104.18.40.249 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.249 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 53/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1123 - Audio Capture, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1566 - Phishing

• Tags: acint, adam lee, adware, agent, alexa, alexa top, amazon02, america, android, anonymizer, api blog, apple, artemis, asn15169, asn16509, asn20446, asn54113, asp.net, asyncrat, august, azorult, back, bank, beach research, behav, blacklist, blacklist http, blacklist https, blacknet rat, browsing, centura health, cisco umbrella, cleaner, cobalt strike, coinminer, colorado jobs, communicating, conduit, contacted, control server, cookie, copyright, crack, cyber threat, danger, data.net, de indicators, detection list, docs pricing, domains, downldr, download, dropper, eeo public, emotet, engineering, erika lee, et, exchange, execution, exploit, facebook, fakealert, fastly, filetour, filing url, firehol, first, follow, frankfurt, fusioncore, gamehack, general full, generic, generic malware, genkryptik, germany, gesponsert url, get h2, ghost rat, gmbh version, google, google safe, hacktool, hash, hashes, heur, highwinds3, hiloti, historical ssl, hostname, hostnames, http, http attacker, ice fog, iframe, indonesia, industry and commerce, installpack, ip address, ip summary, jimburkedentistry, july, june, laplasclipper, leder-family, line, listen live, login, main, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, metasploit, microsoft, million, mimikatz, miner, monitoring, msil, name value, netherlands, nircmd, no data, noname057, november, nr-data.net, nreum, october, oid2, opencandy, outputldjh, page url, pe resource, philadelphia, phishing, phishing site, pinnacol insurance, postrelease, prague, presenoker, protocol h2, ramnit, ransomware, redline stealer, reinsurance, relic, resolutions, resource, reverse dns, riskware, runescape, safe site, sample, samples, scam, search live, security tls, server, service, services, site, skynet, softcnapp, software, ssl certificate, state, states, stealer, steam, subdomains, summary, suppobox, swrort, systweak, tag count, tags, team, threat report, threat roundup, thu dec, thu nov, tiggre, trojan, trojanspy, trojanx, tsara brashears, uah1200, uaw1600, ucd24, uh1200, uhis2, union, united, unsafe, url http, url https, url summary, usd1, us summary, utz60, uw1600, value, variables, wacatac, warning, webtoolbar, whois record, win64, xrat, xtrat, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: mahindraw601.com internal-stg-home.ctcorporation.com drynights.nl vismaonguard.de cf-tbs-weu-preprod-vnext.tbs.aon.com ayuntamientojanico.gob.do blue-portal.tbs.aon.com blinkitlifeline.grofers.network inazucar.gov.do www-u.lupronprostatecancer.com devlake.ctcorporation.com ijogop7.xyz p7.game www.q2e0.com origin.p7hd82d.com p7app.xyz p7app.site p7app.online p7app.live p7app.fun appp7.com p7app.com thewhittingtonarmslichfield.co.uk p7fun.xyz comm.acceo.com stg-home.ctcorporation.com p7s.games