104.18.40.203 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.203 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: cleanmx_viruses

• Country:
• Network:
• Noticed: 29 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: qa-ie-hlc-fbmvp-25026-contextparameterup.az.ssdgws.co.uk vegasway.com dev.scunci.com www.qynyk.top ap1.hsctaimages.net ocnp-pp-dev-prelogin-ui.optum.com staging.jimmybrings.com.au recette.mbda.com queue-test.yourticketprovider.nl shop.yourticketprovider.nl brandtbuses.com statistics-dev.yourticketprovider.nl tasks-dev.yourticketprovider.nl statistics-test.yourticketprovider.nl nestle.com.pe www.stg.billabong.fr famsettlement.com auth-dev.yourticketprovider.nl deliverylbtest.jimmybrings.com.au delivery.jimmybrings.com.au www.famsettlement.com www.yourticketprovider.nl www.journals.healio.com auth.yourticketprovider.nl applogin.yourticketprovider.nl shop-prod-azure.yourticketprovider.nl qa-au-hoa-chorefbmvp-22909-renovate-upda.az.ssdgws.co.uk statistics-preview.yourticketprovider.nl betweendreamsandreality.com statistics.yourticketprovider.nl ajogo333.com ajogo666.com preview-p1.abbvie.es regonova.de hsctaimages.net wildwagers.com preview.abbvie.es ki-vap.knaufinsulation.fr sslforms.fairview.org staging.knaufinsulation.fr ki-phonik-api.knaufinsulation.fr villedurable.knaufinsulation.fr jacqueshigelin.fr transhosent.com workfromsage.ca getyourselfinsured.com oneinternet-preprod.mbda.com www-q.abbvie.es www-d.abbvie.es understandmoreoptions.com www.ki-vap.knaufinsulation.fr gopuff.dev ki-impact.knaufinsulation.fr shop-test.yourticketprovider.nl jimmybrings.com.au theseus-pr-12915.consumer.gopuff.dev q4091o.com commerce-search-pr-1486.consumer.gopuff.dev promotions-pr-266.consumer.gopuff.dev theseus-pr-12770.consumer.gopuff.dev identity-management-driver-pr-439.identity-platform.gopuff.dev theseus-pr-12711.consumer.gopuff.dev theseus-pr-12694.consumer.gopuff.dev promos.betano.bet.ar www.betano.bet.ar betano.bet.ar theseus-pr-12687.consumer.gopuff.dev theseus-pr-12574.consumer.gopuff.dev wms-inbound-pr-255.warehouse.gopuff.dev referral-api-pr-98.consumer.gopuff.dev theseus-pr-12614.consumer.gopuff.dev commerce-search-stable.consumer.gopuff.dev www.supafil.knaufinsulation.fr www.hcp.novartis.com.mt theseus-pr-12604.consumer.gopuff.dev theseus-pr-12609.consumer.gopuff.dev theseus-pr-12607.consumer.gopuff.dev identity-management-driver-pr-424.identity-platform.gopuff.dev theseus-pr-12599.consumer.gopuff.dev theseus-pr-12595.consumer.gopuff.dev search-boosting-ui-canary.consumer.gopuff.dev theseus-pr-12589.consumer.gopuff.dev adtech-decision-service-pr-1295.adtech.gopuff.dev theseus-pr-12588.consumer.gopuff.dev theseus-pr-12583.consumer.gopuff.dev theseus-pr-12579.consumer.gopuff.dev theseus-pr-12580.consumer.gopuff.dev commerce-search-pr-1465.consumer.gopuff.dev theseus-pr-12572.consumer.gopuff.dev shop-staging.yourticketprovider.nl theseus-pr-12571.consumer.gopuff.dev fraud-pr-171.consumer.gopuff.dev tdbank.strayeruniversity.edu ads-platform-pr-155.adtech.gopuff.dev template-service-pr-62.consumer.gopuff.dev commerce-search-pr-1449.consumer.gopuff.dev