104.18.40.204 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.204 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: 1996, af81 http, mm28, mnsnj5o7dn7e, msnvh, mt1627120573, mvi4, shardbypassyes, VBS

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 38 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, United States of America
• Passive DNS Results: dev-salesxwiseportal.au.auth0.com rmpassport-cd-myocdtirnf6q8c13.edge.tenants.au.auth0.com navsdi.au.auth0.com dev.login.jtb-oa-sys.com capricorn-cd-krdmc3oh733xsphc.edge.tenants.au.auth0.com auth.business.greatsouthernbank.com.au dev-lrcp3fdjndvqe5ry.au.auth0.com auth-julian-dev.internal-lic.io thinkcaddie-cd-umyorkc64jaqmj7b.edge.tenants.au.auth0.com auth.klinkcx.com auth.test.depositgaploans.com auth.caremonitor.com.au dev-auth.corysadvantage.co.nz auth.edv.cloud.rpmglobal.com auth.manage.au501.mattrlabs.io silktide-prod-cd-j7jmzxezulabcxch.edge.tenants.au.auth0.com hipages-prod.au.auth0.com dcp-staging-tpc.twopicode.au hrnz.au.auth0.com auth-squiz-cd-gxidaqsmbqkomumr.edge.tenants.au.auth0.com auth.entwined.com.au auth.fsstaging.com.au staging-login.stables.money secure-uat.nervetech.com.au oea.id.ap1.preprod.kaluza.com fusion-dev-auth.synergix.tech cusso01.fwd.com.sg kaluza-customer.ovoenergyau-uat.com authdev.zestapis.io argocd.sgdev.org auth.autofront.com.au login-tmi-uat.towercloud.co.nz dev.auth.ternvisa.com auth.xplor-identity.com auth.ageorge.dev auth.dev.gmhba.com.au login-cki-uat.towercloud.co.nz vh108.vhcdn.com login.ngsdev.flex-solver.app auth.aubital.com id.auth0.darkedges.com auth.myapp.co.nz pen.sgdev.org login-uat.leaveplus-nonprod.com.au jason.dse.ninja auth.awaire.dev glportal.au.auth0.com vh77.vhcdn.com gc-id-vh-files-ali-oss.vhcdn.com auth.shovelready.ai auth.goti.com.au login.app.haast.io login.insights.sense.fugro.com auth.beforepay.com.au login-asa-int.towercloud.co.nz auth.realbase.io auth.magpieco.com.au auth.covetrus.com.au auth.cubcare.com.au auth.inindependenslaboratium.com login.cortexpm.app vh74.vhcdn.com id.abcbullion.com.au auth.dev-genlearn.com auth.dev.efgw.io auth.travelassociates.com login.au.sandbox.pendula.xyz petportal-auth.petinsurance.com.au auth.mutinex.co auth0-au.aondirect.com.au auth.ternvisa.com login.converge-test.com milwaukeebrand-prod.au.auth0.com auth-iwp-sit1.npd.nser.cc auth.bettysburgers.com.au auth.fphcare.dev auth.fantasyinsider.com.au login.stg.home-in.com.au auth.manage.platform.vce.service.nsw.gov.au auth.subi-company.subi.au auth.app.tradeepay.com.au apac-tam-team.oauth101.net auth-daniel-dev.internal-lic.io shayan-dev.customdomain.io auth.tansiqlabs.com auth.fais-dev.racingjd.com inx-prod-cd-sjjlb4hd3qvol7cr.edge.tenants.au.auth0.com auth-sandbox.bettysburgers.com.au auth.travelstamp.my identity.invicta.io auth.apo-lwad-dev.lawadvisor.com wynd-theloop.auth.harvestdp.com scancam-cd-e6axz4am0lrrmtch.edge.tenants.au.auth0.com auth.wingflo.com support-hygiene.sgdev.org ioof-prod.au.auth0.com auth-stg.remonade.app vh67.vhcdn.com vh28.vhcdn.com auth.staging-speakingapp.languageconfidence.com auth.staging.compono.dev identity.dev.platform.gentrack.io login.test.ci-isac-portal.org auth.mypeeps-stage.com login.bareblends.com.au auth-frankovhc.test.gmhba.com.au login.my-fitzr.hiviz.app auth.templapp.com staging-auth.enterprise.optus.com.au dsdilgp-placeconnect.auth.harvestdp.com lala-m2m.lendi.com.au auth-iwp.lab.nser.cc rewst.au.auth0.com auth.tenderhub.com.au login.test-observant.net vh12.vhcdn.com