104.18.40.90 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.40.90 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1045 - Software Packing, T1055 - Process Injection, T1057 - Process Discovery, T1063 - Security Software Discovery, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1105 - Ingress Tool Transfer, T1119 - Automated Collection, T1480 - Execution Guardrails, T1562 - Impair Defenses

• Tags: abuse contact, address, address range, admin country, admin id, ad temdac, adversaries, alerts, algorithm, allocation type, allowed date, ally s, anorexx, arizona, ascii text, assigned pa, australia, authority, beginstring, body, brashears, brashears porn, browsing, busty xxx, ca validity, cddad ad, certificate, cgb stgreater, chrome, ch ua, cidr, ck id, ck matrix, click, cnsectigo rsa, cobalt strike, command, comments, contacted, copy, copy md5, copy sha1, copy sha256, creation date, crlf line, cyber security, daily, data, data upload, date, defense evasion, delete, delphi, denmark unknown, dnssec, doctype html, domain, dynamic, dynamicloader, ebony, ebony riding, encrypt, enter so, enter soudcfidi, enter soupce, entity ah36ripe, entries, entries http, error, exchange, excludea, exe size, expiration date, exploit, extr, extraction, extraction data, extraction f, extraction fail, extra data, failed, father sex, file name, files, files ip, file type, filter tsara, flag, found, general, gmt content, go daddy, google safe, green, handle, head, high, high process, hos hos, hostile, hosting, hostname, http, https, hybrid, ic excluded, icloader apr, included, included review, include review, include u, informative, injection t1055, ioc, ip address, ipv4 add, key identifier, lander script, learn, local, location united, lowfi, malicious, malware, mb first, md5 google, md5 sha256, medium, memcommit, meta, method, mi11255597wp, mitre att, most relevant, moved, msie, msil, mtb apr, named pipe, name tactics, network traffic, next, next associated, Nextray, none related, null, number, open, open threat, orgabuseref, orgid, orgtechhandle, otx telemetry, panca type, passive dns, path, pattern match, phishing, porn, pornhub, porn videos, postalcode, praw type, present jul, present jun, present oct, pr extract, process details, public, pulse, pulse pulses, pulses, pulse submit, read, read c, record value, refresh, related pulses, review, ripe, ripe ncc, ripe network, roberta, safe browsing, scottsdale, s data, search, sec ch, secure server, seen, sentinelone, servers, sha1, sha256, show, showing, show process, show technique, size, span, spawns, status, strings, sugges data, suggeste, suspicious, t1055, tags none, tech email, tools, trojan, trojanspy, trydda dada, tsara, tsara brashears, type data, type win32, typ url, ua full, ua platform, udi ad, u extractio, united, unknown aaaa, update date, ur extraction, url add, url analysis, url hos, urls, url url, utf8, v3 serial, video, virtool, virustotal api, watch, watch tsara, whois server, win32, win64, write, x509v3 subject, x adblock, xe7xf3xf2x14x9d, yara rule

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: cleanmx_viruses, hphosts_ats

• Country:
• Network:
