104.18.40.209 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.209 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1176 - Browser Extensions, T1560 - Archive Collected Data

• Tags: accept, alexa, alexa top, appdata, artemis, ascii text, authority, bank, blacklist, blacklist http, blocklist, catalog file, cisco umbrella, class, click, cnc feodo, cnc server, critical, cronup threat, cve20188453, cyber threat, date, deepscan, detection list, done adding, dropper, emotet, emotet ip, error, et cnc, facebook, feodo, file, first, general, generator, hybrid, ip summary, jul jan, local, malicious, malicious site, malware, malware site, million, pattern match, phishing, ramnit, ransomware, recent emotet, root ca, safe site, sample, samples, site, sodinokibi, ssl certificate, strings, summary, suppobox, tag count, team, threat report, threats et, tracker, tue feb, twitter, united, unknown, unsafe, url summary, virustotal, whois record, whois whois, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Ireland, Italy, Singapore, United States of America
• Passive DNS Results: a-target.dev.proc.v1.kcwayofinfinitegrowth.com dev3.id.v2.kc-childcare.com uat.emiratesnbdcapital.com.sa gmfsqr.transunion.co theordinary.com test65-az.thepinemarten.com op-az.thepinemarten.com www.cipd.asia dev-az.thepinemarten.com manhattanuniversityfundlawsuit.com dev.emiratesnbdcapital.com.sa seminarai.knauf.lt kollectivenr.com surprisestadium.com hackerone.co.rs target.tcceast.dev.proc.v1.kcwayofinfinitegrowth.com www.water4all.org a-target.tcceast.dev.proc.v1.kcwayofinfinitegrowth.com api.solobet2.com media.knauf.lt cmsksacapital.emiratesnbdcapital.com.sa www.thepinemarten.com fab-preview.qa-se-cfp-fbmvp-25907-add-search-custome.az.ssdgws.co.uk fhihoreca.com accounting.kollectivenr.com pwod.info server1.dev2.proc.v1.kcwayofinfinitegrowth.com dev1.proc.v1.kcwayofinfinitegrowth.com www.surprisestadium.com www.vita.no.cdn.cloudflare.net epiprod.flugger.com.cdn.cloudflare.net server1.tccwest.dev3.proc.v1.kcwayofinfinitegrowth.com dev2.proc.v1.kcwayofinfinitegrowth.com server1.dev3.proc.v1.kcwayofinfinitegrowth.com partner4better.cn www.partner4better.cn prismsingapore.sg www-stage.gallery.water4all.org wcdn-dev.jackpotcity.mx www.flugger.com qa.charlottetilbury.com www.qa.charlottetilbury.com gcdn.jackpotcity.mx thepinemarten.com gallery.water4all.org gallery.water4all.org.cdn.cloudflare.net login-qa2.liverpool.com.mx gcdn-dev.jackpotcity.mx nordbusinessaccount.com 52167.loan knauf.lt www.rotring.com.tr.cdn.cloudflare.net www.jackpotcity.mx login-qa1.liverpool.com.mx candy.ai jackpotcity.mx login-qa2-private.liverpool.com.mx preprod.emiratesnbdcapital.com.sa epiprod.flugger.com rotring.com.tr www.rotring.com.tr czone.navico.com.cdn.cloudflare.net zinforo.com.br qdosglobaltfp.be liverpool-dev.auth0app.com wt.liverpool-dev.auth0app.com edge.tenants.liverpool-dev.auth0app.com hackzrone.com engage-assets.wv-casino.goldennuggetcasino.com engage-assets.wv-casino.goldennuggetcasino.com.cdn.cloudflare.net www.emiratesnbdcapital.com.sa.cdn.cloudflare.net www.nano-purification.com.cdn.cloudflare.net a.fsdn.com.cdn.cloudflare.net www.emiratesnbdcapital.com.sa inspire360-uat1.com jameshardiepros.com www.plafondsystemen.eu plafondsystemen.eu knauffanshop.eu drterkonda.com betway.com.ar preprod.ecophon.pl integration.ecophon.pl www.queenanne.com abelsfield.com www.ecophon.pl www.ecophon.pl.cdn.cloudflare.net riello.ua sagelinkup.mobi twentydaily.com dev.twentydaily.com www.refinishingfg.com refinishingfg.com saistumanonar.cf arturkauf.pl erascom.tk neilbernal.com sbohem-lepsi.xyz neutrinobox.xyz hindustanagency.com eatonsauto.org katalog726.gq lumi.mp jcdaw.com derucmay.ml abreacab.tk zestzerentconpers.cf www.revinddigital.com revinddigital.com