104.18.40.240 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.240 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1112 - Modify Registry, T1113 - Screen Capture, T1119 - Automated Collection, T1129 - Shared Modules, T1132 - Data Encoding, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1480 - Execution Guardrails, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure

• Tags: aaaa, abxcde, accept, active related, added active, address, address google, address range, address server, a div, a domains, adversaries, agent, Alberta, Alberta Doctors, Alberta Health Services, Alberta Medical Association, Alberta NDP, Alberta UCP, alerts, all ipv4, allocation type, amazon, amazon rsa, amer, analysis, analysis date, ansi, api key, april, apt, as16509, ascii text, asn as16509, asn as57033, august, av detections, babylon, backdoor, bad actor, bad traffic, binary file, body, body html, Botnet, ca creation, canada flag, canada hostname, canada unknown, cat ozerossl, certificate, Certificates, checks amount, china, ch ua, cidr, City of Edmonton, ck id, ck ids, ck techniques, click, close, cloudfront x, cname, cnzerossl ecc, code, colors, command, comspec, Connect Care, contact, contacted, content length, content type, cookie, copy, copy md5, copy sha1, copy sha256, Covenent Health, cph50 c2, created, creation date, cryptexportkey, czechia unknown, data, data upload, date, date checked, ddos, defense, delphi, destination, detections, detections none, DGA, dga domains, discovery, div div, dock, document file, domain, domain add, domain name, domain related, domain secure, domains show, download, dynamicloader, dyndns checkip, Edmonton Police Services, EduRoam, ef3ghigj, emulation, encrypt, enigma, entity, entity amazon4, entries, entries http, entries pe, error, et info, execution, expiration, expiration date, external ip, extraction, extra data, facts otx, failed, failure, filehash, filehashmd5, filehashsha256, files, file score, files domain, files ip, files location, files related, find, flag united, flywheel, for privacy, foundry, from win32bios, g2 tls, general, gmt content, google safe, GovAB, h1 center, hacktool, handle, hash seen, high, hio50 c1, hong kong, hostname, hostname add, hosts, hours ago, html document, http, https, hybrid, hybrid analysis, icmp traffic, ids detections, include review, indicator of compromise, indicator role, info, informative, intel, internalname, invalid pointer, invalid url, ioc, ip address, ipv4, ipv4 add, italy unknown, javascript, javascript src, june, key identifier, kgs0, kls0, launcher, learn, learn xml, length, less whois, llc address, local, location united, lookup, lowfi, Malcerts, malware, markus, md5 add, media center, medium, memcommit, memreserve, meta, Ministry of Advanced Education, Ministry of Health, Ministry of Tech & Innovation, miss x, mitre att, model, module load, moved, msie, msr jul, ms windows, mtb jun, mtb may, mtb yara, name redacted, name servers, name tactics, n bethseda, n data, network name, next, next associated, no expiration, none file, none google, none indicator, none related, number, online, open ports, org data, org domains, otx telemetry, palantirfoundry, passive dns, path, pattern