104.18.40.50 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.50 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1491 - Defacement, T1518.001 - Security Software Discovery, T1518 - Software Discovery, T1583.005 - Botnet

• Tags: 443 ma2592000, aaaa, algorithm, all octoseek, apple ios, as12768, as208722 yandex, as30943, as31483, ascii text, asn as13335, astaroth, august, bitrat, body, brian sabey, bundled, certificate, chaos, chrome, city, click, cname, cnc, code, command and control, communicating, contacted, contacted urls, core, crat, creation date, cus cngts, cyberstalking, cyber threat, data, data redacted, date, dch v, dns replication, domain, domain name, domain status, emails, emotet, encrypt, error, execution, expiration date, exploit source, falcon, february, files, gandi sas, general, gmt server, gov, hacktool, hallgrand, hello, hostname, hybrid, indicator, ip address, ipv4, january, json data, key algorithm, key info, kgs0, kls0, life, litespeed, llc validity, localappdata, location united, lockbit, login, lolkek, makop, malicious, mallox, malvertizing, malware, meta, metro, mo, moved, msie, name servers, name verdict, next, number, observed email, ogoogle trust, p2404, passive dns, pattern match, pega related attack, pe resource, phishing, phishing page, postal code, prefetch8, privacy admin, privacy billing, privacy tech, pty ltd, pulse pulses, pulse submit, qakbot, ransomexx, rat, record type, record value, redacted for, registrar abuse, registrar url, registry domain, reinsurance, relacionada, remote, reverse dns, roundup, russia unknown, ryuk ransomware, scan endpoints, scanning host, script urls, search, server, servers, showing, siblings, speed, spyware, ssl certificate, status, strings, subject public, suspicious, targeting, temp, threat roundup, title, t matrix, tpp wholesale, tracking, trang ch, trojan, tsara brashears, ttl value, unicode text, united, united kingdom, unknown, url analysis, urls, ursnif, user agent, v3 serial, virustotal, whois record, whois whois, wholesale pty, win64, workers

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 9 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: go.mnaspm.com go.isatsana.com video.julrdr.com video.siahos.com video.rmzsglng.com go.kbnmnl.com video.kbnmnl.com video.xxxvijmp.com video.godkc.com perfb6mttenant6copy6.aornp.creditlens.moodysanalytics.com mtpool-christinetest2.aornp.creditlens.moodysanalytics.com go.sescprts.com video.althz.com video.eizzih.com video.szxel.com vkfd2531o6crta001b.aornp.creditlens.moodysanalytics.com cerave-es.beauty-campaigns.com go.eshimor.com video.xxxiiijmp.com video.dmskgo.com video.thrscprts.com go.tscprts.com mtpool-frontdoorteststg.aornp.creditlens.moodysanalytics.com nign01mstrtv003prep.dxcloud.episerver.net video.xliirdr.com video.siscprts.com www.valg.no nign01mstrtv003.dxp.optimizely.com nign01mstrtv003prep-slot.dxcloud.episerver.net gatewaybanking.com eqtnexuseltif.com video.bluetracktor.com video.xlrdr.com cbaccarah.com video.mnaspm.com facturarenminutos.com go.xxxvijmp.com video.rmshqa.com statebankonline.biz go.ayilil.com qa-no-occ-apd-6618-cosmosnetworking.az.ssdgws.co.uk