104.18.40.67 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.67 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1011 - Exfiltration Over Other Network Medium, T1027 - Obfuscated Files or Information, T1056.001 - Keylogging, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1114 - Email Collection, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1583.002 - DNS Server, TA0011 - Command and Control

• Tags: accept, agent, agenttesla, alexa, alexa top, algorithm, amazonaes, apple, apple ios, april, artemis, ascii text, attack, august, azorult, bank, bitrat, blacklist https, body, chaos, china telecom, cisco umbrella, class, click, cloud, cloudflarenet, cobalt strike, Cobalt Strike, code, collection, community https, contacted circa 10.23.2023-, contact phone, copy, core, crack, critical, critical risk, cyber threat, dapato, dark, dark power, date, description, detection list, detplock, dnspionage, dns replication, dnssec, domain status, downer, downldr, download, downloader, emotet, error, export, facebook, file, firehol, first, footer, form, formbook, fusioncore, general, generic, github, gootloader, hacktool, heur, hybrid, hyperv, identifier, iframe, info, input, installer, ip summary, issuer, july, june, kb acrotray, key algorithm, key identifier, kuaizip, light, local, localappdata, lockbit, lolkek, main, malicious, malicious site, maltiverse, malware, malware site, maui ransomware, mb iesettings, mb opera, media, meta, metro, million, miner, mitre att, monitoring, namecheap, namecheap inc, networm, no data, number, p2404, password, password bypass, path, pattern match, phish, phishing, phishing site, phishtank, physical threat, presenoker, qakbot, quasar, quasar rat, raccoon, ransomexx, ransomware, registrar abuse, registrar url, registrar whois, relic, remcos, riskware, root ca, runescape, safe site, samplepath, samuel tulach, script, sector, server, service, site, softcnapp, span, ssl certificate, stealer, strings, subject key, submitters, summary, summary iocs, swisyn, tag count, target, team, telecom, textarea, threat roundup, title, tld count, trickbot, trojan, trojanspy, trust, tsara brashears, tulach, tulach.cc, type name, union, united, unknown, unsafe, urls, url summary, ursnif, usage, user, utc submissions, v3 serial, vidar, vmprotect, webtoolbar, whois record, whois whois, win32 dll, win32 exe, win64, windows, wiper, x509v3 key, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 8 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: qa.origin.kleenex.ch tccwest.dev1.kleenex.ch server1.tcceast.dev1.kleenex.ch server1.dev2.kleenex.ch qa2.kleenex.ch d.kleenex.ch www.lasmasgrandes.com server1.tccwest.www1.kleenex.ch comms.cerkl.apps-magna.com server2.tcceast.dev1.kleenex.ch tcceast.www1.kleenex.ch tccwest.qa3.kleenex.ch server1.tccwest.qa2.kleenex.ch tccwest.qa1.kleenex.ch server2.tccwest.dev4.kleenex.ch server2.qa1.kleenex.ch server3.www2.kleenex.ch server3.tccwest.www2.kleenex.ch stage.kleenex.ch www2.kleenex.ch tcceast.dev4.kleenex.ch server1.tccwest.dev1.kleenex.ch ics-nws.magnaint.net server2.tcceast.qa2.kleenex.ch www.kleenex.ch