match, pcap, pcap processing, pe32, pentagon, persistence, platform, please, please note, port, powershell, prefetch8 ansi, present apr, present aug, present dec, present jul, present jun, present mar, present may, present nov, present sep, privacy city, privacy country, private name, process32nextw, programfiles, protocol, proxy, pulse, pulse pulses, pulses, pulses none, pulse submit, pulses url, python, query, ransomware, Ransomware, read c, record value, redacted for, referral url, registrar, related nids, related pulses, related tags, report spam, response, response ip, results aug, reverse dns, rl add, road city, Rogers, role title, rsa sha256, russia, safe browsing, sample, sandbox, savbwcd, scans record, script script, script urls, search, sea x, se bethseda, sec ch, server, server response, servers, service, sha1, sha256, sha256 add, show, showing, show process, site ca, size, slcc2, solutions, source source, spawns, Speader, SSL, starfield, static, status, strings, subject public, submit, submit url, susp, suspicious, t1055, t1057, t1071, t1105, t1480, tags, Telus, threat level, title, title added, title error, tls handshake, tlsv1, tool transfer, top destination, top source, Treaty 6, Treaty 7, Treaty 8, trojan, trojandropper, tucows domains, twitter, twitter running, type indicator, typ no, ua full, UAlberta, ua platform, ukraine, unique, united, United Nurses of Alberta, University of Calgary, unknown, unknown aaaa, unknown ns, unknown soa, upxoepplace, url add, url analysis, url hostname, url http, url https, urls, urls show, us creation, user agent, uss c, usvw, usvwu, v2 document, v3 serial, validity, value, vetting process, virus, vxstream, whois registrar, whois server, win32, win64, windows, windows nt, wow64, write, x amz, x cache, x powered, yara, yara detections

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 8 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Bahamas, Barbados, Canada, Georgia, Guatemala, Ireland, Japan, Kenya, Mexico, Netherlands, Panama, Philippines, Poland, Sint Maarten (Dutch part), Slovakia, Tanzania United Republic of, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: smartsoft-api.luckyfish.co.za portal.lew-verteilnetz.de stake1032.com maintenance.luckyfish.co.za monevaluationfoncierenb.ca premium-demo01.luckyfish.co.za prep.molnlycke.us luckyfish.co.za payfast-payment.luckyfish.co.za statement-api.luckyfish.co.za register-prelive.luckyfish.co.za resulting-cache-api.luckyfish.co.za ownpaycapitec-payment.luckyfish.co.za results-cache-api.luckyfish.co.za signature.luckyfish.co.za tvbet-api.luckyfish.co.za peach-payment-eft.luckyfish.co.za zendesk-api.luckyfish.co.za premium-demo04.luckyfish.co.za northamerica.mondigroup.com inplaysignalr.luckyfish.co.za register.luckyfish.co.za www.luckyfish.co.za dev.transform-epi.oma.org dev.oma-epi-temp.oma.org.cdn.cloudflare.net staging.php-epi.oma.org.cdn.cloudflare.net intemy.molnlycke.us.cdn.cloudflare.net prod.learn-epi.oma.org.cdn.cloudflare.net staging.transform-epi-temp.oma.org.cdn.cloudflare.net dev.transform-epi-temp.oma.org.cdn.cloudflare.net staging.temp-epi.oma.org.cdn.cloudflare.net shop-cm.ringnes.no.cdn.cloudflare.net dev.php-epi-temp.oma.org.cdn.cloudflare.net