104.18.40.20 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.20 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1007 - System Service Discovery, T1010 - Application Window Discovery, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1033 - System Owner/User Discovery, T1040 - Network Sniffing, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1113 - Screen Capture, T1114 - Email Collection, T1119 - Automated Collection, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1201 - Password Policy Discovery, T1204 - User Execution, T1457 - Malicious Media Content, T1480 - Execution Guardrails, T1489 - Service Stop, T1546 - Event Triggered Execution, T1553 - Subvert Trust Controls, T1555 - Credentials from Password Stores, T1562 - Impair Defenses, T1566 - Phishing, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1585.001 - Social Media Accounts, T1590 - Gather Victim Network Information, T1614 - System Location Discovery

• Tags: aaaa, accept, admin city, admin country, a domains, adversaries, alerts, a li, altar, android, anomaly, arcane, as54113, ascii text, astaroth, attack, attempts, back, backdoor, basilisk, beast, black, blast, blaze, blizzard, bone, builds, calls, canada canada, cape, carnage, chaos, charm, chat, checks, ck id, class, click, close, cloudflare, cname, code, cold, comi, command, comment, conduit, contacted, contact phone, content type, copy, core, corpse, crazy, creation date, critical, crystal, damage, data redacted, date, dead, defender, defense evasion, delete, delete c, demon, destination, development att, diablo, diablo iii, diablo immortal, displayname, dns query, dns resolutions, domain, domain add, drop, druid, dynamicloader, eclipse, elite, emails, encrypt, energy, enom, entries, entropy, environ, error, eternal, exploit, explorer, explosive, face, facebook, false, fear, feast, files, files matching, flag, footer, form, format, forums, found https, fractured, france, france unknown, freeze, frozen, fury, gandi, gandi sas, general, germany unknown, getprocaddress, gmt content, gmt server, guard, hacktool, harmony, hash, hatred, hawk, heat, hell, hellspawn, high, horn, hosting, hostname add, htm align, http request, hunt, hunter, hydra, icmp traffic, ids detections, iframe, immortal, informative, installs, interactive map, internalsapiip, ip address, ipv4 add, ip whois, june, knight, ladder, langchinese, learn, lidfileupd, life, light, lightning, loaderid, location france, location united, looks, lowfi, lucky, magic, main, maker, malware, media, medium, mephisto, meta, model, module load, mother, moved, mtb jun, name server, name servers, name tactics, next, next associated, nightmare, notes clamav, number, okrnserver, open, organization, overkill, packing t1045, pandora, param, pass, passive dns, path, pattern match, pe resource, pe section, poison, port, port method, post, powershell, prayer, premium, present apr, present aug, present feb, present jul, present jun, present mar, present oct, present sep, privacy name, push, quasar, rage, raven, read, reads, realm, record type, record value, recycle bin, redacted for, redline, redline malware, registrant fax, registrar abuse, registrar url, reload, reverse dns, rogue, rticon, saboteur, sanctuary, school, scoundrel, script, script urls, search, season, sec ch, sector, server, servers, service, shadow, shell, skull, slow, smoke loader, solar, soul, span, spark, spawns, speed, spirit, startsrv, stealth, steam, stone, stop, strange, stream, strings, suspicious, sweet heart, t1045, team, thumbprint, title, tls sni, tofsee, tracker, trier par, trojan, trojandropper, ttl value, twitch, ubuntu, ufffduf1a3, ukraine, ultimate, united, unknown aaaa, unknown ns, url analysis, url host, urls, user agent, users, vendor finding, verdict, warp, wave, werewolf, win32, win32autoit mar, win64, wind, window, windows, windows auto, windows startup, write, write c, xrat1, yara detections, yara rule

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: cleanmx_viruses, hphosts_fsa

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: organization.stores-dev01.app lillyconnect-sa.com direct.asda.com devb.dummies.com test65-az.chilwortharms.co.uk homecentre.in www.hepacikeczane.com www.elrefugiodelburrito.org.cdn.cloudflare.net mcare-reconciliation-shdryrun.optum.com www.knauf-ftec.eu stage65-az.chilwortharms.co.uk apply.jsgroup-account.com chilwortharms.co.uk global.direct.asda.com global.direct.asda.com.cdn.cloudflare.net direct.asda.com.cdn.cloudflare.net app.sproutsocial.eu app.sproutsocial.eu.cdn.cloudflare.net www.pfizerfellowships.com uatin.homecentre.in bwg5k5jwix.com application.jsgroup-account.com ebill.homecentre.in www.homecentre.in uvkycuat.kotak.com alternateassets.kotak.com cbdc.kotak.com jamf.kotak.com cards.kotak.com.cdn.cloudflare.net www.cargotec.fi webtrader.jsgroup-account.com kalkhoff-bikes.tv commcloud.prod-bfvg-mintrx-com.cc-ecdn.net commcloud.prod-bfvg-mintrx-com.cc-ecdn.net.cdn.cloudflare.net events.eply.com emsysrenewables.de lup.dastelefonbuch.de dastelefonbuch.de www.candy.com staging.candy.com clearbridgeinvestments.com.mx consumer-data-victim-compensation.com candy.com www.stclairfs.com www.bangkokhospital.com moralpanic2.com sagetml.be inte.sicklafront.se prep.sicklafront.se www.neurologicentrum.se medinfo.rs stclairfs.com jewelry-discount.co.uk bangkokhospital.com zolofthcp.com www.zolofthcp.com www.themobilegrid.com cagugyn.xyz alenatailor.lms112.com learnyardyearnights.buzz cedepnepal.life surpcacesnicswas.tk panel.aystor.com whmcs.aystor.com www.jminflatable.com jminflatable.com northern-point.com currentaffairs-hindi.com substistanttici.ml noutekzei.tk vigusont.top yomuch.in bustxemi.ga odols623.com mowherschathamb.tk conmereleportpo.ml arikti.tk evhuibea.tk irlolygsubtsett.ga brematdy.tk onevirtualvenue.com www.onevirtualvenue.com quegebtiova.gq hitchdulzephyjeci.tk thersosebedtele.tk 121270.com padmanilahadpou.tk xn—-7sbajcjsidtnrobmq.xn–p1ai exenridfi.tk la-bello-tierpflegestudio.de sandpertuabit.ga www.fabianoabreu.com fabianoabreu.com rehasola.ml hkhuile.com vmthoa.com gelena.lms112.com pavlenko.lms112.com enciasinove.ga nnan.buzz isiwceljenklilo.ml coastersouhou.gq sesime.tk www.analiticaapp.pw matresu.com nutdantkwak.cf x-shop.bg www.x-shop.bg sepipitlo.tk cpcalendars.daciahost.net cpcontacts.daciahost.net www.daciahost.net my.daciahost.net www.performbother.com performbother.com nestwalks.info ovonsgenexnu.tk pubgmobilefreeuuuucccvbh.cf vansula.tk tilafes.tk remkur.net.pl demo.lms112.com www.marbella-boat-parties.com admin.fabrikada.com brandsanalysis.com www.espaysite.com marbella-boat-parties.com comthepecar.ga i5.wacyqycoo.xyz i4.wacyqycoo.xyz i2.wacyqycoo.xyz i3.wacyqycoo.xyz itemyqofetix.tk playerwiveswiki.com webperusahaan.com proflirapoc.tk gdtot.net akinasdeopric.gq dobilasso.ml sucmembpart.gq curdboniloodendles.ml ditostpubnoramk.tk proccigartnontextto.tk fiscalcreditunion.us assistfavorablelaugh.site cupidshotdates.com suppsortiorearkofal.tk hotsawiwarree.tk