104.18.29.199 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.29.199 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 27/100

Host and Network Information

• Tags: allow, android, application, assistant, atlas, azureadmyorg, channelsurfcli, connector, designer, desktop, dynamics, enterprise, explorer, false, file transfer, front, game, hidden, live, magnus, meister, microsoft azure, microsoft crm, microsoft power, microsoft teams, mtd1, office, premium, service, sharepoint, spark, test, tools, true, verify, visible, write, youth

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, United States of America
• Passive DNS Results: sdk-api-proxy.postscript.io sdk-api-proxy.postscript.io.cdn.cloudflare.net corysummers.mbhchandler.ckdev.cloud corysummers.shipping.ckdev.cloud corysummers.automation.ckdev.cloud corysummers.authnet.ckdev.cloud corysummers.paypal.ckdev.cloud corysummers.www.ckdev.cloud timeout.www.ckdev.cloud timeout.mbhportland.ckdev.cloud brett.paypal.ckdev.cloud brett.public.ckdev.cloud mary.mbhportland.ckdev.cloud mary.mbhchandler.ckdev.cloud mary.static.ckdev.cloud brett.commerce.ckdev.cloud brett.authnet.ckdev.cloud devtest.mbhchandler.ckdev.cloud devtest.authnet.ckdev.cloud wain.allure.ckdev.cloud wain.static.ckdev.cloud wt.test-aws-worried-tuna-9031.auth0c.com edge.tenants.test-aws-worried-tuna-9031.auth0c.com cwknight.salestax.ckdev.cloud csummers.public.ckdev.cloud csummers.paypal.ckdev.cloud csummers.salestax.ckdev.cloud wain.mbhbellevue.ckdev.cloud wain.paypal.ckdev.cloud coredns.api.ckdev.cloud coryrules.www.ckdev.cloud crying.allure.ckdev.cloud hotfixday.commerce.ckdev.cloud hotfixday.mbhchandler.ckdev.cloud hotfixday.accounts.ckdev.cloud hotfixday.mbhseattle.ckdev.cloud hotfixday.salestax.ckdev.cloud business-ai-club.com crying.mbhseattle.ckdev.cloud pricing.authnet.ckdev.cloud master.allure.ckdev.cloud master.public.ckdev.cloud mary2.console.ckdev.cloud mary2.public.ckdev.cloud sdk-webserver-dev.postscript.io qa-gb-zxf-fbmvp-23538-staticassetsworker.az.ssdgws.co.uk mary.automation.ckdev.cloud mary.api.ckdev.cloud mary.mbhbellevue.ckdev.cloud mary.www.ckdev.cloud rwjtrauma.com rh-fc2.paypal.ckdev.cloud rh-fc2.shipping.ckdev.cloud rh-fc2.console.ckdev.cloud release2.accounts.ckdev.cloud release2.commerce.ckdev.cloud release2.mbhportland.ckdev.cloud hotfixtesting.mbhseattle.ckdev.cloud newbrettbrett.shipping.ckdev.cloud premierelevatorservices.com newbrettbrett.commerce.ckdev.cloud newbrettbrett.console.ckdev.cloud coryrules.static.ckdev.cloud s2s.mbhchandler.ckdev.cloud s2s.console.ckdev.cloud topsecretcorywebsite.shipping.ckdev.cloud topsecretcorywebsite.mbhseattle.ckdev.cloud topsecretcorywebsite.accounts.ckdev.cloud topsecretcorywebsite.authnet.ckdev.cloud www.syngenta-treecare.com new2brettbrettv2.static.ckdev.cloud new2brettbrettv2.automation.ckdev.cloud new2brettbrettv2.public.ckdev.cloud mary4.authnet.ckdev.cloud mary4.salestax.ckdev.cloud mary4.mbhchandler.ckdev.cloud fuu1t.com chandler-s2s.accounts.ckdev.cloud newnewbrettbrett.mbhportland.ckdev.cloud canada-hotfix.api.ckdev.cloud canada-hotfix.mbhseattle.ckdev.cloud pokemon.public.ckdev.cloud pokemon.www.ckdev.cloud pokemon.paypal.ckdev.cloud redeye.paypal.ckdev.cloud sdk-webhook-prod.postscript.io 3117c.cc dev-api.postscript.io www.columvi-hcp.com www.chemicalprocessing.com sdk2.postscript.io sdk-webhook-dev.postscript.io api.postscript.io dev.jjhccpinfo.com removefair.top login.intelliconnect.stg.cch.com.cdn.cloudflare.net www.mendovoz.com test-sdk-api.postscript.io sdk-api.postscript.io sdk-api.postscript.io.cdn.cloudflare.net mendovoz.com sdk.postscript.io sdk.postscript.io.cdn.cloudflare.net www.thinggrill.top thinggrill.top internal-api.postscript.io a.postscript.io api.postscript.io.cdn.cloudflare.net ceph.cloudflareworkersscripts.com winter-develop-pan.com jcsmanagementapp.com desktop.gov.au www.chemicalprocessing.com.cdn.cloudflare.net 523001.com vichy.ca www.coinex.land learnwithscotts.ca www.seesantv.com seesantv.com coinex.land barcodegiant.com www.nasenpolypen.at www.educationalleadershipdegree.com educationalleadershipdegree.com www.craincurrency.com load-runner.cazoo.com ml-experiments.cazoo.com