104.18.40.100 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.100 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

• Mitre ATT&CK IDs: T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1553.002 - Code Signing, T1553 - Subvert Trust Controls, T1568.002 - Domain Generation Algorithms, T1568 - Dynamic Resolution, T1583.001 - Domains, T1583 - Acquire Infrastructure

• Tags: aaaa, active, active related, address, a domains, alexa, alexa top, all scoreblue, amber tags, android10, artemis, as15133 verizon, as20940, as209453, as209453 gandi, as2527 sony, as58061 scalaxy, ascii text, asn as58061, azorult, backdoor, bank, binder, bitdefender, blacklist, body, body length, certificate, cisco umbrella, click, cname, coalition, cobalt strike, collection, connection, contact, control server, cookie, creation date, cyber threat, date, detection list, dns resolutions, domain, download, dropper, emails, emotet, encrypt, engineering, entries, et tor, exit, expiration, facebook, filehashsha1, filehashsha256, files, final url, format, formbook, france unknown, germany unknown, glaxosmithkline, gmt content, gmt contenttype, group, headers date, heur, historical ssl, hostname, hostnames, http response, hybrid, iocs, ip address, ipv4, ireland unknown, june, kb body, known tor, lazarus created, leader, local, location chiba, loki, malicious, malicious site, malware, melbourne it, meta, million, minutes ago, misc attack, moved, next, node traffic, no expiration, open ports, passive dns, pattern match, phishing, pragma, pulse pulses, pulses hostname, pulse submit, record value, referrer, relayrouter, report spam, reverse dns, role title, rsa sha256, scan endpoints, search, serving ip, sha1, sha256, showing, site, starfield, status, status code, strings, susp, team, team phishing, threat research, tip oriented, type indicator, united, unknown, url analysis, url http, url https, urls, vt graph, web redirection, win32

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: fista.be hawk-stg.acuvuevision.jnj.co.jp lpi-ui.prod.darwin.wiley.host na-stage3.hele.digital hawk-api-stg.acuvuevision.jnj.co.jp hawk-admin-reg.acuvuevision.jnj.co.jp vcamessenger.vca.com www.hyva.nl perf-13.beta.ixcc-sandbox.avayacloud.com qa-nz-sci-apd-6659-highcallfailure.az.ssdgws.co.uk emea-stage4.hele.digital gatesmarkets.com gatesprograms.co.uk www.decathlon.it vluk-olint.civicarems.co.uk vluk-keycloak.civicarems.co.uk wcs.civicarems.co.uk jels-stg.acuvuevision.jnj.co.jp hawk-api-qa.acuvuevision.jnj.co.jp www.rcc-for-nurses.com lm2-systest.lantmannen.com aos-stg.acuvuevision.jnj.co.jp jels-dev.acuvuevision.jnj.co.jp civicarems.co.uk staging.adm.com carg01appn3f72prep-slot.dxcloud.episerver.net stg2.phased-launch-testing.com carrier-refrigeration.com frieslandcampina.workmyway.com idvs-test-inprod.accenture.com 010339.com aaarvrentals.com inte.kalmarottawa.com www.getmenbvaccinated.com www.innovation.caltech.edu manager-devintegration.tess.no qa-dk-ulr-fbmvp-19811-nzteststoredata.az.ssdgws.co.uk qe.talent.darwin.wiley.host brand-incl.lantmannen.com tokyo-central.pbis-cf.instacart.com na-stage.hele.digital preprod.adm.com.cdn.cloudflare.net na-stage5.hele.digital talent.darwin.wiley.host digital.funko.com checkout-stage.funko.com www.adm.com digital-stage.funko.com workmyway.com