cerave-es-event.beauty-campaigns.com video.dmsik.com video.xlvirdr.com go.xliiirdr.com go.niscprts.com video.schjmp.com go.zybrdr.com video.ashhgo.com go.xlviirdr.com go.xlrdr.com go.szxel.com saveroomfordesign.com video.imkirh.com video.admjmp.com video.hciri.com video.mshago.com video.xlviirdr.com go.xofde.com go.stiahs.com video.srekrap.com go.dzhjmp.com go.ashhgo.com ggg.xhamster.com video.dmsktmld.com go.xlivesex.com go.fxmnba.com video.reebr.com video.xlviiirdr.com joinourcommunity-uki-kol.beauty-campaigns.com datafeed.services pradabeauty-es.beauty-campaigns.com go.dmsik.com go.forscprts.com go.bdobre.com go.thscprts.com go.suovop.com www.xlivrdr.com go.hciri.com www.art.com go.godkc.com go.xxxijmp.com go.rmishe.com go.tmrjmp.com 77788.top prod.valg.no nign01mstrtv003inte-slot.dxcloud.episerver.net inte.sales.allente.se video.hpyrdr.com directsucktraffic.top rejoynhcp.com www.rejoynhcp.com go.imkirh.com go.hpyrdr.com 123zz8yim.com video.leojmp.com video.lxzrdr.com video.bmbsgo.com video.gldrdr.com go.mdyjmp.com qa3.cm.kotex.kz qa2.cm.kotex.az go.rmzsglng.com go.xxxviiijmp.com go.xxxviijmp.com go.bbrdbr.com qa3.cm.lakotex.com.gt qa.cm.kotex.az go.admjmp.com armanibeauty-es.beauty-campaigns.com video.bshrdr.com video.zybrdr.com go.gldrdr.com video.rdrjmp.com video.strpjmp.com creative.xxxijmp.com prod.sales.allente.se qa1.cm.lakotex.com.bo qa1.cm.lakotex.com.do qa1.cm.lakotex.com.gt go.xlvirdr.com kiehls-es.beauty-campaigns.com qa3.cm.kotex.co.il qa2.cm.lakotex.com.py video.bbrdbr.com creative.xxxvjmp.com static112233.com video.rmhfrtnd.com video.sohjmp.com captainz-media-staging.memeland.9cache.com go.blcdog.com qa.cm.intimus.com.br qa3.cm.intimus.com.br commcloud.prod-bkzb-art-com.cc-ecdn.net.cdn.cloudflare.net www.bio-circular.com ocapi.art.com creative.rmhfrtnd.com go.rmhfrtnd.com go.xxxvjmp.com kerastase-se.beauty-campaigns.com cerave-fr.beauty-campaigns.com ccbm.bgjl-stg.cc-bm.net creative.lxzrdr.com go.julrdr.com video.dmzjmp.com video.llyjmp.com go.dmzjmp.com go.bmbsgo.com go.bshrdr.com www.preview.art.com www.ascom.ch video.xxxjmp.com video.smljmp.com go.rdrjmp.com go.clbjmp.com creative.xxxiijmp.com video.xxxijmp.com go.smljmp.com creative.ashhgo.com creative.bshrdr.com creative.rdfxgo.com go.leojmp.com creative.bmbsgo.com video.rdfxgo.com creative.mgdjmp.com go.lxzrdr.com go.rdfxgo.com go.dmskgo.com video.tmrjmp.com go.hpyjmp.com creative.hpyjmp.com www.grantthornton.tn cl-cloudflare1.aornp.creditlens.moodysanalytics.com yslbeauty-se.beauty-campaigns.com sagepaymentsolutions.com go.xxxjmp.com qa2.cm.kotex.com.vn qa2.cm.kotex.ge qa3.cm.kotex.com.tw qa2.cm.kotex.kz qa1.cm.kotex.kg qa1.cm.kotex.ge qa2.cm.kotex.com.tw qa2.cm.kotex.com.my qa3.cm.kotex.ua server1.tcceast.qa3.cm.v4.kc-femininecare.com qa3.cm.kotex.com.ph server2.tcceast.qa1.cm.v4.kc-femininecare.com qa.cm.ubykotex.com tccwest.qa1.cm.v4.kc-femininecare.com qa1.cm.kotex.cz qa3.cm.kotex.ge qa3.cm.kotex.com.sg server2.tcceast.qa3.cm.v4.kc-femininecare.com qa1.cm.kotex.co.il qa2.cm.ubykotex.com.v4.kc-femininecare.com qa.cm.kotex.ua qa.cm.kotex.com.sg server2.qa1.cm.v4.kc-femininecare.com