxl.ch acc-de.vidaxl.ch acc.vidaxl.ch www.wabashvalleyfs.com f777v.com www.wadleyhealthathope.org.cdn.cloudflare.net wabashvalleyfs.com joesgarageeugene.com 6black.com justinwine.com www.kmek59.com sportsking247.com www.hwfa.com.cdn.cloudflare.net betboo593.com www.hoyavision.cz.cdn.cloudflare.net iueddw.icu rbykhi.icu xssolo.icu arrakw.icu qergqp.icu ilqnyv.icu dwhmok.icu jneeim.icu lfinyr.icu jzjsdo.icu xqithm.icu vailvalleygetaway.rentals cdn.digicertcdn.com

Malware Detected on Host

Count: 38326 61a54041ac377e822d3c0439d3c4570efa07016328aa60c28a1004fa4d63662c f4afeb18de3f1dd5b05741bec2c980fdafeb3904c51b9d9a80079c95f8266ba7 3ae52b7ed8e596922ac2fe3cdc7f5e3710f2fdbe0459fdb7f7ce13f553ce69fb c86b9fcf0ef8eca9371d2fac91bb510749430aad00f80c8d8879811175620ff3 6d098890c20b2d121f5ffbd22994ff5703f35dce936b77070c815be90e367ff7 a1609e86ba0dc79767ef6109f5cbd22688b9dbca3d48aaa174c9a2aae91abda2 7ddf191e9f7e9667cbc1ee5ca2cf36b682ebc387667e77bf1662cae9357de840 8e3c1b02c8a33bb982b45ab80d14a117c624ddc4ab6e849897848e256487f16f 61c573b4758b4a64bf287d341b31f061d272cabb909b6f36bbcc2ff755fe5c52 7794fef6263fcfe653212b16e58f3e7231f935de22180b1666a7667969ca618d

Open Ports Detected

2052 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

  • NetRange: 104.16.0.0 - 104.31.255.255
  • CIDR: 104.16.0.0/12
  • NetName: CLOUDFLARENET
  • NetHandle: NET-104-16-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS13335
  • Organization: Cloudflare, Inc. (CLOUD14)
  • RegDate: 2014-03-28
  • Updated: 2021-05-26
  • Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
  • Ref: https://rdap.arin.net/registry/ip/104.16.0.0
  • OrgName: Cloudflare, Inc.
  • OrgId: CLOUD14
  • Address: 101 Townsend Street
  • City: San Francisco
  • StateProv: CA
  • PostalCode: 94107
  • Country: US
  • RegDate: 2010-07-09
  • Updated: 2021-07-01
  • Ref: https://rdap.arin.net/registry/entity/CLOUD14
  • OrgRoutingHandle: CLOUD146-ARIN
  • OrgRoutingName: Cloudflare-NOC
  • OrgRoutingPhone: +1-650-319-8930
  • OrgRoutingEmail: [email protected]
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgAbuseHandle: ABUSE2916-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-650-319-8930
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • OrgNOCHandle: CLOUD146-ARIN
  • OrgNOCName: Cloudflare-NOC
  • OrgNOCPhone: +1-650-319-8930
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
  • OrgTechHandle: ADMIN2521-ARIN
  • OrgTechName: Admin
  • OrgTechPhone: +1-650-319-8930
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
  • RNOCHandle: NOC11962-ARIN
  • RNOCName: NOC
  • RNOCPhone: +1-650-319-8930
  • RNOCEmail: [email protected]
  • RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
  • RAbuseHandle: ABUSE2916-ARIN
  • RAbuseName: Abuse
  • RAbusePhone: +1-650-319-8930
  • RAbuseEmail: [email protected]
  • RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
  • RTechHandle: ADMIN2521-ARIN
  • RTechName: Admin
  • RTechPhone: +1-650-319-8930
  • RTechEmail: [email protected]
  • RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2023-07-26