• Noticed: 30 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: aru.joinhandshake.co.uk app.joinhandshake.co.uk fab.qa-gb-qdn-shrsvc-3929-updateintrospectio.az.ssdgws.co.uk bio-lutions.com www.mycovetrus.com kimberlyclark.com.ec test65-az.thegipsymothgreenwich.co.uk ihrp.spct.vn falmouth.joinhandshake.co.uk tccwest.qa1.campaign.hk.huggies.com server2.qa2.campaign.hk.huggies.com server1.tccwest.qa1.campaign.hk.huggies.com wfmap.dev.taskus.com server2.dev3.campaign.hk.huggies.com server1.dev2.campaign.hk.huggies.com server2.www2.campaign.hk.huggies.com server1.tccwest.www2.campaign.hk.huggies.com green-prod-b2bna-jsapp.mycovetrus.com www.kimberlyclark.com.ec server1.www2.campaign.hk.huggies.com www.elvia.at server3.tcceast.www1.campaign.hk.huggies.com www1.campaign.hk.huggies.com server3.www2.campaign.hk.huggies.com pon-komptech.com server1.tcceast.qa1.campaign.hk.huggies.com wpengine.dev.taskus.com cannondale.se qa2.campaign.hk.huggies.com qa1.campaign.hk.huggies.com tccwest.qa3.campaign.hk.huggies.com staging.whittard.co.uk api.mycovetrus.com api.mycovetrus.com.cdn.cloudflare.net prod.medhub.novartis.com.pk.cdn.cloudflare.net spct.vn.cdn.cloudflare.net www.skinceuticals.com.hk singularity.jobadder.tools.cdn.cloudflare.net www.premarincream.ca.cdn.cloudflare.net emclick.ecu.edu tk0yf.hs.link emclick.ecu.edu.cdn.cloudflare.net www.mycovetrus.com.cdn.cloudflare.net 1d9lzp.hs.link dr-az.thegipsymothgreenwich.co.uk www.spct.vn auctions.materialculture.com auctions.materialculture.com.cdn.cloudflare.net www.premarincream.ca premarincream.ca skdlp.hs.link www.scholastic.com.cdn.cloudflare.net mock65-az.thegipsymothgreenwich.co.uk healthierworld.com qxn21.hs.link bb77u7-vcgtu.com singularity.jobadder.tools prod.medhub.novartis.com.pk tm70z.hs.link qm464.hs.link dienst-e-bike.de americascardroom.com.au 9g4lc.hs.link 1f09xj.hs.link clmproxy-serverdev-us1.dexcomdev.com vaxstaffsale.co.uk qa-ie-byo-apd-3868-newupdatecfusagemodel.az.ssdgws.co.uk sdqvh.hs.link gethealthystayhealthy.au skinceuticals.com.hk 4gp6.hs.link campaign.skinceuticals.com.hk adobefranklin.pfizer qs8h6.hs.link www.volkswagen-vans-online-auctions.co.uk uat.volkswagen-vans-online-auctions.co.uk futrgrn.hs.link www.kobosetup.pt lakeontariotours.com www.lakeontariotours.com retribuir.pt camcashdaily.com www.starbucks.pl bettiger.ag champ702.com www.ljbtc.com beachbbq.ljbtc.com app.legatomedia.com www.arthritissavings.com xtenbestcan.tk acimdarxagire.tk dgkelm.com juliocesarpalacio.com.cdn.cloudflare.net www.juliocesarpalacio.com.cdn.cloudflare.net cllszx.com pubtogel.com tilegrafima.news therivalryguide.com androidshope.com debt-negotiation-services.co.za naifranen.ml www.sites99.com.br mamanchsalzconc.tk dreamirveposdilud.ga anunanemar.gq tobigca.org breakacprinroters.cf sausvillogesliled.ga newventspmco.in www.newventspmco.in foxmechanic.com looksconlartsugood.ga nistpesretolink.tk blloku.online acesonunap.gq riopresovitdep.ga gylfapisanme.ga edutwist.com tigolucnuhanti.ga www.buatvideo.online myssubcmosttiphopil.tk kimsa515.com drakuy.com childtalvelpserfi.cf sotonggenrises.ml www.laomobilegroup.com bmiwhaifanmetoreal.tk derlauchalimestua.tk barsmiraphe.gq skinenanrui.ml wayresmadil.cf pavmentmetfibumen.tk supsobossawggesso.tk myrenskirkgreenwettsubt.tk aropdatherbest.ml member.tscra.org tioumadustwax.cf setrile.ml ruffbumou.tk kinginvests101.com provsorbtanconora.ga heritagereformed.tk cutektpluper.ga seufestivalnatalino.com lemasibbattna.cf www32.seufestivalnatalino.com zeophone.xyz www.zeophone.xyz aypapalet.com