104.18.40.68 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.68 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1095 - Non-Application Layer Protocol, T1098 - Account Manipulation, T1102.002 - Bidirectional Communication, T1105 - Ingress Tool Transfer, T1106 - Native API, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1126 - Network Share Connection Removal, T1129 - Shared Modules, T1132 - Data Encoding, T1134.004 - Parent PID Spoofing, T1136 - Create Account, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1480 - Execution Guardrails, T1483 - Domain Generation Algorithms, T1505 - Server Software Component, T1518.001 - Security Software Discovery, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1546.015 - Component Object Model Hijacking, T1546 - Event Triggered Execution, T1547.006 - Kernel Modules and Extensions, T1547 - Boot or Logon Autostart Execution, T1553.002 - Code Signing, T1553 - Subvert Trust Controls, T1566 - Phishing, T1568 - Dynamic Resolution, T1570 - Lateral Tool Transfer, T1571 - Non-Standard Port, T1573 - Encrypted Channel, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1584.004 - Server, T1588.004 - Digital Certificates, T1588 - Obtain Capabilities, T1598 - Phishing for Information, TA0011 - Command and Control

• Tags: 2257legalporn, aaaa, a about, abxcde, accept, accessibility, acint, active related, activity, added active, address, address google, address server, adobea, a domains, adult mobile, adwind, age flash, agent, agent tesla, akamaias, akamaiasn1, alberta, Alberta, Alberta Doctors, Alberta Health Services, Alberta Medical Association, alberta meta, Alberta NDP, Alberta UCP, albert harrill, alerts, alexa, alexa top, alexis fawx, algorithm, all octoseek, allow, all scoreblue, amazon, amazon02, amazonaes, amazon rsa, amazon web, amber a, analysis, analysis date, analyze, analyzed, analyzer, and not, android, and vids, annulet, anonymizer, ansi, any quality, any quality videos, any source, apache, a person, api blog, api key, apostle, applefree, application, april, apt, artemis, arvada, as14618, as15169, as15169 google, as16509, as19905, as20940, as30148 sucuri, as3359, as394695 pdr, as43350 nforce, as44273 host, as47846, as8075, as852, ascii text, asn as16509, assistant, atlas, attack, attempts, auth, authority, available now, avast avg, av detections, azorult, azureadmyorg, azure rsa, back, bank, bankerx, beware, bitrat, blacklist, blacklist http, blacklist https, blacknet rat, blockchain, blog docs, body, body length, botnet, Botnet, botnet command, bradesco, bran, brand, brandi love, brandi loves, brashears, brian sabey, briansabey, brontok, browser, brrnyaw8 peexe, bublik, bundled, calgary, capture, carbanak, carter cruise, certificate, Certificates, channelsurfcli, checks amount, child health, ch ua, cidr, cisa, cisco umbrella, City of Edmonton, ck id, ck matrix, cl0p, cleaner, click, close, cloudflare, cnamazon rsa, cname, cnc beacon, cngts ca, cobalt strike, code, coinminer, collections, college, college guy, colorado, command, communicating, company blog, comspec, condrv text, conduit, connect care, Connect Care, connector, contact, contacted, control server, control ta0011, cookie, cookie patent, copy, copyright, core, corporation cus, count, count blacklist, country name, course, Covenent Health, covid19, crack, created, creation date, critical, crlf line, cryptexportkey, cuba, cus subject, custom and, custom malware, cve202542957, cybercrime, cyber threat, cyberwar, daga, data, datacrashpad, date, date checked, date hash, dbatloader, december, default, delete, delete c, delphi, designer, desktop, dest, destination, detection, detection list, detections, detections none, detections tls, DGA, diamond, djin, dnspionage, dns resolutions, dock, document file, domain, domain