commcloud.prod-aahh-dcshoes-austria-at.cc-ecdn.net.cdn.cloudflare.net www.hdcollections.com www.mediadirectory.economist.com www.caverion.lt biglatto.com boi-stg-home.ctcorporation.com nrailadonate.org mediadirectory.economist.com mediadirectory.economist.com.cdn.cloudflare.net ui.uat.pdp.arc.travel cms-sit.absperpetual.com www.biglatto.com essiepr.com cms-uat.absperpetual.com alicia-zsibugay.gov.ph comm.acceo.com.cdn.cloudflare.net dev-home.ctcorporation.com.cdn.cloudflare.net boi-internal-stg-home.ctcorporation.com.cdn.cloudflare.net internal-dev-home.ctcorporation.com.cdn.cloudflare.net breezeeu.yardicf.dev yardiuscsdbeta.yardicf.dev polychaingtcarbon.com.mx ycrmqa.rcash.dev admincollectqa.rcash.dev boi-internal-stg-home.ctcorporation.com www.malayanbank.com rspower.rcash.dev elevatecsd.yardicf.dev.cdn.cloudflare.net ssotest.garmin.com collectprocessorqa.rcash.dev malayanbank.com fo.los.malayanbank.com billpayvendorapp.rcash.dev billpayprocessor.rcash.dev elevatecsd.yardicf.dev dev-api.ctcorporation.com dev-home.ctcorporation.com internal-dev-home.ctcorporation.com leonfrazer.com www.rlthub.co.uk.cdn.cloudflare.net ladydriver.movida.com.br vicsautoctr.com luckydawgsports.com www.fintechfutures.com fintechfutures.com shopsage.com.ng fantasy333.com stg.badgingportal.com qa.badgingportal.com stubmysdeydemo.ga kacalre.tk kethostspas.cf www.topacc.top topacc.top loatamo.cf chaimbreugelmans.xyz gautontemuwealth.ga distrimefaro.tk idnage.tk pranefebap.ml www.gaggiss.store gaggiss.store testinetless.tk littprocsornina.tk buffalotopwin.inexacting.fun chiephosdabbtrifdis.cf charbarapho.gq senfmezsotempdahtea.tk rastareddurchchard.tk investinmyproperty.com soldieradventure.inexacting.fun quipresnebur.ml szxdcfvgbh.gq zamansiz3-indirim.site windnocarning.tk cydepic.gq www.pieforce.com strafbarkeit-verteidiger.de www.spainrihab.com iswitchstreams.com mabowsvalltretthe.tk academiaforex.com pimarcuemedonri.tk taitmotconge.cf cartpoconguesubt.tk kravcumtuwhisttil.ga www.healthdental1.com www.marionsandler.com gosotrack.com findnetcovire.tk marionsandler.com comliba.ml exilunjoyra.tk enjoversknudwooldphi.gq diachamplele.ga theworldgo.co feedolrekifornei.tk winbsab.xyz doc-avto.live oncowerna.tk malcanilihamor.ga bestnaverdaeculigh.tk senstarfglic.tk ajgrinitelarin.tk www.frenchcreekpublications.com frenchcreekpublications.com trashxxx.com kishmaventure.com dulcesmonachos.com pouspari.tk runeaudioprisonnier.space satyacenter.com cpcontacts.gadgets-review.com cpcalendars.gadgets-review.com www.gadgets-review.com minutanwa.tk deoteabdova.tk niko-csgiveaway2020.xyz www.memorehouse.com akokegaqej.tk www.abundantpropertiesatx.com abundantpropertiesatx.com cleopatralifehotel.com youqianhuanlive.tk oveluzus.tk blogusewcumetin.tk niehampeasymta.tk jitulesenu.tk isedopydyt.tk booking.stayathotelk.com contilona.gq labikexife.ga youreallytried.fun xbett1-5t.xyz honeystore.net froogualibotti.tk verrecarcibeachdi.tk abfalleimer-x.de ticwrofunpolypul.tk www.steamcarpetcleaningperth.com.au steamcarpetcleaningperth.com.au redapokonridys.tk lenne-baumschule.de adavepbugu.tk ibuyhousescashnow.com cpcontacts.ibuyhousescashnow.com cpcalendars.ibuyhousescashnow.com www.ibuyhousescashnow.com rubbishclearancenorthkensingtonlondonw10.co.uk widenlovelygrade.buzz fortniteuscross.my.id casternetic.club support.docucom.ch www.support.docucom.ch lofu88.asia servicioswebdemo1.ga sandmonsnazete.ga www.csdhost.com raffthawrbapomu.cf rahinumtoucar.tk vpn.ultraio-dev.com jiafumart.com restblare.site mzsqos.shop cnclaserdeals.gr www.cnclaserdeals.gr juristinmuotoilukoulu.fi www.enfermerosyterapeutassannicolascdmx.ga enfermerosyterapeutassannicolascdmx.ga gadgets-review.com theflora.co gustgravdergwabi.tk wghhok.com ascpay.ru zumrigepocfi.tk laptocarthaca.gq mintdzine.com timepiece365.com curphitoletfafil.tk dogecryptominingpools.com mknologo.top realluremechorab.tk www.cobblestone.solutions cobblestone.solutions timecomm-dev.ildcoach.com bryzmaraterko.tk kopaleaseamar.xyz www.kopaleaseamar.xyz ecpautrinojemdun.tk www.proxi-dev.fr deepermail.com contest.ad-viceagency.com mmt14.club forum.devilsmc.pl tbtnf.com.cn.cdn.cloudflare.net jogi-entertainment.de tbtl101.com onfreecn.club reimafinthiatcas.tk navidropsfi.xyz hookah12tabacaria.com.br grappawpoi.online georgesahyouni.com cpcalendars.krottendorf.info cpcontacts.krottendorf.info www.krottendorf.info homeideadesign.tk keydat3.xyz paisisvertpasind.ml marktalidoubtnut.ml preninivallu.tk temkavknein.online retartiahoka.cf wearetheromans.com www.tbtnf.com.cn.cdn.cloudflare.net crownkeston.co.uk yearbookstyle.com navlilanche.gq hanalbinahot.cf rengsuthojopur.tk krottendorf.info subtyvouliti.cf predfichemifo.ml basaltsigcifor.ga giterural-leramage.fr maregunoxej.cf ekenton.com wuvysujido.ga duchyfarmkennels.co.uk rojutaforsa.tk tocestisimi.ga ulacletogoljohn.cf ruisancsbotlissi.gq le-batatobuy24.com adoworytglesme.cf relilisy.gq labcatal.gq flaneur.tw tumomolgongsour.ml cabelosedoso.site www.cabelosedoso.site cpcontacts.cabelosedoso.site cpcalendars.cabelosedoso.site adlasinroussdong.ga hotelsappho.eu rilinknewshy.tk piehorrepholtualt.tk healthdental1.com befodise.ml emailelitesystem.net omternobirea.ga estiudude.tk www.golfcarsofprosper.com crosnipubresen.cf csdhost.com www.yeplightingparts.xyz catchchocompvi.tk roeghosinefmil.tk yeplightingparts.xyz inaricmo.tk uneasily.live 731638.icu goyourhealth.pw fifthe.cc asmater.com rsdc.com.mx secretflag.eriri.dev 029460.icu catonewslyhorab.tk bergmann-hohmdental.com www.thrilltourist.com.cdn.cloudflare.net www.onearmin.com.cdn.cloudflare.net onearmin.com gofarma.top vynypumomarabob.gq www.bandung.me.cdn.cloudflare.net razzaq.dev 533259.icu www.titangaragedoorsdesmoines.com titangaragedoorsdesmoines.com bolumthene.tk www.ltrldhf.cn.cdn.cloudflare.net gorsprofdome.tk dilirewidtu.gq trafrecsicand.ga luminara-restyle.se ninopischke.com pieforce.com ofphiwealsandjeff.tk flovetee.com senlesolsell.tk unviphelea.tk muskieblog.com krathkerteweck.tk promo36qx.gq www.trafegointenso.com.br.cdn.cloudflare.net m75307.com www.m75307.com erunverbuckfchat.ml usaplasmatraining.com begveimatraper.cf sutygepi.ml nyasaltpergi.tk cemasquogodif.gq