104.18.40.87 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.87 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

• Mitre ATT&CK IDs: T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1497 - Virtualization/Sandbox Evasion

• Tags: aaaa, a domains, all search, apple, as13335, ascii text, blister, class, click, cobalt strike, communicating, core, creation date, critical, date, discord, download, error, et tor, execution, exit, general, generator, hacktool, historical ssl, http, hybrid, ip address, june, known tor, link, local, malware, meta, metro, misc attack, name verdict, network, node traffic, otx octoseek, passive dns, pattern match, pixel, pulse pulses, referrer, relayrouter, resolutions, roblox, scan endpoints, script urls, search, showing, ssl certificate, status, stopransomware, strings, t1507537243, t1604023287, threat roundup, united, unknown, url http, urls, whois record, whois whois, win32, woff2

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Passive DNS Results: commcloud.prod-bbzb-samsonite-ca.cc-ecdn.net catalog-import.stg-na.apis.caperlab.com kafdrop-stm.brevo.tech reconciliation-gateway.stg-na.apis.caperlab.com longhorn-rke2-platform.brevo.tech c.expomafe.com.br kotexinvisi-feel.com metabase.brevo.tech cartrebooter-isc.stg-na.apis.caperlab.com hephaestus-gateway-gateway-isc.stg-na.apis.caperlab.com gose88.md5sb4.com datacat.brevo.tech itcl01mstru6t0ss003.dxcloud.episerver.net withyourstory.com deliv-bayes-tools.brevo.tech itcl01mstru6t0sprep-slot.dxcloud.episerver.net synthetics.stg-na.apis.caperlab.com software-release-hub-gateway.stg-na.apis.caperlab.com hardware-tester-gateway.stg-na.apis.caperlab.com abuse-desk-processor.brevo.tech proservia.fr hardware-tester-gateway-isc.stg-na.apis.caperlab.com www.kotexinvisi-feel.com kafdrop-gke-offshore-us-east1-v2.brevo.tech features-tracker-gateway-isc.stg-na.apis.caperlab.com dev.cash.abbvie.net idvs-ms-test.accenture.com unified-objects-http.brevo.tech www.prd.zxek.sfcc-store-internal.net boringmoney.in www.cash.abbvie.net gql-fed-cf.reddit.com gql-fed-cf.reddit.com.cdn.cloudflare.net dfrmpaix.md5sb4.com jenkins-qa-staging.brevo.tech www.bostwickbraun.com psso.proservia.fr www.netsol.com push-notification-sending-v2.brevo.tech alpenflirts.com pastebin.brevo.tech qa.expomafe.com.br putnamcountystatebank.com failout-tool-test.indeed.com ro-offer-pp.decathlon.net config-manager.stg-na.apis.caperlab.com my.sterlingbank.ws atrotho-gateway.stg-na.apis.caperlab.com oldtessonsc.com jenkins-qa.brevo.tech signup.ms7230.com signup-main.ms7230.com hamnawa.net 4sportsfun.com www.expomafe.com.br stadion.io lively.stadion.io woep02mstr70zqzprod.dxcloud.episerver.net retail-gateway.stg-na.apis.caperlab.com pbr.failout-tool-test.indeed.com www-pp.offta.org.uk sageone.uk.com www.offta.org.uk email-threat-analysis-worker.brevo.tech email-threat-analysis-proxy.brevo.tech email-threat-analysis.brevo.tech bridge.argovpn.com nuget.stadion.io munster-dev.stadion.io mmmtwealth.com workingwithfeeling.com www.mainguyetanh.com www.inv-thread.com www.productionincentivesinsider.com ascendism.org anayotothe.com contemplatingresonance.com blog.earnalliance.com www.ikyu.ink jjjjjj.nyc aestheticsmaxx.com truthpaysoff.com newsletter.arac-international.org swissandchips.com mindpalace.biz inversioninvestor.com prettygoodblog.com jkyleturner.com inquisitivebird.xyz www.hopiumchronicles.com romancebookrecommendations.com steveslastlaugh.com www.culture-critic.com pybae.com www.viksnewsletter.com dotcomparadise.com purplecatholic.com centerright.live www.vaporousrealms.com booksandnicethings.com hardwarehawk.com recoveringhustlers.com qianjin4.xyz lapalabs.com blog.paigo.tech joshgg.com blog.codingconfessions.com www.y-option.com bitnirmata.com brasil.outcomeedge.com build2learn.xyz jamesearlowensphd.com therambutan.net programmingzero.xyz livedexperience.guide zerotoexpert.blog visitlongviewfarm.com dataengineerexpert.com digitalalchemylabs.com theinfluenceinsider.com stranev.com mini.gmshaders.com www.natesilver.net www.thecoach.ir electronics.dev www.pressexe.com www.nextgenhmong.com www.nickythompson.com www.cover2big12.com www.theeditors.com www.theeffectivemindset.com