104.18.27.123 Threat Intelligence and Host Information

Jun 24, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.18.27.123 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 37/100

Host and Network Information

Tags: cyber security, ioc, malicious, Nextray, phishing
View other sources: Spamhaus VirusTotal
Contained within other IP sets: coinbl_hosts

Country:
Network:
Noticed: 29 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: rpm-center.com elkgrove.gov www.civitia.org api.civitia.org nvpropane.net smile-direct.nl www.nvpropane.net hundeklang.de public-rpc.lavanet.xyz w.lavanet.xyz demo.surebilling.insurity.com www.lavanet.xyz civitia.org caxiasshopping.com.br lakeplacidolympiccenter.com ropinet.com qa-nl-pe5-fbmvp-22278-adulteyetestdynami.az.ssdgws.co.uk www.fox-chapel.pa.us v5-urso.com g.w.lavanet.xyz giftsbuffet.com dxctaysgithwht87prep.paastest.epimore.com havaconecta.com.br www.cytivalifesciences.com www.sciooregon.gov splash.lakeplacidolympiccenter.com pci.federated.ca gladstonesmilesdentistry.com platcal.dospinos.com wagner-dev.factory.nestle.de www.nestle.de.cdn.cloudflare.net leches.dospinos.com jbskinandlaser.com mercury-vam.com www.itcosmetics.sa www.federated.ca federated.ca maintenance.federated.ca thomy-dev4.factory.nestle.de nes-dev5.factory.nestle.de wagnerprod-dev.factory.nestle.de thomy.factory.nestle.de smarties-pre.factory.nestle.de www.nestle.de smarties-dev6.factory.nestle.de nema-pre.factory.nestle.de thomy-dev6.factory.nestle.de wagner-pre.factory.nestle.de nesfb.factory.nestle.de smarties-dev.factory.nestle.de smarties-dev3.factory.nestle.de thomy-dev.factory.nestle.de thomy-dev5.factory.nestle.de wagner-dev5.factory.nestle.de wagner-test.factory.nestle.de nes.factory.nestle.de nesfb-dev3.factory.nestle.de nes-pre.factory.nestle.de nes-test.factory.nestle.de nema-dev3.factory.nestle.de nesfb-pre.factory.nestle.de maggi-pre.factory.nestle.de nesfb-dev.factory.nestle.de nema-dev4.factory.nestle.de maggi-dev4.factory.nestle.de nesfb-dev6.factory.nestle.de nes-dev4.factory.nestle.de maggi-dev.factory.nestle.de maggi-dev6.factory.nestle.de nes-dev6.factory.nestle.de nema.factory.nestle.de nema-dev6.factory.nestle.de maggi-test.factory.nestle.de nes-dev.factory.nestle.de maggi-dev5.factory.nestle.de nema-dev.factory.nestle.de nesfb-dev4.factory.nestle.de nesfb-dev5.factory.nestle.de ndemaster.factory.nestle.de nes-dev3.factory.nestle.de maggi-dev3.factory.nestle.de nema-test.factory.nestle.de factory.nestle.de nema-dev5.factory.nestle.de iamstripes.hk canary.mythical.market explorer.mythical.market t.sidekickopen68.com havaianas.ae dev-contact.federated.ca mythical.market contact.federated.ca imgproxy.mythical.market cytiva.com.cn www.cytiva.com.cn edge.kubra-idp.auth0.com edge.tenants.kubra-idp.auth0.com kubra-idp.auth0.com wt.kubra-idp.auth0.com hectorsstockbridge.co.uk link.dospinos.com river-cityrentals.com rocheonline.net live.vcita.com offer.welcome.epam.in pesquisadoorgulho.com.br www.pesquisadoorgulho.com.br vpn.vcita.com einmalzahlung200.de psc-sb.pinsolution88.com cookiecasino5.com files.worldwildlife.org amordulceamor.dospinos.com www.momentumwealth.co.za mejor-web-hosting.com verse.bitcoin.com analytics.verse.bitcoin.com momentummetropolitan.com.na www.momentummetropolitan.com.na www.exitwidget-nz.com exitwidget-nz.com www.vedholvvs.no dansautotruckrepair.com new.mejor-web-hosting.com wifi-lit.com itcosmetics.sa cfn-4321.com vlaams-brabant.yalwa.be silicup.com.br qa-dk-yes-caecom-4049-specspaymentmethod.az.ssdgws.co.uk www.fxcm-markets.com plus.fxcm-markets.com m.y8kkg2kepa62.com fallback-vc.vcita.com.cdn.cloudflare.net pe-dev-api.cr.red.dospinos.com universidad.dospinos.com mcstaging.dospinos.com iceberg-partners.uk genuinecable.com simple.dospinos.com express.dospinos.com abastecidos.dospinos.com mcprod.dospinos.com avexpress.dospinos.com development.agjeans.com dospinos.com registry.gitlab.com local.api.nixle.com qa.api.wbtvd.com medicalinformationpfizer.com www.medicalinformationpfizer.com x6h55.com apps.vcita.com customers.stg.gitlab.com dashboards.gitlab.com fallback-public.vcita.com.cdn.cloudflare.net guest.api.arcadia.pinsolution88.com aws-stg-app.targetsolutions.com pinsolution88.com lonny-test.vcita.com api2.vcita.com cb47b933f5e848ef778eaa21dbd537c40ff52122.vercel-workers.com www.cpu.be chef.gitlab.com customers.gitlab.com packages.gitlab.com otoku-line.jp hasselt.yalwa.be janecf.cf prep.claridges.co.uk www.brighthomesre.com cpu.be newsfirst.lk www.chautauquacountyks.com fivethreefive.snapdocs.com www.sextelefoon.nl staging-emi.snapdocs.com www.preprod.cpu.be preprod.cpu.be email.customers.gitlab.com 5071e6e7fd9c82ec.com oostende.yalwa.be staging.snapdocs.com titleco.snapdocs.com evergreen-staging-master.snapdocs.com closers.snapdocs.com staging-web-master.snapdocs.com app.master.snpd.io.cdn.cloudflare.net 4hut18.com 4hux17.com prep.claridges.co.uk.cdn.cloudflare.net aalst.yalwa.be ntn95.com sextelefoon.nl fsmntest1.xyz www.cpu.be.cdn.cloudflare.net cpu.be.cdn.cloudflare.net bree.yalwa.be www.eu-council-presidency.eu.cdn.cloudflare.net gent.yalwa.be yalwa.be www.chautauquacountyks.com.cdn.cloudflare.net 96arm.com brighthomesre.com qa.api.wbtvd.com.cdn.cloudflare.net 396cf.com 9456bb.com www.hotelclearlakeoaks.com.cdn.cloudflare.net funredirect.com relativity-la.crlit.com.cdn.cloudflare.net

Malware Detected on Host

Count: 2 b85278a7c336a49845d5264c845170d335e448651802008e8a2b2f5f10d142df b2996f082d4b43cf9ea3de083ba882269b5f63d6ac53bf31449831e75cb6e4a9

Open Ports Detected

2053 2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2024-09-04
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref: https://rdap.arin.net/registry/ip/104.16.0.0
OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/CLOUD14
OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: rir@cloudflare.com
OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
OrgRoutingHandle: CLOUD146-ARIN
OrgRoutingName: Cloudflare-NOC
OrgRoutingPhone: +1-650-319-8930
OrgRoutingEmail: noc@cloudflare.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
OrgNOCHandle: CLOUD146-ARIN
OrgNOCName: Cloudflare-NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: rir@cloudflare.com
RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22

Share on: