104.18.23.161 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.23.161 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: www.sncf-reseau.com.cdn.cloudflare.net chile.um.dk gensler.international egypten.editor.um.dk arbismartreview.top whnzcc.com www.redstar-coupons.com clubeloft.vertem.com.br kelia-sso.corum.online kredit-ja.de mexico.um.dk brasilien.um.dk wild-mountain-f338.oym.workers.dev late-boat-f988.oym.workers.dev ecosistemadev.vertem.com.br kapverde.um.dk polen.um.dk sverige.um.dk kenya.um.dk easyplants.com damasio.com.br fnnewyork.um.dk smyrnadentistoffice.com amg.um.dk www.amg.um.dk aarsberetninger.danida.um.dk indonesien.um.dk bcvhml.vertem.com.br api.vertem.com.br turnstile.vertem.com.br storbritannien.um.dk www.devere-newzealand.nz israel.um.dk stealthpg777.com ramallah.um.dk gc.c-1da1.com bangladesh.um.dk estland-en.editor.um.dk sportstank757.com mockoon-test.oym.workers.dev 8xbe170.app unsctest.um.dk rockinbquarterhorses.com um.editor.um.dk norge.um.dk ambljubljana.um.dk hogehogehoge.oym.workers.dev statesmanappliances.co.uk sydafrika.um.dk bolivia.um.dk mali.um.dk devere-newzealand.nz cronicle.services.cwrcloud.net opsdash.cwrcloud.net system-svc-siemdashboard-compliance.services.cwrcloud.net devcp-tr.services.cwrcloud.net canada-en.editor.um.dk www-dev.spfcticket.net preprod.um.dk editor.upgrade.um.dk review.um.dk test.um.dk openaid.um.dk review.test.um.dk review.preprod.um.dk editor.um.dk upgrade.um.dk asd2test.um.dk editor.preprod.um.dk editor.test.um.dk phspin12.com de-ie-knf-sc-2027-movingtobjssdev2.socrates.ssdgws.co.uk www.first5yuba.org first5yuba.org redstar-coupons.com urgentfamilydentistry.com www.spfcticket.net hi88.pub eva-tr-deveva.services.cwrcloud.net www.services.cwrcloud.net kelia-sso-dev.corum.online nederlandene.um.dk usa.um.dk belgien.um.dk nefactory.store spanien.um.dk qa-ie-6p7-fbmvp-17941-unittestsrefactori.az.ssdgws.co.uk guyana.um.dk api.services.cwrcloud.net um.dk ambdhaka.um.dk belarus.um.dk www.hotnewhiphop.com tanzania.um.dk sydkorea.um.dk siliconvalley.um.dk ambdublin.um.dk www.ambdublin.um.dk www.um.dk techamb.um.dk pakistan.um.dk saudiarabien.um.dk cmtanalytics.com fairfox9.com eva-staging03.services.cwrcloud.net cw-api-public-docusign-devcp.services.cwrcloud.net k8api-stage-proxy.services.cwrcloud.net elastic-devml.services.cwrcloud.net devwebsite.services.cwrcloud.net congaclm-devcongaclm.services.cwrcloud.net devcp-api-old.services.cwrcloud.net stagecp.services.cwrcloud.net api-old.services.cwrcloud.net nlb-direct-devcp-api.services.cwrcloud.net testlink-devtools.services.cwrcloud.net elastic-stageml.services.cwrcloud.net devcp-api.services.cwrcloud.net api-test.services.cwrcloud.net dtools.cwrcloud.net client-old.services.cwrcloud.net cw-api-public-docusign-stagecp.services.cwrcloud.net congaclm-prodcongaclm.services.cwrcloud.net als.services.cwrcloud.net congaclm-stagecongaclm.services.cwrcloud.net staging.prizes-now.com yesmancan.com theproteinparadox.com wt.tabcorp.auth0.com edge.tenants.tabcorp.auth0.com edge.tabcorp.auth0.com tabcorp.auth0.com feintool.eu www.advantagebiosensewebsteremea.com wcs-assets-qa.mediamarkt.nl wcs-prelive.mediamarkt.nl wcs-qa.mediamarkt.nl wt.treasuredata-us-prod-1.auth0app.com treasuredata-us-prod-1.auth0app.com edge.tenants.treasuredata-us-prod-1.auth0app.com www.versatilesecurity.us symphony.cfdata.org tcr.theproteinparadox.com www.sparinvest.co.uk carrierglobal.mobi bot-middleware.mediamarkt.nl assets.mediamarkt.nl asset.mediamarkt.nl dev-bot-middleware.mediamarkt.nl dev-chatbot.mediamarkt.nl staging-chatbot.mediamarkt.nl dev.mediamarkt.nl qa.mediamarkt.nl