mifcacakerti.ga combycurdisupp.cf rofixapobixa.cf 011l011.com cepokidexiz.ml jh198.top ukinrarade.tk tivirekoba.ga eternityglobals.com maense.cf odipuniqew.ml gijivefydy.tk thegrastronomiccuisine.com yhisowicob.ml malestrengthmarket.site autoconfig.bandung.me.cdn.cloudflare.net ijubykaveq.tk esspriskey.com tele8.se uxodoxyz.tk humtiokutela.ga compsmigixerin.tk caderazimi.ga gobbclemrachelscava.tk settknippigpare.gq prunsaylighripur.ml loslibertadores.net retewhistlouherr.cf epazexibygoy.ml mnbkikd.tk cpcalendars.kinihala.com cpcontacts.kinihala.com localpref.net reports.ad-viceagency.com foodippo.in renfrewcapitalinc.com khanhbaodoan.com ad-viceagency.com ziafatindianrestauranttakeaway.com.au www.smartvalley.lk cpcalendars.smartvalley.lk cpcontacts.smartvalley.lk smartvalley.lk tiolacnint.tk svelerice.com offersketo.com toipeganakerro.ga thietomelheti.tk eriri.dev www.eriri.dev derpolsterer.eu origincomputersspot.club skycake.org hg20.club politicwatch.space cpcalendars.politicwatch.space cpcontacts.politicwatch.space www.politicwatch.space soladiu.ru sanliurfaescort.com ssegqa.com shilajitbio.com www.iteative.com.cdn.cloudflare.net www.chaine-react.com portal.havi-total.com www.berkah.com chaine-react.com winm.casa cpcontacts.spainru.com cpcalendars.spainru.com spainru.com www.spainru.com crm.havi-total.com www.intex-retailer.com intex-retailer.com smokosanitgracin.ga fueradelbosque.com levene.uk www.tuhomica.work tuhomica.work bzljqms.cn www.piastraavapore.net.cdn.cloudflare.net spainrihab.com webganj.ir dqxgzpyi.ga studioprovence.ru ktywflu.cn nieducpepepte.ga playerup.tk homzidea.co provexretmugide.tk ivysolotat.tk bia2music148.com csp-design.co.uk www.csp-design.co.uk www29243.com www.rckqv.com rckqv.com www.macminiramupgrade.com skrawga.com taesinteriors.com dtccb.com www.pgarquitectos.cl zosotilepcowa.tk exknacunaler.tk arcadeclouds.smartvalley.lk gravboufea.gq placcomppropcolbimar.ga tosetoodisra.cf mglijdlw.icu msrduvqy.icu burhalfmisroue.tk aninalen.tk 73avjmv5.icu woodstockag.buzz 1fara.ru r2m-si.de for-victim.info chuong.lv fallucele.gq coinnpayments.net www.aanivalmennus.fi memorehouse.com growyourdiscord.com www.growyourdiscord.com pernaedol.tk bushmenes.site www.yowhatsapk.com sorpbloggibgylor.tk marketing.akonit.org chivilammai.tk myspace.smartvalley.lk www.landscapedesign.best prevanclicunengreas.ml sexppontta.gq hannorcwirtrincircsi.tk postandpic.com reigreenfiureaken.tk jdzidzo.com contract.metalika.hr roundwebb-log.gq eaters-breakfast-hard.cf nathetuadownsa.ga liadire.cf sefatlaustinisam.tk anrohorvaypus.tk stabpemarbell.gq andrethoele.de tebabanko.tk karazencefil-v2.site er-stock.com aanivalmennus.fi winnemac.org huyas.me vekogoqezenuy.ml iqiwuryfub.cf www.jgmy999.com nitharh99.com www.waterproofingexpertsvulcan.com sminnismacana.tk www.hazblog.com kayskinkytoys.com provinacllet.gq cdn-tp.havi-total.com lkxwbu.com.cn.cdn.cloudflare.net skupauto.site www.gibxtl.com.cn.cdn.cloudflare.net www.kzvico.com.cn.cdn.cloudflare.net cmxnhc.com.cn.cdn.cloudflare.net

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20