104.18.25.217 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.25.217 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1027 - Obfuscated Files or Information, T1040 - Network Sniffing, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056 - Input Capture, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1119 - Automated Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1199 - Trusted Relationship, T1557 - Man-in-the-Middle

• Tags: 0110542, aaaa, agent tesla, aig, alexa, alexa top, algorithm, all octoseek, apple safari, artemis, as14618, as15169, as15169 google, as36081 state, as54113, as7018 att, ascii text, as name, asnone united, august, blacklist, blacknet, blacknet rat, body, book, bulz, bundled, business select, canada, canvas, cape, carol, chaos, cisco umbrella, cname, cobalt strike, code, comedy, contacted, contacted urls, contact phone, copy, copyright, core, country code, crack, create c, ctsu, cus cnamazon, cus cnr3, dapato, data, date, default, delete c, delphi, denmark as32934, detection list, detections type, district, domain status, drama, dynamicloader, emails, emotet, encrypt, entries, epic games, error, execution, exif standard, expiresthu, february, files location, first, floyd, form, fragtor, g htpps, gift, gmt path, google chrome, hacktool, heur, high, historical ssl, http, iana id, icp2021030667, inflight, inflight entertainment, intel, internet, internet access, ip address, ip hostname, jackson, jpeg image, json, k0pmbc, kevin, key algorithm, key identifier, key info, lakewood, launchres, l http, live, location, lookup country, lost, love, mail spammer, malicious, malicious site, maltiverse, malware, markmonitor, markus, media center, medium, memscan, million, million alexa, monitoring, mozilla, msie, ms windows, music, name, next, nsis, ntmzac, number, olet, packer, parent domain, passive dns, pe32, pecompact, persistence, phish, phishing, phishing paypal, poppy, powershell, precreate read, presenoker, privateloader, pulse pulses, python, qaeaav12, q htpps, q https, quasar, quasar rat, ransomexx, rapid, redirect chain, redirection, referrer, registrar, registrar abuse, registrar whois, regsetvalueexa, related nids, relic, resolutions, reverse ip, rights reserved, riskware, safe site, sample, samples, scan endpoints, search, server, servers, show, showing, siblings, siblings domain, site, site safe, site top, slcc2, smokeloader, southwest, southwest wifi, spsfsb, ssl certificate, startpage, status, stealer, strong, subject key, subject public, summer, suspicious, tiff image, trojan, trojanspy, united, unknown, unrealengine, unsafe, upgrade, url https, urls, v3 serial, validity, virustotal, vwdzfe, whitelisted, whois record, wifi, wifi access, wifi hotspot, wifi internet, win32, win32 dll, win32 exe, win64, windows, windows nt, windows wget, wow64, write, write c, zbot, zwdk9d, 性感美女, 清纯美女, 美女主播, 美女互动, 美女交友, 美女在线表演, 美女直播, 美女直播间, 美女秀场, 美女聊天, 美女聊天室, 美女视频, 视频交友, 视频聊天