boylipadlauna.tk kurin.albreis.com.br avoqejynyx.tk daciahost.net newdecorideas.net enhancebalancedwellbeingnow.com cms.bizfood.ca server.bizfood.ca menu.bizfood.ca soxylicubufu.tk peoplearchitects.co.nz hamburger-kompass.de kzgybetesl.xyz www.minecraftweb.com.br fabrikada.com www.caibee.com caibee.com outmallandlisty.tk www.asomiyapratidin.co.in www.elefun.edu.pl elefun.edu.pl lookssolovascomplang.tk ryovapenletscen.tk lensprotydsesicha.tk www.funfacts.online www.jerseysdiscountshop.top videosxt.xyz certtenpetigabooks.tk nabidealcaretaker.cyou ikbiosirelat.tk freeclouds.yunlab.me www.meapp.it.cdn.cloudflare.net toxic.one www.sistemacod.com sistemacod.com invest.madworx.ca definejoylustre.best votecbuy.fun sionormogepamo.tk zairavega.com valinu.xyz idphoneapp.xyz www.excitemint.net excitemint.net studyrg.com suifroncancile.cf kmg-mech-tech.com asomiyapratidin.co.in maktabee.com www.facuperezbodybuilder.com tersdurchclosqiobedva.tk guisteafaffecne.gq www.me243.li.cdn.cloudflare.net awo.co.nz mirrorimagaz.com pyerabtioziku.tk www.fullhindisex.com fullhindisex.com tiowefmomsprocev.tk subsbagsichoroundke.tk diaparkmedikobitt.tk www.dockerinfinity.com dockerinfinity.com www.ezyybuy.com cpcontacts.ezyybuy.com cpcalendars.ezyybuy.com inveybeefherea.cf banpsouthtingmispe.cf www.findcbdsuppliers.com.cdn.cloudflare.net www.lethalempire.tk pro-satis.website gianteagleinc.services cpxsecurity.com www.cpxsecurity.com fififoo.ga runcloud.aystor.com rd.to gunesteknoloji.com sonutrendz.com nico-nico-nii.top www.juliapeter2020.com jerseysdiscountshop.top otcig1.com procaginpropinney.ml noelegsodote.ml metapass.io queup.dev manetministcong.ml lagoflipping.com juliapeter2020.com lienhaphat.com blacunsmoothonti.ml analiticaapp.pw 10mianfeikan11.com.cn.cdn.cloudflare.net therstrepoflinono.ml www.beeraucracy.world.cdn.cloudflare.net omv.voxelboxx.com plex.voxelboxx.com google.voxelboxx.com p–w.voxelboxx.com spirafpotoce.ml datesalsultan.com tvhbypv.tk stonocuninel.cf prharhopucfemgrpiipfphphjdrcbfoh.buzz hondrostrong.tk renaispirit.live simes.wrc.edu.np hayphpad.tk ninjasports.ee stepotenenac.gq kirsromicormand.tk smidatpaukottmo.tk kopiclengmovies.tk porlochirefibme.tk hihuh.gq sunshine99.shop pickwelquimoyzare.tk palpalharyana.com husalapoquyon.ml learncove.xyz unrodunmoatedec.tk tropininlise.tk ezyybuy.com sotmedia.org zuqefowyjynin.tk leonetgepo.tk cpcontacts.advocatebhatia.com cpcalendars.advocatebhatia.com zentrephorighsemb.gq hamspartwinmo.tk treacneedtike.tk 413425.icu wvwpty.icu ikoyi.ml cdn.yunlab.me sa13u.art stephengordy.com aminrotamile.tk zmofbv.icu stolenbf.ga free.yunlab.me suegatalethe.ml mobootsnow.com do-intl-de-jobs-top.live 31z451xw.icu goodtogopricing.com www.goodtogopricing.com etinumlwilforrai.cf toatencaph.xyz tracradefin.tk minecraftweb.com.br funfacts.online maberlewa.tk inleachotipvers.ga nwowor.icu fh456fd326gt567sdg45fes65hgsry47drfh56uerdt4.monster chdahe.icu sislauwabkauri.tk delmortnifisar.ga vinogradova.ga jortqbooks.gq veshindrimiterci.ga zuqebexul.cf 5l3ems5b.icu trypdideswellbizt.tk www.passible.com.cdn.cloudflare.net aspensoftware.co.uk xzdtmnf.tk tompaavolainen.club 199xiai.com tictebartcornpacon.tk phikutohontio.tk coigrounbabenz.ml opticos-optometristas.es adernisawa.tk sicitenbellmi.ml renesenchau.tk xws7q.buzz tioborquegrop.tk rihorrazum.tk lttshirt.com erofchilde.tk www.bloggingforest.com.cdn.cloudflare.net sealinecontracting.com idr8.buzz icstamenlura.ml keodivarocal.tk cryp158wp.club www.prodoorinc.com whimsosugoono.gq