104.18.27.28 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.27.28 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 32/100

Host and Network Information

• Tags: allow, android, application, assistant, atlas, azureadmyorg, channelsurfcli, connector, designer, desktop, dynamics, enterprise, explorer, false, file transfer, front, game, hidden, live, magnus, meister, microsoft azure, microsoft crm, microsoft power, microsoft teams, mtd1, office, premium, service, sharepoint, spark, test, tools, true, verify, visible, write, youth

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, United States of America
• Passive DNS Results: dropee.xyz www.umicore.ca.cdn.cloudflare.net www.senetic.cm www.cipd.org.cdn.cloudflare.net rdev.dropee.xyz p8d2q.com mitsubishieasterncape.co.za edge.tenants.test-aws-terrific-rabbit-8192.auth0c.com www.bowerswimwear.com www.esh-haemuna.org.il www.fenwalfire.com jobroll.com www.rshughes.mx www.rshughes.mx.cdn.cloudflare.net dbx777.org bitdefender.senetic.ro qa-dk-kfl-fbmvp-23144-enabletypescriptes.az.ssdgws.co.uk www.aplatsf.com fenwalfire.com senetic.ro microsoft365.senetic.cm test.ca.tastybite.com qa.ca.tastybite.com live-ca.tastybite.com jadarat.sa senetic.cm esh-haemuna.org.il www.senetic.ro melotte.ancho.vi cotati.ancho.vi www.urbanscape-propet.com urbanscape-propet.com sage-people.pl www.pfizerattrcmpap.com.au www.tisco.co.th winspirit9.com betterbrands.ancho.vi autobag.es i9betting.co phoenix-ro.com saleor-admin.ancho.vi fairenter48.com dentistsofparadisevalley.com www.thedriverhandbook.co.uk thedriverhandbook.co.uk sasinc.ancho.vi vitco.ancho.vi brittonblinds.com tisco.co.th www.vinderklubbendk.com kronosportal.com www.diariolasamericas.com.cdn.cloudflare.net prod.php-epi.oma.org staging.omf-epi.oma.org dev.learn-epi.oma.org dev.php-epi.oma.org www.bdo.com.jm randkinsulation.com www.polypipeinc.net prod.transform-epi.oma.org staging.temp-epi.oma.org prod.temp-epi.oma.org geohello2.migia.net staging.transform-epi.oma.org www.redman.com geohello.migia.net paxlovideducation-kosovo.com Content.oma.org staging.oma.org ancho.vi aferry.com xtendcaloriesettlement.com login.credaas-exemplar.eu.esft.c1.vanguard.com testlogin.vanguardinvestor.co.uk login.testwww.de.vanguard www.adiglobaldistribution.co.uk integ.onelinkonline.net prep.onelinkonline.net www.onelinkonline.net transform.oma.org php.oma.org www.oma.org www.promat.com.cn www.promat.com.cn.cdn.cloudflare.net snapxcdn.com www.indentrust.com dev-saasportal.episerver.net qa-es-cuf-fbmvp-10364-switch-to-v3-modul.az.ssdgws.co.uk www.closemotorfinance.co.uk qa-gb-mjp-fbmvp-10209-importnewstoresear.az.ssdgws.co.uk qa-nl-8gb-fbmvp-5577-changegraphqlaccess.az.ssdgws.co.uk qa-se-m5v-testfbmvp-9847-scenarioimpleme.az.ssdgws.co.uk www.identrust.net www.identrust.co.uk www.identrust.com www.stanlibmultimanagerdev.co.za.cdn.cloudflare.net preprod.redman.com.cdn.cloudflare.net www.automation4less.com.cdn.cloudflare.net identrust.com hubfs.origin.hubspotfree-hz-eu1.net chemoglobe.stjude.org validation.identrust.com crl.identrust.com test.chemoglobe.stjude.org preprod.redman.com www.css-tricks.com css-tricks.com 18afec8aca6425a79a2f1653c38933a760cfead2.vercel-workers.com www.mizkan.co.jp.cdn.cloudflare.net www.paxlovideducation-kosovo.com dev.hermoments.com www.automation4less.com bstage.hermoments.com estage.hermoments.com staging.hermoments.com f30bdadb2a63dc114c7711152fe941741518bc0d.vercel-workers.com 73943672a03f7f5bf3eb2f470e54022c6cc5e86f.vercel-workers.com www.stanlibmultimanagerdev.co.za stanlibmultimanagerdev.co.za e.hermoments.com sfsvehiclehire.co.uk www.mizkan.co.jp prod.nacreous.drs-net.novartis.co.jp www.piabennett.com gamepoint.li 4huqq52.com automation4less.com cascadeofwellness.com insmac.com cbmotor.acquiaedge.net int.redman.com t.hubspotfree-hz-eu1.net yusofghani.com mtservice.astrocorp.com.tw 4huy76.com www.4huy76.com dxctngnadxc45d7dinte.meetingpoint.vn.cdn.cloudflare.net dxctngnadxc8oh87inte.meetingpoint.vn.cdn.cloudflare.net a.hermoments.com nashvillemadisonmrtransmission.com odonnellgroupre.com simonandgarfunkel.com hermoments.com hingtempt.info lowestmed.com 5234bb.com vulkan-starsplay.net wrong.host.badssl.org historias.starbucks.com.cdn.cloudflare.net

Malware Detected on Host

Count: 6182 b0b5dc8e1e6b7d592a5f86644814bfd3399e1d9547357baae8c482f62997c114 c1cd98b33e8204dc1ca2e247b5fc90bf223c57c8f9df110b64f84e658939598e a253d8a3139bf7b1279ee923af90b8282a047496853a5a4305dcf6e004679f42 d1ef7a2266b025ada5be7a1517add44f39c97e98c407494be589cc28c7c4f5eb 8f2e2237a1614bb7ddc08dd216757245bfd239965dd691881322506a9fbc58e7 df7f37a1d04a09ab351470343009f4ef9eaf54b135d966c4c0e903b676c2dcb5 94d70cb4d9c1dbc2c4ef2015dc97f0a36e3c885c22c9a91877a788f916ec96ad ba87ba6eba9e75151efa93bb4b072090c6b136b1a5a42d8dbaeeb93bf218322b 8e1374e5d47f2a9d62a05b98566ac408c9cd0a2cf6d7e491cd1580865186fa05 b88c1d8f45dc102918923b855342d82eeceb327e02ac783b6c8280c664b75c10

Open Ports Detected

2052 2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22