104.18.40.200 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.200 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 49/100

Host and Network Information

• Mitre ATT&CK IDs: T1045 - Software Packing, T1055 - Process Injection, T1057 - Process Discovery, T1063 - Security Software Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1119 - Automated Collection, T1480 - Execution Guardrails, T1562 - Impair Defenses

• Tags: abuse contact, address, address range, admin country, admin id, ad temdac, adversaries, alerts, algorithm, allocation type, allowed date, ally s, anorexx, arizona, ascii text, assigned pa, australia, authority, beginstring, body, brashears, brashears porn, browsing, busty xxx, ca validity, cddad ad, certificate, cgb stgreater, chrome, ch ua, cidr, ck id, ck matrix, click, cnsectigo rsa, cobalt strike, command, comments, contacted, copy, copy md5, copy sha1, copy sha256, creation date, crlf line, daily, data, data upload, date, defense evasion, delete, delphi, denmark unknown, dnssec, doctype html, domain, dynamic, dynamicloader, ebony, ebony riding, encrypt, enter so, enter soudcfidi, enter soupce, entity ah36ripe, entries, entries http, error, exchange, excludea, exe size, expiration date, exploit, extr, extraction, extraction data, extraction f, extraction fail, extra data, failed, father sex, file name, files, files ip, file type, filter tsara, flag, found, general, gmt content, go daddy, google safe, green, handle, head, high, high process, hos hos, hostile, hosting, hostname, http, https, hybrid, ic excluded, icloader apr, included, included review, include review, include u, informative, injection t1055, ip address, ipv4 add, key identifier, lander script, learn, local, location united, lowfi, malware, mb first, md5 google, md5 sha256, medium, memcommit, meta, method, mi11255597wp, mitre att, most relevant, moved, msie, msil, mtb apr, named pipe, name tactics, network traffic, next, next associated, none related, null, number, open, open threat, orgabuseref, orgid, orgtechhandle, otx telemetry, panca type, passive dns, path, pattern match, porn, pornhub, porn videos, postalcode, praw type, present jul, present jun, present oct, pr extract, process details, public, pulse, pulse pulses, pulses, pulse submit, read, read c, record value, refresh, related pulses, review, ripe, ripe ncc, ripe network, roberta, safe browsing, scottsdale, s data, search, sec ch, secure server, seen, sentinelone, servers, sha1, sha256, show, showing, show process, show technique, size, span, spawns, status, strings, sugges data, suggeste, suspicious, t1055, tags none, tech email, tools, trojan, trojanspy, trydda dada, tsara, tsara brashears, type data, type win32, typ url, ua full, ua platform, udi ad, u extractio, united, unknown aaaa, update date, ur extraction, url add, url analysis, url hos, urls, url url, utf8, v3 serial, video, virtool, virustotal api, watch, watch tsara, whois server, win32, win64, write, x509v3 subject, x adblock, xe7xf3xf2x14x9d, yara rule