www.ajprodukty.cz server2.dev2.kleenex.ch server1.www2.kleenex.ch server5.www1.kleenex.ch jira.magna.com tccwest.dev2.kleenex.ch www.karmax.com wwwcloud.bonum.se huggies.lt ebiz-kunshan.magnaint.net tccwest.www2.kleenex.ch tccwest.www1.kleenex.ch server1.qa3.kleenex.ch tcceast.qa4.kleenex.ch server1.tccwest.dev4.kleenex.ch server1.dev4.kleenex.ch server3.tccwest.qa1.kleenex.ch lasmasgrandes.com fallback.magnaint.net observium-eu.magnaint.net ebiz-clstest.magnaint.net www1.kleenex.ch tcceast.qa1.kleenex.ch server3.qa4.kleenex.ch target.tccwest.kleenex.ch server5.tcceast.www2.kleenex.ch server2.tccwest.qa2.kleenex.ch qa4.kleenex.ch dev2.huggies.lt target.tcceast.kleenex.ch tcceast.origin.kleenex.ch etime.magna.com server4.tccwest.qa2.kleenex.ch server1.tcceast.qa3.kleenex.ch server4.qa4.kleenex.ch server3.qa3.kleenex.ch server1.dev1.kleenex.ch www.cm.kleenex.ch qa.kleenex.ch www.karmax-com.magnaint.net origin.kleenex.ch dev2.cm.kleenex.ch p.kleenex.ch server4.tccwest.www1.kleenex.ch server3.qa2.kleenex.ch server2.tcceast.www2.kleenex.ch server2.tccwest.qa3.kleenex.ch server2.qa3.kleenex.ch server2.tccwest.qa4.kleenex.ch ics-nws.magna.com cms.tunecore.com links.tunecore.com stage-dsc.magnaint.net mmsc.magna.com ktep.karmax.com wwwcloudst.riksbyggen.se wwwcloudat.riksbyggen.se www.theoldtimer.com commcloud.prod-bcnx-theoldtimer-com.cc-ecdn.net.cdn.cloudflare.net legacyofmusic.nl rief01mstr5ru79.dxp.optimizely.com onnelakasino.com flights.batikair.com amostraspfizer.com.br aleprisma.magnaint.net observium-eu.magna.com data-api.aircraftbluebook.com dexsys.magna.com vtv59.vip wwwat.riksbyggen.se www.aircraftbluebook.com pcs-fra.magna.com wwwcloudst.bonum.se rief01mstr5ru79prod-slot.dxcloud.episerver.net charmychronicle.com www.mywifistat.com n.charmychronicle.com www.riksbyggen.se dexsys.magnaint.net euroclearpreprod.com prodvnv-signup.dexcomdev.com innovation.magnaint.net dsc.magna.com commcloud.stg-bdbj-beestinger-com.cc-ecdn.net karmax-com.magnaint.net ww1karmax.magnaint.net tc-studio-qa2.tunecore.com 6685.us z7191v.com social.tunecore.com tunecore.com www.ksacms.com support.tunecore.com web.tunecore.com www.tunecore.com debtsolutions-kingston.ca knaufinsulation-expert.hu ksacms.com c2me.cc chubbalarms.com.au dc1hf5hqe7d0f.cdn-s3.c2me.cc cdn-s3.c2me.cc www.comirnatyeducation-bt.com comirnatyeducation-bt.com prod.service.1apharma.de qa.service.1apharma.de uat.service.1apharma.de www.service.1apharma.de dev.service.1apharma.de stg.service.1apharma.de www.seminovosmovida.com.br acuvue.co.th www.acuvue.co.th order.acuvue.co.th www.order.acuvue.co.th petbehaviorspc.com gajogroup.com rollsroick.de eventtmlskjd.com esdizi.com douglascoalition.com shallop.club hcmtalks.talksenglish.edu.vn penfaimiedo.tk gocorasi.ml www.pivillamont.com cpcontacts.pivillamont.com cpcalendars.pivillamont.com i6awze.com alrelsowalsa.ga enusthergeschgomi.tk couldlitinesab.tk www.snooperuk.xyz snooperuk.xyz zimycsh.ru tiitidismasula.tk videos.hackear-redes-sociais.com coriltiasa.cf yishe.cf justturosagalre.tk moodle.terktrendz.com comprada.tk qk4z38.shop.cdn.cloudflare.net nabarndislohug.ml tioroitrac.tk enpricga.tk