n.rsir.tk online.kcitoday.com adtrophovgaconsbang.gq www.wpnews.io wpnews.io riadwornedeco.tk exliplengsa.ga alpinefreshair.com larixhost.com furdiileteli.ml salhendfoodslorick.gq downbackzapsoftponcu.tk www.thecsmt.com.cdn.cloudflare.net crudarreasgoodandbar.ml birepac.cf xn–80awpbdck4e.xn–p1ai choefeviwich.ml trasdeste.cf w.s-tube.shirasulab.com www.losganglios.com icgafila.ml nuqezaqiha.tk ketodryd.cf boggteeconpabers.ml azwicsama.tk www.gnrgindustrial.com gnrgindustrial.com rautiraredob.tk site.7pet.com.br.cdn.cloudflare.net detergentitik.it mlno.detergentitik.it odqp.detergentitik.it presmeetmu.ga roejone.tk odixnm.info caseificioponticorvo.cf wpoverflow.co kallipod.name.ng hhpcmn.vip thelogohouse.co mydotboston.com ertegdownmenlilong.tk parcad.my.id pechatiru.ru fp-project.net www.freefireevenduniagames.com hampdangcent.tk hylaservice.ru ldap1.shirasulab.com drive.shirasulab.com cloud.shirasulab.com chipozhy.tk larurekecu.tk stoptabsioburtimi.tk tapaparkmetero.tk forstosavachazo.tk fenkribuzzdiscnansimp.tk freefireevenduniagames.com unlilicu.ga nmomfv.com traderr.tk 8o9kv.shop.cdn.cloudflare.net www.ozzardenvironmental.com second4you.xyz acceptefficientforeman.best ofydafipuzir.tk yzunalubajel.tk unitechairconditioners.in naegooggalecepne.ml all.christianenough.com sgcidev.com news-nations.site hiemamitabdire.tk creatusitio.site www.smart-donations.com smart-donations.com hydrated1426.space semptrichcanemos.tk www.siliconflagey.com galldyslirevi.tk lerjunkpardaconspa.ga anutunluabottlen.tk ideiacesa.com www.ideiacesa.com waepoaguaraheart.tk cleananerbliccochou.tk wnrw.site bekensieucute.shop www.bekensieucute.shop promulgatebountyfit.top brasvolgbustbraskann.tk mygorkana.co.uk cosyquietdelight.monster m.kcitoday.com site.kcitoday.com sensecourse.com rioboversarthgema.tk www.flagdownload.com flagdownload.com flaxseed.bestestpin.com choose-life.us devops-alumno10.com femax20.com twortioceltafedu.tk nuzzlechoicesteady.cyou of-19717.xyz yhh6f5.com case.bestestpin.com pastkistousantemen.tk subtrao.store dermimed.com.mx enlightenment-now-academy.com www.nasimco.org tititi.digital duniawine.com stunkoredicompwing.ml chroginere.xyz sistematiksonuc.com neyhuyscenoven.ml pretaninrosenters.tk quededirilassga.ml www.cordiline.com.cdn.cloudflare.net facemasks.bestestpin.com szybepetvechi.ml pousteegetodo.tk majunccambnakca.tk jacobi-im-auftrag-der-sauberkeit.de norwaytrade.com hammer-of-thor-official.site bubokaa.site afrikakompaniet.se www.afrikakompaniet.se highbetaburootdi.tk tiboocecriaspansa.tk tatijekeechur.tk lvsongshibj.com nuosha.top yerbasquecuran.com aneastrucwinmorr.tk babitertodob.gq xinyu-shengwu.com ulenlinudphy.tk edu.bac.aws.mw.cr aprendiendo.bac.aws.mw.cr ozzardenvironmental.com shoplithoedbuy.xyz www.virginiabeachcosmeticdental.com mi360-showroom.de staging.issuemediagroup.com upinfo.ml imoney-news.mobi jyukumann.xyz slotspotz.com 1-skl.com www.uhupay.com uhupay.com www.concept-care.eu smartmyindia.com www.swivel.com.au.cdn.cloudflare.net outfits.bestestpin.com facemask.bestestpin.com redwanconnect.com bdonshaw.stream adacofwai.gq collectfromhere.com jbajqf.com www.gogwu.com.cdn.cloudflare.net madschool.in trenamicunen.ml zwrf.rengchi.top cattle.bestestpin.com run.bestestpin.com woman.bestestpin.com winter.bestestpin.com wonder.bestestpin.com initialcloudflare.jeffcayley.com.cdn.cloudflare.net insanityblog.nl obbalephasal.ga tioreabrilenlock.cf chentitownsancraf.tk www.pttc2.tk pttc2.tk milnaetreadlacop.tk delightfulyyj.tk segurodeuna.com kr.dewebc.com elfumetipeapers.cf nkjmfc.fun lietiaspookuses.gq povatorxyase.ga reviewsbuys.net eedirhidti.tk forrouthepamortluk.tk es-futbolfactory.com mgmtnj.com probet-10.com vraa9g.l04wd4tu.ltd r7uedr.l04wd4tu.ltd jisttico.ga logcaterci.tk fcsp6.com