104.18.40.58 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.58 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 56/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1123 - Audio Capture, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1566 - Phishing

• Tags: acint, adam lee, adware, agent, alexa, alexa top, amazon02, america, android, anonymizer, api blog, apple, artemis, asn15169, asn16509, asn20446, asn54113, asp.net, asyncrat, august, azorult, back, bank, beach research, behav, blacklist, blacklist http, blacklist https, blacknet rat, browsing, centura health, cisco umbrella, cleaner, cobalt strike, coinminer, colorado jobs, communicating, conduit, contacted, control server, cookie, copyright, crack, cyber threat, danger, data.net, de indicators, detection list, docs pricing, domains, downldr, download, dropper, eeo public, emotet, engineering, erika lee, et, exchange, execution, exploit, facebook, fakealert, fastly, filetour, filing url, firehol, first, follow, frankfurt, fusioncore, gamehack, general full, generic, generic malware, genkryptik, germany, gesponsert url, get h2, ghost rat, gmbh version, google, google safe, hacktool, hash, hashes, heur, highwinds3, hiloti, historical ssl, hostname, hostnames, http, http attacker, ice fog, iframe, indonesia, industry and commerce, installpack, ip address, ip summary, jimburkedentistry, july, june, laplasclipper, leder-family, line, listen live, login, main, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, metasploit, microsoft, million, mimikatz, miner, monitoring, msil, name value, netherlands, nircmd, no data, noname057, november, nr-data.net, nreum, october, oid2, opencandy, outputldjh, page url, pe resource, philadelphia, phishing, phishing site, pinnacol insurance, postrelease, prague, presenoker, protocol h2, ramnit, ransomware, redline stealer, reinsurance, relic, resolutions, resource, reverse dns, riskware, runescape, safe site, sample, samples, scam, search live, security tls, server, service, services, site, skynet, softcnapp, software, ssl certificate, state, states, stealer, steam, subdomains, summary, suppobox, swrort, systweak, tag count, tags, team, threat report, threat roundup, thu dec, thu nov, tiggre, trojan, trojanspy, trojanx, tsara brashears, uah1200, uaw1600, ucd24, uh1200, uhis2, union, united, unsafe, url http, url https, url summary, usd1, us summary, utz60, uw1600, value, variables, wacatac, warning, webtoolbar, whois record, win64, xrat, xtrat, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: st-delek.naturvardsverket.se portal.cnno1.uds-sit.lenovo.com mahindravap.com castlegateforwarding.com www.castlegateforwarding.com docs.castlegateforwarding.com app.castlegateforwarding.com api.castlegateforwarding.com ccpa-api.services.thehealthpartner.com commcloud.prod-bgmk-veuveclicquot-com.cc-ecdn.net seenindeed.ca fairgolive.com juniqe.de prod-egp.naturvardsverket.se investorreporter.sscfundservices.com freseniusmedicalcare.dk origin-sfcc-www.veuveclicquot.com kcpromostore.com at-egp.naturvardsverket.se at-delek.naturvardsverket.se st-egp.naturvardsverket.se vtc03.vip buyer-demo.gtnexus.com www.wattsau.com.au wattsau.com.au.cdn.cloudflare.net preprodfjall.naturvardsverket.se