int.mediamarkt.nl chatbot.mediamarkt.nl qa-fi-jlf-fixcaecom-5523-upgradetonode16.az.ssdgws.co.uk cf.webofscience.com staging-admin.career-picks.com admin.career-picks.com edge.tenants.test-aws-efficient-leopard-7835.auth0c.com wt.test-aws-efficient-leopard-7835.auth0c.com test-aws-efficient-leopard-7835.auth0c.com greatdiscoverapp.com barbozaomanipulacao.com.br avrupa.wengo.com.tr m.wengo.com.tr astrocenter.wengo.com.tr www.wengo.com.tr wengood.wengo.com.tr sonarqube.djinnguild.io images.crafta.ua wengo.com.tr versatilesecurity.us whitepaper.djinnguild.io autobedrijfrijnvliet.nl djinnguild.io prep.vastermalmsgallerian.se inte.vastermalmsgallerian.se www.rossmoynebusinesscenter.com qa.rossmoynebusinesscenter.com r5y12u4u.com aon.is www.total.re dev-teambenefits.endeavourgroup.com.au crafta.ua explicadoronline.pt theonlinejackpotgamescity.com www.trodelvy.com.cdn.cloudflare.net sunretreatsamherstburg.com www.sunretreatsamherstburg.com ews.fip.dr.finra.org 82420f847f235157717e8e45e356075a9d0972d7.vercel-workers.com offers.adam.com.au vpn.adam.com.au support.adam.com.au partner.adam.com.au newsletter.adam.com.au www.adam.com.au wwwt.trodelvy.com www.trodelvy.com njannasch.dev ivr.fraudpreventionhq.com rick-terraform.com www.prizes-now.com prizes-now.com career-picks.com www.roche-cac.com fastcoin.elvpsej.com www.vastermalmsgallerian.se uxi01.elvpsej.com www.cleanandclear.com.vn combantrin.com.ph preprod.rapunzel.com integration.rapunzel.com eqtfunds.com elvpsej.com www.modocsheriff.us roche-cac.com cleanandclear.com.vn boldder.com cf-ccouk.net agent.houtai.io.cdn.cloudflare.net buffalowildwingswaftesting.com hs-410258.t.hubspotstarter-in.net dentalservicesfinder.com freseniusdialysisservices.biz www.modocsheriff.us.cdn.cloudflare.net qa.rossmoynebusinesscenter.com.cdn.cloudflare.net vegas777spin.com rapibet.com hs-2110155.t.hubspotstarter-in.net hs-2931262.t.hubspotstarter-in.net www.cleanandclear.com.vn.cdn.cloudflare.net www.vastermalmsgallerian.se.cdn.cloudflare.net cleanandclear.com.vn.cdn.cloudflare.net www.combantrin.com.ph.cdn.cloudflare.net combantrin.com.ph.cdn.cloudflare.net preprod.rapunzel.com.cdn.cloudflare.net integration.rapunzel.com.cdn.cloudflare.net hs-6250855.t.hubspotstarter-in.net roche.sk hs-5843837.t.hubspotstarter-in.net 69aen.com hs-4908993.t.hubspotstarter-in.net hs-1310967.t.hubspotstarter-in.net hs-1976292.t.hubspotstarter-in.net hs-2958929.t.hubspotstarter-in.net hs-2285488.t.hubspotstarter-in.net hs-5281772.t.hubspotstarter-in.net hs-4980530.t.hubspotstarter-in.net www.ziaxsv.live ziaxsv.live hs-4257353.t.hubspotstarter-in.net total.re hs-5415551.t.hubspotstarter-in.net hs-2767493.t.hubspotstarter-in.net www.civinfo.com.cdn.cloudflare.net uat.rossmoynebusinesscenter.com.cdn.cloudflare.net pfizermedicalinformation.nl www.pfizermedicalinformation.nl.cdn.cloudflare.net

Malware Detected on Host

Count: 52 7f39fae2338b33155428d2c3c0f8a6d364ea647f9e6a3831317b5ae450679b13 04abb41da8997b00c09bc8d2e5d24e7d096891ce65a764ab571b57ff2bfc4cd0 f3b6b7770f9edb6fde3df5ab2e15c25a2f15f5b3c72d9ba103b40b642f109dd4 d8c2d737dd4ca314e446b678d8658139a5e68af738a9925ff2dd56e0a9939abd 8c424abdb1feac034da16f8749384c9c24a10695f6e2c896c41c9f48e513de03 20ed0a4a4c9f2e6fb56ae12e5896c0c9fbb75c30ccb92b6e185fa234026355fa 8e0ec7af5e1eb204966f8fdb544ea2b84aed822fcf94dcdf8b4d53cf5549be16 80aa208cf601ce6a33f00fb25a960cf66eb4f102591760c1c417d3467bba7057 fae880438f1af77f4d883dcdc659c2df79160824c63866366da951f5ff9816c3 c8b1282c400ec8802392483f9518eae135a457128eec5310badfdf1a077ff32c

Open Ports Detected

2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-21