104.18.31.49 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.31.49 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1011 - Exfiltration Over Other Network Medium, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1056.001 - Keylogging, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1114 - Email Collection, T1119 - Automated Collection, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1583.002 - DNS Server, TA0011 - Command and Control

• Tags: accept, accessibility, agent, agenttesla, alexa, alexa top, algorithm, all scoreblue, amazonaes, amber a, and vids, any quality, any quality videos, any source, apple, apple ios, april, artemis, as47846, ascii text, attack, attempts, august, available now, azorult, bank, bitrat, blacklist https, body, botnet, brashears, brian sabey, browser, chaos, china telecom, cisco umbrella, class, click, cloud, cloudflarenet, cobalt strike, Cobalt Strike, code, collection, college guy, community https, contacted, contacted circa 10.23.2023-, contact phone, copy, core, crack, critical, critical risk, crlf line, custom and, custom malware, cybercrime, cyber threat, dapato, dark, dark power, date, delete c, delphi, description, detection list, detplock, diamond, dnspionage, dns replication, dnssec, domain status, downer, downldr, download, downloader, dynamicloader, emotet, encrypt, endpoints all, error, export, facebook, fake news, feet pics, file, firehol, first, footer, form, formbook, fuck, fusioncore, general, generic, germany unknown, get her, github, google search, gootloader, grum, guard, hacktool, hallrender, heur, high, hours ago, hybrid, hyperv, identifier, ids detections, iframe, images, images news, info, injection, input, installer, intel, ip summary, issuer, jaik, javascript, july, june, kb acrotray, key algorithm, key identifier, kuaizip, less see, let me jerk, levelblue, light, links, local, localappdata, lockbit, lolkek, main, malicious, malicious site, maltiverse, malvertising, malware, malware site, maui ransomware, maya, mb iesettings, mb opera, media, medium, meta, metro, million, miner, mitre att, monitoring, ms windows, namecheap, namecheap inc, navegador, networm, next, no data, number, open threat, output, p2404, password, password bypass, path, pattern match, phish, phishing, phishing site, phishtank, physical threat, pics, please, please click, plugx, porn, pornhub subsidiary, power, premade, presenoker, qakbot, quasar, quasar rat, raccoon, ransom, ransomexx, ransomware, read c, registrar abuse, registrar url, registrar whois, relic, remcos, report spam, researched, riskware, root ca, runescape, safe site, samplepath, samuel tulach, script, search, sector, server, service, sha256, show, site, skip, sniffs, softcnapp, spam, span, ssl certificate, stealer, stream, strings, subject key, submitters, summary, summary iocs, swisyn, tag count, tape, target, team, telecom, templates, textarea, thebrotherssabey, threat roundup, title, tld count, tofsee, trickbot, trojan, trojanspy, trust, tsara, tsara brashears, tulach, tulach.cc, twitter, type name, union, united, unknown, unsafe, unsupported, url http, url https, urls, url summary, ursnif, usage, user, utc submissions, utf8, v3 serial, ver los, vidar, videos, videos maps, vids, view, vmprotect, watch, watch tsara, webtoolbar, whois record, whois whois, win32 dll, win32 exe, win64, windows, winnt, wiper, write, write c, x509v3 key, xxx video, xxx videos, yara detections, yara rule, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 10 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Croatia, Finland, France, Singapore, Spain, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: klibord.com www.displayoptoffers.com qa-au-vif-fbmvp-23630-fixes-for-integrat.az.ssdgws.co.uk www.libertycdc.org energiefairtrieb-academy.de ping.acmeaom.com bvfridays.org de-nl-f4v-hotfixsc-34648-hotfix-build-te.socrates.ssdgws.co.uk osfunds.net klefler.com abcdisposal.net www.clubmarine.com.au.cdn.cloudflare.net