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: hoadondientu.kiotviet.vn sinnstiftendes-fuehren.com partner.kiotviet.vn tracuuhoadon.kiotviet.vn dxctadmini79ed60inte.paastest.epimore.com qa-ie-2oo-apd-5019-splunkteamsslack.az.ssdgws.co.uk viettel.com.co grg03.dev.afrgn-c.com fs-static.cloudflare.cdn.infurnity.net webpreprod.stellar-ix.com myzuny.be simshop.id www.ridango.ee dev-api.stellar-ix.com full.ehrig.io staging.mobileapp.apcemea.visa.com ridango.ee smilepayz.com cspromoguide.com cms.nl.corength.fitness covid19childhoodcancer.org vvjl888.com bench-preview.nycourts.gov homevip.kiotviet.vn events.xn–notifcation-gcb.com phukiendncom.kiotviet.vn google.xn–notifcation-gcb.com sanxuatwinfoods.kiotviet.vn breville-israel.co.il www.semlag.com connect.kiotviet.vn open.kma.kiotviet.vn kma.kiotviet.vn apecgroup.kiotviet.vn profile.kiotviet.vn dienmaybinhdan.kiotviet.vn test.cspromoguide.com staging.kiotviet.vn pprod.stellar-ix.com ggdh.j61c52yvo.com twf.stellar-ix.com xn–notifcation-gcb.com id.kiotviet.vn bdz96.com getuvbrite.io bossstore38.kiotviet.vn www.stellar-ix.com stellar-ix.com www.kiotviet.vn decathlon.com.co b2b.cspromoguide.com prod-01.gb-bcs.onesumx-frr-saas.com uat-01.risk-euram.onesumx-frr-saas.com risk-dev-test.onesumx-frr-saas.com risk-dev-ops.onesumx-frr-saas.com simplysears.com wt.test-aws-young-puppy-2162.auth0c.com edge.tenants.test-aws-young-puppy-2162.auth0c.com test-aws-young-puppy-2162.auth0c.com api.dev.coadm-library.roche.com prd-onesumx.nl-bng-01.onesumx-frr-saas.com prd-01.fr-bcgef.onesumx-frr-saas.com manager.everbridge.eu.cdn.cloudflare.net gensler.asia qa-nz-k8r-cmsrd-886-preview-changes.az.ssdgws.co.uk sp1-888.com sme-tabs.com coadm-library.roche.com api.coadm-library.roche.com dev.coadm-library.roche.com test.coadm-library.roche.com api.test.coadm-library.roche.com uat-01.fr-bcgef.onesumx-frr-saas.com uat-01.gb-kbcnv.onesumx-frr-saas.com prd-01.gb-tbol.onesumx-frr-saas.com uat-01.gb-tbol.onesumx-frr-saas.com prd-01.gb-kbcnv.onesumx-frr-saas.com red444.net prd-01.fr-binckbank.onesumx-frr-saas.com prd-01.be-binckbank.onesumx-frr-saas.com jlabsjuniverse.jnjinnovation.com risk-we-dev-02-prometheus.onesumx-frr-saas.com qa-ie-jt8-fbmvp-13249-deployroiinstaging.az.ssdgws.co.uk kansmakenop.com prd-01.gb-iguka.onesumx-frr-saas.com uat-01.riskpro-client1.onesumx-frr-saas.com chloebailey.net uat-01.fr-binckbank.onesumx-frr-saas.com uat-01.be-binckbank.onesumx-frr-saas.com prd-01.gb-igdea.onesumx-frr-saas.com prd-01.gb-monument.onesumx-frr-saas.com uat-01.gb-iguka.onesumx-frr-saas.com qa-no-r2u-fbmvp-12945-simplyhearingbooka.az.ssdgws.co.uk edge-media-cloudflare-geo.gslb.mnc.mcznow.net uat-01.de-dws.onesumx-frr-saas.com uat-01.be-nibc.onesumx-frr-saas.com prd-01.gb-rl.onesumx-frr-saas.com uat-01.gb-rl.onesumx-frr-saas.com uat-01.gb-dws.onesumx-frr-saas.com prod-01.gb-dws.onesumx-frr-saas.com uat-01.fr-cbsnef.onesumx-frr-saas.com prd-01.fr-cbsnef.onesumx-frr-saas.com prod-01.be-nibc.onesumx-frr-saas.com uat-01.gb-igifr.onesumx-frr-saas.com edge.tenants.test-aws-literate-anteater-9981.auth0c.com test-aws-literate-anteater-9981.auth0c.com wt.test-aws-literate-anteater-9981.auth0c.com media.dcsx.edgeize.net uat-01.monument.onesumx-frr-saas.com uat-01.be-byblos.onesumx-frr-saas.com prod-01.be-byblos.onesumx-frr-saas.com dev.jlabsjuniverse.jnjinnovation.com semlag.com risk-we-dev-02-git.onesumx-frr-saas.com prd-01.de-aion.onesumx-frr-saas.com uat-01.de-aion.onesumx-frr-saas.com