104.18.5.176 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.5.176 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 5/100

Host and Network Information

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: triboxing.sites.zenplanner.com crossfitinvermere.sites.zenplanner.com wow3.dev sys.wow3.dev monitor.wow3.dev sys-prod.wow3.dev corporate.uat.jeeny.me main.home.cob-test.mas03.azure.gov.interloc.us manage.cob-dev2.mas03.azure.gov.interloc.us web-survey-app.qa.jeeny.me backoffice.qa.jeeny.me main.home.abm-dev.nonprod01.mas.interloc.us match-dispatch.uat.jeeny.me investvip7.com investvip9.com qa-ca-gmo-chorefbmvp-24141-mainmerge.az.ssdgws.co.uk prodactive.zenplanner.com.cdn.cloudflare.net kibana.uat.jeeny.me socket.16938403.com location-engine.uat.jeeny.me memberappapiv220.zenplanner.com studiob.zenplanner.com logcollect.pepro6.com ms-pms-4.uat.jeeny.me jeenypay.qa.jeeny.me epayment.uat.jeeny.me moneyball.qa.jeeny.me ms-api-gateway.qa.jeeny.me blade72.uat.jeeny.me api72.jeeny.me api72.jeeny.me.cdn.cloudflare.net jeenypay-moneyball.jeeny.me jeeny-routing.qa.jeeny.me jeeny-beats.jeeny.me wealthmauritius.com drive.jeeny.me cockpit-frontend.jeeny.me api.zenplanner.com staffappapiv300.zenplanner.com jeeny-relay.uat.jeeny.me promos.jeeny.me manage.methpoc.nonprod01.mas.interloc.us de-nl-4jc-sc-33891-testdockerforcdc.socrates.ssdgws.co.uk beta.zenplanner.com ms-pms-8.uat.jeeny.me test1.jeeny.me apigateway.dev.jeeny.me t-api.t7r.dev eng.t7r.dev besworkshop.top opencost.qa.jeeny.me jeenypay.uat.jeeny.me driver-signup-v2.uat.jeeny.me blade.qa.jeeny.me api.qa.jeeny.me spin-the-wheel.qa.jeeny.me cockpit-frontend.qa.jeeny.me fdm.qa.jeeny.me www.shahrulazhar.com shahrulazhar.com luxus-leben-x.de jeeny-beats.uat.jeeny.me jo.gouv.tg sitesprodactive.zenplanner.com.cdn.cloudflare.net apps.prod01.mas.interloc.us www.enracha.es enracha.es api-moneyball.jeeny.me auth.abm-prod.prod01.mas.interloc.us jeeny-support.jeeny.me iodss-swaraj.mahindraglobaldms.com hubspots.jeeny.me sitesprodactive.zenplanner.com mahindrafoundationusa.org ms-redistribution.jeeny.me cockpit-frontend.uat.jeeny.me qa-au-wgk-fbmvp-21935-bumpappintmessaget.az.ssdgws.co.uk legacy-support.qa.jeeny.me api.experimental.t7r.dev 4638.work mxpgta.com ms-general.qa.jeeny.me uptime-kuma.qa.jeeny.me platform-integrations.qa.jeeny.me vex.com.tw prod01.mas.interloc.us particleadventure.org azure-prd.auth.beeline.com ingress.auth.beeline.com.cdn.cloudflare.net chefa777.com shopify-admin.t7r.dev fdm.uat.jeeny.me moneyball.uat.jeeny.me ms-pms-1.uat.jeeny.me platform-integrations.uat.jeeny.me hubspot.uat.jeeny.me scripts.qa.jeeny.me promos.qa.jeeny.me zatca-einvoice.qa.jeeny.me partner-api-gateway.qa.jeeny.me home.abm-prod.prod01.mas.interloc.us abm-prod.prod01.mas.interloc.us emaps.jeeny.me api-gateway.jeeny.me app.t7r.dev ms-pms-5.uat.jeeny.me android-driver.jeeny.me shopify-payments.t7r.dev eflow.uat.jeeny.me blade.uat.jeeny.me ms-redistribution.uat.jeeny.me ms-pms.uat.jeeny.me paydirect.t7r.dev ms-redistribution.qa.jeeny.me culture.on.com uki-mock-bank.t7r.dev abm-dev.nonprod01.mas.interloc.us www.thebellastonclinton.co.uk op-az.thebellastonclinton.co.uk vic.on.com www.on.com electronicsshop.top apcloud.co.za wap0212.com my-uatb.windstream.com kinetic.partner-uatb.windstream.com about.gitlab.com triumph-test.info inetsvcs.windstream.com officesuite99.windstream.com user-authentication-api.t7r.dev payments-testing-api.t7r.dev chat-uat.windstream.com itdev.tableau.windstream.com payments-experience-api.t7r.dev shopify-test.t7r.dev nsp.windstream.com chat.windstream.com qa-ca-fm5-fbmvp-13856-refactordsperror.az.ssdgws.co.uk pay-mock-client.t7r.dev buy-dev.windstream.com my.windstream.com www.windstreamonline.com kb-scim.t7r.dev business.windstream.com osportal.windstream.com api-kinetic-uatb.windstream.com nsp-uatb.windstream.com nsp-uata.windstream.com api-kinetic.windstream.com federal.windstream.com cleccenter.windstream.com kinetic.partner-uata.windstream.com linkupexperts.be