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 1 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: instit.ppd.luqi.fr fab.qa-fi-tor-apd-7080-updatealertexpiry.az.ssdgws.co.uk qa-fi-tor-apd-7080-updatealertexpiry.az.ssdgws.co.uk fab-preview.qa-fi-tor-apd-7080-updatealertexpiry.az.ssdgws.co.uk transfert.luqi.fr hire.jviqa.com source.jviqa.com www.sts-education.pl mycompetency-gateway-ops-dev.ciostage.accenture.com baishirsvstudy.com proxypass.aon.com.au uat.commercial.idsdoc.com s.luqi.fr cms.starbucks.co.za luqi.fr cms.starbucks.co.za.cdn.cloudflare.net feed.jviqa.com.cdn.cloudflare.net id.jviqa.com.cdn.cloudflare.net wildcard.app.jviqa.com.cdn.cloudflare.net www.pfizer-hemophilia.jp.cdn.cloudflare.net dashboard-api.app.jviqa.com.cdn.cloudflare.net tst.starbucks.co.za.cdn.cloudflare.net www.starbucks.co.za.cdn.cloudflare.net prod.luqi.fr iframe-mdm.us.redstripebeer.com ppd-mobile.luqi.fr recette.luqi.fr ppd-streaming.luqi.fr 29041848.luqi.fr 29041848.ppds.luqi.fr xml.luqi.fr feed.jviqa.com pfizer-hemophilia.jp stg.commercial.idsdoc.com rsm.visadpsmain.com.cdn.cloudflare.net instit.integration.luqi.fr swendoscopy.com mars-careers.ru careers.jviqa.com toyotarav4fueltanksettlement.com dashboard-api.app.jviqa.com jobseeker.jviqa.com www.pfizer-hemophilia.jp 88xbet8.com starbucks.co.za www.starbucks.co.za tst.starbucks.co.za www.jnjconsumerkz.com nca12.com www.cbre.lu sweeps4all.com www.maxulen.cz wildcard.app.jviqa.com id.jviqa.com www.snickers.pl jobs.jviqa.com.cdn.cloudflare.net www.sweeps4all.com www.sykehuset-ostfold.no.cdn.cloudflare.net www.snickers.pl.cdn.cloudflare.net www-pp.bhv.fr.cdn.cloudflare.net login.scpeurope.com jameshardie.com.ph www.jameshardie.com.ph edge.tenants.verx-dev.auth0.com edge.verx-dev.auth0.com wt.verx-dev.auth0.com dev-auth.vtxdev.net brighthealthplan.com cdn1.brighthealthplan.com yeovildaynursery.co.uk qa-auth.vtxdev.net verx-dev.auth0.com mccain.co.jp kaidex.io 1217.topnewsfeeds.net 1199.topnewsfeeds.net 1205.topnewsfeeds.net 1203.topnewsfeeds.net 1168.topnewsfeeds.net 1214.topnewsfeeds.net 1201.topnewsfeeds.net 1207.topnewsfeeds.net 118.topnewsfeeds.net 1193.topnewsfeeds.net 1223.topnewsfeeds.net 1226.topnewsfeeds.net www.scpeurope.com scpeurope.com 1349.topnewsfeeds.net 270.topnewsfeeds.net 26.topnewsfeeds.net 271.topnewsfeeds.net cveasy.pl www.kressinn.com www.ocrcvm.ca learnpfizerrtu.com r.insurancecoverageinsights.com r.autoratehunter.com www.bhv.fr.cdn.cloudflare.net payback-bonusprogramm.de kearney.hu www.mokkirestaurant.com static.bhv.fr.cdn.cloudflare.net christinaaguilera.com easyactionsb.com www.beggin.com carrierrental.asia insurancecoverageinsights.com a591iuym.xyz www.mueblesvico.com.cdn.cloudflare.net iman150.com 5ite.net news.cerberus-platform.eu conchajohn.ml quiettimedaters.com theyoungrebel12.com cerberus-platform.eu tranmerechumb.tk xn–1147-u5d3ap.xn–p1ai cotsitslirerisu.tk sulreno.tk tobaconsca.tk bidisrohun.cf www.safemarkets.com harcalos.ga www.regalomax-ph.com safemarkets.com movie.orangeporntube.net chaocloninriahorra.ga orunpubtisena.ml ciafitnimbrextdo.ml terpocklong.tk soursacachatithart.tk riaconspicspredroa.tk habron.us ciascanenunap.ml cofsimalipactae.tk zmgtltqp.com garcisubbakh.tk passivecaps.com talcoacamprelire.gq clipfireabo.tk smoluntumu.tk www.estudioraym.com.br pyxisefomune.tk beloid.club kenstumybadidag.tk diollevtath.tk wyhpdd.com talkmoremo.tk maiwhymaduff.tk casinos-online.id www.casinos-online.id www.pagiigs.site.cdn.cloudflare.net pagiigs.site.cdn.cloudflare.net stigcentjungchrysmo.tk wealdorafpathoripp.tk temavernobuck.tk www.joo3video.net swelobpilracesfull.gq mercapg.com www.theemailverifier.com dawnnews.tv thenewwebsite.ml termobahis.net