test1.nonprod.darwin.wiley.host emea.hele.digital mcloud-emea.hele.digital innovation.caltech.edu innovation.caltech.edu.cdn.cloudflare.net apuestagana.mx identitetsmanual.lantmannen.com.cdn.cloudflare.net www.adm.com.cdn.cloudflare.net checkout.funko.com funko.com www.lantmannen.com.cdn.cloudflare.net www.decathlon.it.cdn.cloudflare.net h365.site 88sanook.com dashboard.spoton.com.cdn.cloudflare.net fallback-origin.spoton.com dli-test.spoton.com norgips.cz restaurantreports-qa2.spoton.com qa-fis-webhook-receiver.spoton.com fis-webhook-receiver.spoton.com appointments.spoton.com fs-websites.cdn.spoton.com spoton-prod-omnichannel-tenant-assets-pub.cdn.spoton.com spoton-staging-omnichannel-tenant-assets-pub.cdn.spoton.com websites-user-assets.cdn.spoton.com payments.spoton.com payments-staging.spoton.com websites-static.cdn.spoton.com restaurant-integrations-gateway-staging.spoton.com support.enclouden.com restaurant-integrations-gateway-prod.spoton.com gwlb-ue1-dev.aml.moodys.com olo-api.spoton.com restaurantreports-ea.spoton.com order.spoton.com.cdn.cloudflare.net qa-deals.spoton.com intaractv.jcom-client-if.jp myjapp.jcom-client-if.jp bastion.jcom-client-if.jp jbozu.jcom-client-if.jp mobile-support.jcom-client-if.jp microservice.jcom-client-if.jp pvif-microservice.jcom-client-if.jp selfinstall.jcom-client-if.jp sp-microservice.jcom-client-if.jp gab.gov.ph landing.spoton.com uat.aml.moodys.com aml.moodys.com qa.aml.moodys.com dev.aml.moodys.com uat-www.ocrcvm.ca selfinstall-dev.jcom-client-if.jp intaractv-dev.jcom-client-if.jp pvif-microservice-dev.jcom-client-if.jp mobile-support-dev.jcom-client-if.jp bastion-dev.jcom-client-if.jp stb-staging.astro.com.my www.wincofoods.com.cdn.cloudflare.net bespokesexualwellness.com fmsdev.dev.lbl.gov capital-bff.spoton.com qa-capital-bff.spoton.com www.fraudinvestigationjobs.co.uk fraudinvestigationjobs.co.uk auth.cdbaby.com members.cdbaby.com cdbaby.com qa-customers-web.spoton.com feedback.spoton.com qa-payroll-bff.spoton.com qa-customers-bff.spoton.com payroll-bff.spoton.com customers-bff.spoton.com restaurantreports.spoton.com.cdn.cloudflare.net qa-feedback.spoton.com market-street-pizza.website.spoton.com restaurantpos-load.spoton.com egiftcards.spoton.com www.securitasargentina.com roche.com.pe tracking.spoton.com qa-tracking.spoton.com qa-omnichannel-gateway.spoton.com egiftcards.spoton.com.cdn.cloudflare.net ord-api.spoton.com api.spoton.com users.spoton.com blog.spoton.com swag.spoton.com www.swag.spoton.com qa-omnichannel.spoton.com hub.spoton.com staging-thespot.spoton.com restaurantpos-staging.spoton.com klarna-service.spoton.com www.twitchalerts.com optout.spoton.com qa-optout.spoton.com www-prep.securitasargentina.com api-omnichannel.spoton.com new-optout.spoton.com qa-new-optout.spoton.com studiomahindra.com restaurantreports-qa.spoton.com qa-hub.spoton.com apply.spoton.com qa-apply.spoton.com order-api.spoton.com catcher.spoton.com qa-new-hub.spoton.com new-hub.spoton.com owa2.wincofoods.com qa-api-omnichannel.spoton.com new-dashboard.spoton.com new-thespot.spoton.com qa-new-thespot.spoton.com darkandlovely.com qa-thespot.spoton.com thespot.spoton.com lasmasgrandes.com qa-egiftcards.spoton.com qa-klarna-service.spoton.com gain.community example-django-app.spoton.com betmtv888.com qa-catcher.spoton.com