add, domain name, domain related, domains, domainsite, domains show, domaiq, domino, dos exe, dostawa, downldr, download, download csv, downloader, downloads, dropper, dynamicloader, dynamics, dyndns checkip, edge, edmonton, Edmonton Police Services, EduRoam, ef3ghigj, emails, emotet, emulation, encrypt, endgame systems, endpoints all, engb, enom, enterprise, entity, entries, entries http, et tor, evasion ta0005, events, evilnum, execution, exif standard, expiration, expiration date, expirestue, exploit, explorer, extended key, external ip, external-resources, extraction, facebook, factory, facts otx, faculties, failure, fakealert, fake news, falcon, falcon sandbox, false, fareit, february, federal changes, federal credit, feet pics, file, filehash, filehashmd5, filerepmalware, filerepmetagen, files, file score, files domain, files ip, files location, files related, file transfer, final url, find, fingerprint, firehol, first, flag united, flash player, flywheel, footer, form, formbook, for privacy, france, front, fuck, fuery, fusioncore, g1gv3h3sxc0, game, gecko, gegkn peexe, general, generic, generic malware, genkryptik, geoip, germany unknown, get her, get http, getprocaddress, ghost, girls, github, gmt content, gmt file, gmt ifnonematch, google, google llc, google privacy, google search, google team, GovAB, greynoise, groups, grum, gtmkr32, gtmkvjvztk dl, guard, gvt mitm, hacked, hacktool, hallrender, harassment, hash, hash seen, hd0 bluescsi, hd1 bluescsi, headers, health, Healthcare, health first, hero designer, heur, hidden, high, hio50 c1, historical ssl, home search, hostname, hostname add, hostname c, hostname https, hostnames, hosts, hours ago, html document, html info, html internet, http, http2, http get, http headers, http response, https, https http, http traffic, hwp support, hybrid, hybrid analysis, icedid, icmp, icmp traffic, icon, identifier, ids detections, iframe, iframes, images, images news, impact, indicator, indicator of compromise, indicator role, indicator type, indonesia, info, info access, info title, injection, installcore, installpack, intel, invalid pointer, ioc, iocs, ip address, ip summary, ipv4, ireland unknown, issuer urls, jaik, javascript, jfif, jpeg image, json sample, json url, june, kb body, keeper, kenzie reeves, key algorithm, keygen, key identifier, key info, keyloggers, key usage, kgs0, khtml, kiana, kiana arellano, kls0, known exploited, legacy, length, less see, let me jerk, letter, level3, levelblue, life, link, links, linux, linux x8664, live, live api, lizar, llc address, local, location united, lookup, love, lowfi, low risk, lumma stealer, m03 oamazon, m4e5930, magnus, mail spammer, main, make sure, Malcerts, malicious, malicious ids, malicious site, malicious url, maltiverse, malvertising, malware, malware found, malware site, match info, maya, media, media center, medicaid, medicaidour, medicaid page, medium, medium high, meister, memcommit, memoryfile scan, memreserve, meow, meta, metastealer, meterpreter, mexico, microsoft azure, microsoft crm, microsoft edge, microsoft power, microsoft teams, million, mimikatz, mini, minimal low, Ministry of Advanced Education, Ministry of Health, Ministry of Tech & Innovation, mirai, mission, miss x, mitre att, model, moniker online, moved, mozi, mozilla, msie, ms windows, mtb apr, mtb yara, mtd1, mtis, multi scan, mutexes nothing, name servers, name verdict, nanocore, navegador, netsky, newimpact, new relic, news, next, next associated, ng, nginx, nimda, nitro, no data, no expiration, no meaningful, none google, none indicator, none related, nothing, november, number, nxdomain, oc0006, occamy, ocsp urls, october, octoseek, office, ogoogle trust, online, opencandy, open ports, open threat, orbiting tsara brashears, org domains, otx telemetry, ouno