accounts.autoguru.com.au auth.freshpos.io auth.au.liveeo.io login-au.hellios.com.au auth.dev.pathzero.com kepla-cd-ownlhzihcfsekvep.edge.tenants.au.auth0.com login.shrinkman.com vh11.vhcdn.com auth.lynksupplychain.com auth.faidquantum.com vh04.vhcdn.com auth.uat.myherd.nz oea.id.ap1.uat.kaluza.com cssouatid.fwd.com auth.commit.works auth.saleyardapi.outcrosssystems.com.au auth.margenow.com.au auth.onharvo.com auth.developadigital.com.au auth1.idse.cc auth.dev.happly.com.au auth.rockfieldcloud.com.au auth.onecommunitysystem.com login-twr-int.towercloud.co.nz login.tangerpay.com accounts.ubidyapp.com auth.staging.xrev.dev auth.lambco.au auth-army.potential.withyouwithme.com login-uat.incendi.io login.worq.com.au auth.esendex.com.au id-dev.mhfa.com.au auth.tendl.com.au e2e.onepass.kpc-dev.com test-id.decipher.com.au auth.skillscaravan.com auth.uat.cyberknowledge.com auth.elastis.id auth.renovacloud.com auth.oet.com vh53.vhcdn.com auth.adarshthapa.com partner-auth.stg.scentregroup.io auth.carboninvoice.dev account.prezzycard.co.nz login-fij-int02.towercloud.co.nz auth.newquantum.com dev-sso.newquantum.com id.ahm.com.au signin.allocate-cloud.com.au auth.tson.net.au security.app.acmetest.org weshealthma-au-prod-cd-dxovsyxmltnt1z81.edge.tenants.au.auth0.com authtest.carlislehomes.com.au identity.dev.site360.io auth.subiconnect.dev.subi.au auth.manage.au301.mattrlabs.io login-wsa-preprod.towercloud.co.nz auth-staging.flowingly.net auth0-fs-smithsmith-test.ortecapps.com trial.paidright.io apac-tam-team-dev.oauth101.net auth.flexiworks.com.au auth.lorikeet.io authentication.squiz.net auth.vetdb.com login.dev.ailo.io fvmid.franzvallesmedia.me login.qa.alfiepay.io bb-production-cd-pm8q1ujug15cabin.edge.tenants.au.auth0.com ais-auth.ausport.gov.au pia-preprod-petportal-auth.petsure.com.au auth.intentconnect.com.au auth-conference-dev.generationsmvmt.com login-dev.netvote.com.au login.preview.jobadder.build develop-auth.hlcloud.com.au auth.firmsy.com login.thinkcaddie.com auth.oddssy.com.au login-slb-int03.towercloud.co.nz auth.techhub.xcba.tech auth.farminone.com.au login-tmi-sit.towercloud.co.nz pretend-customer-idp.id.ap1.oea-test.kaluza.com mt-idp-auth-prod.moneytech.com.au dev.login.helix.medicaldirector.com login.talentmesh-qa.com auth.uat.liquiditycube.net auth.emesent.com login.qbe-au-uat.unitycloud.io fts-platform.au.auth0.com baustoffplattform.eu pinscom-preprod-petportal-auth.petsure.com.au login.aeinst.org auth.dovetailappdev.com auth0.projectblack.io abyss-cd-5hschj5hity85m4z.edge.tenants.au.auth0.com auth.dev.wover.co.nz auth-dev.internal.trusst.cloud auth.burstage.com auth.refindr.ai dev.auth.canvas.co login.smooth.com.au auth.dev.jdsports.my auth.go.cascade.app login.iciaunz.com.au auth.amlsorted.com auth.speckel.io auth.manage.platform.stg.vce.testservicensw.net pinscom-uat-petportal-auth.petsure.com.au auth.yellowexpress.com.au auth-stage.ecommerceequation.com.au login.app.eosone.com.au auth.lmg.athena.com.au alpha.auth.pepperstone.com auth-development.bettysburgers.com.au auth.bookky.com.au auth-dev.evtstays.com login-fij-dev2.towercloud.co.nz auth.weatherinsights.seven.com.au auth0.unravelcarbon.com auth0.worldvision.com.au vh87.vhcdn.com login.scancam.com.au login.echorx.nostradata.com.au dev-auth.metinor.com auth.mico.co.nz cussouat01.fwd.com.my auth.draftviewer.athena-test.club auth.storageking.com.au auth.healthylife.com.au auth-analytics.scinfradev.com account.pointhacks.com.au cssp-uat.angleauto.com.au auth.onemap.com.au