www.termobahis.net daughdrillacx.tk rhinanir.tk cpcalendars.successkunji.com cpcontacts.successkunji.com cpcontacts.bionatur.pe cpcalendars.bionatur.pe www.bionatur.pe chrysephochpoitarctrat.tk izgaraonline.com alnibelides.tk metodoscoreaprovado.net xn–rundt-spisebord-med-udtrk-qgc.dk eriripan.tk aqogolaxaraf.gq thorstenbumgarner.xyz nguoc.vn trilukcheaweblevest.tk mysostore.com bc8.online yytak.tk movingimages.pk 4we5sh.com spiritofsaffron-sa.com dp.4post.it 4post.it www.westerncampus.ca huiderskokumu.tk nonsoundcorfulira.tk bmjarchitekci.pl universalmountingservices.com wondermyapp.com www.stylefellow.fi stylefellow.fi sol-legal948.ru pat80.shop.cdn.cloudflare.net www.pat80.shop.cdn.cloudflare.net gyantv.in augmentwealthyrenovation.best roufuhalmortleb.gq motorsupportingpublisher.cyou do-suvblend-gdn-ok.live subgpreadamtateam.ga nesdiajampinclo.cf simprastsalichir.ga www.dawnnews.tv speedansiopennrcog.cf cornerinnaloo.tk hayjud.site sableregoogpo.tk congglicballtinpu.ga mildllovuplidiphi.tk graph-bett.com www.graph-bett.com damgolfdeneso.tk sleekopenfancy.buzz pirkankello.stylefellow.fi asbpay1.online riohanringrnewunpos.gq ipl2.in www.mindmattersboise.com.cdn.cloudflare.net resayt-ewxako.website scagenovchouthisa.tk southlandreg.com trustedhouseprice.com www.emmanuelcolumbia.com notes.kevkof.com newsah.xyz www.newsah.xyz freie-pr.com stormacelgarasu.ml maxpinelifestyle.online kanixplay.com app.kanixplay.com lapolo-digi.ir kythuatlanhtw3.com www.procommvs.com.au dragon-aromas.es www.dragon-aromas.es cpcalendars.dragon-aromas.es cpcontacts.dragon-aromas.es lzx7987328.ml.cdn.cloudflare.net nifsojatacningniv.tk www.triglicerideos.com.br diacredonnetmass.tk rimsindia.in genericweb-support.com valomivertpull.gq www.grsoftware.in vulpdzvzic.ru neikingtungkeppete.tk tool24.xyz www.myelementor.pro www.mxdownsouth.com.cdn.cloudflare.net lucilaharoldneil.casa tagyliy.site memz233.tk arsubmupatate.ml nba1860.com ecunokkejunc.ml bestpankit.com hotsvd.club videopri.xyz zuisepa.com pestmuddpoocala.ml radio.amigos-share.club fronerquacomkensma.tk boazasucgetomsi.tk bibactexicocua.tk www.mycharger.nl.cdn.cloudflare.net dryerdisctheman.live acmornytoje.gq harreperdiscgenka.cf viadharbasfosu.ml hengrunchian.com vulkandeluxesloty.top fcp753.com lashelpvafullectni.ml correctexample.com ferienhaus-moldaustausee.de extremecleansolutions.com zagabetgir.com asejufin.com.co jatydcarpsandpa.cf vduvatel.online toptech-avis.fr dmerecord.com tizuvugositoya.tk nazmakhatun.com jozimer.co poxozohydili.ga exmooluststerin.ga tims.co maintenancespecialties.nz reportonlinesuper.tk derthmens.com taloon.pl seddem.xyz anwelmogigor.ml dymoxiqelezi.ml japansportspromotion.shop mulgcadutuje.cf privady.com travowtranriedread.ml churchlittdempjuncligterb.tk puddrescuro.tk ssakda1.com hh-t1000.com igfpagfirsli.ga damupordede.ga veselinjudec.tk miticufenba.tk medechofa.tk findcritindedisp.tk sexynakedgirls.rocks nextssh.com get.sportshdearchs.com ryotasacar.tk asemesgekee.ga jamppalconsjingwebra.tk outtrade.top ortorlasstexthand.tk ningmiconli.tk www.othellochallenge.ir.cdn.cloudflare.net cpcontacts.really-usefull.how2makeamillion.com.cdn.cloudflare.net zerodayinfosec.com bludotsolutions.com cpcontacts.socialmedia-marketing.how2makeamillion.com.cdn.cloudflare.net whm.qualitybloggs.how2makeamillion.com.cdn.cloudflare.net cpcalendars.qualitybloggs.how2makeamillion.com.cdn.cloudflare.net