common-dev.jcom-client-if.jp envirodm.org qa-terminal-bff.spoton.com olo.spoton.com ord.spoton.com qa-example-django-app.spoton.com mobilesupportapi-devsec.jcom-client-if.jp bastion-dev2.jcom-client-if.jp bastion-devsec.jcom-client-if.jp intaractv-api-dev-4.jcom-client-if.jp bastion-dev1.jcom-client-if.jp intaractv-api-support-dev-error.jcom-client-if.jp jbozuapi-devsec.jcom-client-if.jp mobilesupportapi-dev.jcom-client-if.jp intaractv-api-dev-2.jcom-client-if.jp intaractv-api-dev.jcom-client-if.jp intaractv-api-dev-3.jcom-client-if.jp intaractv-api-devsec.jcom-client-if.jp intaractv-api-support-devsec.jcom-client-if.jp jbozuapi-dev.jcom-client-if.jp intaractv-api-devsec-west.jcom-client-if.jp intaractv-api-support-pdev.jcom-client-if.jp intaractv-api-devsec2.jcom-client-if.jp intaractv-api-dev-error.jcom-client-if.jp intaractv-api-support-dev.jcom-client-if.jp order.spoton.com receipts.spoton.com qa-receipts.spoton.com www.roche.se wallet-api.spoton.com qa-wallet-api.spoton.com qa-login.spoton.com login.spoton.com www.wincofoods.com qa-dashboard.spoton.com hotspot.spoton.com staging-hotspot.spoton.com qa-marketing.spoton.com qa-theseus.spoton.com restaurantreporttest.spoton.com dev-website.spoton.com qa-website.spoton.com website.spoton.com restaurantreports-demo.spoton.com dev-mobile.spoton.com mobile.spoton.com uat-web.wincofoods.com tablet.spoton.com qa-mobile.spoton.com dev-tablet.spoton.com qa-tablet.spoton.com wincofoods.com qa-ord-api.spoton.com qa-olo-api.spoton.com qa-order-api.spoton.com qa-order.spoton.com omnichannel.spoton.com restaurantreports.spoton.com theseus.spoton.com terminal-bff.spoton.com stg-web.wincofoods.com dev-salons.spoton.com salons.spoton.com demo-appointments.spoton.com book.spoton.com qa2-salons.spoton.com qa-salons.spoton.com qa-appointments.spoton.com m.wincofoods.com orange.secondary.cf website.spoton.com.cdn.cloudflare.net dashboard.spoton.com qa-olo.spoton.com qa-ord.spoton.com fenwal.com golfanlagen.eu distamed.ma www.napraticacursos.com dparanfor.tk gallerimono.se ceisloutapigve.tk quinofu.gq amparimar.cf tdirectrav.tk great-electric.ir bypfkapxk.tk newerasolutions-supplements.com handleinstantfascinator.online bestllcservice.org paudlintak.ml blacksnakeoil.com stalarornyran.tk syschenlimi.tk lepongang.tk cpcontacts.clan-uei.es www.clan-uei.es cpcalendars.clan-uei.es bacurresshou.ga cpcontacts.concierge-ioannina.gr cpcalendars.concierge-ioannina.gr tecalexbcullai.ml leocanvirrter.tk synpiapinloorobers.tk keyzaisuppdoct.tk polguethatsozo.ml oliviarua.com.br prineresdutne.tk tulehope.sg24.top peeltocaptscurlunri.ga privatexvideo.com www.djstritip.com.cdn.cloudflare.net djstritip.com suppdowblingteredla.tk firowto.tk staging.safeplace.io siddladatabo.ml ruclirealtimo.tk reifootzokeca.tk pghoodystyles.shop prevsandpastidisi.tk www.thegioikhachsan.bid unencha.tk whats-server4.club monbofesgillde.tk ovanmala.tk www.apartment-bresidencegrogol.com fqz7.club centerpvp.tech thecryptocrowd.co esoocefilinel.ga airportforum-nrn.de toutptsarlipve.tk zifveborja.tk queaprovinzesynbest.tk othmhj.top bojojewels.com oldoviba.ml lkouros.com centrawall.com sg24.top unonsnubozinchrom.tk sdxidxavo.tk pergnewsvorcetica.tk utegexno.ml diecanroodinock.ml rightpixel.in www.rightpixel.in.cdn.cloudflare.net zonavrcolombia.co