www.lawsubscribed.com www.theaicatalyst.ai www.the-fine-print.com www.justemil.com newsletter.gutsphere.com gems.cashuapp.com www.chrisyokel.com substack.qntns.com www.lawforkidspodcast.com substack.kevinfocke.com grantt.xyz www.dontdistribute.com www.mind-war.com www.theexecutives.net www.serotoninswim.org media.trainerbase.io www.robocontrarian.com research.auditless.com cookthesebooks.com saasalleycat.com ubersoy.com www.themmadraw.com www.ma-retraite-yoga.com www.revletter.io www.thefosterlife.com videoessay.com www.irishpoliticsnewsletter.ie www.itisallinyourhead.com alaskahub.tech www.hiromitsumorita.com ato.marketing www.everyonescreative.net bennettmullozzi.com www.phongthuychinhtong.edu.vn www.photowalkstv.com michaelmiller.blog www.digitalliturgies.net theeffectivepeople.com www.readtheline.ca www.malone.news daniduc.net jarvisrjz.com rovingdev.com diemmu.com www.joshbarro.com vxnuaj.blog www.astateofflo.com momentumalpha.net journey.joshuamdeguzman.com www.friendlyatheist.com howx.works sancho.press www.backstoryserial.com www.coursenot.es www.artbutmakeitsports.com www.deepdivemh370.com www.blog.milkandmadness.com www.capitolconfidential.com www.brettboston.com www.anybodycanprompt.com www.aiforinfluence.org www.subjecttorevision.com www.stigmat.fr www.tinfoil.cc www.wildwesternwanderers.com www.northofbloor.ca www.theshootersclub.com www.productmarketfit.tech effableinsights.com www.damnoptimist.com www.thejackl.co www.lascuolaimmaginata.it www.houfootball.com www.magawealthbuilders.com www.sprezza.xyz www.nothingwasted.ink www.systemtrap.org review.stanfordblockchain.xyz www.happychristian.org www.myjapaneselessons.com www.ncrabbithole.com substackstage.bevycommerce.com www.narratively.com www.ellethefoodie.com cultureofself.blog www.vafree.org newsletter.ordoliberal.com blog.boltz.exchange remote.how blog.charlied.org www.perspicua.org www.valuecreationplan.com www.entrepreneurialvc.com nickwlker.com deckoder.nl www.ellerton.ai blog.ctrlblk.com www.oceania.earth bowtiedbull.io www.theemergence.io www.somemeals.com www.articlesofclothing.com www.shapingopinion.com www.catarxis.com news.codestory.co scifi.felker.dev www.myntbit.com www.swanburg.com www.meduplam.blog newsletter.egorhowell.com www.happyastronaut.co www.wecodefire.com seeds.bluem.ventures hiddenorder.io www.patrickcoulter.com www.resourcewars.com foodnoise.kitchen newsletter.peakstride.co feed.lyndondrake.me www.alejandrotarre.net www.12thhouseofwild.com newsletter.ftrs-studio.com www.maledaze.com www.focusinvested.com newsletter.sigincidents.com www.structopen.org aixhub.io www.noindex.tv www.agentage.com www.jamwise.org www.foxholleralmanac.com www.thediscipleleader.com whoisgrowing.com thelightstack.com pulse.playtolabs.com mos.media www.techinvestments.io www.sfesc.ro www.dashmedia.co www.africanamericanconservatives.com zeteo.com entrylevel.topdowncharts.com noise.audiohype.io www.adventuresinairbnbs.com www.bigsmoke.nyc www.bluemtnheatherarts.net franciscoss.com www.dailybeat.io ten.fotograficzny.blog read.thoughtlessopinions.com perspectives.samir.xyz ronith.co www.futurefemhealth.com www.chinabankingnews.com substack.thisweekinreact.com www.newworldhumor.com www.uncommon.fm www.xdotcom.io www.poncacitymonthly.com www.notanotherbook.club www.neosapien.net blog.stackaware.com www.policorner.ca www.radicalcuriosity.xyz www.whatonearthishappening.wtf www.thetechpress.com www.newsletter.avigaillaing.com defipm.com www.mediatribes.blog www.blackjusticejournalism.com.au www.truesciphi.ai k0g00t.hojda.net www.civesdei.org www.unboundartscollective.com www.crosstabs.studio barnacleburner.com www.engineered.football www.civilnotion.com www.barndominiumdigest.com biocentric.eco hmelius.com designbetterpodcast.com www.terireid.com www.metasophist.com www.podblessus.com www.theretailnewsletter.com ramblings.games www.tribodemarketing.com.br www.notes.wethesojourners.org www.vanessacanzonieri.com bryanmcaleer.com www.awssecuritylabs.com www.mindsatplay.xyz guilhermerey.com.br www.capturethemuse.com www.michaelnayna.com blog.stipop.com ateeqend.com www.knick.dev www.masterverse.ai www.builtforwar.com www.personsunknown.net www.dustindees.com