kinetic-fiber.windstream.com kineticapps.windstream.com we-uatb.windstream.com osportal-uat.windstream.com banking-circle-client.t7r.dev ps.tmc-sin.com.sg intranet.tmc-sin.com.sg epr.tmc-sin.com.sg po3-api-uata.windstream.com partner-uata.windstream.com we-uata.windstream.com stablecoin-portal-spa.t7r.dev status.t7r.dev otel-api.t7r.dev truelayer.t7r.dev getomegadatacube-exclusive.com stg-3.business.windstream.com newadmin.junkyard.se www.windstream.com old.junkyard.se auth-analytics.t7r.dev op-scim.t7r.dev scim.t7r.dev thebellastonclinton.co.uk dialogoroche.com.py wt.test-azure-shy-emu-4988.auth0c.com edge.tenants.test-azure-shy-emu-4988.auth0c.com test-azure-shy-emu-4988.auth0c.com signupplus-demo.t7r.dev onboardandpay-demo.t7r.dev edge.tenants.test-aws-royal-pangolin-3383.auth0c.com wt.test-aws-royal-pangolin-3383.auth0c.com test-aws-royal-pangolin-3383.auth0c.com www.molson.ca www.sallystores.com sallystores.com c712l.com cms-preview.t7r.dev www.test.preprod.bournemd.com preprod.bournemd.com prisma.t7r.dev hmac.t7r.dev orgs-test.t7r.dev gitops-watcher-rs.t7r.dev verification-demo-backend.t7r.dev payouts-e2e.t7r.dev ob-au-mock-bank.t7r.dev 0m88j.copy.paastest.co.uk console.t7r.dev carlsbergukraine.com www.carlsbergukraine.com webshop.carlsbergukraine.com shop.carlsbergukraine.com truemonitor-admin.t7r.dev www.bup.nu truemonitor-client-api.t7r.dev truemonitor.t7r.dev state-change-requests.t7r.dev 5f2bce13462da70bc1a8897ab95508bf68ee3fbb.vercel-workers.com stablecoin.t7r.dev event-registry.t7r.dev psu.t7r.dev api.t7r.dev insights.t7r.dev checkout.t7r.dev 412571503b139a642ff12ea6c43e1aa4ac4e7368.vercel-workers.com auth.t7r.dev www.alexnicot.t7r.dev alexnicot.t7r.dev 7d7683dba628cfc7af7d595dbe2e8767f412ae58.vercel-workers.com napaidm.genpt.com login-api.t7r.dev client-tracking.t7r.dev demo-api.t7r.dev demo-alpha-api.t7r.dev frontend-providers-api.t7r.dev data-comms-demo.t7r.dev www.alliedpetroleum.co.nz alliedpetroleum.co.nz b.apps-host.com index.t7r.dev payments-analytics.t7r.dev www.admiral-duncan.co.uk.cdn.cloudflare.net onboarding-api.t7r.dev ceecee-api.t7r.dev www.sovag.veolia.ch provide-healthcare-quotes.com www.villageofowego.com.cdn.cloudflare.net www.industries.veolia.ch www.veolia.ch www.villageofowego.com landlordcentre.co.uk www.landlordcentre.co.uk t.hubspotappstarterqa-eu1.net status-page.t7r.dev agent-monitoring.t7r.dev agent-monitoring-admin.t7r.dev agent-monitoring-api.t7r.dev ob-mock-bank.t7r.dev vk-videochatru.apps-host.com login.t7r.dev verification.t7r.dev connectivity-wiki.t7r.dev psu-api.t7r.dev users-api.t7r.dev console-backend.t7r.dev m-test2.apps-host.com test3.apps-host.com m-test3.apps-host.com t7r.dev webhooks.t7r.dev roulette.apps-host.com connect.t7r.dev sovag.veolia.ch industries.veolia.ch www.veolia.ch.cdn.cloudflare.net www.industries.veolia.ch.cdn.cloudflare.net industries.veolia.ch.cdn.cloudflare.net www.sovag.veolia.ch.cdn.cloudflare.net sovag.veolia.ch.cdn.cloudflare.net www.admiral-duncan.co.uk apps-host.com logsearch-api.t7r.dev vk-chatrulez.apps-host.com demo-alpha.t7r.dev clearbank-api.t7r.dev payouts.t7r.dev demo.t7r.dev auth-psu.t7r.dev donate.t7r.dev donate-api.t7r.dev test.apps-host.com www.snapdragoninsiders.de pay-api.t7r.dev pay.t7r.dev penny.t7r.dev pay-mock-connect.t7r.dev status-api.t7r.dev www.snapdragoninsiders.de.cdn.cloudflare.net banks.t7r.dev m-roulette.apps-host.com pages.apps-host.com m-test.apps-host.com test2.apps-host.com www.molson.ca.cdn.cloudflare.net partsstore24.com www.partsstore24.com test.partsstore24.com www.FindCarOil.com FindCarOil.com midtownbank.biz nestlehealthscience.com.hk sbfc912z.com www.bup.nu.cdn.cloudflare.net img.webmd.com www.visa.co.in.cdn.cloudflare.net www.nestlehealthscience.com.hk.cdn.cloudflare.net joykazino3.site xoowuyu.com v7k.com.cn www.xoowuyu.com www.v7k.com.cn 09t.com.cn

Malware Detected on Host

Count: 1 316a8bd8206b09d2066f9486b40120c1432cb192018337efb5f430ed291dc05a

Open Ports Detected

2052 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22