starbucks.strayeruniversity.edu theseus-pr-12449.consumer.gopuff.dev theseus-pr-12125.consumer.gopuff.dev theseus-pr-12379.consumer.gopuff.dev checkout-invoice-pr-291.consumer.gopuff.dev strayeruniversity.edu theseus-pr-12384.consumer.gopuff.dev gopay-pr-131.consumer.gopuff.dev adtech-decision-service-pr-1265.adtech.gopuff.dev httpbin-stable.platform.sandbox.gopuff.dev httpbin.platform.sandbox.gopuff.dev httpbin-canary.platform.sandbox.gopuff.dev theseus-pr-12347.consumer.gopuff.dev adtech-decision-service-pr-1262.adtech.gopuff.dev theseus-pr-12284.consumer.gopuff.dev theseus-pr-12326.consumer.gopuff.dev theseus-pr-11710.consumer.gopuff.dev theseus-pr-11693.consumer.gopuff.dev theseus-pr-11587.consumer.gopuff.dev theseus-pr-11585.consumer.gopuff.dev adtech-decision-service-pr-1143.adtech.gopuff.dev oneshop-rdc-staging.decathlon-rdc.com theseus-pr-11447.consumer.gopuff.dev schema-provisioner-pr-197.data-eng.gopuff.dev gopay-pr-66.consumer.gopuff.dev subscription-graph-pr-37.loyalty.gopuff.dev fraud-pr-149.consumer.gopuff.dev adtech-decision-service-pr-1133.adtech.gopuff.dev product-aux-pr-62.consumer.gopuff.dev command-center-api-pr-113.command-center.gopuff.dev ads-platform-pr-133.adtech.gopuff.dev ads-platform-pr-131.adtech.gopuff.dev theseus-pr-11457.consumer.gopuff.dev ads-platform-pr-129.adtech.gopuff.dev command-center-api.command-center.gopuff.dev command-center-api-stable.command-center.gopuff.dev command-center-api-canary.command-center.gopuff.dev command-center-api-pr-112.command-center.gopuff.dev user-consent-pr-122.consumer.gopuff.dev lohnabrechnung.sage.com journals.healio.com theseus-pr-10791.consumer.gopuff.dev theseus-pr-10473.consumer.gopuff.dev theseus-pr-10721.consumer.gopuff.dev theseus-pr-10695.consumer.gopuff.dev theseus-pr-10602.consumer.gopuff.dev theseus-pr-10518.consumer.gopuff.dev theseus-pr-10517.consumer.gopuff.dev gotax-pr-37.consumer.gopuff.dev gotax-pr-33.consumer.gopuff.dev theseus-pr-10462.consumer.gopuff.dev gotax-pr-32.consumer.gopuff.dev theseus-pr-10460.consumer.gopuff.dev theseus-pr-10461.consumer.gopuff.dev theseus-pr-10452.consumer.gopuff.dev theseus-pr-10446.consumer.gopuff.dev wms-kitchen-service-pr-82.warehouse.gopuff.dev schema-provisioner-pr-86.data-eng.gopuff.dev gotax-pr-30.consumer.gopuff.dev fraud-worker-canary.consumer.gopuff.dev fraud-worker-stable.consumer.gopuff.dev theseus-pr-10430.consumer.gopuff.dev theseus-graph-api-pr-1798.consumer.gopuff.dev theseus-pr-10421.consumer.gopuff.dev 313803.viventiumtcp.com 321331.viventiumtcp.com 323433.viventiumtcp.com 292450.viventiumtcp.com 284866.viventiumtcp.com 324162.viventiumtcp.com sandboxgroup12hc.viventiumtcp.com 317371.viventiumtcp.com 280665.viventiumtcp.com 294846.viventiumtcp.com 323861.viventiumtcp.com 307847.viventiumtcp.com 322807.viventiumtcp.com 313121.viventiumtcp.com 321806.viventiumtcp.com 324081.viventiumtcp.com 307882.viventiumtcp.com 314546.viventiumtcp.com 294101.viventiumtcp.com 322790.viventiumtcp.com 315678.viventiumtcp.com 287753.viventiumtcp.com 317528.viventiumtcp.com 292448.viventiumtcp.com 319436.viventiumtcp.com 309241.viventiumtcp.com 323580.viventiumtcp.com