meet.yigit.host 4618111.co dumbtelascoitemse.tk jackiejiang.ca sitemap.gstcenterpune.com biagaveedepukal.ml romenelre.tk keludaleachar.ga siteb.fit tamtayviet.com villa-roz.ru www.wickedpowersportsct.com www.sfauctiontime.com sfauctiontime.com wardcrosunre.tk gstcenterpune.com snd.sdmlentes.com.br kankan.shop belssidigusnara.tk llanderdo.tk raytiocleanlarefest.ga quadrepo.tk logrefillpel.cf wwwxw000000.com hardrinthyto.ga etefvilkade.tk exidtelemi.tk raycontsutoto.tk rhinestoneangelstoreus.shop breakmorrsteminfidi.tk arsikegycarca.cf cpanet.cc.cdn.cloudflare.net myfhjbn.tk prosaspai.tk healthylifestyle101.net picaveme.tk paberlonidoga.tk hussnelda.de www.avantgardelimos.com cfsepayments.pw news.radiofeyalegrianoticias.com www.asnac.org gunfdd.info www.qk4z38.shop.cdn.cloudflare.net maresburada.com exredenna.tk termin.yigit.host zareba.ru lifeblossomwellness.com hagylajo.tk www.talksenglish.edu.vn talksenglish.edu.vn icagokefer.gq dyjiwewaloca.ml studimi.de www.blog.bcwnyc.com www.essentialintroduction.com essentialintroduction.com paginaempresarial.com.br meuheffgorquespok.tk murcipusraco.tk mingsulanreisubca.tk gvsday.com wingdesearchkinkatt.ml rennoplbvc.xyz loginagpoker99.xyz prof15.ru blo7g.monster vnnxxj.com.cn.cdn.cloudflare.net mybt90.site deilicksignworksweet.cf xdupetscanivun.tk www.hosewire.com importaccomplishofficial.best de785446.xyz crusanvirconsbons.tk www.whfox.co.uk whfox.co.uk www.vnnxxj.com.cn.cdn.cloudflare.net oxidbt20.site bcwnyc.com pnbr.com.cn.cdn.cloudflare.net www.pnbr.com.cn.cdn.cloudflare.net calebcollection.ro movieupdate.club usalevitra.com proformflowcleanseproduct.com wee.megaltcfaucet.xyz nulivildusaw.tk vion101.com newsaleart.com logisix.top www.sdmlentes.com.br 3gdm.club migamodules.com americansathome.com vk-stule.com websecure.co.in www.websecure.co.in per-tk.perfumepattern.com turslyfisufislobs.gq polaka.site veofulterppome.tk saukodifcaxite.tk granadecovcade.tk gnbstream.com camerrorofse.ga www.mundodragonball.xyz mundodragonball.xyz kapamilyachannel.ru prettyaudio.ml samoe-nuzhnoe.xyz loughdepmaconno.ga panacotta.in www.panacotta.in charcolac.co.uk yeelight.yigit.host terrasernibe.ml dash.fluxle.com plotenunloceci.ml akaunting.terktrendz.com niscelcipo.ml www.matthewgall.com www.local2324uaw.org.cdn.cloudflare.net mon.nativeads.com icmarleboopo.ml licencebay.com ipau.com.ar www.ipau.com.ar kindnocaloridi.tk terkyrkcarcude.ga www.dolznikov.net avivainfusions.com bachtimmdening.gq miquadriperse.cf nyctihelhapo.tk auto.megaltcfaucet.xyz a-great-dubai-maid-visa-uae.fyi staging.terktrendz.com test.terktrendz.com lidyvalpmemi.ml ip.megaltcfaucet.xyz gistreappselflovi.cf tedimigrero.gq 24hf5.com itodycovo.cf plotgarsignmargmemo.tk egendonbunddana.cf containerdelivery.com.br rbursamydesburs.cf paddlugodvipo.cf cloud.yigit.host louisjp212.shop himshikhartrekking.com izadangrocun.tk tercota.ml abkotlideborg.tk knowyourbrand.co.kr winklingndircipvy.tk tivimacvichovi.tk jadinc.us asnac.org glss.in www.theleadership.dance.cdn.cloudflare.net neocatimronan.cf hgpmly.icu bashmak27.ltda www.mob-law.com.cdn.cloudflare.net aidan.coffee baguacasubsca.cf