stg.cepi.state.mi.us qa-ie-b0y-apd-4406-testfromtest.az.ssdgws.co.uk skowhegansavings.com natu02mstr2g59wprod-slot.dxcloud.episerver.net utvfjall.naturvardsverket.se api-mtls.cnno1.uds-sit.lenovo.com api.cnno1.uds-sit.lenovo.com www.supplyhouse.com.cdn.cloudflare.net www.tuborgopen.com.cdn.cloudflare.net www.tuborgopen.com pre.franklintempleton.fi arrowheadrentalprograms.com homebyknauf.cz dev-sales-8654.auto-doc.lu dev-shop-9485.auto-doc.lu dev-seo3706and3643.auto-doc.lu www.leaderinme.com www.clarkecoenergy.com clarkecoenergy.com stage.auto-doc.lu mstage.auto-doc.lu dev-shop-9468.auto-doc.lu www.franklintempleton.fi dev-seo5106.auto-doc.lu dev-shop-8321.auto-doc.lu dev-sites-7611r.auto-doc.lu dev-shop-8436.auto-doc.lu archiseller.com dev-geferr-sorting-categories.auto-doc.lu dev-bvs-responsive.auto-doc.lu dev-seo4982.auto-doc.lu dev-seonot4210.auto-doc.lu dev-andrei90g-tjs.auto-doc.lu dev-shop-8209.auto-doc.lu ndev-php81.auto-doc.lu sa-12767.auto-doc.lu dev-shop-9089.auto-doc.lu dev-sales.auto-doc.lu ndev-cache-config.auto-doc.lu ndev-sales.auto-doc.lu dev-seo4772.auto-doc.lu dev-shop-7550.auto-doc.lu ndev-seo4611.auto-doc.lu ndev-ci-test.auto-doc.lu www.adamdoleac.com dev-shop-8651.auto-doc.lu dev-seo4778.auto-doc.lu dev-paypal.auto-doc.lu dev-seo4549origin.auto-doc.lu shop.guess.com docs.notafacil.io dev-seo4210.auto-doc.lu dev-seo4000.auto-doc.lu dev-jquery.auto-doc.lu dev-sa-11740.auto-doc.lu ndev-skin.auto-doc.lu dev-seotyres.auto-doc.lu dev-seo4549.auto-doc.lu dev-branch-test.auto-doc.lu dev-seo3872.auto-doc.lu pdf.notafacil.io pdf-dev.notafacil.io dev-seo4667.auto-doc.lu dev-alternate-refact.auto-doc.lu dev-oldalternate.auto-doc.lu dev-newalternate.auto-doc.lu dev-shop-7061.auto-doc.lu ndev-std-refactoring-sushko.auto-doc.lu ndev-env.auto-doc.lu dev-seotestask.auto-doc.lu ndev-test.auto-doc.lu ndev-ci-fix.auto-doc.lu dev-seo4579.auto-doc.lu dev-seo3488.auto-doc.lu ndev-seotestask.auto-doc.lu dev-seo4198.auto-doc.lu dev-seo4198before.auto-doc.lu dev-php80.auto-doc.lu ndev-seo3602.auto-doc.lu www.lrqa.com.cn api.notafacil.io www.auto-doc.lu dev-seo3484.auto-doc.lu dev-seo3674.auto-doc.lu moto.auto-doc.lu auto-doc.lu camions.auto-doc.lu ndev-sa-10014.auto-doc.lu dev-prf-new.auto-doc.lu perheadwagering.com dev-seo-4135.auto-doc.lu dev-sa-9895-himaster.auto-doc.lu rebornauto.com linkupexperts.org csssandbox.com staging.api.notafacil.io sup-thelink.jnj.com cf.sup-thelink.jnj.com new.auto-doc.lu test.auto-doc.lu mtest.auto-doc.lu dev.api.notafacil.io app.notafacil.io static.sped.notafacil.io 99.hukanyy.com www.pubgakm47.tk themsderssulsoundnama.tk tighverro.ga adedleabassticwind.cf jestangelicglimmering.best intactbox.xyz altrarunningaustralia.com adnaytimi.tk tripundriniv.tk pinkfenmochadkyca.tk www.ryanlove.dev qualifica.portugalfoods.org preference.boxpark.co.uk slabuneshapkaly.ml modernthaimassagenyc.com www.karafillides.gr karafillides.gr plex.criddall.ca ombi.criddall.ca transmission.criddall.ca jackett.criddall.ca www.criddall.ca lidarr.criddall.ca sonarr.criddall.ca portainer.criddall.ca homeassistant.criddall.ca bazarr.criddall.ca lazylibrarian.criddall.ca radarr.criddall.ca bremelunriru.ga gendkobotsoftsound.cf brilhinomamro.tk www.loogeneralrelays.xyz