app-gateway-ete9.ayo.co.zm app-gateway-sit3.ayo.co.zm app-gateway-mdt4.ayo.co.zm app-gateway-mdt1.ayo.co.zm app-gateway-mdt9.ayo.co.zm api-sit8.ayo.co.zm 328670.viventiumtcp.com app-sit2.ayo.co.zm 328647.viventiumtcp.com api-mdt7.ayo.co.zm app-ete7.ayo.co.zm claims-ete8.ayo.co.zm claims-sit1.ayo.co.zm ussd-sit4.ayo.co.zm claims-ete10.ayo.co.zm claims-sit7.ayo.co.zm telesales-mdt5.ayo.co.zm portals-ete3.ayo.co.zm api-mdt10.ayo.co.zm claims-mdt2.ayo.co.zm claims-sit8.ayo.co.zm app-sit3.ayo.co.zm ussd-sit2.ayo.co.zm app-sit4.ayo.co.zm telesales-sit3.ayo.co.zm api-mdt3.ayo.co.zm telesales-mdt6.ayo.co.zm api-ete5.ayo.co.zm api-ete8.ayo.co.zm portals-sit10.ayo.co.zm claims-mdt3.ayo.co.zm claims-sit9.ayo.co.zm telesales-ete10.ayo.co.zm ussd-ete1.ayo.co.zm telesales-ete5.ayo.co.zm app-ete9.ayo.co.zm portals-sit5.ayo.co.zm api-mdt1.ayo.co.zm claims-ete3.ayo.co.zm ussd-ete4.ayo.co.zm claims-mdt9.ayo.co.zm claims-ete6.ayo.co.zm telesales-sit8.ayo.co.zm claims-ete2.ayo.co.zm app-sit9.ayo.co.zm app-sit1.ayo.co.zm portals-mdt10.ayo.co.zm portals-sit4.ayo.co.zm ussd-ete5.ayo.co.zm ussd-mdt5.ayo.co.zm portals-mdt7.ayo.co.zm ussd-mdt6.ayo.co.zm api-mdt4.ayo.co.zm telesales-sit1.ayo.co.zm portals-ete5.ayo.co.zm telesales-mdt4.ayo.co.zm ussd-ete10.ayo.co.zm app-ete4.ayo.co.zm telesales-sit2.ayo.co.zm claims-sit2.ayo.co.zm api-mdt5.ayo.co.zm portals-mdt9.ayo.co.zm portals-ete4.ayo.co.zm ussd-sit6.ayo.co.zm ussd-mdt2.ayo.co.zm claims-mdt1.ayo.co.zm telesales-mdt3.ayo.co.zm claims-sit4.ayo.co.zm api-sit10.ayo.co.zm claims-ete7.ayo.co.zm ussd-sit7.ayo.co.zm ussd-ete2.ayo.co.zm api-mdt9.ayo.co.zm api-mdt8.ayo.co.zm telesales-sit9.ayo.co.zm app-ete6.ayo.co.zm claims-ete4.ayo.co.zm portals-sit2.ayo.co.zm telesales-sit4.ayo.co.zm claims-ete5.ayo.co.zm ussd-mdt4.ayo.co.zm telesales-ete1.ayo.co.zm claims-mdt10.ayo.co.zm claims-mdt6.ayo.co.zm portals-ete1.ayo.co.zm telesales-mdt2.ayo.co.zm api-ete9.ayo.co.zm api-sit6.ayo.co.zm telesales-sit10.ayo.co.zm claims-mdt4.ayo.co.zm ussd-sit1.ayo.co.zm claims-mdt8.ayo.co.zm portals-sit6.ayo.co.zm app-mdt1.ayo.co.zm portals-sit3.ayo.co.zm portals-sit8.ayo.co.zm telesales-ete6.ayo.co.zm 330894.viventiumtcp.com 328589.viventiumtcp.com 328572.viventiumtcp.com 330772.viventiumtcp.com 330773.viventiumtcp.com monroe-energy.com 330665.viventiumtcp.com mdt4.ayo.co.zm telesales.ayo.co.zm 328407.viventiumtcp.com ete8.ayo.co.zm sit2.ayo.co.zm claims.ayo.co.zm mdt1.ayo.co.zm 330663.viventiumtcp.com app-gateway.ayo.co.zm 330510.viventiumtcp.com integration-dev.ayo.co.zm integration.ayo.co.zm 330487.viventiumtcp.com 330497.viventiumtcp.com 328324.viventiumtcp.com 330475.viventiumtcp.com 330474.viventiumtcp.com 330473.viventiumtcp.com 330443.viventiumtcp.com 330437.viventiumtcp.com 330436.viventiumtcp.com 330407.viventiumtcp.com 328203.viventiumtcp.com 328201.viventiumtcp.com 328208.viventiumtcp.com www.starbucks.ie www.abbvie.es www.knaufinsulation.fr lainederoche.knaufinsulation.fr illange.knaufinsulation.fr blog.knaufinsulation.fr knaufinsulation.fr www.cellcept.com tyc8909.com r2test.zyro.com tyc8902.com y365ent.com v365ent.com s365ent.com g365ent.com onbuy-mall.site onbuy-mall.xyz