104.18.40.68 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.68 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 29 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Bonaire Sint Eustatius and Saba, Canada, Cayman Islands, Costa Rica, Croatia, Curaçao, Finland, France, Georgia, Germany, Guatemala, Ireland, Japan, Kenya, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Singapore, Sint Maarten (Dutch part), Slovakia, Spain, Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 2082, 2083, 2086, 2087, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 193

Tags

• 2257legalporn
• aaaa
• a about
• abxcde
• accept
• accessibility
• acint
• active related
• activity
• added active
• address
• address google
• address server
• adobea
• a domains
• adult mobile
• adwind
• age flash
• agent
• agent tesla
• akamaias
• akamaiasn1
• alberta
• Alberta
• Alberta Doctors
• Alberta Health Services
• Alberta Medical Association
• alberta meta
• Alberta NDP
• Alberta UCP
• albert harrill
• alerts
• alexa
• alexa top
• alexis fawx
• algorithm
• all octoseek
• allow
• all scoreblue
• amazon
• amazon02
• amazonaes
• amazon rsa
• amazon web
• amber a
• analysis
• analysis date
• analyze
• analyzed
• analyzer
• and not
• android
• and vids
• annulet
• anonymizer
• ansi
• any quality
• any quality videos
• any source
• apache
• a person
• api blog
• api key
• apostle
• applefree
• application
• april
• apt
• artemis
• arvada
• as14618
• as15169
• as15169 google
• as16509
• as19905
• as20940
• as30148 sucuri
• as3359
• as394695 pdr
• as43350 nforce
• as44273 host
• as47846
• as8075
• as852
• ascii text
• asn as16509
• assistant
• atlas
• attack
• attempts
• auth
• authority
• available now
• avast avg
• av detections
• azorult
• azureadmyorg
• azure rsa
• back
• bank
• bankerx
• beware
• bitrat
• blacklist
• blacklist http
• blacklist https
• blacknet rat
• blockchain
• blog docs
• body
• body length
• botnet
• Botnet
• botnet command
• bradesco
• bran
• brand
• brandi love
• brandi loves
• brashears
• brian sabey
• briansabey
• brontok
• browser
• brrnyaw8 peexe
• bublik
• bundled
• calgary
• capture
• carbanak
• carter cruise
• certificate
• Certificates
• channelsurfcli
• checks amount
• child health
• ch ua
• cidr
• cisa
• cisco umbrella
• City of Edmonton
• ck id
• ck matrix
• cl0p
• cleaner
• click
• close
• cloudflare
• cnamazon rsa
• cname
• cnc beacon
• cngts ca
• cobalt strike
• code
• coinminer
• collections
• college
• college guy
• colorado
• command
• communicating
• company blog
• comspec
• condrv text
• conduit
• connect care
• Connect Care
• connector
• contact
• contacted
• control server
• control ta0011
• cookie
• cookie patent
• copy
• copyright
• core
• corporation cus
• count
• count blacklist
• country name
• course
• Covenent Health
• covid19
• crack
• created
• creation date
• critical
• crlf line
• cryptexportkey
• cuba
• cus subject
• custom and
• custom malware
• cve202542957
• cybercrime
• cyber threat
• cyberwar
• daga
• data
• datacrashpad
• date
• date checked
• date hash
• dbatloader
• december
• default
• delete
• delete c
• delphi
• designer
• desktop
• dest
• destination
• detection
• detection list
• detections
• detections none
• detections tls
• DGA
• diamond
• djin
• dnspionage
• dns resolutions
• dock
• document file
• domain
• domain add
• domain name
• domain related
• domains
• domainsite
• domains show
• domaiq
• domino
• dos exe
• dostawa
• downldr
• download
• download csv
• downloader
• downloads
• dropper
• dynamicloader
• dynamics
• dyndns checkip
• edge
• edmonton
• Edmonton Police Services
• EduRoam
• ef3ghigj
• emails
• emotet
• emulation
• encrypt
• endgame systems
• endpoints all
• engb
• enom
• enterprise
• entity
• entries
• entries http
• et tor
• evasion ta0005
• events
• evilnum
• execution
• exif standard
• expiration
• expiration date
• expirestue
• exploit
• explorer
• extended key
• external ip
• external-resources
• extraction
• facebook
• factory
• facts otx
• faculties
• failure
• fakealert
• fake news
• falcon
• falcon sandbox
• false
• fareit
• february
• federal changes
• federal credit
• feet pics
• file
• filehash
• filehashmd5
• filerepmalware
• filerepmetagen
• files
• file score
• files domain
• files ip
• files location
• files related
• file transfer
• final url
• find
• fingerprint
• firehol
• first
• flag united
• flash player
• flywheel
• footer
• form
• formbook
• for privacy
• france
• front
• fuck
• fuery
• fusioncore
• g1gv3h3sxc0
• game
• gecko
• gegkn peexe
• general
• generic
• generic malware
• genkryptik
• geoip
• germany unknown
• get her
• get http
• getprocaddress
• ghost
• girls
• github
• gmt content
• gmt file
• gmt ifnonematch
• google
• google llc
• google privacy
• google search
• google team
• GovAB
• greynoise
• groups
• grum
• gtmkr32
• gtmkvjvztk dl
• guard
• gvt mitm
• hacked
• hacktool
• hallrender
• harassment
• hash
• hash seen
• hd0 bluescsi
• hd1 bluescsi
• headers
• health
• Healthcare
• health first
• hero designer
• heur
• hidden
• high
• hio50 c1
• historical ssl
• home search
• hostname
• hostname add
• hostname c
• hostname https
• hostnames
• hosts
• hours ago
• html document
• html info
• html internet
• http
• http2
• http get
• http headers
• http response
• https
• https http
• http traffic
• hwp support
• hybrid
• hybrid analysis
• icedid
• icmp
• icmp traffic
• icon
• identifier
• ids detections
• iframe
• iframes
• images
• images news
• impact
• indicator
• indicator of compromise
• indicator role
• indicator type
• indonesia
• info
• info access
• info title
• injection
• installcore
• installpack
• intel
• invalid pointer
• ioc
• iocs
• ip address
• ip summary
• ipv4
• ireland unknown
• issuer urls
• jaik
• javascript
• jfif