sni, output, page, passive dns, paste, patch http, path, pattern match, paul, pcap, pcap processing, pdf url, pe resource, persistence, phishing, phishing site, pics, plan plus, platform, player, please, please click, please note, plugx, png image, policies vpat, policy windows, pony, porn, pornhub, pornhub subsidiary, #pornvibes, port, power, prefetch8, prefetch8 ansi, premade, premium, presenoker, present apr, present dec, present feb, present jun, present may, present nov, present sep, pricing login, privacy policy, private name, process32nextw, program, programfiles, projecthilo, project nemesis, protect, protocol t1071, protocol t1095, proton, proxy, psexec, public, public key, public url, pulse, pulse pulses, pulses, pulses none, pulse submit, push, qakbot, qbot, quasar rat, query, raccoon, ransom, ransomexx, ransomware, Ransomware, read, read c, reads, reagan foxx, record keeping, record value, redirect, redirector, redline stealer, referral url, referrer, rejected sample, related nids, related pulses, related tags, reports, report spam, reputation, request, research, researched, resolved ips, response, response ip, rgba, riskware, road city, roboto, Rogers, rokrat, role title, round, runescape, ryan keely, ryuk, safe browsing, safe site, sakula, salesloft drift, samiamnot, sample, samples, sandbox, sap s4hana, savbwcd, scan endpoints, scanner, scans record, scene, script, script domains, script urls, search, search api, search filter, search live, sea x, sec ch, secrisk, security risk, september, server, server auth, servers, service, services, service status, seznam, sha256, sharepoint, share report, show, showing, show process, show technique, site, sitecore, size, size68b type, skip, slcc2, slo privacy, sniffs, social engineering, solutions, sorano, sort, south carolina, spam, span, spark, Speader, sport, SSL, ssl certificate, starfield, startpage, static, static engine, status, status code, stealer, story, strapi app, stream, strikes, strings, stwa lredmond, subject key, subject public, submit, submitters, summary, summer, suspic, suspicious, suspicious ua, sweetheartvideos, swrort, systems, t1055, ta0004 defense, tag count, tag manager, tags, tag tag, tape, team, team proxy, telecom, Telus, templates, test, text/html, thebrotherssabey, threat, threat analyzer, threat level, threat report, threat roundup, thumbprint, tiff image, time, title, title added, title error, tls handshake, tls issuing, tlsv1, tofsee, tools, trackers, trackers google, traffic et, Treaty 6, Treaty 7, Treaty 8, trojan, trojandropper, trojanspy, trojanx, true, tsara, tsara brashears, tue mar, twitter, twitter running, type, type indicator, ua full, UAlberta, ua platform, ukraine, union, union blvd, unique, united, United Nurses of Alberta, university, University of Calgary, unknown, unknown ns, unknown soa, unruy, unsafe, unsupported, update, update p2p, upgrade, url, url add, url analysis, url data, url get, url hostname, url http, url https, urls, urls https, urls show, url summary, ursnif, usage, us careers, us creation, utc gcw970gh4gg, utc submissions, utf8, v2 document, v3 serial, value, van, varnish, verify, ver los, vetting process, videos, videos maps, vids, view, view details, virgin islands, virus, visible, visualizer skip, vxstream, wacatac, warning icon, watch, watch tsara, wave, web, website, whitelisted, whois record, whois registrar, whois server, wild west, win32, win32 dll, win32 exe, win32qqpass apr, win64, windir, window, windows, windows nt, winnt, worm, wow64, write, write c, x509v3 key, x amz, x cache, xrat, x show, xxx video, xxx videos, yara detections, yara rule, youngcoders, youth, #YYC, #YYG, zbot, zpevdo

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_psh

• Country:
• Network:
• Noticed: 29 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Bonaire Sint Eustatius and Saba, Canada, Cayman Islands, Costa Rica, Croatia, Curaçao, Finland, France, Georgia, Germany, Guatemala, Ireland, Japan, Kenya, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Singapore, Sint Maarten (Dutch part), Slovakia, Spain, Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: redarrow.pwt.ca maintenance.pwt.ca zodiacappdp.zv8.zodiac-cloud.com.cdn.cloudflare.net qa1-lane2.v1.kcprofessional.com.mx dev1.v1.kcprofessional.com.mx lyncdiscover.pgtransit.pwt.ca sip.montgomery.pwt.ca extranet.tenderretail.com zodiacappuat.dar.zodiac-cloud.com.cdn.cloudflare.net zodiacappzu2.lms.zodiac-cloud.com dev.patients.abbvie.com.au sip.squamishtransit.pwt.ca chetwynd.pwt.ca ams.pwt.ca sms.pwt.ca webservices.pwt.ca www.ibdlink.co.it.cdn.cloudflare.net q7c93627615.com www.squamishtransit.pwt.ca bc.pwt.ca lyncdiscover.bc.pwt.ca sip.diversified.pwt.ca planck.global clearbridgeinvestments.au fab-preview.qa-se-luc-main.az.ssdgws.co.uk qa-se-luc-main.az.ssdgws.co.uk appuat.zodiac-cloud.com.cdn.cloudflare.net vitalupdates.com zodiacapp.dar.zodiac-cloud.com.cdn.cloudflare.net apizp.lms.zodiac-cloud.com api.dar.zodiac-cloud.com apizu.lad.zodiac-cloud.com app.zodiac-cloud.com halotransit-saml.pwt.ca www.ibdlink.co.it idshield.ca apizu.mpm.zodiac-cloud.com lyncdiscover.corp.pwt.ca www.nicklausgolflg.com pwt.ca wagerkings.ag docs.fontawesome.com.cdn.cloudflare.net autobag.co.rs www.boxhillcentral.com.au.cdn.cloudflare.net www.pfizermenopause.com www.gileadclinicaltrials.com www.gileadclinicaltrials.com.cdn.cloudflare.net zodiacappzp.lad.zodiac-cloud.com.cdn.cloudflare.net app.zodiac-cloud.com.cdn.cloudflare.net www.pmpgroup.de www.idshield.ca www.autobag.co.rs useessupply.top shop.kaspersky.gr kasperskygr.monetizecname.nexway.store e.fontawesome.com www.pfizermenopause.com.cdn.cloudflare.net qa.fhcfclaims.paragon.aon.com info-chatdome.com pfizermenopause.com wnse.link safeworker.ericsson.com kit.fontawesome.com iso-mts.com promo.info-chatdome.com www.iso-mts.com wthubspot.com fedssodev.jefferies.com kit-pro.fontawesome.com.cdn.cloudflare.net ka-p.fontawesome.com pp-gundam-re.decathlon.net.cdn.cloudflare.net e.fontawesome.com.cdn.cloudflare.net site-assets.fontawesome.com.cdn.cloudflare.net pp-gundam-re.decathlon.net pro.fontawesome.com lps.supafil.sk ka-p.fontawesome.com.cdn.cloudflare.net pro.fontawesome.com.cdn.cloudflare.net kit.fontawesome.com.cdn.cloudflare.net skyrivercasino.com www.supafil.sk supafil.sk www.pfizeroriginal.ca.cdn.cloudflare.net disposablelens.jp corpart.swissre.com www.bdo.co.mw news.erleadahcp.com www.registered-design.service.gov.uk app.devere-investment.com qa.lungenkrebs-verstehen.de www.insurancenoodle.com www.registered-design.service.gov.uk.cdn.cloudflare.net reviveagingskin.com christinecura.com smart-healthcare-comparison.com pitch4rk.cc app.insurancenoodle.com prod.lungenkrebs-verstehen.de dev.lungenkrebs-verstehen.de stg.lungenkrebs-verstehen.de www.lungenkrebs-verstehen.de uat.lungenkrebs-verstehen.de stage.disposablelens.jp insurancenoodle.com apps.insurancenoodle.com www.erleadahcp.com erleadahcp.com pfizeroriginal.ca zeikilbiograv.ga rekisranetlu.tk dbetandoubme.tk beposepleco.tk catman.xyz teen-at-home-scene-657.custard74inasmuc.promo custard74inasmuc.promo a-xomen.tk bffycc.com salmonescamanchaca.academy www.techmunition.com ns2.custard74inasmuc.promo samhutchisondrywall.com www.samhutchisondrywall.com nawagrebal.tk desfutapapapi.gq lustnarfauconssawa.tk drivhauzarlipanrai.ml licenetshipla.cf prosgennoicas.ga bleedrahovostdu.ga perswahrbhagal.tk payricalisa.tk didehatchprofles.tk enatcafizzdis.ga bountaigusar.gq coldtecocnoli.cf satdivision.ru exorpevimou.ml pijas-vecinas-tetona53.custard74inasmuc.promo arteballettoroma.it hydrocheck.it sortrepquiranpits.tk gensmisrustgunpe.ml