premierautomotiveservice.com extreme-icecream.com martbehindto.top acmeaom.com www.libertycdc.org.cdn.cloudflare.net 111brvpg.com ip.acmeaom.com authz.acmeaom.com www.yescartarems.com eclipses-content.acmeaom.com purchases-content.acmeaom.com installs-content.acmeaom.com cookies.stpd.cloud www.acmeaom.com radstat.acmeaom.com notif.acmeaom.com devices-content.acmeaom.com satellites-content.acmeaom.com yslbeautyth.com rapidreplay.io www.rapidreplay.io ls1196-proto.acmeaom.com fctesttest.acmeaom.com qa-es-xkj-apd-1782-keyvaultssmoketest.az.ssdgws.co.uk de-ie-87u-fixsc-10969-displaydescendingo.socrates.ssdgws.co.uk jnjconsumer.pt www.jnjconsumer.pt www.lungcancerprofiles.net qa-au-qxe-fbmvp-13109-updatespecsinfobox.az.ssdgws.co.uk shapes.acmeaom.com www.oabq.org lungcancerprofiles.net vzaiemodiia.org test-azure-slow-goldfish-6263.auth0c.com wt.test-azure-slow-goldfish-6263.auth0c.com edge.tenants.test-azure-slow-goldfish-6263.auth0c.com ls1022-demo.acmeaom.com marsphotos-content.acmeaom.com rog-test.acmeaom.com rog-test2.acmeaom.com nmr-map1.acmeaom.com sounds.acmeaom.com newsarticles.acmeaom.com sentinel-proxy.acmeaom.com casinonuevos.com www.casinonuevos.com routecast.acmeaom.com petfoodingredientsettlement.com test-aws-brainy-prawn-8709.auth0c.com wt.test-aws-brainy-prawn-8709.auth0c.com edge.tenants.test-aws-brainy-prawn-8709.auth0c.com docapi.decathlon.net konexial.radar.acmeaom.com wildfires-content.acmeaom.com wu.acmeaom.com etc-content.acmeaom.com poweroutages-content.acmeaom.com histradar.acmeaom.com newsarticles-content.acmeaom.com platebounds.acmeaom.com tags.acmeaom.com fronts-content.acmeaom.com pics2.acmeaom.com ls1095-proto.acmeaom.com obs.acmeaom.com livestreams-content.acmeaom.com cig3.acmeaom.com hotspots.acmeaom.com video-portal-assets.acmeaom.com smoke.acmeaom.com photos.acmeaom.com outlooks.acmeaom.com windspeeds-content.acmeaom.com marsphotos.acmeaom.com cyclones-content.acmeaom.com pics.acmeaom.com frostcontrol.radar.acmeaom.com legacyradar.acmeaom.com privacy.acmeaom.com quakes-content.acmeaom.com realearth.acmeaom.com nmr-map4.acmeaom.com sattiles.acmeaom.com cig.acmeaom.com myradarmarsassets-cdn.acmeaom.com forecast.acmeaom.com video-portal-cdn.acmeaom.com jobs.acmeaom.com platebounds-content.acmeaom.com lightning-content.acmeaom.com streamers-cdn.acmeaom.com echotops.acmeaom.com mrs-assets.acmeaom.com fronts.acmeaom.com lightning.acmeaom.com phototiles.acmeaom.com nowcast.acmeaom.com map.acmeaom.com swaggerdocs.acmeaom.com map2.acmeaom.com videos-content.acmeaom.com nmr-map2.acmeaom.com videos.acmeaom.com routes.acmeaom.com hdradcache.acmeaom.com quakes.acmeaom.com fctest.acmeaom.com purchase-receipts.acmeaom.com cyclones.acmeaom.com totaltraffic.radar.acmeaom.com cycloneshistoric.acmeaom.com raincenters.acmeaom.com satellites.acmeaom.com climatology-content.acmeaom.com aqi.acmeaom.com sattiles-content.acmeaom.com accounts.acmeaom.com nwsnoaa.acmeaom.com ncepnoaa.acmeaom.com stormcenters.acmeaom.com myradar.acmeaom.com subscriptions-content.acmeaom.com etc.acmeaom.com c-partner-test.acmeaom.com forecast-myradardev.acmeaom.com observations.acmeaom.com smoke-content.acmeaom.com sattilerproto.acmeaom.com privacy-content.acmeaom.com wildfires.acmeaom.com outlooks-content.acmeaom.com billing-receipts.acmeaom.com logs.cfsampler.acmeaom.com myradar-readonly.acmeaom.com pusher.acmeaom.com nmr-map5.acmeaom.com geocode.acmeaom.com futureradar.acmeaom.com climatestripe.acmeaom.com sdradcache.acmeaom.com livestreams.acmeaom.com cycloneshistoric-content.acmeaom.com roadforecast.acmeaom.com satsrv.acmeaom.com staticradar.acmeaom.com severestudios.acmeaom.com poweroutages.acmeaom.com registration-content.acmeaom.com airspace-cdn.acmeaom.com hotspots-content.acmeaom.com assets.acmeaom.com tws.acmeaom.com csdk-ingest.acmeaom.com nmr-map3.acmeaom.com wwc.acmeaom.com cfsampler.acmeaom.com c360apps.net www.netafim.uk elvisautoservicemi.com react-video-browser.acmeaom.com test-aws-polite-bluejay-6239.auth0c.com