• jpeg image
• json sample
• json url
• june
• kb body
• keeper
• kenzie reeves
• key algorithm
• keygen
• key identifier
• key info
• keyloggers
• key usage
• kgs0
• khtml
• kiana
• kiana arellano
• kls0
• known exploited
• legacy
• length
• less see
• let me jerk
• letter
• level3
• levelblue
• life
• link
• links
• linux
• linux x8664
• live
• live api
• lizar
• llc address
• local
• location united
• lookup
• love
• lowfi
• low risk
• lumma stealer
• m03 oamazon
• m4e5930
• magnus
• mail spammer
• main
• make sure
• Malcerts
• malicious
• malicious ids
• malicious site
• malicious url
• maltiverse
• malvertising
• malware
• malware found
• malware site
• match info
• maya
• media
• media center
• medicaid
• medicaidour
• medicaid page
• medium
• medium high
• meister
• memcommit
• memoryfile scan
• memreserve
• meow
• meta
• metastealer
• meterpreter
• mexico
• microsoft azure
• microsoft crm
• microsoft edge
• microsoft power
• microsoft teams
• million
• mimikatz
• mini
• minimal low
• Ministry of Advanced Education
• Ministry of Health
• Ministry of Tech & Innovation
• mirai
• mission
• miss x
• mitre att
• model
• moniker online
• moved
• mozi
• mozilla
• msie
• ms windows
• mtb apr
• mtb yara
• mtd1
• mtis
• multi scan
• mutexes nothing
• name servers
• name verdict
• nanocore
• navegador
• netsky
• newimpact
• new relic
• news
• next
• next associated
• ng
• nginx
• nimda
• nitro
• no data
• no expiration
• no meaningful
• none google
• none indicator
• none related
• nothing
• november
• number
• nxdomain
• oc0006
• occamy
• ocsp urls
• october
• octoseek
• office
• ogoogle trust
• online
• opencandy
• open ports
• open threat
• orbiting tsara brashears
• org domains
• otx telemetry
• ouno sni
• output
• page
• passive dns
• paste
• patch http
• path
• pattern match
• paul
• pcap
• pcap processing
• pdf url
• pe resource
• persistence
• phishing
• phishing site
• pics
• plan plus
• platform
• player
• please
• please click
• please note
• plugx
• png image
• policies vpat
• policy windows
• pony
• porn
• pornhub
• pornhub subsidiary
• #pornvibes
• port
• power
• prefetch8
• prefetch8 ansi
• premade
• premium
• presenoker
• present apr
• present dec
• present feb
• present jun
• present may
• present nov
• present sep
• pricing login
• privacy policy
• private name
• process32nextw
• program
• programfiles
• projecthilo
• project nemesis
• protect
• protocol t1071
• protocol t1095
• proton
• proxy
• psexec
• public
• public key
• public url
• pulse
• pulse pulses
• pulses
• pulses none
• pulse submit
• push
• qakbot
• qbot
• quasar rat
• query
• raccoon
• ransom
• ransomexx
• ransomware
• Ransomware
• read
• read c
• reads
• reagan foxx
• record keeping
• record value
• redirect
• redirector
• redline stealer
• referral url
• referrer
• rejected sample
• related nids
• related pulses
• related tags
• reports
• report spam
• reputation
• request
• research
• researched
• resolved ips
• response
• response ip
• rgba
• riskware
• road city
• roboto
• Rogers
• rokrat
• role title
• round
• runescape
• ryan keely
• ryuk
• safe browsing
• safe site
• sakula
• salesloft drift
• samiamnot
• sample
• samples
• sandbox
• sap s4hana
• savbwcd
• scan endpoints
• scanner
• scans record
• scene
• script
• script domains
• script urls
• search
• search api
• search filter
• search live
• sea x
• sec ch
• secrisk
• security risk
• september
• server
• server auth
• servers
• service
• services
• service status
• seznam
• sha256
• sharepoint
• share report
• show
• showing
• show process
• show technique
• site
• sitecore
• size
• size68b type
• skip
• slcc2
• slo privacy
• sniffs
• social engineering
• solutions
• sorano
• sort
• south carolina
• spam
• span
• spark
• Speader
• sport
• SSL
• ssl certificate
• starfield
• startpage
• static
• static engine
• status
• status code
• stealer
• story
• strapi app
• stream
• strikes
• strings
• stwa lredmond
• subject key
• subject public
• submit
• submitters
• summary
• summer
• suspic
• suspicious
• suspicious ua
• sweetheartvideos
• swrort
• systems
• t1055
• ta0004 defense
• tag count
• tag manager
• tags
• tag tag
• tape
• team
• team proxy
• telecom
• Telus
• templates
• test
• text/html
• thebrotherssabey
• threat
• threat analyzer
• threat level
• threat report
• threat roundup
• thumbprint
• tiff image
• time
• title
• title added
• title error
• tls handshake
• tls issuing
• tlsv1
• tofsee
• tools
• trackers
• trackers google
• traffic et
• Treaty 6
• Treaty 7
• Treaty 8
• trojan
• trojandropper
• trojanspy
• trojanx
• true
• tsara
• tsara brashears
• tue mar
• twitter
• twitter running
• type
• type indicator
• ua full
• UAlberta
• ua platform
• ukraine
• union
• union blvd
• unique
• united
• United Nurses of Alberta
• university
• University of Calgary
• unknown
• unknown ns
• unknown soa
• unruy
• unsafe
• unsupported
• update
• update p2p
• upgrade
• url
• url add
• url analysis
• url data
• url get
• url hostname
• url http
• url https
• urls
• urls https
• urls show
• url summary
• ursnif
• usage
• us careers
• us creation
• utc gcw970gh4gg
• utc submissions
• utf8
• v2 document
• v3 serial
• value
• van
• varnish
• verify
• ver los
• vetting process
• videos
• videos maps
• vids
• view
• view details
• virgin islands
• virus
• visible
• visualizer skip
• vxstream
• wacatac
• warning icon
• watch
• watch tsara
• wave
• web
• website
• whitelisted
• whois record
• whois registrar
• whois server
• wild west
• win32
• win32 dll
• win32 exe
• win32qqpass apr
• win64
• windir
• window
• windows
• windows nt
• winnt
• worm
• wow64
• write
• write c
• x509v3 key
• x amz
• x cache
• xrat
• x show
• xxx video
• xxx videos
• yara detections
• yara rule
• youngcoders
• youth
• #YYC
• #YYG
• zbot
• zpevdo