inamunewten.cf tubanetgottfec.gq ceylonchronicle.com renahillcloc.tk jhpress.org linkhelre.tk xtc-mdma-drugged-was76.custard74inasmuc.promo me-piss-video33.custard74inasmuc.promo pomysifyju.tk acahimyzecec.ga brenuphlya.tk fsdabaoji.com koffert.com splitgourmetexpo.com casellconszeeciku.gq rigavegua.tk tiorarimorsa.tk sportonland.com nesriouniluluby.gq diastagouton.tk tigskinfiofronreghu.tk liacaithreadsum.tk cpcalendars.telechargement-privee.com cpcontacts.telechargement-privee.com 258lq.cn www.supernatruafits.com supernatruafits.com payseri.ga roundrockperio.com gnews360.com kalbarczykacx.tk sktaoke.com fofoquvy.tk tonenmo.my.id sugirl.info nocapelmaltli.ga shopbalancedhealthnow.com www.shopbalancedhealthnow.com esmouldisi.tk movemiseasoli.tk atilunabir.tk www.kittiecapers.com.cdn.cloudflare.net www.freexvideos.org raitogtecepligh.cf ketochiw.xyz eds.ladbrokes.net.au www.placargaucho.com nextcloud.mccusker.uk casinoxslot.ru mirandafotografia.com www.voxistanbul.com voxistanbul.com tiptop-app.xyz crownemoji.live voeks7c.tk www.southdownbusinesspark.co.uk.cdn.cloudflare.net getsawed.info larvq.com cenkoysvilsuplito.tk latasousophe.tk tryimmensesuperiorhealthketo.com www.tryimmensesuperiorhealthketo.com bountiesofibottles.com agiptelrosacbo.cf cash-beta.ga pitsfreefepinlo.tk betriebsfeste.eu bsbe665.com blastwinno.com www.formaindirimden.site formaindirimden.site redgreenbutton.ru maxbetslots699.ru mary-test.unbridledinfohub.com pihaconneores.tk murboalytingnata.cf www.simplyfrenchonline.com ttpm.com.cn.cdn.cloudflare.net portalehayatevesigar.com senorixjyz.xyz mercedita-airport.com www.funerariaossel.com funerariaossel.com urbanplanetinstitute.org www.zcxvfcx.ga cpcalendars.massagemtantricamasculina.com.br www.massagemtantricamasculina.com.br cpcontacts.massagemtantricamasculina.com.br cpcontacts.esmedicare.com cpcalendars.esmedicare.com www.esmedicare.com 212research.com www.dihingmpl.com dihingmpl.com soldieglovciofoari.tk bycorcompkiher.tk helpgrunn.nl chatdoguaxinim.tk asaltbattery.buzz gaichidiforro.tk afdaljawab.com cpcontacts.afdaljawab.com www.afdaljawab.com cpcalendars.afdaljawab.com www.kolleinspiredwork.com kolleinspiredwork.com esmedicare.com blaksumreetalafu.ga otradispprobirti.tk parrot2.entrosbot.xyz foocgz.com www.marqueehirebasildon.co.uk freexvideos.org luckylike.ru bimiacg.com.cdn.cloudflare.net hotelcomendador.es pesanan2.com studyoon.com unonewadbur.tk thurspasringkleenexuk.tk authenticizer.com www.designercabinetsonline.com designercabinetsonline.com giobackdistritule.tk gagitilacoural.tk lundewersatenting.cf websporgiris11.com cloud.dabossupplies.com solarmovie.net hamza.sh shmoool.com bbrger.xyz we-play.live papelbutique.com.br derspielkult.com dragonlavagame.com redsgif.buzz shuntong168.com ransiporluatemoss.ml alfatihfoundation.com whoseflorida.com flecrumlaybamke.tk wipemedownonline.com www.afauclya.com afauclya.com zcxvfcx.ga carrier260.xyz thelesaretthank.gq down.telechargement-privee.com society6.network mivananetaf.tk buyacumilimo.cf www.himalayanmountainlover.com himalayanmountainlover.com cpcontacts.baksojorjoran.com cpcalendars.baksojorjoran.com rentdescampringsacsupertyfulldocomas.co tautrangusuwhis.tk benptravaberuj.tk dialog-r.ru spicesflavorindian.co.nz rcnoficial.online tr27.club www.brokeassmoms.com.cdn.cloudflare.net dgbc.pro benjo.store unizualanpres.tk monrigedismei.cf ceonderincaldaperf.tk neumasadi.tk cpcalendars.imageasheville.com cpcontacts.imageasheville.com www.imageasheville.com gamqqtws.icu hikpear.online swissborg.coupons chirpyweb.com wiltangbyder.ml pmgolftours-coach.com www.sim3gvivu.com punjouycanreisylge.ml blog.briefbox.me bagicanlii.tk baksojorjoran.com hobilimedxnacharc.tk beltmarryoposum.ml olbursitasrai.ml smart24news.com www.smart24news.com swvcijpp.icu palingsastali.tk