104.18.40.148 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.148 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1055 - Process Injection, T1056.001 - Keylogging, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1112 - Modify Registry, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1179 - Hooking, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1583.005 - Botnet

• Tags: 114.114.114.114, accept, acint, adaptivebee, adload, adult content, adware, agent, agenttesla, alexa, alexa top, appdata, apple, apple ios, artemis, ascii text, attack, attacker, attorney, august, azorult, back, bandoo, bank, banker, banking, behav, benjamin, binder, blackievirus.com, blacklist, blacklist http, bladabindi, boost mobile, br, bradesco, brian sabey, brontok, C2, chase personal, child pornographer, china cobalt, cisco umbrella, ck id, ck matrix, class, cleaner, click, CNC, cnc feodo, cnc server, cobalt strike, colorado, conduit, contacted, contacted urls, control server, copy, core, covid19, covid19 scam, crack, critical, cutwail, cybercrime, cyber harassment, cyberstalking, cyber threat, daisy, daisy coleman, date, death threats, defacement, detection list, detplock, dev, developer, domains, downer, downldr, download, download csv, downloader, download json, dropper, elf collection, emotet, engineering, error, execution, exploit, facebook, fakealert, falcon sandbox, fareit, file, filetour, floxif, formbook, fraud service, fusioncore, general, generator, generic, generic malware, genkryptik, ghost rat, gopher, hackers, hacktool, hallrender, hall render denver, heodo, heur, historical ssl, hostname, hostnames, hsbc, http header, hybrid, iframe, indicator, injector, inmortal, installcore, installer, installpack, iobit, ip address, iphone unlocker, ip summary, javascript, jfif standard, jpeg image, json sample, keygen, keylogger, kgs0, kls0, kyriazhs1975, law, local, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware host, malware hosting, malware site, mark brian sabey, matsnu, mediamagnet, meterpreter, metro t-mobile, mile high media, million, miner, mirai, missouri, mitre att, monitoring, msil, name verdict, nanocore, nanocore rat, networm, nircmd, njrat, noname057, nymaim, occamy, open, opencandy, orkut, outbreak, patcher, path, pattern match, paypal, phishing, phishing chase, phishing google, phishing site, phishtank, please, pony, presenoker, probe, psexec, radar ineractive, ramnit, ransomware, redline, redline stealer, referrer, remcos, replacement, riskware, rms, runescape, runtime process, sabey, sabey data centers, safebae, safebae.org, safe site, sality, sample, samples, script, secrisk, service, services, sha1, sha256, shell, show, show technique, simda, site, smokeloader, sneaky server, soc http, soc https, social engineering, spammer, span, spyware, squirrelwaffle, ssl certificate, stalker, startpage, stealer, steam route, strike, strings, summary, suppobox, swrort, systweak, tcp traffic, team, team phishing, telefonica, telefonica co, threat report, threat roundup, threats et, tiggre, t-mobile, tool, tracker, tracker malware, trojan, trojanspy, trojanx, TrojanX, tsara brashears, tulach, tulach.cc, unauthorized, united, unknown, unruy, unsafe, urls, url summary, vidar, virut, wacatac, webshell, webtoolbar, whois record, whois sslcert, whois whois, win64, windows nt, xtrat, yixun, zbot, zpevdo