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1012 - Query Registry
• T1027 - Obfuscated Files or Information
• T1036 - Masquerading
• T1041 - Exfiltration Over C2 Channel
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1071.001 - Web Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1095 - Non-Application Layer Protocol
• T1098 - Account Manipulation
• T1102.002 - Bidirectional Communication
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1112 - Modify Registry
• T1114 - Email Collection
• T1119 - Automated Collection
• T1126 - Network Share Connection Removal
• T1129 - Shared Modules
• T1132 - Data Encoding
• T1134.004 - Parent PID Spoofing
• T1136 - Create Account
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1480 - Execution Guardrails
• T1483 - Domain Generation Algorithms
• T1505 - Server Software Component
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1543 - Create or Modify System Process
• T1546.015 - Component Object Model Hijacking
• T1546 - Event Triggered Execution
• T1547.006 - Kernel Modules and Extensions
• T1547 - Boot or Logon Autostart Execution
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1570 - Lateral Tool Transfer
• T1571 - Non-Standard Port
• T1573 - Encrypted Channel
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1584.004 - Server
• T1588.004 - Digital Certificates
• T1588 - Obtain Capabilities
• T1598 - Phishing for Information
• TA0011 - Command and Control

Passive DNS

• redarrow.pwt.ca

Attack Log References

• anonymous-proxy-ip-list-2025-10-20

Whois Information