www.blogofjake.com www.multibaggernuggets.com twocents.hur.xyz www.dunk.center www.letters.earth scoop.pennerminifarms.com www.bannedinyourstate.com www.crossborderalex.com www.paymentsculture.com www.prramos.com blog.consultantmanpreet.com sam.my www.arjunkhemani.com read.cryptodatabytes.com www.viksbusycorner.com newsletter.vithanco.com www.discern.earth www.selfcraft.blog www.inspiringpositiveimpact.com www.mysticdesigns.xyz www.newwealth.io www.techasar.com www.themarveller.com www.letgothegoat.com www.tep.trade www.ai-supremacy.com www.localpressproject.com campdky.com www.nosefortreasure.com www.cashstacker.com badgamescrew.com depth.drillbitlabs.com www.davidavalerio.com www.buildermentality.com roundup.zactax.com www.tenmoments.com castrobaths.org www.baatmos.com www.goodandgoodforyou.co therightstuff.co blog.techchallengearena.com en.blocktrend.today www.superbeing.ca www.savvymatters.com www.schmearhunter.com www.brixtonalchemist.com chilijung.com questiontruth.org www.modhyom.com www.seebysruminations.com opus99.co www.daringgreatly.me www.amaranthineshards.com www.guideduchemin.com www.brianvsutah.com www.vilagaktual.hu www.chudstack.com www.interestingrecordclub.com www.twutab.football alexanderconcepcion.com www.kellyfempire.com www.cheriekris.com www.fallstownfuse.com substack.thecreativedraft.com www.dobripastir.eu www.youvegotmedia.com rawrszn.com www.japriz.com news.totheleft.co www.logofons.com blog.ellycode.com wallsandways.com www.marketinginaction.xyz www.sociology.education www.creativediction.com blog.schoolforwriters.com www.fillingyourcircle.com www.danielpiperwords.com www.shepherdsnotes.biz www.arktosjournal.com www.whatisaninsight.com www.firequinito.com www.pacific-northwest.energy www.gamedev.in www.codywest.com www.screentopage.com www.cosmetizate.com www.extragrad.com www.pissederesistance.com www.dividendgrowthinvestor.org www.xenocognition.com www.isabelpabanfreed.gay www.jonathanlack.com www.blocktrend.today bugle.simonwaldman.uk www.chineseconsumers.news www.topoptions.news www.foundingprincipals.com www.janetschwind.com www.obscuravox.com www.theequityanalyst.com sub.podcastworkflows.com www.culdecuvee.com words.skylrs.com www.thegermanreview.de www.doughankins.com www.flourishing.scot www.openhedgefund.co outsidemodernlimits.com www.threesquirrels.ca www.lettersfromharper.com www.jeanhf.com blog.atlascomputing.org www.news.artefields.net blog.netcreme.com cognitivedawn.com www.financedecode.com blog.algomaster.io starlog.click blog.patrickchou.me www.thecreativetusk.com blog.fede.online blog.xpboost.dev www.thecrea8ve.com www.t3abeer.com www.caroehenry.com www.aspiretobeanelder.com blog.defy.is www.austindrabik.com www.themediamix.co www.learnprompter.com fromdre.com www.podcastisbroken.ca www.neretfiles.com da.niel.name www.mikegallaghersrecord.com www.monteroweather.com blog.matangr.com blog.delphine.ca www.bydamo.la notes.baristabot.app newsletter.pathlesspath.com www.anewpolitics.scot www.batcatscentral.com www.midwestsense.com www.thekinetoscope.com leradis.food www.shellgame.co giantspostcards.com founderslogs.com www.chipstrat.com read.ultraprocessed.news substack.daogen.ai www.unforgottenpod.com newsletter.oku.trade www.padengayle.com afterhours.coffeespots.pl www.seasonsofcrime.com work.id.vn www.openentropy.com mrnatewatson.com newsroom.businessleague.com productidentity.co www.founderstable.co www.jayeshs.com opensecret.visible.cx

Malware Detected on Host

Count: 14 21088a0db88bd0350d9f1316e9c41d727c714cdda8b7d0c677b24f9aafad8b8c a3e62ac3bacee163f49446f7e3c80a1c88ca009c7752c4041177b89746231bf2 a61669c579fc135b2dc00f154fb4bbeb581c6f4c46f836de293549bedb40b0b3 6f5cdbceeb9cf44b625d467d587f0bf7d4fd435b6f9f9c72e9820b33582cc216 6f7bb444c8468b96a8caa68e5af09a05025c6404b60ebd82daec90dc7523e1f1 1352fe5052b27fdd52e5e18d4876fd79013d9fa7cab0c1e75dd3473cb1b506be be49cc31aee5a527038aecb2bb339a8272488a0144d2abea50a779db39ac26bf 58625739962a3ab5806cdb09e1da1a4ac3ede05907d1a595261ad51e3ad75790 4a9feb14c927f1f366a6446fbf1daf8b5edd7158f69b5a22f3eb2a82d4399eab 52f572cb3fd594c0c4789ed182361cb7a0ac2d34e3c8937be89ddcbb0ba912d9

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20