jetstar.abbaspour.net sit.membersvic.returnit.com.au memberauth.policeassn.org.nz auth.express.vpass.io auth.ledgegroup.com.au auth.dev.greens.systems login.logicly.com.au identity.qa.guardianlive.io auth-ap.leaseplan.com auth.volleyapp.com.au auth.recit.app spence-org.acmetest.org auth.anzsmartchoicesuper-dev.ioof.com.au dev.id.brightlysoftware.com.au auth.fcc.co.nz login.home-in.com.au id-cicd.creditsavvy.com.au auth.guinness.id identity.whispir.com login-alpha.roaddirect.co.nz login.pre.hirepool.co.nz auth-dev-au.thirdeye.jadeworld.com auth-test.bro.game spence.acmetest.org signin.lawcpd.com.au secure-dev.nzte.govt.nz auth.mumsmatterpsychology.com auth-smt.illion.com.au auth.mattrlabs.com auth.theyield.com auth-dev.grocstock.com auth.againagain.co login.hmp.uat.racingvictoria.com.au auth.search-x.com.au auth0-ohd-woolworths-test.ortecapps.com login-devtest.hitrak.com auth.rationale.com bcauth.tradelink.com.au login.valis-ai.com auth.sandbox.medeintegra.dev auth.digital-dealers.com pawprint.valiant.finance login-dev.buildxact.com auth.au301.mattrlabs.io auth.connect.favor.church auth.newsconnect.com.au auth.myapplication.co.nz internal.id.ap1.prod.kaluzaplatform.net auth-custom-domain-spike.dev1.ansarada.com auth-dev.masonstevens.com.au auth.develop.zettle.com.au login-dev.impactapp.com.au login-cki-int02.towercloud.co.nz auth.navexa.io auth.dev.osqo.com.au auth.blockearner.com.au login.australianmedicalplacements.com.au insinnovations.com auth.insightfactory.ai auth-customeroutreach.boq.com.au auth.communicate.smokeball.com.au auth.staging.keepsight.org.au auth.kasada.io sgc.signin.blackboard.com b2bsso-dev.uat.krungthai-axa.co.th prod-login.hastingsdeering.com.au auth.portal.stg.subi.au everyday-auth.petsure.com.au auth-mgmt.uat.cyberknowledge.com auth0-vicinity-retailer.vicinity.com.au login.enz.govt.nz id-tst1.capricorn.coop auth.stg.blockearner.com.au login.scotty.com.au auth.staging.oet.com auth.macquariegroup.sandbox.bronte.ai auth-qa.scinfradev.com auth.pospoc.ip-ddns.com login.findababysitter.com.au auth.ahm.ninja au-auth0-staging.sleek.com auth.edv.qa.rpmglobal.com auth.kidsget.money auth.neutron.mattrlabs.net auth.auspropertyreport.com.au dev.auth.servictoria.com.au auth.galanesia.com auth.runtimeresonance.world mlu-login.mdhs.unimelb.edu.au auth.lasertag.com petportal-auth.buddypetinsurance.com.au sso.twassureplus.io dev-app.batchbase.com.au auth.diversitysync.com auth.test.reecegroup.com.au auth-dealsonwheelsfarmtrader.partica.online auth.au.hustleoutbound.com auth.dev.numerik.ly test-id.drawboard.com auth.edgepri.com id-test.creditsavvy.com.au login.getequiem.com sandbox-auth.hlcloud.com.au login.dev.home-in.com.au docs.sgdev.org test-login.maddocks.com.au auth.kineticafinancial.com login-preprod.tower.co.nz lala.aussie.com.au e.hvacportablesystem.net dev-auth.thewalkersspace.com auth0.step.nz dev.nomara.com.au cody-analytics.sgdev.org auth-playpen.sandbox.beforepay.com.au auth-uat.theyield.com auth.au.wheezo.com auth0.portal.physiocouncil.com.au auth.s1-gen3.tradeepay.com.au login.staging.mindhive.ai auth.mortgagechoice.athena.com.au au-test-1.tham.club id.yurika.upowr.cloud portal-smbc-apac-dev-auth.apac2.fenergox.com auth-actions.scinfradev.com auth.aerotechaviation.com.au introducer.angleauto.com.au auth.demo.pathzero.com login-twr-dev2.towercloud.co.nz login.qa.ailo.io login-test.groundfloordelivery.com auth.staging.workforceanalytics.com.au login-tmi-dev1.towercloud.co.nz auth.athena.com.au auth.g1.com.au