ciremusca.tk boeqrm.icu vergeofjoy.com whm.mountain-bikes.how2makeamillion.com.cdn.cloudflare.net nessfisalneck.tk habboplus.com grounemovsan.gq termischardmo.tk slubyniedziwy.pl vijimnitire.tk cpcontacts.britishlabels.how2makeamillion.com.cdn.cloudflare.net 464792.icu www.solar-power.how2makeamillion.com.cdn.cloudflare.net olivetreetherapyllc.com fillmambomoreppa.cf noedithosu.tk vstpluginsmonk.ga permissionemail.net wellgongvebi.tk cpcalendars.really-usefull.how2makeamillion.com.cdn.cloudflare.net bionatur.pe whm.internettraffic.how2makeamillion.com.cdn.cloudflare.net damworlzasasne.cf forcucheckli.tk www.buseels.de ruptmaguchort.gq setorvip.net www.setorvip.net mindticardie.tk postate.club ilductive.tk cpcalendars.real-estate.how2makeamillion.com.cdn.cloudflare.net lomorcreative.com clearulunomre.ga volalea.ga www.tfmservicesolutions.com mausnooppeto.tk hewdate.ml liacarhomarpo.gq armodi.ga crosasuspelan.cf a-great-in-laser-hair-removal.fyi arsars.elsevar.de ormalyci.tk globalccservices.com sultcompclimmi.tk tehbeware.gq pucmacirog.tk curazotufypi.cf abetobaxosyr.tk www.bestbbqinamerica.com bestbbqinamerica.com roxxity.nl xvideos-cdn.sexynakedgirls.rocks belracarbepi.ml bestfilesmi.cf isibuvytomic.ga tinopywtu.cf liovararastsimn.cf uxofirydayifi.ml sandpawbetythe.cf nybaker.com mindnoni.tk grayeclipse.com quofsbr.tk goaladdin.org casinomp.com vanstattradgard.cf erortuvici.ml ekuxykotuf.ga oryqadejid.ga classpulse.org westerncampus.ca mzwj-wedding.xyz piragoka.ml www.qteishops.online qteishops.online www.videoindir.co videoindir.co d02qebnf5.xyz unonunina.ml hweqb.cn grsoftware.in louicontrenmemi.cf investi.fede.online flsvc.net googcountruptkarsamj.cf www.endofleasecleaningnorthshore.com.au fukunokensetsu.net othellochallenge.ir.cdn.cloudflare.net jjb273.tv ye-marketplace.org.uk setdecrentals.com camaieux.fr mywsisolution.com freeebookskwcgeqc.tk cusd.shop darkw.pl www.1806higdon.com 1806higdon.com cpcontacts.how2makeamillion.com.cdn.cloudflare.net www.leanernow.com www.boastingbiz.com fusemorperdcypearb.gq pizza.elsevar.de paydayloanspawtucketri.biz www.dailykiddies.com pitaya.space theminiwedding.com cf6e58.com tfmservicesolutions.com tangisformation.ma naturalarq.mx en.fede.online nlnshopping.com blaxo.ml sincerej.buzz victoriuswl.com www.opark2.com.hk simprimo.travel fragcups.com netmavulsynur.ga ptwbet35.com homesinflorhampark.com www.oneontablock.com oneontablock.com cpcalendars.acpfamilybookstore.org www.acpfamilybookstore.org cpcontacts.acpfamilybookstore.org www.successkunji.com veleditay.com server.amigos-share.club hernandezstore.club topphimmoi.net dev.elsevar.de dev.izycapital.co.uk upejodulu.tk www.vertebrac.com acpfamilybookstore.org sp-bay.ru wereviveyou.club www.wereviveyou.club secondlifephotography.com buseels.de www.shopdevilangel.com www.liandengwang.com link.habboplus.com www.takhfizat.com takhfizat.com cpcontacts.takhfizat.com cpcalendars.takhfizat.com horroracconti.it swerugcyrajerk.tk headlines.plus shopdevilangel.com merpioconnibu.cf b-a-a.com.au www.fivemunity.com.cdn.cloudflare.net lists.fivemunity.com.cdn.cloudflare.net mssql.fivemunity.com.cdn.cloudflare.net kortiva.com estudioraym.com.br www.alquilercastilloshinchables.info endofleasecleaningnorthshore.com.au kichroopofulhearthstat.tk

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20