turbobaltic.lt cdn.ssd.ge aptogcoro.tk fortuneinvestments.ga congmiluf.tk be-0fertas-maquillaje-argoes-ok.live www.srvais.org.cdn.cloudflare.net www.as-svetice.hr andyge.online shopasa.de www.rebahin.xyz trothpertena.tk as-svetice.hr trungtam-beptu.com alamosqcondo.com edylocekyn.tk pornocastingvideo.ru www.f6s27y.shop.cdn.cloudflare.net f6s27y.shop.cdn.cloudflare.net ennademedac.ml imbinen.com.de www.imbinen.com.de www.epicerie-epicerie.com videos.sexy-egirls.com fsapi.ru epicerie-epicerie.com diarosandbucomppat.tk diasylcentchatmegent.tk pornofilmizle.ml www.stolickychiavari.sk stolickychiavari.sk paragonimpressivetaste.cloud giveuwant.club fastgimiramimest.tk 1bk8.com wachsrigabtimatdiss.cf vavada-hit554.ru palbdingranfepen.tk psiakrew.com.pl mastracessnewsresa.tk 5168900.cc 67mq.com inenneutilliota.tk cpcalendars.gumroad20.website cpcontacts.gumroad20.website remedyspiritednod.work awecianda.tk nesingbrujtiti.cf ailant-dostavka.ru kinoskop.co www.pushtreedispensary.com www.sexy-egirls.com whatisgrwr.com sorembrenerora.tk forum.sexy-egirls.com ghosulconlicomdia.ml shop.laomobilegroup.com liamasighcoleathi.tk psychfuelalisolsand.tk vipdaigou.ca watch.wrestlingonline.in gardducfastprofacex.tk btcbahis.org bullterptabdispdrafin.ga tiosampchimiposho.tk viclamarsaltna.tk dupmoviblyluanving.ml www.lovely.sg cuemoitichimdesc.gq bocurtsobekeraf.tk elaboratewellfoodie.cyou lecalendrierdenoel.com romabett.org viosoimonstermiros.ml indeedfindjob.gq agofcenbansmen.tk www.myfreshstart.co.uk taiwanjiayou.com dek-a-bed.be 17.watch www.ylxmsyj.com.cdn.cloudflare.net ylxmsyj.com.cdn.cloudflare.net www.brstej.website diychromcomdiaco.tk emakonde.com efacclamyg.info bumbnarinrifile.tk ifai.gob.ar staemcommunitu.com qumo.uk histeednef.xyz differencesee.com aamaleleqtsad.ml cms.cecodisha.edu.in upsocial.pk 11162.club brstej.website sperallbuseces.tk kluskirchcorsuress.tk www.positiveroi.digital.cdn.cloudflare.net baimgiveaway.com calmirigestcallnis.tk unchanbamulethems.cf pyaktowvernsulor.cf acemavnanire.cf www.asicstores.xyz acsabmillvakenforc.tk readnetic.com www.upscian.com.cdn.cloudflare.net upscian.com asicstores.xyz amishopping.com ottomanpalaceantakya.net blejqanta.com laomobilegroup.com anavomedia.com seasonuprightthank.monster tohipachatriouhar.ml www.discountcity.info k4v8xz.com gpanel.altergott.eu optimumnodethinbenefits.com vlead3.com biobageltamor.ml jzsxs.com modelo7.sites99.com.br haobi365.vip pagevalue-archive.com suscahacomco.tk handchrislikare.tk d7mo2o.com www.d7mo2o.com www.boxfotografico.it boxfotografico.it getteteli.tk desertshieldfitness.com altergott.eu bravalatkomsa.tk bugsuztravian.tk pabciereawinla.ml shopnorthvillage.com dugaldgel.shop www.dugaldgel.shop sugarbymama.com layremodete.cf babsstore.com.br zorsimpkexroretur.tk hoststamexkicepo.tk colletonyearbooks.com outfitpea.store singaporebioresearchpteltd.com www.singaporebioresearchpteltd.com basvuruservisi.cf lovely.sg adotanco.tk kimojarapypo.cf meypicnimenivi.cf tridivlicoovicra.tk xyholtodenhe.ga www.gumroad20.website 24-7cashbuyers.com cackbloodiqiryl.tk vaperpectlitt.tk sandalwoodstories.online onextuilu.ga catchyclimax.club zombiegrub.live marijanfranctrbic.tk sputalafphisfue.tk geunicesimo.ml www.ackermanpartners.com.cdn.cloudflare.net itsteamcarbapcsest.cf tionepedire.tk negpowhippe.tk reinmz.com jahrrobirecount.tk 192-168-o-1ip.net