qa-au-m2q-fbmvp-12518-manage8envconfig.az.ssdgws.co.uk www2.instabond.com www.instabond.com instabond.com cazoo.com www.elwfitness.com s3-prod.craincurrency.com kp-tot-prep.immeo.net v-valleytest.com howtospeedupmagento.com autobedrijf-vdheuvel.nl medvyn-gromada.gov.ua alt.medvyn-gromada.gov.ua www.medvyn-gromada.gov.ua www.barcodegiant.com legacy.utilimaster.com mcp.utilimaster.com amparts.utilimaster.com chat.meeteapp.com venus-h5.meeteapp.com h5.meeteapp.com cf.stage.vaas.n-l2.salesforce.com fritolaynam.utilimaster.com activity1.meeteapp.com activity.meeteapp.com int.detpak.cn www.skrivarakademin.se www.innomarket-consultancy.net innomarket-consultancy.net www.meeteapp.com cintas.utilimaster.com resource-venus.meeteapp.com cbsxpuat-cd-ch.carlsberggroup.com themechanicnm.com uspspbtb.utilimaster.com candpost.utilimaster.com fedexupd.utilimaster.com purolatorc.utilimaster.com www.utilimaster.com utilimaster.com catalog.utilimaster.com enterpriseregistration.utilimaster.com ofuturoaprendeconsigo.pt tacollect.meeteapp.com aws-test-4.auth0c.com edge.tenants.aws-test-4.auth0c.com www.spirovent.be bostongameon.com bingo26.com parts.utilimaster.com twby88.com gamezonebet.com c68emailapi.c68uat.com c68dcoffice.c68uat.com c68smsoffice.c68uat.com c68gioffice.c68uat.com c68uat.com c68cs.c68uat.com c68tmoffice.c68uat.com c68agentoffice.c68uat.com c68gi.c68uat.com c68gwoffice.c68uat.com gzone88.com c66agentoffice-l.xinba66.com uatc66agentoffice-l.xinba66.com uatc66agent-ext-l.xinba66.com c66tmoffice-l.xinba66.com uatc66tmoffice-l.xinba66.com c66agent-ext-l.xinba66.com c66smsapi-l.xinba66.com uatc66giext-l.gic66.com c66email-l.xinba66.com bgm-admin-l.c66uat.com bgm-l.c66uat.com sports-pxo-l.c66uat.com m-portal-l.c66uat.com m-l.c66uat.com admin-l.c66uat.com www-l.c66uat.com agent.gamezone.ph cdn.tynt.com www.comirnatyeducation.be stormgain-go.com ufpindustrial.info www.portal.classmate.guru www.app.classmate.guru www.classmate.guru www.angrybuilding.com angrybuilding.com app.classmate.guru portal.classmate.guru api.classmate.guru meet.classmate.guru sc.tynt.com.cdn.cloudflare.net tcr.tynt.com.cdn.cloudflare.net cdn.tynt.com.cdn.cloudflare.net www-new.gsport.ph admin-new.gsport.ph admin.gsport.ph m.gsport.ph www.gsport.ph cwoffice-e.cwc66.com cwapi-e.cwc66.com c66gioffice-e.gic66.com c66giext-e.gic66.com c66smsoffice-e.xinba66.com c66smsapi-e.xinba66.com c66email-e.xinba66.com c66dcoffice-e.xinba66.com c66cs-e.xinba66.com ab888ab.com uatcwapi.cwc66.com xinba68.com dddtest.gamezone88.net uatc66smsoffice-l.xinba66.com c66gwoffice-l.xinba66.com c66cs-l.xinba66.com c66gioffice-l.gic66.com c66dcoffice-l.xinba66.com c66smsoffice-l.xinba66.com uatc66gwoffice-l.xinba66.com uatc66gioffice-l.gic66.com uatc66cs-l.xinba66.com uatc66dcoffice-l.xinba66.com c66giext-l.gic66.com uatcwapiext-l.cwc66.com cwapiext-l.cwc66.com cwoffice-l.cwc66.com cwapi-l.cwc66.com uatoffice-l.cwc66.com c66uat.com 88game.fun www.mapi.adiglobal.com cwc66.com prep.detpak.cn prod.detpak.cn www.detpak.cn prd-comm.sja.org.uk tst-comm.sja.org.uk www.aussie-opinions.com tgxi66.com www.carperwealthmanagement.com flutterbyebabies.co.uk momentummom.co.za www.momentummom.co.za www.pchkorea.com gamezone.ph tgopsls.club tgopsls.xyz appgwapi.c66cfhttps.com gwapi.tgopsls.online gwapi.tgopsls.club gwapi.tgopsls.xyz gic66.com aussie-opinions.com bcs.qa.wiley.com gsport88.net ab88ab.net gsport88.ph gsport.ph xinba66.com gamezone88.net admin.tgxi66.com admin.tgxi66.net cwapi.cwc66.com cwoffice.cwc66.com www.weareimps.com mmicecreamparty.com m-idgreen.ideal.dbs.com comirnatyeducation.be ade-cms.sja.org.uk www.comirnatyeducation.be.cdn.cloudflare.net zulabet.de ade-comm.sja.org.uk.cdn.cloudflare.net prod.detpak.cn.cdn.cloudflare.net int.detpak.cn.cdn.cloudflare.net stg-comm.sja.org.uk.cdn.cloudflare.net vidaxl.sg www.detpak.cn.cdn.cloudflare.net 1664hu.com www.pchkorea.com.cdn.cloudflare.net hepsibahis105.com www.hepsibahis105.com pchkorea.com www.weareimps.com.cdn.cloudflare.net www.carperwealthmanagement.com.cdn.cloudflare.net

Malware Detected on Host

Count: 1 7e42b478e11e1f3702674ed6985319417ad57d5d2dbfeefbeecf991eafb0d718

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22