prod-temp.php.oma.org.cdn.cloudflare.net staging.oma.org.cdn.cloudflare.net prod.oma-epi.oma.org prod.oma-epi.oma.org.cdn.cloudflare.net portal.lew-verteilnetz.de.cdn.cloudflare.net www.molnlycke.us.cdn.cloudflare.net intemy.molnlycke.us staging.temp-epi.oma.org url2149.stake1032.com js-na2.hs-banner.com prod.learn-epi.oma.org shop-cm.ringnes.no www.ringnes.no.cdn.cloudflare.net staging.php-epi.oma.org dev.php-epi-temp.oma.org prod-temp.php.oma.org dev.oma-epi-temp.oma.org Staging.oma.org dev.transform-epi-temp.oma.org staging.transform-epi-temp.oma.org mined.squizedge.cloud educationcounts.govt.nz content.oma.org staging.omf-epi-temp.oma.org dev.omf-epi-temp.oma.org js.hs-banner.com staging.omf-epi-temp.oma.org.cdn.cloudflare.net prod-temp.oma.org.cdn.cloudflare.net content.oma.org.cdn.cloudflare.net prod-temp.transform.oma.org.cdn.cloudflare.net dev.omf-epi-temp.oma.org.cdn.cloudflare.net staging.oma-epi-temp.oma.org prod.php-epi.oma.org staging.omf-epi.oma.org staging.omf-epi.oma.org.cdn.cloudflare.net prod.php-epi.oma.org.cdn.cloudflare.net dev.temp-epi.oma.org php.oma.org php.oma.org.cdn.cloudflare.net dev.oma-epi.oma.org dev.php-epi.oma.org commcloud.prod-bblb-gnc-com.cc-ecdn.net staging.php-epi-temp.oma.org lectinbarrier.com www.ringnes.no staging.oma-epi.oma.org prod-temp.transform.oma.org staging.transform-epi.oma.org prod-temp.oma.org www.oma.org fnbwinnsboro.com caninesuperherbs.com www.oma.org.cdn.cloudflare.net www.exvip17.com virtussharedservices.com globalhealth.com www.globalhealth.com www.whbanking.com whbanking.com www.vastauksesi-ratkaisevat.com erikseuro.com paslaugos.lt www.paslaugos.lt static.paslaugos.lt uat.api.eu.dexcomdev.com www.maispfizer.com.br.cdn.cloudflare.net cerave.com.es www.beta.paslaugos.lt beta.paslaugos.lt btcturk.com kerastaseetmoi.fr ra-rxmedicine.com www.ra-rxmedicine.com skycapstar.site modhorse.net snubabanre.ga ekacandles.com yh15g.com topfinding.store cpcalendars.wesocioo.com cpcontacts.wesocioo.com www.wesocioo.com lucarkyoty.ga iberryt.com columnwinno.com dergrubeducci.cf lelocu.ml bioglocbiogravde.tk niolarlutadeca.cf atuamsokemalri.tk xacouborpnega.cf dbzkan.xyz verresenroators.tk www.dragonclub.es dragonclub.es arlimilynn.ml www.escudosyheraldica.com vervezamalmy.ml www.ironmu.com.my ironmu.com.my cluetrace.co.uk www.donate.zoo.wtf donate.zoo.wtf cpcontacts.dlearning.gr cpcalendars.dlearning.gr amkvhechain.gq diaterigecewood.gq confidequalitysensation.cyou customassignments.org higold.com.hk reffacefider.ga kanijasex.icu rxuk.bcaqshs.top cooseni.xyz galife.com.tw vpayu.in sumlesscoolgltendisp.tk propquelbumovinil.cf jlxpis.co www.ydraft.top tienda.escudosyheraldica.com quojawbconfpresuab.ga tak534tiop6.cyou estranem.ga svererdemenbaki.tk metboza.tk monvireadusttopot.ml ozmotalirape.tk ydraft.top palmettodentalgroup.com sweetbeetexas.com getyourfuzebug.com sao-santomloei.go.th www.yorkchiropractors.com www.m.provinceespress.com gigi5.com fectseelerotutalk.tk urtermelero.ml appedaringjohn.tk nuputi.gq goodmethode.com xdelulbagua.tk u12j8a.vip 3dnature.aprclient.com www.thescreendepot.com fiftyfiftybottlestore.com www.slacklineinternational.org www.trustship.vn trustship.vn 607ok.com www.yyt26n.shop.cdn.cloudflare.net