prinuninimfor.ga 94xry.buzz oplorol.cf cobceresenboss.tk dilac.online himotexucila.tk miccosltenwisu.ga ybynikuholin.gq cpcontacts.algarvebusinessdirectory.pt cpcalendars.algarvebusinessdirectory.pt www.algarvebusinessdirectory.pt algarvebusinessdirectory.pt onydycel.cf femufartmargest.tk fashiontmshoes.com ifuvavec.ml masaze-kvary.eu easypremios.guiase.net convacharooc.tk denutseshilliwack.ga limatusoco.cf betaveraj44.com ihykijasuw.tk sijoresataqi.tk qnznpy.com liaperdoppjerhy.gq asphalt9legends.net nakerobmune.ml www.silbato.app topone14.monster www.topone14.monster edikapolytes.tk www.yychin.com yychin.com yysowonihowav.tk ebypocem.cf kerspouvesiman.tk www.palmeirasdotocantins.to.leg.br tobusty.ga lerenuscoro.gq tracerellega.ga hyperlegends.net www.barboursvillepark.org.cdn.cloudflare.net slovineasinid.tk do-ukpersonalloan-ok.live luchshie-blyadi.ru fekejo.be misslice.ml argeb.store hulks.de kidssacleyleta.tk abarsouthge.ga www.esterinasuites.com vindefruit.com fabulousunknown.club www.fabulousunknown.club scjymlt.com azeqocuzytuloxi.tk descmouthscydi.tk guerrillamarketing.io atphatlung.com cpcalendars.gardeningnewstoday.com cpcontacts.gardeningnewstoday.com idahopreppers.com ma-chambre-particuliere.com paymant.ga.cdn.cloudflare.net www.previewseek.com previewseek.com code.voxelboxx.com www.maamp.us.cdn.cloudflare.net pihole.voxelboxx.com voxelboxx.com cpcontacts.valsesserajollyclubclassic.it cpcalendars.valsesserajollyclubclassic.it www.sdztzxgg.com governmentgrantstruth.org www.ig-loader.com ig-loader.com andyitrcleaning.com www.bedsides.top rezomarket.com droplosung.com dysppichfebeseburn.tk themeckgaming.live luxuryrealestatebuyers.com inecefla.tk mudic.club pinoycheckers.me blog.financialdaily.life life.financialdaily.life www.financialdaily.life times.financialdaily.life news.financialdaily.life kingdoming.store www.kingdoming.store aphanoizomenon.gq melatoninaondecomprar.com www.melatoninaondecomprar.com www.villastrella.com osgoodies.com www.crsoo.pw crsoo.pw cloud.bluebasil.org bluebasil.org portland.gardeningnewstoday.com stlouis.gardeningnewstoday.com tampa.gardeningnewstoday.com la.gardeningnewstoday.com memphis.gardeningnewstoday.com miami.gardeningnewstoday.com denver.gardeningnewstoday.com ny.gardeningnewstoday.com dallas.gardeningnewstoday.com omaha.gardeningnewstoday.com indy.gardeningnewstoday.com atlanta.gardeningnewstoday.com ciathorpega.gq imp3.club hoztomugedpio.tk etapos.com climenorportheftmi.tk masjacohakgeter.tk saliasi.com sdztzxgg.com vendoramaone.cl www.vendoramaone.cl casapronto.fr www.hotels-killarney.ie.cdn.cloudflare.net ricethiptakeaway.co.uk eulengewisper.de platoblockchain.net worldair.eu madworx.ca www.madworx.ca mackceasemonchantcap.tk kpbfvdac.icu www.leaguecityseptic.com breakfast-lunch-quick-smoothies.cf hub.kknights.com financialdaily.life quitaisynsiltbawon.ga gynophovbe.cf store.gardeningnewstoday.com showcase.gardeningnewstoday.com shop.gardeningnewstoday.com www.gardeningnewstoday.com diy.gardeningnewstoday.com backyard.gardeningnewstoday.com garden.gardeningnewstoday.com plans.gardeningnewstoday.com blog.gardeningnewstoday.com about.gardeningnewstoday.com ideas.gardeningnewstoday.com plants.gardeningnewstoday.com gallery.gardeningnewstoday.com inspire.gardeningnewstoday.com karen.gardeningnewstoday.com images.gardeningnewstoday.com kits.gardeningnewstoday.com home.gardeningnewstoday.com projects.gardeningnewstoday.com

Open Ports Detected

2052 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20