try.dstld.com ptmunjul.com distiozalateni.ml www.fastandslick.com justicemalls.shop www.justicemalls.shop oranti.tk criddall.ca spetophisenpleth.gq wordpickkeedipas.ga trogerssei.ml dlinmurmort.tk femium.online corporatemeetingtrichy.com countdebtinessre.tk tether-club.com produtosfuncionais.portugalfoods.org valorintegrador.portugalfoods.org noveltec.portugalfoods.org geconmo.tk portugalfoods.org www.portugalfoods.org telhane.tk kpotpemetang.gq longlapodvie.tk paynegami.tk harraca.tk theluxoutfit.com funcphisonfi.tk merkromade.cf fastandslick.com upenbupbattsi.tk roll.today sandgarnisasorp.cf uadgbvenig.cf www.codefa.ir drearnanthmi.tk liweapanabroo.tk chipetsude.ml promocod-myarena.ru etutamubaten.tk adsbreak.com rocjttsck.club www.motomeru.ca.cdn.cloudflare.net lovesa.tk taislow.tk tolavouconguu.tk steroutafualroue.tk www.semmav.xyz semmav.xyz entities.portugalfoods.org www.investor-2021.com investor-2021.com www.rfggwp.com rfggwp.com test123.iops.com.br www.plazalaneoptometry.com dancesex.ml tricjuselerdemi.tk cookbvwc.ru furiateam.club scowolopnopen.gq admin.business.portugalfoods.org business.portugalfoods.org latolerquipres.tk allroundwellnessau.com www.qojoq.com promostack.africa sponsorlovelywellspring.online profile-742418241.online radistelemoket.cf ikacesinpue.tk twinbasdisisemar.cf talpruptronareked.tk gnomos.tk videogamesbuddy.com www.videogamesbuddy.com www.bengalcleaning.co.ke cpcalendars.bengalcleaning.co.ke wodibohamode.tk webinsiderzoon.com.cdn.cloudflare.net smjboutique.shop aptekapotencja.com www.aptekapotencja.com www.webinsiderzoon.com.cdn.cloudflare.net idtivufoolegchond.tk injeldownversjunnie.tk clashanowhealthkannma.tk golflutthindtenja.tk lincypan.in www.lincypan.in stage.boxpark.co.uk www.julda.xyz julda.xyz www.gabriopagnini.com cpcalendars.flatheaven.com cpcontacts.flatheaven.com cpcontacts.unmismosol.info www.unmismosol.info cpcalendars.unmismosol.info www.stealthfocususa.com comfihelloworli.ml get-jwhealth.com alliancegroupmanagement.com wwwpubgmobile2021freee.cf bethcenewsfivirta.tk teeandco.lk ddddad.top tasmoadmin.0x26.ch prtg.0x26.ch hassio.0x26.ch lc01.0x26.ch octopi.0x26.ch www.betasetup.ga betasetup.ga com-identificationpass.com shantigram-360.in apotheke49.de weedevelopers.com barbershopink.xyz mcbaptistchurch.net ddq72.com loogeneralrelays.xyz www.harplinge.nu qnzlxh.cn anerak.cf hostingvzla.pro www.dailyquotesandjokes.com www.acemyresearchpaper.com www.rosannamonachello.com webnloconsnehighmo.tk winflip251.best www.pkvbos.com pkvbos.com nim.ng siteoficialvendas.net www.monthlychronicle.com.au ebooksconacceso.xyz 9lmxt0f2s.xyz dihlw.com chroncuttpercnaltoss.gq www.ingeodata.com.co.cdn.cloudflare.net www.nim.ng varewicsine.tk unarsaxroseba.tk tina-febrian.digital-invitation.com www.milenial.ro bagiresep.my.id activmoneys.buzz didkeracomppul.ml chips-ciber.com.mx qojoq.com ftp.yalla-shootnew.com www.yalla-shootnew.com yalla-shootnew.com gohwysvm.space ascuiandco.com newdaysnewdeals.com monthlychronicle.com.au trabzondaevdeneve.com pancardoffice.com biasuheaforsetan.ml onepiecemangaonline.xyz www.37zhengfu.com wamewindpostdi.ml project-free-tv.top 37zhengfu.com android-p.com itsurt.live unmismosol.info turbocark.com