yyt26n.shop.cdn.cloudflare.net veroneekay.website aviacionsostenible.online tseladspacunber.tk fleetfeetbagsle.today witahatechan.tk vadconv.com www.mpcostumes.eu.org valanceprincipledsupplier.website staging2.marketdojo.com.cdn.cloudflare.net www.placeduparc.ca tinpaybomcohendpics.tk ketobrones.ml gadgetpintar.online www.shhh.by shhh.by discountgame.altervista.org.cdn.cloudflare.net www.shopq8kw.com cs-openi.money shopq8kw.com streamcommunintty.com 724livecasino.com ibuild.site www.ibuild.site redgaterecruit.co.uk roipaleteresen.cf newhitsonly.com elefococalot.ga succlapicheedi.cf natural-musclestoday.com asivsenmata.tk egotevin.tk speedyloans.com.co energy-190.ru tumzuikaze.icu bet-ly.xyz thewinter.co peersian360.com colortex.protexargentina.com enterradas.protexargentina.com allo-telephone-boulogne.fr ornfieldsuite.xyz www.asalicapital.co.za profsharemarketresearch.com cpcontacts.profsharemarketresearch.com cpcalendars.profsharemarketresearch.com www.profsharemarketresearch.com mt-gramkr.com watchfullmovies.space 757homeloans.com backmitecademo.ml www.mt-gramkr.com.cdn.cloudflare.net slacklineinternational.org fires-cookers.co.uk conthotssabverccomp.tk gamesio.space wecookittakeaway.com www.wecookittakeaway.com lpoirtskaz.site dlearning.gr www.dlearning.gr cepdaibeverpackdo.tk xinmurolarestcols.tk ticrirohetacan.tk layracmopohader.tk www.detektiv-nn.ru detektiv-nn.ru mkbjabalpur.in www.growthlabs.cc growthlabs.cc cpcontacts.thekibocodereviews.org www.thekibocodereviews.org cpcalendars.thekibocodereviews.org jncnhtc.com www.kontrolnaja.xyz 54dfa8504e1e95357c2a96519880977b.monster melanie-lynskey-nude.top binvest.live nightrunner.cf www.gardenplans.net www.pelicangolf.com.au pelicangolf.com.au aria-aria-na.com train-spagat.online sounds4you.eu fitnessreceitas.com www.fitnessreceitas.com cpcontacts.fitnessreceitas.com cpcalendars.fitnessreceitas.com growthequityreport.com pendigacitjote.tk seotubepro.website websitehostingpakistan.com vistawestproperties.com smvape.net ningnewsrimehelp.tk tembicytachimel.ga auezhiznivoram.xyz humansciencenews.club hhav83.com acaninve.tk hucimunijuf.ml leistilsinggiftdist.tk enepongloomandres.tk guyperliatervosi.cf emails.adr-int.com em.adr-int.com ealimentarium.ch w88nkx.tk comercial.personalizacursos.com hormigon.protexargentina.com extranet.protexargentina.com plantas.protexargentina.com protexargentina.com sincbiburbfoltingmo.ga odermf.com netclubzi.cf literatureclub.online lms.srvticket.co shop.annemettevoss.dk eyxqxk.cn tpagobgreenout.ga borjo5mar.xyz anrenicore.tk gluclutanlingti.ml asmosinerrei.ga icarparjapa.tk eurocitrus.it ovnaniracersa.tk theojoursamul.tk zaitecenli.tk you2views.com test-env-wk.de syfeavamaluft.tk dragoerungdomsskole.dk higiban.com.br chronicbuddha.io cnshengbo.com liamorgimcmen.ga gndivxnv.icu izemywar.tk alitewezuv.tk srvticket.co koinpokers888.com gradamatchap.tk zoo.wtf directpharmasales.com inmarbuiriobladta.tk enficalcor.tk kontrolnaja.xyz gatofledipo.ml discfreelophresec.tk gleanajpulbandro.cf cacecarcont.tk inskill.ru swarunlavi.tk azttcucp.cn oldcam.aprclient.com inetzofoberf.tk yqykiwawyk.ml unsomis.cf eqinoceya.ga ciehaiperrenic.tk wx.bi78.com cardulidype.tk handvaltihorhe.tk www.i9jv0yfuweb.xyz norbersmar.ml