cullcompstuddis.tk trodenov.tk anime.bestestpin.com dewebc.com exbestarihea.tk iomilaureo.it www.furfuri.xyz furfuri.xyz hammyct.com frenathlenmi.ga blazaxaf.ga kerbcampsicuremi.tk priczomancei.tk epdwujrp.icu factorystoreargentina.gq www.alokexport.co.in.cdn.cloudflare.net alokexport.co.in concept-care.eu unesmomnimiback.cf ilmaoitustori.cf g6hn7llv.icu www.jbcaps.al phillygradcoach.org thebabelog.xyz itefnica.ml ocpaicaffiming.gq enacngur.cf meullevpigpahg.tk tagteamhomesva.com snicaderma.ga ekuhygagopy.ml jourmuvenli.ga mmoaof.assthetics.info liinambai.cf supplanca.tk prelbersihi.tk kaastelcontbira.ml howgetridg.assthetics.info axexylidupefi.tk bosqq1.com www.nutrafitx.com sifibvabac.tk looregonsba.tk pyxujywagi.ml batteryshopee.com thereddandelion.co.uk jbcaps.al spiroutosse.tk www.5019916.live 2716618.live 6261843.live mehdlemmarnaq.tk enceudibzerol.tk phtfmba.pw abcudeefbova.tk www.blackdirttopsoildelivery.info uwusidahen.tk sloblinipotalneu.tk niqesiriqoci.gq erunnawinme.cf huyaraxowu.ml colrafedneta.tk buddafloripa.com.br ytozozyhihan.cf nymewafuxefo.tk gopolumy.tk burradomocent.gq anyjyruyavysun.ga fisabertiocel.tk loxerabika.ml alobecherri.gq bucdenenroves.gq niurkamiamisproperties.com liaknow.ga aiuslinn.tk zasasyduvelo.gq adimprocofprin.tk manxbhz.com instaplusvip.cf hair.bestestpin.com tattoos.bestestpin.com udeqabocawit.tk singnabittama.tk centveposubzythe.tk remamensehand.tk recooronarli.cf ipygotiqaj.ml caonmei.com adasaftime.ga brainsmithsmail.tech tulikaxyhagi.gq apfiseatsadjze.cf pcentrekz.xyz jglvgz.xyz nlyyhk.com puntoelectrico76.com psoriaticarthritis-ace.com scetelefonia.it modemedia.tv californianeurohealthrwc.com btcex.pro 7dxb.me jp01.guying.site ususnessne.xyz www.letshare.app skylandia.site nilancer.com kefir.bestestpin.com makeup.bestestpin.com keto.bestestpin.com healthy.bestestpin.com crunches.bestestpin.com yourfaith.online arnoldcemetery-ne.org server2000.eu genospizzabytheslice.com liamigelangget.tk cat.bestestpin.com care.bestestpin.com saw.bestestpin.com captain.bestestpin.com car.bestestpin.com sail.bestestpin.com said.bestestpin.com unit.bestestpin.com sure.bestestpin.com wing.bestestpin.com women.bestestpin.com wood.bestestpin.com d.guying.site www.kappersoutlet.com.cdn.cloudflare.net ordercornersburgpizza.com icerik.bestestpin.com navi-team.me songcongland.com c.guying.site mixdarkcoc.com.ng wedding.bestestpin.com recipee.bestestpin.com www.supereef.club scepapbantiostalra.tk shirasulab.com b.guying.site www.adultwebcams.blog aglarphoebupu.gq supereef.club test.studiofuture.nz ppp2.bialystok.pl www.ppp2.bialystok.pl rester.media.pl makemoney.bestestpin.com adnaganvilisjack.tk www.cursobronzeverao.com.cdn.cloudflare.net cursobronzeverao.com shamnianiy.wang handchavereko.tk www.famous-manufacturer.com famous-manufacturer.com 50restaurant.com exconretsfimb.tk retreatfashion.xyz situsjudibos.com www.younceoms.com younceoms.com theostylaserimil.tk poconnajasira.tk thebestcatfish.com face.bestestpin.com bersed.ru bis365.biz cmmcson.org www.ceperoabogados.es www.shantibenessere.com.cdn.cloudflare.net partner.leyovisa.co.nz trancomdingsubthesen.ml cpcontacts.suddimahithi.com cpcalendars.suddimahithi.com ufuydyze.icu worlowarumely.ga bohohomeaccents.com verlopowsatac.tk get-pickup.com rabchaidecvibedtie.cf vesfdownbagborhcheckpres.ml dust24.biz lasagna.bestestpin.com www.shoeiq.com shoeiq.com smoothie.bestestpin.com sporty.bestestpin.com

Malware Detected on Host

Count: 4 d9d800ea95de98a5c1e5918d12bfe79c275ae3858e10e5b718a057015360f63d 8018fbc4379d7348662a437f6900a72240706ac857a574eb1fa4d19a5909db01 e639306c7587cc302a5c6c6e638ea552d652c6b0e69457c373b50f89dab5b94c b6a2162e86dbf9d501555377a6262ba63f5d1ff87d47a284ba3e8a9d7ef26cc9

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20