www.dailyjumbleanswer.com qa-nl-4ae-refactordsi-2209-reorgfbmanife.az.ssdgws.co.uk radar.acmeaom.com myvehiclesitebeta.com ecose-liebe.de qa-ca-rtw-apd-334-specsaversguest.az.ssdgws.co.uk dailyjumbleanswer.com id-dev.tv2.no www.transunion.mx qa-nz-xkg-fixfbmvp-10325-datadog-tags2.az.ssdgws.co.uk qa-gb-o7l-testfbmvp-9745-recapcopy.az.ssdgws.co.uk developer.taptap.com stpd.cloud inte7.thehaematologyinstitute.ie prod7.thehaematologyinstitute.ie garagekooiker.nl coinbaba.pw dspratama.co.id tat-h092jdbsx7nsceck-px37-v1.tat.msh-cdap-tat.com test-aws-basic-tier.auth0c.com edge.tenants.test-aws-basic-tier.auth0c.com wt.test-aws-basic-tier.auth0c.com www.luckydreams4.com sharelaar.site lamanautos.nl www.provimichina.com.cn re-perf.wileyplus.com advisordirectedtrust.com www.farmasiet.no.cdn.cloudflare.net plumdesignservices.com tat-fvspwxf3gvxmdabh-px69-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px70-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px7-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px67-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px68-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px64-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px60-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px65-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px6-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px63-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px59-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px58-v1.tat.msh-cdap-tat.com tat-fvspwxf3gvxmdabh-px57-v1.tat.msh-cdap-tat.com tat-gb8vtdrezkvppb9q.tat.msh-cdap-tat.com tat-gb8vtdrezkvppb9q-px9-v1.tat.msh-cdap-tat.com tat-gb8vtdrezkvppb9q-px75-v1.tat.msh-cdap-tat.com tat-gb8vtdrezkvppb9q-px80-v1.tat.msh-cdap-tat.com tat-gb8vtdrezkvppb9q-px79-v1.tat.msh-cdap-tat.com tat-3v9tbt7ksvpnd4mc-px50-v1.tat.msh-cdap-tat.com tat-3v9tbt7ksvpnd4mc-px73-v1.tat.msh-cdap-tat.com tat-3v9tbt7ksvpnd4mc-px72-v1.tat.msh-cdap-tat.com www.brightonmanagementllc.com www.ayuntamientoimbert.gob.do sharepki-serverdev-us1.dexcomdev.com prod.dol.illuminatingabc.co.uk www.illuminatingabc.co.uk l.taptap.com.cdn.cloudflare.net edit.beyondcataracts.com.br tat-j5j3m4ajh6e34f6q-px22-v1.tat.msh-cdap-tat.com tat-hrk954g0c5aabgnb-px12-v0.tat.msh-cdap-tat.com www.taptap.com.cdn.cloudflare.net prep7.thehaematologyinstitute.ie dev7.thehaematologyinstitute.ie tat-gas6hwnwax3zshfv-px16-v1.tat.msh-cdap-tat.com tat-gas6hwnwax3zshfv-px5-v1.tat.msh-cdap-tat.com tat-gas6hwnwax3zshfv-px25-v1.tat.msh-cdap-tat.com www.beyondcataracts.com.br staging.msh-cdap-tat.com tat.msh-cdap-tat.com beyondcataracts.com.br ayuntamientoimbert.gob.do www.swegon.eu old.wowhead.com www.jarmo.xyz jarmo.xyz tbc.wowhead.com 104.18.31.49 illuminatingabc.co.uk www.lebara-prepaid.de fr.wowhead.com cn.wowhead.com ko.wowhead.com lebara-prepaid.de www.thehaematologyinstitute.ie.cdn.cloudflare.net edit.beyondcataracts.com.br.cdn.cloudflare.net sharepki-serverdev-us1.dexcomdev.com.cdn.cloudflare.net inte7.thehaematologyinstitute.ie.cdn.cloudflare.net dev7.thehaematologyinstitute.ie.cdn.cloudflare.net shadowlands.wowhead.com 3678ai.com freseniuskidney.care beta.farmasiet.no.cdn.cloudflare.net ru.wowhead.com ru.classic.wowhead.com int.farmasiet.no.cdn.cloudflare.net de.classic.wowhead.com ptr.wowhead.com wowhead.com diamondclubvip.com de.wowhead.com es.wowhead.com fr.classic.wowhead.com www.provimichina.com.cn.cdn.cloudflare.net www.wowhead.com pt.wowhead.com classic.wowhead.com 633ii.com rxsaver.retailmenot.com beyondcataracts.com.br.cdn.cloudflare.net www.beyondcataracts.com.br.cdn.cloudflare.net www.elden.com.cdn.cloudflare.net 316cf.com

Malware Detected on Host

Count: 4 01e3632e4c1059d36e4ac86f06c6634811fbda5b996613d508009fbd59f1bb35 eb84f044322092ea87624ad1846465dc9472c1183e52e6e6207429266aad4b1e 131dbd47bf0934e6ee55f384f063d25c98abae86adce048afd27aa6ff31d746b 07495894dc4520b5b8cbe70c02eb4000bf8239a25938bd5459ac379b0bf41f93

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22