server2.tccwest.qa3.cm.v4.kc-femininecare.com server2.tccwest.qa2.cm.v4.kc-femininecare.com qa2.cm.ubykotex.com qa1.cm.kotex.com.sg server2.qa3.cm.v4.kc-femininecare.com server2.tcceast.qa2.cm.v4.kc-femininecare.com qa3.cm.v4.kc-femininecare.com qa2.cm.kotex.com.sg qa.cm.hk.kotex.com qa3.cm.kotex.kg qa1.cm.hk.kotex.com qa3.cm.hk.kotex.com server1.tcceast.qa2.cm.v4.kc-femininecare.com qa1.cm.kotex.com.ph server1.qa2.cm.v4.kc-femininecare.com qa3.cm.kotex.cz qa1.cm.ubykotex.com.v4.kc-femininecare.com server1.qa3.cm.v4.kc-femininecare.com tcceast.qa1.cm.v4.kc-femininecare.com tccwest.qa3.cm.v4.kc-femininecare.com server2.qa2.cm.v4.kc-femininecare.com qa3.cm.ubykotex.com tcceast.qa2.cm.v4.kc-femininecare.com qa.cm.kotex.com.ph qa3.cm.kotex.com.my qa2.cm.v4.kc-femininecare.com qa2.cm.hk.kotex.com qa2.cm.kotex.kg server1.tccwest.qa1.cm.v4.kc-femininecare.com server1.tccwest.qa3.cm.v4.kc-femininecare.com server1.tcceast.qa1.cm.v4.kc-femininecare.com tcceast.qa3.cm.v4.kc-femininecare.com qa2.cm.kotex.com.ph qa2.cm.kotex.cz qa1.cm.v4.kc-femininecare.com qa1.cm.ubykotex.com tccwest.qa2.cm.v4.kc-femininecare.com server1.tccwest.qa2.cm.v4.kc-femininecare.com server2.tccwest.qa1.cm.v4.kc-femininecare.com wl.hpyrdr.com qa-gb-ymm-fbmvp-19391-popularsearchesban.az.ssdgws.co.uk qa2.cm.kotex.co.il qa2.cm.kotex.ua qa1.cm.kotex.ua biotherm-es.beauty-campaigns.com origin.qa.cm.v4.kc-femininecare.com yslbeauty.beauty-campaigns.com yslbeauty-es.beauty-campaigns.com qa.cm.v4.kc-femininecare.com server1.qa1.cm.v4.kc-femininecare.com kiehls-pl.beauty-campaigns.com ridegst.org alertmanager-failover.bitgo-test.com prometheus-failover.bitgo-test.com grafana-failover.bitgo-test.com www.bellevue-ferienhaus.de redash.bitgo-test.com www.szansa-na-nagrode.com admin.bitgo-test.com internal.bitgo-test.com www.bitgo-test.com bitgo-test.com drone.bitgo-test.com api.bitgo-test.com app.bitgo-test.com harbor.bitgo-test.com szansa-na-nagrode.com www.cambriaboston.com autoservofcharlestown.com guidetoheavymetal.com lorealparis.hu walk.lahey.org yousageadvice.com freseniuscareers.com eliteautomotivecenter.com xeljanzinfo.com www.xeljanzinfo.com signup.xeljanzinfo.com 1.774.gs workers.dev git-fly.mirr.one www.godsmm.com godsmm.com ei6f2nr.top betterbodyclinics.co.uk ciacentpleas.tk upstrackingguru.com www.mercadodasapostas.com.br.cdn.cloudflare.net mercadodasapostas.com.br leimpowec.tk moidripitenraycred.tk www.michelemorano.com watchemailcn.com stearunarcho.gq tantradiyana.com nonspinma.tk facoget.cf naldacomsubtmenla.cf gaxebave.tk 999aam.com p2velox.panel.li 20201101.maldivestimes.com fajarservices.com zheipentorachen.tk www.seedproject.com seedproject.com beltpulcoconta.tk herbs2me.ecs.agency cocthyimarima.tk sunriefe.cf rhythinesplasar.ml haiquedeo.tk leovowoodde.gq fetimeson.tk nspsa.ecs.agency gestgurtai.cf redsrekensrolryolang.gq vabcanthlockverb.tk remote.panel.li ejeredortal.tk danlessa.space phiitropdeptake.gq cccc4gc.com html5bannerads.de chiptuningx.eu camvat.xyz www.freshherbed.com diasigeshenor.cf partlasllong.tk tingpaltdersrili.tk www.rollinghillsdentistry.com actrichgolf.tk s2.utramdohicxqjouh.casa