104.18.22.145 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.22.145 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information

• Tags: accept, ascii text, cname, command, control ta0011, country name, created, data, datacrashpad, dns resolutions, edge, evasion ta0005, gecko, get http, gmt ifnonematch, gtmkvjvztk dl, html document, html internet, icmp, ip address, khtml, mutexes nothing, nothing, oc0006, port, request, resolved ips, response, ta0004 defense, url data, win64, windows nt

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 10 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: dealer3.qa.koalafi.com.cdn.cloudflare.net frozenroyalty.net qa-nz-3ha-fixfbmvp-24282-appt-version-mi.az.ssdgws.co.uk www.bbgg777.com statustracker.passports.gov.au www.ritter-pflege-karriere.de ritter-pflege-karriere.de sonar.script.ac emailmarketinghackz.com neustart-ohne-alkohol.com balato8.vip qa-ca-p5f-apd-4934-upliftdgws.az.ssdgws.co.uk estimate.koalafi.com liberty2degrees.co.za doujin-ero-voice.com dxctaysgith31ts8inte-slot.paastest.epimore.com epply.koalafi.com.cdn.cloudflare.net dealer-next.dev.koalafi.com vieaumeilleur.ca abstractscorecard.dev dealer-demo.koalafi.com customerportal.koalafi.com.cdn.cloudflare.net offer.koalafi.com.cdn.cloudflare.net oob-staging.script.ac bbgg777.com sandbox.dubber.net apply.koalafi.com.cdn.cloudflare.net storis.koalafi.com.cdn.cloudflare.net imgbrcf.ifunny.co rapid-k8s-green.koalafi.com uatstatus.test.stanlib.com rapid-k8s-blue.koalafi.com ierp.pamperedchef.com withagency.co dealer-next.stage.koalafi.com dealer-legacy.koalafi.com edge.tenants.patch-aws-y4h6-v202417-352-3.auth0app.com wt.patch-aws-y4h6-v202417-352-3.auth0app.com patch-aws-y4h6-v202417-352-3.auth0app.com sinobiological.com qa-nl-wld-fbmvp-19612-replacekibochannel.az.ssdgws.co.uk spinecareofnorthtexas.com apodiscounter.de www.apodiscounter.de mainlinehomesmb.com dealer-next.koalafi.com finn.bruktbil.no cp-bet3801.site cdn1.sinobiological.com www.sinobiological.com fr.sinobiological.com spot-webwss.bit.com.cdn.cloudflare.net cadmus.script.ac cadmus2.script.ac offer.koalafi.com www.escolavirtual.co.mz tpgblock.com tpgcoin.in tpgpay.com vip-peta.com qa-ie-ylk-testapd-000-testing-stamp-issu.az.ssdgws.co.uk qa.mflowapibridge.jnj.com transportworld.co.nz 1525vvppqc9.vip 1525vvppqc10.cc 1525vvppqc1.com 1525vvppqc7.cc 1525vvppqc4.com 1525vvppqc5.com 1525vvppqc8.cc 1525vvppqc6.com 1525vvppqc2.com test-aws-delicate-walrus-3507.auth0c.com tpgcoin.com tpgchain.com tpgpay.in dcs-newyork-cabinets.com prd.mimvxapi.jnj.com sharkchinaz.com test-aws-old-jackal-9211.auth0c.com edge.tenants.test-aws-old-jackal-9211.auth0c.com wt.test-aws-old-jackal-9211.auth0c.com peta-vip.com peta-ai.com petalulu.com petavip.com vippeta.com petasss.com peta-app.com vip-ida.com idakkk.com idaxzy.com api.arcadia.bluedoor.fun guest.api.arcadia.bluedoor.fun ipsosisay.ru jcu.com.au idanban.com perf-norbertotesting-plat-2059-0.auth0c.com wt.perf-norbertotesting-plat-2059-0.auth0c.com edge.tenants.perf-norbertotesting-plat-2059-0.auth0c.com qa-ca-f4c-fbmvp-13191-gettimezonefromsdi.az.ssdgws.co.uk idavip.vip gdax1.vip idaqing.com bluedoor.fun www.ida-vip.com idanwe.com www.idanwe.com ida-pro.vip gdax8.vip gdax1.top meibocdn02.com www.fretebras.dev.br www2.fretebras.dev.br www3.fretebras.dev.br playbackbone.co.nz chat-azure.tests.mx onlinebanking.profedcu.org sub1.whyareyou.xyz www.whyareyou.xyz es-spar-inte.immeo.net help.bluedoor.fun manpower.com.br kp.whyareyou.xyz systtyy3.com bshegcmf.com hdajfbvv.com msadahqc.com sad1sbfg.com yyddss22.com ufgvbbfh.com vuidhavb.com munert.com