104.18.21.178 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.21.178 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 58/100

Host and Network Information

• Mitre ATT&CK IDs: T1012 - Query Registry, T1023 - Shortcut Modification, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036 - Masquerading, T1040 - Network Sniffing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1054 - Indicator Blocking, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1089 - Disabling Security Tools, T1106 - Native API, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1158 - Hidden Files and Directories, T1189 - Drive-by Compromise, T1204 - User Execution, T1562 - Impair Defenses

• Tags: aaaa, access, a dd, address, a div, admin city, age7200 path, alerts, alexa, alexa top, all scoreblue, analysis date, analyzer paste, analyzer threat, apache, apple, april, artemis, artro, as44273 host, as46606, as54600 peg, as8075, asn as13335, asn as16509, avast avg, av detections, bank, b body, bits, bluehost, body, body doctype, body length, bq jun, capture, centos, checking, china, ch ua, cisco umbrella, cname, coalition, code, content type, copy, count blacklist, country, covid19, creation date, cryptowall, cyber threat, date, date hash, delphi, detection list, div div, div section, domain, domain status, download, dynamicloader, e emeseieee, e eue, emails, engineering, entries, execution, explorer, filehash, filerepmalware, files, files ip, form, free, generic malware, germany unknown, gmt connection, gmt content, gmt max, gmt server, goatsinacoat, graph, h3 p, heur, historical ssl, hostname, hostnames, html info, httponly, ids detections, infrastructure, installer, intel, internet storm, iocs, ios, ip address, ip summary, ipv4, jid960554243, june, keybase, keys, kuaizip, kukacka jan, link, li ol, local, location united, mail spammer, main, malicious, malicious site, malicious url, malware, malware beacon, media center, medium, memcommit, meta, million, module load, monitoring, moved, msie, ms windows, mtb dec, next, no data, observer, passive dns, password bypass, p div, pe32, pe32 executable, persistence, phishing, phishing site, problems, process32nextw, pulse pulses, pulses, push, qt translation, ransom, read c, record value, redmond admin, referrer, registrar, registrar abuse, registry, registry run, regsetvalueexa, relic, riskware, safe site, sample, sample29, samples, samsung, scan endpoints, script domains, script script, script urls, search, sec ch, server, service, serving ip, sha256, show, showing, site, slcc2, slfrd1, status, status code, stream, summary, suppobox, suspicious, t1060, t1129, tag count, tag tag, team, team alexa, team top, telefonica co, threat network, title, title launch, tools, tracking, trojan, trojandropper, tsara brashears, typeof, ua full, ua platform, uiebaae, united, unknown, unsafe, upgrade, urls, urls http, url summary, virtool, vj83, wed aug, whois, whois lookup, whois registrar, win32, window, windows nt, wizard, wow64, write, write c, xl div, xml base64, yara detections, z1277946686, z1767086795, zeus