tumosmovers.co.ke raijosiddcho.tk anualtogecci.tk partidoliberalcolombiano.info lampesaled.fr lt.espinhainterna.com.br www.lt.espinhainterna.com.br tiolingfulsesitt.tk weoritu192-privxcmg.website histwolfcontstynkom.tk gmmlha.icu netstasbafertiela.ml hcdqc.com www.codout.net leitiolipasri.gq tiltiwilchaconf.tk trupewim.ml 3339z.com biparse.ml verimvohrista.org sportsauto-eventssale.info warlandcangu.tk dipticounca.tk reacapefes.gq ehotuxesefyxosu.ml ferncivopitons.tk insinet.eu noithathaiau.vn chuanqisf.cn.cdn.cloudflare.net leralimemog.ml castijolireal.tk uclireter.tk ziapayhouhu.cf guardian-angels.at tobepily.tk ophunedse.tk oxepoqucybon.tk ejuluqavojor.tk gcc0i.buzz uzavolikygox.tk hesydetylofo.tk ufagotylyj.tk promosrp4.ml qywifuticu.cf ejuquwuhamoc.tk projelbitolas.ga neelskintehandlo.ga siazibworldis.tk fybovededy.cf tipografiamea.ro jysalizaqa.ga owquilohydzu.tk nisynsutiro.tk balletal.cf bezofevogihayim.cf olvecquotio.ga zhuboluoli.space ikoqegajat.tk cellstimatacin.gq dalfiretaro.ml etuhysorid.ga laredentcapic.tk mocotelirea.cf woqibatinycy.ga khtjqhb.tk pretincadulg.site www.tutors-and-editors.online maminirukodelki.ru tiomantepuncmi.ml sakenbahsjackcaps.cf taiss.co izoxacozizyl.cf siaapa.com elmapico.tk www.manifetto.site abacerinem.tk uv925.space dortywarewa.cz manifetto.site kaqylo.club laibraz.tk rxggcz.icu techmunition.com ivijojuziqoh.gq synthograftw.ga nispamitownpe.ml viltoxi.live dentalinsurance-ace.fyi youareincomparable.com halonatifo.tk dhekapguna.cf skyrfaligdemis.ga aerogenic.xyz miracletreeproductions.com apkgrail.com www.ajx11-nj.com ajx11-nj.com sadoc.me www.congresointernacionalpiv.com.cdn.cloudflare.net www.luxehealth.co luxehealth.co officialbytencent.com www.adnargentinos.com rifastech.com www.elbolillo.ga elbolillo.ga panel.bulgaristanvatandas.com ogkar.ga www.hdmobilsex.info hdmobilsex.info 0zhubo.com criativo-rider.cf kapitanweb.ga www.plushaus.it.cdn.cloudflare.net espinhainterna.com.br akkasi.art happylab.es www.workey.se workey.se webmail.mercedita-airport.com mail.mercedita-airport.com whm.mercedita-airport.com cpanel.mercedita-airport.com webdisk.mercedita-airport.com www.mercedita-airport.com www.telechargement-privee.com surruwichlockto.gq supportcanadianfood.ca www.supportcanadianfood.ca www.stupahospital.com.cdn.cloudflare.net www.luminousnailsspa.com www.domvsochi.info domvsochi.info www.comfycat.co.uk.cdn.cloudflare.net tanzurisinrusand.cf lichtensteiner-buecherschau.de ziraatkafe.com toiset.co zbcsj.site theme.telechargement-privee.com www.shopcalaveras.net.cdn.cloudflare.net tutors-and-editors.online sp47.net flaconette.info supremasst.com placargaucho.com traffic-maker6.live attractivecelebration.com pratibimba.in.net www.pratibimba.in.net www.hx16.online hx16.online www.avanainvestments.com.cdn.cloudflare.net avanainvestments.com farcfonantiotearha.ml buynaracinsumpsual.ga mirrormirror.ga inexcramamol.tk flawyhmentira.tk weoweu.com feilifeatabwa.tk freedniturdoyllet.cf peakshopiat.com codout.net ps.kurb-1.online www.happyhomesideas.co.cdn.cloudflare.net brotrades.com

Malware Detected on Host

Count: 193 1f92c2bc22d0581df7195b3dc8773522c489575e668a86149bc04e18bcfc1d13 018ef49301647bbc22b8194f3805444bf275bbb5b8ddffe59c5132e90ecc8b3d dd1147a41bc984d4896e17b91a46e83c358503368555fbb486b170cd10b81bc5 22ff0f763bbb758a71bbb746f35cb9de6b7fc838fc02b53f3d1dc60ff176d4f8 4ba1c157c86fe8e16e01afc9edda9f5374e68ac8f0f8c97b271fc3897e7a16c0 4119fe5dd8293fe24c7196523877517accf75cad6240e462ad999807dab339d5 4d01b979401e2ccc88ad8ce158d6aceffe8bc889162cf12279c8dc6827aecd8a 2511024169f2701c94fe67499799e76b943f01440203754e3019f189c52e7394 46d64c12c2f1fd30a2f25bcdd5bc8455f9f94fd7f49ac70b16dff59b12e5a1b5 dc1feb790858d588068aeb287c226f8f5abca613a7d190689cbdc2312b44ed6e

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20