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_fsa

• Country:
• Network:
• Noticed: 13 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Japan, United States of America
• Passive DNS Results: www.kappahl.se.cdn.cloudflare.net www.seekbusiness.com.au.cdn.cloudflare.net feature-devops-55-7ugoac.kc-dev.hc-dev.co.uk www.allianz-assistance.sk www.intertek.no feature-gt-941-te-oxhekr.kc-dev.hc-dev.co.uk feature-gt-941-85akxe.kc-dev.hc-dev.co.uk www.pmpoland.eu feature-remove-en-qws7yy.kc-dev.hc-dev.co.uk feature-gt-959-fi-dzq4dn.kc-dev.hc-dev.co.uk qa-fi-jy4-fixapd-5006-explicitseturloutp.az.ssdgws.co.uk www.cool-by-carrier.eu qa-ie-ch2-fbmvp-22949-appointmenttypeove.az.ssdgws.co.uk cool-by-carrier.eu 6468888.com eplanning-co.decathlon.net feature-gt-474-ve-7g3tl5.kc-dev.hc-dev.co.uk babypneumococcalfacts.com jessem-test.security.us-west-2.dev.23andme.us mob-release.deliveryhero.net serviceplus.goodsam.com propakphilippines.com www.propakphilippines.com healthequity-dev.auth0.com edge.tenants.healthequity-dev.auth0.com wt.healthequity-dev.auth0.com edge.healthequity-dev.auth0.com teamchanneladmin.telus.com teamchanneladmin.telus.com.cdn.cloudflare.net www.peopleandplanetflooring.com blog-admin-se.deliveryhero.net vault-api.deliveryhero.net blog-admin-fi.deliveryhero.net blog-admin-no.deliveryhero.net mediaplus.no bookphone82.com exitpolls-stage.deliveryhero.net www.cookiepro.com deliveryhero.net perseus-productanalytics.deliveryhero.net stg-perseus-productanalytics.deliveryhero.net cookie-cdn.cookiepro.com privacyportal.cookiepro.com app.cookiepro.com cookiepro.com wordpress-cookiepro-dev.cookiepro.com drupal-cookiepro-dev.cookiepro.com wt.cjaffiliate-us-prod-1.auth0app.com edge.tenants.cjaffiliate-us-prod-1.auth0app.com clearbridgemail.com buriedtreasureguano.net cjaffiliate-us-prod-1.auth0app.com cloudflare-test.fs4.us descubrepremios.com abusedb.ts.cfdata.org www.fabletics.dk vrmgr.com www.tempstar.com pfizermedicalinformation.com.tn tempstar.com fabletics.dk www.newport-county.co.uk mobile.newport-county.co.uk heat0st.net 360petnutrition.com direthve.gq www.rajdowiec.eu newsdefarybckingde.tk ioecoh.com credbassempno.tk camosusaber.cf llanokaceslneh.tk parswafarsusspazo.tk www.thesuckingsaltchronicles.com tiko.jp www.mannyfornv.com mannyfornv.com poquanhenchfir.ga luxurycastlemill.com whacbazoodecal.tk hadopiferthuve.tk rouletteapp.website www.salamdiba.ml salamdiba.ml live-plus.net www.positivewellbeingskincreamshop.com softdilangresig.gq bomsado.tk detrcalti.gq perfectdomain.com seilpay.online niatairun.tk cufleevesitsga.tk avsacpedemnli.ml battsnooprogdofi.tk kzosbgchain.ml speedtopup24h.com stuberiser.tk saififtikempzi.tk ipvoiceservices.com conttougorpacegill.cf irunrec.ml lendsighfinlatabfact.ml quitumotfoo.tk misslinzmakeup.com esominekecuat.tk postalsolutions.co crazuhisel.tk www.grafika.app.cdn.cloudflare.net huibome.tk www.sustainable-tech.net www.anadolucasino.guru anadolucasino.guru sustainable-tech.net denila.net www.denila.net righsumpchingpresexsi.tk v1.punelygoo.ru smartersus.shop makeapp.dev vamyrepuki.cf joaorielmanuel.com.br exymujitysiv.tk cazubepunawo.ga camuzmani.com topbatenlicalmgoo.tk treeldespapete.tk beiturraveten.tk abrahemherb.com wijyxobamove.tk obbnapk.xyz www.moka-caffe.info