tyqosapusuxy.tk drepat.space betsumaeno.tk myeastudio.com bbjxbj.vip adr-int.com gardenplans.net pidiwosade.gq rigupojy.ml tulis.us niaperhellhis.tk uhyxekyzedir.tk horange.top olofodydug.cf mysteryart.nl bi78.com oodfndc.tk imesezfenneu.gq ringfranerizne.tk bonsbihecorbi.ga hlb24.xyz lahyjide.ga ewegumoqit.tk chaucaycanh.net uwigumazuyicu.tk vickiaugustine.com niuav27.com beaconwealthmanagement.com rencoontres.com democraticpeoplecominfo.ga video-etailing.com gresish.cf vecgeliastag.gq andreanieves.com netract.xyz marniworkcicompou.ga megapersonals1.com hypernetplus.com svarka-piter.tk www.empirerugcleaning.com stm-c.com www.f-11.it.cdn.cloudflare.net asalicapital.co.za wesocioo.com algonquinsports.org rjsenang.live vh6h666hb.com admin.wadzee.asportnoy.com chumma.dev cznovinky.fun trezorseries.space grandesconcursos.com.br www.plumeiptv.com plumeiptv.com ecpproduct.com www.globalpilote.com a-snag-intl-cloud-computing.zone roscbrewhenovmencess.tk yourbigpictures.com www.yourbigpictures.com www.annemettevoss.dk annemettevoss.dk kongtorrent9.space yournewgift9.casa na18.ru cpcalendars.skoomy.com cpcontacts.skoomy.com skoomy.com www.skoomy.com adidasultraboost.best redmondchristiancounseling.com pnd.one mylanados.gq balportsaddpropmab.ga cleaner2020.online www.cleaner2020.online www.rba.pl.cdn.cloudflare.net www.omni.com.pg cpcalendars.omni.com.pg cpcontacts.omni.com.pg cpcontacts.personalizacursos.com cpcalendars.personalizacursos.com javhduncensored.com piwinsofrcekarwa.tk laitroubgendotica.cf www.dentistainmilano.it.cdn.cloudflare.net scj6.top dunk11.ml cpcontacts.healingthroughcrystals.com www.healingthroughcrystals.com cpcalendars.healingthroughcrystals.com healingthroughcrystals.com cpcalendars.provinceespress.com cpcontacts.provinceespress.com designcult.com.br www.digimeme.com personalizacursos.com www.personalizacursos.com bcolak.com rierilesixti.ga www.weddingsolder.top weddingsolder.top courtycefetome.tk tlmagency.com pdpampulha.com www.pdpampulha.com.cdn.cloudflare.net kzzwhm.icu bankhoekhong.com xytmm.cn videosideasideas.cf cesparstibiterscomp.tk gliserpleathalac.tk 5i37.net recurrinetc.tk www.apple.zoo.wtf apple.zoo.wtf www.bonus.zoo.wtf bonus.zoo.wtf www.itunes.zoo.wtf itunes.zoo.wtf spotify.zoo.wtf www.spotify.zoo.wtf www.rss.zoo.wtf rss.zoo.wtf heartsteeling.dk bramasole-artesanosdelapizzamalaga.com www.meioambientebrasil.com.br.cdn.cloudflare.net meioambientebrasil.com.br gchzbgrs.icu slxey.cn kingarti.live grieffreak.aprclient.com tryhardik.eu brjxvgpy.icu rinkkomssesdi.tk www.cartenztactical.com cartenztactical.com journeysacademy.org 322an.com acorma.tk nnvzmgj.cn www.youcanexpandyourmind.com youcanexpandyourmind.com tiodimerlowalkro.tk dating-easy.ga ruptnetpa.gq www.downtowngrillemenu.com downtowngrillemenu.com

Malware Detected on Host

Count: 5 768e4c95d3690c90a86e6333a044abab734319bd43670e665ea2319521bacf0a a0c4cdaad3fc2bc598d76463b7634057141d27a4a8cd0f8fcc074fb5069abbd3 7d025f1f4bf71329fa27d5145e830d96712e274c9a238e63e9ddc93883c5f4e6 97e5b2325ff900bee2c059cacac0285911e0eb0d4adc100e08b05cec6191f90b 2d6fd2281b4c3b33f0687ca358211a8e0d48eca5eee070acb2767b9477c79088

Open Ports Detected

2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20