104.18.27.198 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.27.198 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

• Mitre ATT&CK IDs: T1036 - Masquerading, T1046 - Network Service Scanning, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1095 - Non-Application Layer Protocol, T1573 - Encrypted Channel

• Tags: adres, adresy url, ameryki, bardzo duga, ca data, csc corporate, data utworzenia, data wyganicia, digital, dnssec, domains, informacje, reputacja, san jose, serwer nazw, sha256, ssdeep, tworzy, tworzy katalog, tworzy pliki, typ pliku, win64

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: mcsaatchioe.com l.freebcc.com plg8-aztms-restws-dv1.jdadelivers.com magis-tv-pro.com prdws.hotcoffeefactory.com qa-dk-dj1-ddt-359-migration-script-rate.az.ssdgws.co.uk b3-mainnet.rpc.privy-staging.systems b3-sepolia.rpc.privy-staging.systems runreg.com hkplotiobullion.com dxctaygithu35cinprep-slot.paastest.epimore.com dxctaygithu35cinprod-slot.paastest.epimore.com abs-testnet.rpc.privy-staging.systems qa-se-wqs-fbmvp-23051-setupnzccrpageonma.az.ssdgws.co.uk qa-se-l4c-fbmvp-22827-oasnfabredirectpla.az.ssdgws.co.uk planes.magis-tv-pro.com www.magis-tv-pro.com myrecipe.moulinex.ua collect.danmurphys.com.au auth.danmurphys.com.au b2bapi-us.kioxia.com wspt.com usbet888.net m.danmurphys.com.au galaxyslots777.com api-proxy.privy-staging.systems qa-nz-vtb-fbmvp-21448-updatedeadletterqu.az.ssdgws.co.uk privy.dashboard.staging.privy.io www.danmurphys.com.au www.cw-industrial.com www.runreg.com clientportal.trace3.com privy.demo.blackbirdfly.xyz berachain-artio.rpc.privy-staging.systems privy.app.blackbirdfly.xyz lionfish777.com qa-gb-lbv-dsi-4056-createcookie.az.ssdgws.co.uk fhbus.com wheel-large-three.com daffodil777.com insurance.carrefourfinance.be sandwich777.com eagansmilesdentistry.com waffle777.com www.americana777.com www.guava777.com www.seaweed777.com online.advice.co.th www.corn777.com www.coconut777.com www.pancake777.com www.pitanga777.com salad777.com mule777.com manatee777.com lily777.com blowfish777.com carambola777.com pizza777slots.com lemur777.com octopus777.com onlineqr.advice.co.th onlineqr.advice.co.th.cdn.cloudflare.net coconut777-web.bgcf001.com www.cheetah777slots.com branch.advice.co.th develop.advice.co.th americana777-web.bgcf001.com guava777-web.bgcf001.com pitanga777-web.bgcf001.com corn777-web.bgcf001.com pancake777-web.bgcf001.com seaweed777-web.bgcf001.com online.advice.co.th.cdn.cloudflare.net guava777.com corn777.com seaweed777.com cheetah777slots-web.bgcf001.com pancake777.com 1-0.notorious-2019.com cheetah777slots.com lavender777.com jesus777slots.com coconut777.com wolf777slot.com deer777slot.com peach777slot.com pitanga777.com americana777.com moose777.com www.advice.co.th.cdn.cloudflare.net develop.advice.co.th.cdn.cloudflare.net www.foxybae.com e2fsprogs.sf.net openkore.sf.net pentaxks2wifiremote.sf.net u1x.sf.net dav.sf.net libnodave.sf.net tdr.sf.net gogui.sf.net stg.dol.myscdsource.com flow.sf.net g3d-cpp.sf.net sagehrtools.com xltoolbox.sf.net cmsstage.transunion.in www.myscdsource.com tmux.sf.net bumrungrad.com.cdn.cloudflare.net timefortoviaz.com branch.advice.co.th.cdn.cloudflare.net packjacket.sf.net pidgin.sf.net netcat.sf.net gaim.sf.net dvbstreamer.sf.net gigmagic.io mp3gain.sf.net qa-se-xcu-cmsrd-473-word-wrapping.az.ssdgws.co.uk qttabbar.sf.net sf.net users.sf.net prweb.sf.net.cdn.cloudflare.net uat.dol.cosentyx.net qa.dol.cosentyx.net dev.dol.cosentyx.net www.r2fin.com fr-spar-inte.immeo.net www.nutrenaworld.com www.guide-hebergement-web.ca zfccjz.org new.guide-hebergement-web.ca www.freebcc.com dev.aws.data.ibm.com ztblr.csuptraining.com repaper.biz qa-ie-rvs-fbmvp-9595-tagterraformchanges.az.ssdgws.co.uk correspondentdivision.com homemoves-uat.ovoenergy.com sage-app-center.de stagereports.industrysafe.com freebcc.com digitallanding.tv test.bstage.systems test3.bstage.us betway.bet.ar test.bstage.us www.tst.starbucksromania.ro www.firda.vgs.no staging.login.transicold.com guide-hebergement-web.ca test.firda.vgs.no dev.firda.vgs.no keycloak.fieldforce.kaluza.technology www.pfizerpro.de.cdn.cloudflare.net www.finance.nsw.gov.au test-searchv3fp1.auth0c.com edge.tenants.test-searchv3fp1.auth0c.com pfizerpro.de www.pfizerpro.de www0.regqr.gov.hk int-cm.restek.com 4huyy889.com www.tpstire.com invc.fund exclaimer.nl pokerroom.ag www.wjww.com www.automechanicfortuna.com tpstire.com www.pfizerpro.ee transicold.com qa-viewswire.eiu.com pfizerpro.ee www.finance.nsw.gov.au.cdn.cloudflare.net automechanicfortuna.com www.bumrungrad.com.cdn.cloudflare.net wyable.com paulsautomotiverepair.com 55winstar.com emmettauto.com samdewofficial.com edunreleaned.info orsegyptianeeu.info

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22