moka-caffe.info steemcoommuntly.xyz finemeritgourmet.shop sheffa.net www.sheffa.net 368yc.com possessecstaticstrategist.cloud cpcontacts.psbt77.ltd ketohgw.ml bfabalhuc.xyz www.oudomsavanh.com firstreviews.site br145.de www.blackknight.es heusenmaforriajid.tk www.bollytrack.com bollytrack.com prorok-iliya.ru wfsnz.com abbepadita.tk diksrtaorsf.uk sunapeevacations.com furiousmonkey.site miledjum.com closbulpagarol.tk rajdowiec.eu cyber-az.org taukapecutechri.tk stats.ib868.com sex-piger.com ininoutsube.tk xbet-11q.xyz ascoconstructions.gr www.lysolnu.shop lysolnu.shop siesparucexop.tk scoopidmaidstone.co.uk lifindzalichi.tk unisharp.org reviewscodesmodel.tk s.webin.eu.org www.mobiliclean.com.cdn.cloudflare.net n953ply.com skinelbitewelcta.tk rlm8s4.com nakitbahis152.com lissara.tk wacetsogoodporan.tk svyatoy-graal.ru www.marveliy.com.cdn.cloudflare.net offers.creditraters.com securettypay-avitodostavka.ru tiorotorolcetea.tk vayterpfaformglycon.gq kinspolslilenas.cf shah88.tk www.shah88.tk marketonsale.shop palcoscoutinho.pt tiomemarcompbazdoo.tk mottotanoshiku.com dienmayz.com a.webin.eu.org positivelifelearnings.com trendreportwholesale.com vless.store ptpraxis-erbmann.de benbarneslandscapes.co.uk www.thesecretapp.net www.cienciageek.com.cdn.cloudflare.net cienciageek.com vvhnajq.cn webin.eu.org www.myeconeshop.com prettuatirarea.ml ressera.net introuvetlansidun.ml supertemplate.ru ventnsurinkapdierex.ga howdoirintdownhigg.ml tragsonhlirefurn.gq exasavabsa.tk hadaida.tk terpceleanamap.tk theonly.site www.theonly.site chelosvaisever.ml acypals.tech themerc.com.au www.themerc.com.au thesecretapp.net ronenterprises.in basiltesoftsump.gq midnightanarchy.ga newdewanwatches.com bedandbreakfastexplorer.co.uk www.bedandbreakfastexplorer.co.uk greatnesses.com www.nhadatpropertyx.com nhadatpropertyx.com tiaslapamoopacwis.ml cufasneecompoe.ga www.luxurygoody.com luxurygoody.com gessandbelectxcal.ga bornfitnesstarget.com edhiralastiorap.cf cent8.com jobtoyou-2020.digital gefionk.com evalutym.tk sysnirenelpo.ga esecmanquicritmigh.cf olylerog.tk thedisciples.co yydumotes.cf letsphotosynth.in escudownsh.website dev.mzb.company hybridfabric.co.th escomsicklit.ga hmyl70.com piqdkcqxdesign.online 333bbh.com medetarpostven.ml nacoftalstmonnis.ml dgmgo.ga ladyraro.tk chillies-menu.co.uk nocentdefbipe.tk kisspinighdibal.tk inovdifreada.ga smidradcwistemar.ml bharranmuloma.tk www.polisabiznes.pl ciablinidysdi.cf qzcjobooks.ga nilidycobbprogun.gq nomikanho.gq www.learnanet.com taipennleedamdo.cf cpcalendars.evolvesandsells.com cpcontacts.evolvesandsells.com www.evolvesandsells.com deisusshandmakiwill.ml ossibriogikurgand.gq 1800copiermachines.com quepeskebefi.gq rr207.com webpbilgatowal.ml preminutrocurr.tk jndyxx.com xiubujackles.tk desomentgi.tk www.sarkarikhabars.xyz videodownloaderfree.net 023616.icu pfy7vwar.icu evolvesandsells.com pearlhangmocimes.tk clarenro.gq inmila.ml holtufino.tk tersproden.ml comnapomas.ga tiotjobzichcorn.tk dodisvanas.tk ilbufasvembbus.ml vinopack.marketing www.pkmdb.nl pkmdb.nl sewebi.cn querihemouta.tk ferlest.eu rebopibupce.gq obesefault.tk infectanswer.tk pyakasrobog.tk exunterdyst.ga exk9yr4l8.xyz adyieyola.com tixukixivohe.gq porncoronavirus.com www.porncoronavirus.com eapksa.cn ixisynagoboxix.gq enbracopbulcio.cf iscetabdar.space owenygizexurem.ml