s9.utramdohicxqjouh.casa s8.utramdohicxqjouh.casa s6.utramdohicxqjouh.casa s7.utramdohicxqjouh.casa lucindaandjumil2020.vegas www.poyraza.com poyraza.com freshherbed.com fiehuavephy.tk umcomkolenma.ml azqd97.icu fredasunew.tk ciathinrenilybu.gq tiothreadimbuge.ml playcode.panel.li edizio.panel.li procethcradchambteri.tk downblinil.tk namabuf.tk gambcontmeddlabra.tk tialcusinpocaba.tk counrire.ml bigtime.ecs.agency longevity.ecs.agency landscape.ecs.agency elevation.ecs.agency serpostbatepa.tk keybucklinkco.tk chiperkibon.tk hhr76.com nectapartto.ga maroonzholdings.com 407zhen.info hossein-neisi.ir hypothnqme.ru x19.lauevedi.ru x13.lauevedi.ru x12.lauevedi.ru ajuda.previdencia.online oanendo.com.de www.oanendo.com.de hostingunlimitedbuy.in link1s.xyz www.link1s.xyz hacidesiralu.tk 98336l.com morte.lgbt www.photographe-joelarnaud.com majorguo.com ogicasorny.org gamejornal.xyz nw066.com ww982.com www.gdragonmedia.com iyotvideos.com seedoit.com hdbing.com serosteferva.tk icstarzacorasouth.tk statexitinga.ml www.aintuu.com.cdn.cloudflare.net grandmas.site iqi.us 360porn.pro www.estetica.digital estetica.digital towerdefence.nl calvary.bzhill.net cialiswhere.online live.panel.li geq6w.com.cn.cdn.cloudflare.net www.geq6w.com.cn.cdn.cloudflare.net bedluselteigisar.ga rediptv.panel.li temiz-macuntr.website palakopticals.tech www.scotlandsinformation.com gmac3.nl consgestiologwebc.cf lonkanitalro.ml shandykahaleelblasien.site kvrbxn.live progrecia.com pubblidely.com www.pubblidely.com trocdeluxe.fr meb-tablet.com ga-property-2.vinylagency.com birdyscms.vinylagency.com ganderson-agent.vinylagency.com ig.vinylagency.com ashton.vinylagency.com hensley.vinylagency.com well.vinylagency.com griffin.vinylagency.com chamber.vinylagency.com ga-property-1.vinylagency.com boatyard.vinylagency.com beautyessential.ru luckday.vip newsite.ecs.agency www.illingseeds.com.au inukacreative.co.uk ua9101-res-513lovr.digital letvp.com claimsekarang82.my.id www.foodmagazinemyanmar.com prenchesepwurtmug.tk enbonnogoldba.ml ch.betadoor.com goarextnorpica.ga titogalrodanxo.ml flexcl.eu imade.ecs.agency neobesnooy.website capte.uno hothnc.casa www.vpsinbox.com intblog.ru guireclalitanco.tk primp.ecs.agency uninbalunchtechster.cf staffnukf.xyz qianxzw.com changingliveswaterproject.com multifold.company www.kingstonsummercamp.com apgassets.co starilertiodist.ml vlc.bzhill.net dashmeshgroup.in vigoritoleiloes.com omjoker.us gdragonmedia.com my-files.ml cheekpiece.us alternativeeducationth.org gdshop.me www.digitalis.tech jiraibasu.gq planunligevilde.gq ucmalay.com thammyviensaigonbeauty.tk lifestyleslimitless.com crick11.site xiangchangpaidui.com slimboost5.tk enholeboothsie.tk randypeterjohnson.live pleaseblissminikin.xyz ecviverlai.tk popkacyccaduc.gq valshebannasigh.ml botpi.jmovies.fun cpcalendars.naturitha.com.br naturitha.com.br cpcontacts.naturitha.com.br www.naturitha.com.br tgbotpi.jmovies.fun vvnhtldr.top www.wkbmnl.fun.cdn.cloudflare.net bashelevators.com grantscherzer.com linebotpi.jmovies.fun lelcrokosfiji.cf www.ruayza.net iztv.az petjoyreviews.com

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20