softsee.xyz www.sap9v.shop.cdn.cloudflare.net taftisd.us masliczwo.tk vernzoramtemehrworth.cf maraj.paradoxstudiostt.com winte.cf plicistsakin.tk vujumefyqi.tk buffalovia.ga guyenaso.xyz atypicalworkplace.co oriole.com bakery.fund orin.paradoxstudiostt.com icyfawihyf.tk nannmavanasibmu.tk bandlighsoundfilrambchron.tk tenmiendulich.com esalanguifracte.cf ifecdedistige.ml yournewhorizon.co.uk dermaglowcs.com kingprotection.co.uk riversidesolarcompany.com poizanarikelgta.ml kunden.network www.umbrellacorp.life umbrellacorp.life lamenessote.tk diazapanfhelptes.ml posgicoultgambsap.tk lowincomeapartmentsus.com transcriptor.net www.networkstore.net coacetcovansyca.tk snareskin.win comluwiseamsjunes.tk funknocabathrans.tk mangadb.info fanyvp.casa buycash.online bc.bungalow.dk lhstaging.paradoxstudiostt.com www.usaretailgoodsstore.com user.kolkatadreams.com claim.foundmoneyguide.com softswindediduf.tk trodabcirtavinan.ga blobundutuso.tk hovere-rell.buzz gainappealingglisten.cyou flamingosupports.com lp.napraticacursos.com www.lp.napraticacursos.com www.wmucho.com wmucho.com steemcoommunty.xyz polscymuzycy.pl einhorn-held.de hjwbw.co cpcalendars.xarth.co.uk cpcontacts.xarth.co.uk www.xarth.co.uk www.cash688.com.tw f0jttmfi6s.ga thermeral.cyou forrahalflecabmae.tk freecexremantitas.tk nova.paradoxstudiostt.com hdcafe.paradoxstudiostt.com checkmiboggdeminsci.tk gawabatisara.ga moodrepair.com prerapblogrounree.tk highqualitymusic.club jx.letaoshijie.com rivacitalag.tk ethwilceconhard.tk abacacehma.tk myose-nshea.buzz ungravinasbleak.tk nighticdodare.ga www.jasperwayinn.com exophase.net bjirjt94jk4e9.com theebaddestbby.com xarth.co.uk coupe2018.ie unlocomrochucog.gq sahelistatus.com blackhatcracking.ga www.coupons-sale.tk coupons-sale.tk vigileqxk.xyz vitalgreenhemp.com www.pscars.be bydx599.top app.simplykristinaleigh.com ekstra-portal.online flashfileadda.com cpcalendars.loopyboiadventures.net cpcontacts.loopyboiadventures.net www.loopyboiadventures.net lanthlelohare.ga lib.torhelge.no www.torhelge.no reamermentwordforklis.ml pozlelecardpool.ml stifdercpomeva.tk baddhaspercspywel.tk biorujenvemipen.tk movie.letaoshijie.com mmdtnhgacbei.gq coach.mazbootapp.com www.mazbootapp.com doctor.mazbootapp.com mazbootapp.com img.mazbootapp.com apix.mazbootapp.com db.mazbootapp.com api.mazbootapp.com back.mazbootapp.com ckjx.letaoshijie.com www.mtngloryfestival.com.cdn.cloudflare.net gyqizaherixyt.cf presarirlabtale.tk legadelicepja.tk fisubtamerguai.tk m2liberte.com tranamructihabro.cf broker-info.org napraticacursos.com anarliobollo.gq icunosisaxowu.cf ewrt.best learn.paradoxstudiostt.com csy2011.gq inelopsunro.tk shirtnew.store opurterchebira.tk roelaletama.tk compjucal.tk advertisingcampaign.site brocucnacarle.tk wishesfor.com gujrattradingcorporation.com childhedtusocom.ml natepegosetepy.pw uvzj.us smittaconnibu.cf easyyshops.xyz peacearise.com quetranrealohard.ml tedneconscappa.tk kayakguidance.com canfiharviki.ga screwve.gq cyberdailymail.com ohykazobax.tk stupaphsiavilne.tk britishamericanindianrestaurant.com.au mixgame690.site exsintaiclog.ga kenbankwind.ml touchbzannovi.tk planabpalandlarg.ga marketin247.com nindomazu.ga tjbtyy.com renciaca.gq kmtnqvb.cn ejrofitconsquar.cf www.bonushunt.eu goods-yel.club

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20