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 4 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: it.chiesiclinicalstudies.com esus.chiesiclinicalstudies.com api.stage.respondresources.com api.commsintegration.stage.respondresources.com ery4e8d.com proud-enthusiast.sxplab.com mamaherz-verbundenheit.de www.consoleconnect.com cr-static.ok-img.com qa-dk-raq-fbmvp-23520-addminimaldataguer.az.ssdgws.co.uk myapi.paybox.money resilientcities.org static.vecteezy.work www.chiesiclinicalstudies.com pdf-test-tmp.minitool.com auth.consoleconnect.com consoleconnect.com lacostap.com api.antivirus.stage.respondresources.com posts.minitool.com www.fssaim.com customer.paybox.money my.paybox.money esbjergbyhistoriskearkiv.dk trials.eu-pff.org trials.foodallergy.org clinicaltrialconnect.com uat-eu01.csorder.marykayintouch.ch app.starbucks.es app.consoleconnect.com www.starbucks.es www.starbucks.es.cdn.cloudflare.net lagrimasazuis.com mt-test-tmp.minitool.com reirio.com pe-static.ok-img.com paxlovideducation.hu admin.stage.respondresources.com.cdn.cloudflare.net mt-test.minitool.com api.prod.respondresources.com.cdn.cloudflare.net api.commsintegration.prod.respondresources.com.cdn.cloudflare.net images.minitool.com imap.minitool.com images-test-tmp.minitool.com api-test.minitool.com es-static.ok-img.com preview.raptorfi.com cdn.raptorfi.com www.raptorfi.com howtosaveforcollege.raptorfi.com uk-static.ok-img.com do-static.ok-img.com www.veoliawatertechnologies.com.cn.cdn.cloudflare.net gt-static.ok-img.com ie-static.ok-img.com resonancehotels.com www.resonancehotels.com api.commsintegration.prod.respondresources.com admin.stage.respondresources.com qa-nl-rzs-shrsvc-2282-addadditionallogst.az.ssdgws.co.uk api.prod.respondresources.com 1813c.cc ok-img.com pdf-test.minitool.com www.fssaim.com.cdn.cloudflare.net raptorfi.com mm-test.minitool.com systembooster.minitool.com api.antivirus.prod.respondresources.com api.comms.prod.respondresources.com api.textanalytics.prod.respondresources.com maptanger.ma www.women.gov.hk news.honesttopaws.com qa-es-aol-apd-1654-configure-digital-com.az.ssdgws.co.uk test.minitool.com searchdev2.archipro.com.au prod.respondresources.com admin.prod.respondresources.com api.vulnerability.prod.respondresources.com wt.test-aws-famous-platypus-6088.auth0c.com edge.tenants.test-aws-famous-platypus-6088.auth0c.com test-aws-famous-platypus-6088.auth0c.com honesttopaws.com stage.respondresources.com stevensearch.archipro.com.au api.honesttopaws.com pdf.minitool.com www.cityofwauchula.gov.cdn.cloudflare.net wt.test-azure-mean-lab-1278.auth0c.com edge.tenants.test-azure-mean-lab-1278.auth0c.com test-azure-mean-lab-1278.auth0c.com qa-dk-sfr-caecom-5516-ecomm-integration.az.ssdgws.co.uk dev.honesttopaws.com motormag-weekly.com pixel.archipro.com.au qa-nz-5x8-ecrp-9451-cflicense.az.ssdgws.co.uk de-test.minitool.com ud-test.minitool.com esearch.archipro.com.au www.ahsttv.com ahsttv.com marmuro.cz vc-test.minitool.com utilities.minitool.com jp-test.minitool.com portal.svenskaostar.se autobedrijfgerards.nl searchdev.archipro.com.au wt.test-azure-geoha-1.auth0c.com test-azure-geoha-1.auth0c.com edge.tenants.test-azure-geoha-1.auth0c.com edge.tenants.kahou-test-0226.auth0c.com kahou-test-0226.auth0c.com static.minitool.com fbba0fcd90014aaf1e90b8309860726fa5a529c8.vercel-workers.com dev.archipro.com.au archipro.com.au b0caddb783cf087167f1b7b344c64964207c3469.vercel-workers.com www.adamandcompany.co.uk prod.adamandcompany.co.uk jira.cookieisfor.me ppe.adamandcompany.co.uk int.adamandcompany.co.uk butlercorumasia.com confluence.cookieisfor.me stash.cookieisfor.me cookieisfor.me usmabookstore.com videoconvert.minitool.com www.plandent.no comebet2.app api.minitool.com budvault.com www.grantthornton.co.im minitool.com download5.minitool.com download4.minitool.com cdn.minitool.com de.minitool.com jp.minitool.com www.minitool.com moviemaker.minitool.com youtubedownload.minitool.com tracking.minitool.com cdn2.minitool.com www.investstockholm.nu.cdn.cloudflare.net adm1rall.website www.plandent.no.cdn.cloudflare.net bulk.budvault.com jazzsports00.com floridaelectionwatch.co sonymusic.pt giftingbot.com 8rh4prod.meetingpoint.vn.cdn.cloudflare.net soprm6502.com alwaysplaysmart.com zzw25.com gonetwork.co 2019sw.com www.svenskaostar.se.cdn.cloudflare.net portal.svenskaostar.se.cdn.cloudflare.net www.grantthornton.co.im.cdn.cloudflare.net fitikoxe.ml

Malware Detected on Host

Count: 21 ca2c94e958a943d46ac0de4551cfc5fdcd9f2d3bc9a7ed33f4d761467b50146d c8c0fd7eda42e5fb56855a043eea0214299da90bbf75f8c2072b1a5855569d3b 045260380e84f10fe60bdbec95e3322e21c8c5dfa8491b76220087eef2c25ccf ac3bffde2766d3ee813114f9654ae94ff15ff6f3f5431815ec82dd04595f8587 6b99999351f485bfe06ae38628e6a4eff4f137b4868f3b75791839e27b1a8d79 f6ba59bf748af70466b41c4ab07dd2b958c2ff860bddca584eb0667e7457d490 b647deb19c18a5fc777d95b552b13defc6922f2d4d538e747dfb75d9394aeb4c c43c4420123d5208a1df14592abd47a914a67f4add4797c02d13209f3d758c66 e1051744361f921d186da488d98c71eacd8de54c5bcaff18969045ab88b95b68 6712b25c966ea060432d3a72e0d0f4f63355b0a381b042de1f4dbabb8efdf812

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22