crgestudio.mx reertmarvehona.tk raticnilec.tk forexsecret.ru forum.polispay.org whm.monolithmountain.co.uk monolithmountain.co.uk cpcontacts.monolithmountain.co.uk cpcalendars.monolithmountain.co.uk www.monolithmountain.co.uk 578476.icu pform.se browsbydalia.com excel.yigit.host jueprudrypelab.gq oxy.nixpend.com titikaactives.store pizzassmile.fr maiwestbreth.tk www.radiofeyalegrianoticias.com radiofeyalegrianoticias.com cpcalendars.radiofeyalegrianoticias.com cpcontacts.radiofeyalegrianoticias.com pyjisowykyb.ga efxioga.cf epivybix.ga imabsilo.tk gabesesisalrae.ml q1shopping.nl raicinghugo.tk tionelidi.tk asibodnoli.tk wiggkamphulgake.tk emlipconsdoct.ga silveti.gq leatopthern.ga tiahopostnigh.tk gamblingstore.ru terccomheri.tk muscgerdowncavan.tk kingrostonalgulf.tk coutethoughnastu.ml petsdouthecharpo.cf unpemuna.cf anthonygough.casa gefibenarne.cf anonrenrotee.cf lohimeqolica.ml otuduredihef.ml retupanpe.gq akexiralplot.tk yvohohemusob.gq cipegewealthwidti.tk xyculytevofet.tk pawtereminbopp.cf bethsecosky.com cesstapagacu.tk proppeloruper.tk wosahigacydyg.ga mindituadabe.gq pench.com.ua typogufeku.tk vipsales-l.com ryoctendarritop.cf thisfnisipne.tk vankekemadvies.nl tioporsembviwolf.ml gaseking.ga ticdonobutwoods.tk gritnantscamemquan.cf spicekitchenb35.com icalgoconna.ml kambrectiaceusa.gq rocsorouradis.cf geo.gravatai.rs.gov.br abylefisox.cf truthucovarmoo.ga caweddinggown.com.cdn.cloudflare.net www.caweddinggown.com.cdn.cloudflare.net wallnomudwindterp.cf www.wikiseriesypelis.com wikiseriesypelis.com eacg.shop ininvagissund.tk jvcahtf.tk iyihovotecufena.tk kirxzner.tk tiogawapinsbullchart.tk inziplycapva.tk owimubuz.ml pivillamont.com idea-onlinelogowanie.com metloteria.pl shopmailsub247.cf myltivarim.ru completeweddingstlouis.com 6754hu.com 4fitness.es www.4fitness.es zj6an.icu authramas.ga he-intl-dubai-villas-key.live localesenmedellin.co www.besteuhren.io mahysazefapomu.cf ppainjurylaw.com www.ppainjurylaw.com fbookdenmark.com sorabada20.com www.openloadfreetv.site search.yigit.host www.studiob.co.za.cdn.cloudflare.net www.ispace.com.ar cpcontacts.glamorganicdesi.com cpcalendars.glamorganicdesi.com skylarjpr.com juyik.buzz theleadership.dance hosewire.com dolznikov.net xtz.megaltcfaucet.xyz list.megaltcfaucet.xyz cpcalendars.topproductlisting.com cpcontacts.topproductlisting.com www.wipp73.com nflpackersvsvikings.com mejia.store trademdigital.com wipp73.com cpcontacts.megaltcfaucet.xyz megaltcfaucet.xyz cpcalendars.megaltcfaucet.xyz www.megaltcfaucet.xyz bredwnix.ga ispace.com.ar technicalnoor.com www.technicalnoor.com.cdn.cloudflare.net soancorconbechonont.cf be-intl-real-estate-prices-washingtons-ok.live erp.nixpend.com kayl.nixpend.com adeed.nixpend.com balievergelijk24.nl www.dancevisioncircuit.com www.garadiballo.com collisionrepairinplanotx.com.cdn.cloudflare.net reavizibmahlcop.tk piedraprincipal.com rockanmnpq.xyz sabluran.cf stigingaiscaftinc.ml bonusedilizia.info freesharsilegirl.tk flybunstelexvi.tk merithot.com zebvcxz.com rishisindianaromaaberdeen.co.uk winsneptedarkai.tk acepafoparun.tk

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20