piepornagil.ga brunuluser.cf raifquraishi.tk bkqp08.com huitetori.tk amyasstore.com www.cooplosreartes.com cooplosreartes.com www.serraplace.com serraplace.com nennai.cf forensic-top.com.ua amavitravel.bg gentiomarbdo.tk cleokk.com a.iceseeds.store eroveagerin.cf hondacloud.tk quedanepahe.tk trucoxmechisib.ga cucancontfec.tk glassesaf.com bleneasovmeatmyo.ml iclarthewersai.ml promoblog.uk.com gastronidicon.ga opodnousritex.tk opyqixikaz.cf licensqehk.ru amagingis.ga mitakean.com xaqulybi.ga woodruffmiller.com specorookar.tk lusapacaltii.gq sbadfukilog.gq panbotezuchra.cf sigyvupoxoxi.gq www.embece.com gwall.com.tw oqosudys.ga easyprom.online dashcookbook.info owetejyxibah.ml fixiperchvethern.ml ohuhuxyked.tk bourkagasteogoog.cf ungisecbomen.tk chesciomalupe.gq vzenedaal.gq ddducadaosta.it capetessitu.ml rasurla.tk jurydusisi.cf creatboolereafen.ml jusockpadesttur.gq nugaculinut.ga embece.com creditadvisor.co milinkbingrencock.cf js001199.com uxavucybilot.ga besdicapawe.ga skyscenpadddandowb.tk heqorysazyza.tk silversparkles.in www.isaprezonasur.cl igerexezoq.gq exmemeethandhil.ml www.nerdpick.com kenlelaforli.gq concola.ml tincbountefarou.ml lavitrinanaturista.com tiodawhealthrebodeb.tk cash-out.at cpcalendars.visionart-studios.com www.visionart-studios.com cpcontacts.visionart-studios.com jimera.gq stolmix.pl statesmanpost.com www.books.wendylozano.com.cdn.cloudflare.net nerdpick.com buatvideo.online otriedeti.tk ulebudveipredab.tk www.best-miner.com.cdn.cloudflare.net api.genkai-shobo.jp www.notaiocardillo.it.cdn.cloudflare.net nomfree36.ml yimby-colorado.org www.yimby-colorado.org produtosdaterra.online thelacb.club zoomoglan.ga dwersely.host krishnaastrologer.com www.krishnaastrologer.com www.tonybuchen.com ex44change.com eneloph.gq lorddarktheory1.live app.tscra.org dev.tscra.org diaheimadlu.tk belangelique.com sites99.com.br tsurikai.cf visionart-studios.com cpcalendars.licensedandinsured.com.cdn.cloudflare.net cpcontacts.corpalincorporadora.com.br cpcalendars.corpalincorporadora.com.br tuisuoidanang.net teamfoodchicken29.fr goncaosman.ga kenttapassupostcan.tk afiyacor.com pushtreedispensary.com api.cooplosreartes.com facturas.cooplosreartes.com www.tury.com.ar cpcalendars.maxiimobi.com cpcontacts.maxiimobi.com www.anaipenuelas.com.cdn.cloudflare.net www.fox-123.com fox-123.com americanfencecohayden.com mydatamine.com www.mydatamine.com www.copypress.io.cdn.cloudflare.net blue.catchpower.com.au highlandwingsjewelry.com redimereusa.com xyadlinimtiga.gq monutsynchsiga.tk isaprezonasur.cl plesico.it sonekt.ru kolotovio.ml www.caraudio4u.nl www.habertalya.com caraudio4u.nl weibopapergeva.ga mootone.com govwxvmr.icu www.uzem.net ftp.uzem.net uzem.net blockcnain-wallet.site 44stars.com mantodamassa.com.br doveroided.xyz cartacart.com mymusicbaran1.co ddb79.com initialcloudflare.licensedandinsured.com.cdn.cloudflare.net cpcontacts.licensedandinsured.com.cdn.cloudflare.net www.licensedandinsured.com.cdn.cloudflare.net autoconfig.licensedandinsured.com.cdn.cloudflare.net sitepreview.uk compvacontu.tk brookerpalmtrees.com www.genkai-shobo.jp rebahin.xyz tury.com.ar dynamicdatausa.com l5579.com feicecolguesourhealth.ga justplayin.net in-za-loans-personals-ok.live www.acustomercare.com unnioholgast.cf autonadlanu.com

Open Ports Detected

2053 2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-10-20