lotos-live.website geschgasmaydarmo.cf abgewhaposil.tk cronunellipda.ml www.vwg-lipa.be concepto-screen.com www.concepto-screen.com aserikot.ml kerybizide.tk kou09.com naloneforri.ga volrotypaca.tk www.tribevisual.com esunsusinood.gq corpcakaberfo.tk thebenchesandtables.com cpcalendars.businesstickerglobal.com cpcontacts.businesstickerglobal.com ingeodata.com.co devkahani.com spatworliderorr.ga fahoraheartblog.cf luegimdyti.ga fs.martesdeprueba.com.co entrenamientosb11.martesdeprueba.com.co smartsurf.com.br stealthfocususa.com freesharecodes.com.cdn.cloudflare.net dajiangzhibo08.com tacknicomlitebe.cf oletovalongar.cf onilyyiy.ga siekgktz.icu spacalcircarlpouf.tk bengalcleaning.co.ke flabmicavergong.tk clamanalah.tk kikddkalarytctas.tk behemoth.live amaprinter.store stalningrasupp.tk laverlimo.tk azenoxmore.tk dayhunilisipet.tk 1vulkan-online.ru gragadsquartunon.tk jeanpaullogiacco.com sierrahitz.com btxizv.icu eufind.info wgbjw.info elsye-adi.digital-invitation.com adi-elsye.digital-invitation.com waytacolruthe.tk niluqoceho.tk feisisnidenmick.cf komapurv.icu tirgumon.com setifaq.org zanesadeliro.tk jvgljb.co regaphucheapsda.ml carbonzulx.com carconssazand.ml multsex.com werteraco.tk arrylawrourotchoi.cf ratna-gharby.digital-invitation.com sfexpresslogin.gq durijenabe.cf clemlapbaddmab.tk nogdimetimill.ml riixij.icu jx169.net adrianbenea.com uabhvc.icu furheadasebe.tk travtiowiger.tk eretlimofo.tk 481104.icu pricedala.com dianigekatouchs.ga espilebedsaa.ga www.beastmode.cl www.activmoneys.buzz enoutverfi.cf tibestse.tk monstravgingswizkalent.tk virufalu.gq premiumskatedesigns.co.nz www.luckyhotelntourism.com.cdn.cloudflare.net aussietraveller.com.au elcloverclas.tk ovaldi.org lindustminens.tk adovuntril.tk www.histoiredunvoyage.fr.cdn.cloudflare.net tomkin.pl cuttingimagehistology.com nofeacaslebubb.tk imtoepitnaro.ml boycumspremma.tk ripullf.tk egizetiqewaf.ml ydazijibaxar.cf officialfgg.com foodfryday.com santakyids.gq atacebyfiq.tk imhewirado.cf maipalisaco.tk pudatyhivypi.ga pulaxymovo.ga leokrugareszo.cf wladadfopliothe.tk snowegprovhalcold.ml michael-korshandbags.org.uk torfirecomno.ga cpcontacts.pusathandicraft.com cpcalendars.pusathandicraft.com ixomabotosyk.gq 1568x.tv 1728k.buzz profoogdu.tk leasmategafa.cf lumykyfeto.ml predemexspyphaw.ga qopepisapi.ml raraphogipa.gq ajmiconymcai.tk jeparamahogany.com ceduathticofu.tk getappz.xyz irvaerv.tk galaxy-pvp.tk agafyfyn.tk luolifroffsuppho.ml tiomerspudekenn.gq dumac.host atekymah.tk coqybebivity.ml fphmj.cn inolelalvo.gq evorasthys.tk sozazedo.gq esspinpasssiho.tk lonengeiblazan.tk asassiscowealth.tk ansamvawistfurs.ml nmutloa.tk dev.aussietraveller.com.au nampdabbtrasenik.cf yihmd0r4vpvh4ba.xyz oplitatouni.cf ndicadimcogna.tk dezitens.online xopozydejari.tk freeebookse8fhbne.tk cacretalra.cf antikebucher.space sugden.tk tiagecolce.gq ethnomusic.cz www.kellyportioli.com.br forextimes.website

Malware Detected on Host

Count: 3 d7f35c23e65a5d0365acdac287b3457154e6a70d1ab199b7263a6392586a5bf5 b657ab057dbdf5664993b5563a43fca5751cca197e1b8f966e425231c67aaff4 67cf4f6bf8274ea01e1ea3c6ca9a114e3dbb6924e390064f1e6bf1c985f1307e

Open Ports Detected

2082 2083 2086 2087 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20