associate.koalafi.com merchant4.qa.koalafi.com associate3.qa.koalafi.com merchant3.qa.koalafi.com lithic-edge-service.koalafi.com play.munert.com cadas.script.ac cadfront.script.ac 365playpro.com www.nz-offerz.com maternityweek.com cada.script.ac cad.script.ac cad-agent.script.ac edge.tenants.plf-test-rl-110122.auth0c.com wt.plf-test-rl-110122.auth0c.com plf-test-rl-110122.auth0c.com whyareyou.xyz martinvotes.gov khuyenmai.bet www.khuyenmai.bet jenkins.checkout.wiley.com www.ipsosisay.ru scacareers.com.au www.scacareers.com.au qa-gb-8b7-fixfbmvp-11029-addmissingga4ev.az.ssdgws.co.uk dealer-green.stage.koalafi.com aes.koalafi.com tccwest.qa1.si.v1.kcwayofinfinitegrowth.com qa1.si.v1.kcwayofinfinitegrowth.com server1.tccwest.qa1.si.v1.kcwayofinfinitegrowth.com server2.tccwest.qa1.si.v1.kcwayofinfinitegrowth.com server1.qa1.si.v1.kcwayofinfinitegrowth.com server1.tcceast.qa1.si.v1.kcwayofinfinitegrowth.com server2.tcceast.qa1.si.v1.kcwayofinfinitegrowth.com tcceast.qa1.si.v1.kcwayofinfinitegrowth.com server2.qa1.si.v1.kcwayofinfinitegrowth.com qa.si.v1.kcwayofinfinitegrowth.com customer.koalafi.com ecomm-sdk.koalafi.com epply.koalafi.com fo-scheduler.koalafi.com listeningpost.prod.koalafi.com application-edge-service.koalafi.com customer.koalafi.com.cdn.cloudflare.net qr.qa.koalafi.com qr.dev.koalafi.com qr.stage.koalafi.com qr.koalafi.com dealer-cf.dev.koalafi.com lab-cloudflare-tunnel.dev.koalafi.com application-edge-service.dev.koalafi.com rumginx.dev.koalafi.com occasioncenterson.nl applications.koalafi.com applications.dev.koalafi.com applications.stage.koalafi.com document-persistence-service.koalafi.com private-lab-tunnel.dev.koalafi.com application-management-edge-service.koalafi.com www.martinvotes.gov escolavirtual.co.mz tf-cloudflared-test.dev.koalafi.com vendor.dr.finra.org dev.boredomtherapy.com pbergmansautos.nl b22826d54fc1157d6cae8ec88723e22bad9d9841.vercel-workers.com dealer.koalafi.com.cdn.cloudflare.net staging.boredomtherapy.com estage.boredomtherapy.com dealer4.qa.koalafi.com techdocs-secondary-tunnel.koalafi.com public-tunnel.dev.koalafi.com private-tunnel.dev.koalafi.com dealer.dev.koalafi.com tunnel.koalafi.com storis.qa.koalafi.com e.boredomtherapy.com storis.dev.koalafi.com epply.prod.koalafi.com aes.sandbox.koalafi.com umbrella.koalafi.com comebetvn7.com dealer2.qa.koalafi.com dealer.koalafi.com fo-scheduler-2g.koalafi.com rain.koalafi.com cloudflare-public-test.api.prod.koalafi.com epply.sandbox.koalafi.com dealer.stage.koalafi.com customerportal.koalafi.com dealer-blue.koalafi.com dealer.qa.koalafi.com apply.koalafi.com application-edge-service.sandbox.koalafi.com welcome.adblockplus.dev www.nestea.com iraesviaqrposterecau9609dopaug2020.com.au coronavirus-staging.bilh.org trendyolgo.com southstatemerger.com spot-webwss.bit.com cottagestocondos.com sub.dxctngnadxc0xr7aprod.paastest.co.uk r.findingquotesnow.com a.boredomtherapy.com coronavirus-staging.bilh.org.cdn.cloudflare.net 6678la.com 10yearsof1d.com www.nestea.com.cdn.cloudflare.net 3vc5.meetingpoint.vn.cdn.cloudflare.net 5456za.com trainers-feedback-aviation.garmin.com.cdn.cloudflare.net encorerealty.com tractorhouse.ie boredomtherapy.com msmegaswim.org.au.cdn.cloudflare.net msmegaswim.org.au www.visitaarhusregionen.no.cdn.cloudflare.net thathisjusheclac.pro api.geison.us 766ti.com aredey.live naklqg.live yvqlgl.live ptlnjw.live ildqke.live xyfkpm.live smlpsx.live hsnxhq.live brqevr.live swbklo.live vktgdg.live tfctxt.live

Malware Detected on Host

Count: 1 a5a2afe8b594caa79008abc417014a4206895a118237aee2632442ec73bac1b0

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22