confpasgote.tk fuescariclylo.cf ojoxopol.gq artihisbelous.cf linkinbio.co evahakizyl.ml huhihabyje.tk zowerymysy.ga amesattico.gq owenuzij.gq alyvypagybyc.ml conetphoutan.ga subswhistkachchco.tk malobufaki.tk feriedna.site melschixiruse.tk jaburufiqy.cf olopadoc.ml reyysuqawar.cf papenmokes.ml ruespecmovide.ga liicontcenthi.cf iferapyfolab.tk xobugybetydu.ga liagulua.at byzikihaniri.ml nicperson.com ytror.ml luthermindpresan.gq henobasuni.tk mcdhs.cn ubexmengeci.gq foconcvladamgoog.ga vamemouffhabsmysla.tk belayalenta.com barbjones.net yunhyeonju.tk logsarebottdrag.cf hotelkailash.in wurogiwu.tk maintenance-entretien-smart.fr xn–wy2bo7b65i.com myeconeshop.com wap.dragon4dp.info www.dragon4dp.info cmcmortgageportal.com leslieid.xyz oudomsavanh.com freeebooksh8hzk7e.tk tackfomsanfspanun.tk www.meansdatabase.com www.ph-toptrends.club ph-toptrends.club punelygoo.ru thesuckingsaltchronicles.com preegenital.cf w.ib868.com ag.ib868.com azkiamart.com www.ewok-france.com cwasn.olre.website ewok-france.com seamredamnademiss.ml includelearning.com legendpottery.com.au roxi-fresh.ru casinojuliaca.com ndexincallitif.ga 1342ud.com hu365admin365.com www.crisfinger.com.br nexus.mzb.company webmin.mzb.company bywwbhw.nl positivewellbeingskincreamshop.com tretyisg.ru www.neologic.dev neologic.dev w5g22p.live strijderradio.nl servwydesingleg.tk chancapergresnigul.ml www2.mzb.company dorukgurleyen.com fengvice.com kelinciputih.xyz diagytadimaljo.tk varney.info stostuchatsperquanon.tk nadingsbodyshop.com pizza2mozzarella.altervista.org.cdn.cloudflare.net swoopsusubmocontsu.tk rajteachers.net tiolonanesini.ga riamakabcnaroltio.tk petifourlidown.ga www.travellooker.com wgrlgwkl.icu oineim.ga cursempthannwachbire.tk safisixde.tk diferenciando.com us1a.icu talk.mzb.company code.mzb.company zakdevelopment.site dergiricmo.tk effishency.com.au prelectronics.com.ru bustypersonals.co.uk psycholmarmazu.tk sassenaasz.ml rsqpkwk.cn www.theplaystationgames.com theplaystationgames.com sszap.ru www.uvsoap.com.cdn.cloudflare.net ds251perm.ru dropcases.xyz ba-16.com yu9yu9.com trisnorattcot.ga www.genkiherb.jp publicadvocategotbaum.com flowpediaxx.se bayardart.com ralnoscber.ml bodinonprodar.ga puncsabutleimibi.tk lesstetu.tk uncafopegavol.gq kremlin2000.ru marbudhpabuco.ml llammingdtal.tk traincity.site serbuinazi.tk 70155q.com guilitipa.tk polisabiznes.pl lacrebinla.tk hyzototexux.ml marcike.cf tohoku.gq bh-spb.ru learnanet.com www.kragujevacke.rs.cdn.cloudflare.net memsaabstoryo.ga arklinpifec.ml 026-events.nl cpmodel.shop astronetwork.xyz ydocezebexexym.ga lfamdecktoolramb.gq irkcson.ru www.digitaltreasurevideo.com vmkttt.com.cn.cdn.cloudflare.net scorelatim.tk wagadini.tk iewvhw.com.cn.cdn.cloudflare.net www.iewvhw.com.cn.cdn.cloudflare.net www.shieldmaster.eu.cdn.cloudflare.net shuillcraft.cf crisfinger.com.br www.skfdxv.shop.cdn.cloudflare.net www.mkxmnu.shop.cdn.cloudflare.net uvsoap.com odontologiadegales.cl sisemblirer.tk umka-centrru.bar restiramo.tk protanmuva.gq cecgocodes.ga egold-money.info www.selbstaendigkeitsteuererklaerung.de viennatouristmagazine.com of-aupersonalloan-ok.live frolcuruzli.tk prinimineaz.tk comcotoli.tk

Malware Detected on Host

Count: 1 7905fedf39f329b766100050dd58e2df2647098a8b64773195e1ee3e2943e040

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22