onbuy-online4.shop onbuy-online3.shop onbuy-online2.shop onbuy-online1.shop www.stg1.easilink.hk www.dev1.easilink.hk kisolation.knaufinsulation.fr stg1.easilink.hk www.easilink.hk dev1.easilink.hk tyc8903.com mb104-cdn.com zyro.com t81230.com houzzy.co houzz.cc houzzo.co houzzk.co houzzn.co updates.travix.tech www.bdo.ua.cdn.cloudflare.net yoomoo.com easilink.hk pzmgm.travix.tech csc.travix.tech remote.travix.tech www.bdo.ua marketbook.pt oncoactivos.com cellcept.com www.arvato.com.br www.viagrahcp.com viagrahcp.com www.yebekagh.com poicorliewach.tk elevationclub.com.ng watchonlinevip.com smasarlotahorti.tk webemart.com www.webemart.com bahhoanewsrumbemeen.ga sriwrielecooli.cf crowenlima.tk hardaysaturdenan.tk yebekagh.com kingmeapuzz.tk nepmags.com videofuture.top videonline.host limitededition365.com phimkia.net exspacnyidownflav.cf forexreviews.xyz gebdemaratuntern.tk niarabmi.tk grqlpg-virtax.ga mulxalinkrovuldoa.tk counverelimochar.tk vlknhaber.site www.blue-282.com dramorolbe.tk cpcontacts.bioessencemagazine.com bioessencemagazine.com cpcalendars.bioessencemagazine.com www.bioessencemagazine.com zerocrafts.tk wbdpc.me www.donovanstanford.co.uk donovanstanford.co.uk 13889000.com clapexconhe.tk cpcontacts.colarge.in cpcalendars.colarge.in 85me.club sailiseticapsa.tk aplicacionesapk.co caeteczdachsving.tk mailbridge.co www.led-in.ru lazfusszarnifacha.ml shipbeleven.shop lilasamocawy.tk betist0321.com orunticer.online describepopulargastronomy.cloud confterzalitiwa.gq jocawweyper.gq 83bybp.shop.cdn.cloudflare.net www.83bybp.shop.cdn.cloudflare.net gadback.com gavaza.website akyxywaz.cf www.behindgaragedoors.com phylescompminddoll.tk northwave.co.nz www.northwave.co.nz kabinett.link stocpubdiorobco.tk www.monst3urlead.fr.cdn.cloudflare.net azocarflamercoup.ga querymyinfo.xyz yetishopsl.club yfuni.finance mypixelspecials.com ancolvirepo.ml bacomtetelic.tk childmardipanmi.tk breakalgamicchatu.gq ocinsaahelmweb.tk proctorterrificbetter.cyou clfulidh.com bahcemax.com queefelpohouni.tk gesnessblutosnitnanth.gq kriatehrx.com teatv.red www.stateagblog.com themindhealthy.com rowlzrb.xyz staging.myrocknews.com stateagblog.com suphoduttiosaconf.tk bayseihapucpu.ml 627420.com bonwaymonvifit.tk heartcarepk.com betbet22.com www.aris-smm.com aris-smm.com old-bakery.com rmaafs.com 2eaw.ml infojamana.com www.kartonmedya.com.tr kartonmedya.com.tr www.infojamana.com.cdn.cloudflare.net roimifeshivimo.tk greeninoratil.gq 793-14thave.com openairjeeps.com starmaintenance.in behindgaragedoors.com vpncrypt.tk iranhoney.net nistdumpsontesinctrod.ml enucredulocbaths.tk tips-para.com morclan.cz www.morclan.cz tzengasubbacksicba.tk rogademischeti.tk pulesynchjoldecou.tk coburgbloguginkid.tk mikkampmoveca.tk sadilgolfmigal.gq www.divulging.net.cdn.cloudflare.net chursicesoractfal.tk jixanyu.site dakatang.com nagitiseere.gq hingbardraligntomi.tk lepostsodowkana.tk bcrxwjof.ga hg6898.vip complimentvictorynimblewit.monster comedynight.cnclp.org.uk alrai.pp.ua

Malware Detected on Host

Count: 1 ba332fdb7f4a228bb6dd622ab6b277b7ab8f45e94252ed5029f31c8e18cac81c

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20