uat-01.nl-nibc.onesumx-frr-saas.com prd-01.nl-nibc.onesumx-frr-saas.com www.kansmakenop.com jlabsjuniverse.jnjinnovation.com.cdn.cloudflare.net uat-02-onesumx.nl-bng-01.onesumx-frr-saas.com www.happymoney.com start.happymoney.com qa-nl-qo0-fbmvp-11335-connectgraphqltosh.az.ssdgws.co.uk www.okms.gov.ua alt.okms.gov.ua cdn.cloudflare.stc.infurnity.net lqd-r.co.uk qa-gb-tnf-fbmvp-10500-auoptpersonaldetai.az.ssdgws.co.uk itf-reg-static.global.cdn.dcsx.edgeize.net okms.gov.ua hd88123.com www.hd88123.com m.hd88123.com qa-dk-tte-caecom-160-colleaguenotes.az.ssdgws.co.uk rollandenergysettlement.com letvigoo.com marmuro.com salarypackaging.act.gov.au support.happymoney.com www.myzuny.be area1.work ms-static.cloudflare.cdn.infurnity.net regfs-static.cloudflare.cdn.infurnity.net wt.catparadise-18.auth0c.com edge.tenants.catparadise-18.auth0c.com catparadise-18.auth0c.com minkedu.org www.jwmarriottcannes-restaurants.com edge-media-cloudflare-geo.cdn.mnc.mcznow.net manager.everbridge.eu wt.xavier-20220329.auth0c.com xavier-20220329.auth0c.com edge.tenants.xavier-20220329.auth0c.com www.lvlive365.com ftinstitutional.ca assets.mcznow.com i.zfnkc.com 40f854ce73761a77bd5ee54aa470d7d1979dffec.vercel-workers.com buttonwoodbay.com www.buttonwoodbay.com dbsweb-u04-www.dbsvonline.com global.m1.dcsx.edgeize.net media-static.cloudflare.cdn.infurnity.net 99.hukanyy.com media.cdn.kazbay.com 9.bakuaiwu.com dataroom.happymoney.com sdk-api-uat.ycsbst.cn epi-prod.wawak.ca epi-int.cleanersupply.ca epi-pp.cleanersupply.ca happymoney.com ir.smartgroup.com.au www.more-tafmek.com 620day.com www.cmltarget.com www.more-tafmek.com.cdn.cloudflare.net 4hut65.com store.cloudflare.steamstatic.com community.cloudflare.steamstatic.com 123cc.net malaysiaairlines.com.my cdn.cloudflare.steamstatic.com smartgroup.com.au beta-ss-staging.test.smartgroup.com.au.cdn.cloudflare.net beta-ss-uat.test.smartgroup.com.au.cdn.cloudflare.net alpha-internal-uat.test.smartgroup.com.au.cdn.cloudflare.net alpha-ss-staging.test.smartgroup.com.au.cdn.cloudflare.net ss-staging.test.smartgroup.com.au.cdn.cloudflare.net su-uat.test.smartgroup.com.au.cdn.cloudflare.net austin-dev.test.smartgroup.com.au.cdn.cloudflare.net api-hml.bancomidway.com.br.cdn.cloudflare.net api-qa.bancomidway.com.br.cdn.cloudflare.net api-dev.bancomidway.com.br.cdn.cloudflare.net lsp-getting-started-dev.test.smartgroup.com.au.cdn.cloudflare.net esc-ss-uat.test.smartgroup.com.au.cdn.cloudflare.net esc-ss-dev.test.smartgroup.com.au.cdn.cloudflare.net lvlive365.com eh-uat.test.smartgroup.com.au.cdn.cloudflare.net adv-pub-uat.test.smartgroup.com.au.cdn.cloudflare.net sf-customer-uat.test.smartgroup.com.au.cdn.cloudflare.net ss-api-dev.test.smartgroup.com.au.cdn.cloudflare.net sg-dev.test.smartgroup.com.au.cdn.cloudflare.net sl-dev.test.smartgroup.com.au.cdn.cloudflare.net www.smartgroup.com.au.cdn.cloudflare.net lsp-ss-uat.test.smartgroup.com.au.cdn.cloudflare.net lsp-sl-uat.test.smartgroup.com.au.cdn.cloudflare.net lsp-getting-started-uat.test.smartgroup.com.au.cdn.cloudflare.net regislameduj.info epi-int.cleanersupply.ca.cdn.cloudflare.net sl-uat.test.smartgroup.com.au.cdn.cloudflare.net sl-qld-uat.test.smartgroup.com.au.cdn.cloudflare.net ss-qld-uat.test.smartgroup.com.au.cdn.cloudflare.net 5eg3.com

Malware Detected on Host

Count: 2 f2174856fac008448cb836434c27c90e0920ad67c7d4d4023097c2c5e56ed775 1ad677e7caf0a91117f59e148451feeedb4f81094f69296519a050c2af3dd540

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22