auth.stage.reecegroup.com.au id-uat.decoda.com.au verify.dev.scriibi.com qat-login.raa.com.au auth-qa.entwined.com.au my.boltonclarke.com.au functional-tests-deploys-prod-au-stable.authzerotest.com auth.connectbytheptc.com auth.dock2dock.io auth-localisation.scinfradev.com pcl-auth.dotnous.co.nz login.smartpaddock.com login.practice.healthengine.com.au id.drawboard.com uat-auth.fcc.co.nz auth-members.ooedoonsen.jp auth-test-apse2.fivecast.com login.otivo.com id.bupa.com.au auth-dev.qimrberghofer.edu.au auth.windoware.com.au devlogin.perxhealth.com auth.stage.faethm.ai auth.runyourown.com dev-auth.cdcms.nz login-nz.sandbox.zip.co auth-dev.curalink.com.au cssp-sit.angleauto.com.au stg-account.open.edu.au myalfredhealth.au.auth0.com login.hmp.test.racingvictoria.com.au auth.atlas.helloaxis.com.au login.bfs.dpi.nsw.gov.au internal.id.ap1.prod.kaluza.com auth.softbytes.dev login.nz.etika.com login.housies.co.nz id.medicaldirector.com auth.clubaperol.com auth.unify.sandbox.novatti.com auth.westfield.com.au dev.au.identity.mutinex.co auth.syntric.io auth.staging.numerik.ly vh92.vhcdn.com sso.mla.com.au auth.energymining.sa.gov.au auth.joust.com.au auth.innov8.id auth.homes.co.nz auth.tst.aplas.com auth.search-x.dev login-tog-int02.towercloud.co.nz login.v-sure.com.au uat.login.ciam.ipaustralia.gov.au id-at.servcorp.com login.vsure.com.au portal-config-uat-auth.apac2.fenergox.com auth.dev.vald.com staging-login.otivo.dev auth.arguinzon.es petportal-preprod-auth.buddypetinsurance.com.au auth.dev.jdsports.co.th dev-auth.wealtho2.com.au login-twr-int02.towercloud.co.nz auth.tyro.com identity-qa.whispirdev.com dev.auth.pepperstone.com loginstaging.qoin.world auth.uat.mcards.com auth.staging.happly.com.au login.mapsinfotech.com ev-id.originem-sac.com.au login.fitlgtest.com auth.tasmanenvironmental.com.au auth.unify.novatti.com auth.uat.interflora.com.au auth.uat.vivalab.health auth.someone.health auth0.connect-dev.madewithdevotion.com.au auth.sarassist.com cloud-ops.sgdev.org auth0.sandbox.myprosperity.com.au login.fisherfunds.co.nz login.fitlg.com auth0.v2.dev.apse2.annaliseai.io auth.msc.group login-vau-plat.towercloud.co.nz auth.datameshgroup.io dev-auth.allotrac.io auth0.figtreecafe.com.au auth-clientportal.wealtho2.com.au identity.bluedogit.com.au sit-auth.ngssuper.com.au auth.dev.martin-crm.com login.stg.portal.eyecuedashboard.com login.app-staging.haast.io pda.hvacportablesystem.net in.nerdspanner.network login.dev.cloud.dataco.ai auth.knowbypro.dev auth.dev.blockearner.com.au auth.harmoneylabs.com sorbello.au.auth0.com auth.turf-forensics.com redimed-au-prd.au.auth0.com auth.aplas.com auth.unimarket.com.au auth0.aroundsocial.com auth0uat.kdev.com.au login.copyright.co.nz go.auth.gomarkets.com

Malware Detected on Host

Count: 16 d31cdbc82401d4caf3e6b453a40425f6e7d172322c49b1fea5a9354c06384a5e e3f0af5a9dc49fae29e17438377fbfd4cc44528202e559930acaa2cab9cb1bb2 d672e89f1dc1bb41bfa2e2386017af709bbd856dbed31fd2e13dd52e37482817 81bcc2c894262dcdd3b0d98c2d945e783f31d3ace4b77b4a810d9cadbae78bbf 07339bc0f36e8c8c215e0f6236e5f98d8e09cd73108fbf9dc8be06ace2e97576 88e01aa4b33e08bc7a905af8cc0e60a404a7fb7a9388267e1c2126dac99d4fdf 4434bda86360766ba7965436ad7b932c9be2915149d6e915306596a257205a85 eb903935d520b7b89dfd4381f9bd1f677be0dc19f642ca4a4fb8d1e5de5eddf5 cb1458201a290664b15f20e38d386fd40d6a7c9072aaf6d4029c6af5e51c29ff b345255a534a2cf50227651e7f1c6fcb13b64696a019fc40382bc29218a1080a

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20