104.18.41.180 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.41.180 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 54/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1176 - Browser Extensions, T1560 - Archive Collected Data

• Tags: accept, alexa, alexa top, appdata, artemis, ascii text, authority, bank, blacklist, blacklist http, blocklist, catalog file, cisco umbrella, class, click, cnc feodo, cnc server, critical, cronup threat, cve20188453, cyber threat, date, deepscan, detection list, done adding, dropper, emotet, emotet ip, error, et cnc, facebook, feodo, file, first, general, generator, hybrid, ip summary, jul jan, local, malicious, malicious site, malware, malware site, million, pattern match, phishing, ramnit, ransomware, recent emotet, root ca, safe site, sample, samples, site, sodinokibi, ssl certificate, strings, summary, suppobox, tag count, team, threat report, threats et, tracker, tue feb, twitter, united, unknown, unsafe, url summary, virustotal, whois record, whois whois, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Ireland, Italy, Singapore, United States of America
• Passive DNS Results: urgentcare.bannerhealth.com uat.bannerhealth.com mybanner-api.bannerhealth.com uat.documents.bannerhealth.com qa.imgsched.bannerhealth.com webtma.bannerhealth.com qa.public.api.aws.bannerhealth.com sbx-mybanner-api.bannerhealth.com www.securitas.cz www.securitas.cz.cdn.cloudflare.net pacientepfizer.com guestlogin.bannerhealth.com assets.xxxlutz.com wired2wellbeing.bannerhealth.com spam.bannerhealth.com mydevice.bannerhealth.com scheduling.bannerhealth.com onlinescheduling.bannerhealth.com sbx-mybanner.bannerhealth.com dev-mybanner.bannerhealth.com verify-lite.bannerhealth.com dev-guestlogin.bannerhealth.com secondopinionxp.bannerhealth.com emergencycare.bannerhealth.com test.marsvet.com dev-schedule.bannerhealth.com tsmc.bannerhealth.com www.novartis.es www.qa.bannerhealth.com www.unibankusa.com mycobutin.de www.pacientepfizer.com www-prep.securitas.cz www-prep.securitas.cz.cdn.cloudflare.net reassuranse.no secondopinion.bannerhealth.com visitorscreening.bannerhealth.com xxxlutz.com latinflirts.com management.apimpoc.bannerhealth.com qa.profesionalessanitarios.novartis.es beta2.bannerhealth.com www.surveys-qa.bannerhealth.com cdnverify.qa-mybanner.bannerhealth.com mybanner.bannerhealth.com swapoc.bannerhealth.com apimpoc.bannerhealth.com consents-api.dexcom.jp qa-symptomchecker.bannerhealth.com www.knowpnemonia.com staff-meals-dev.bannerhealth.com staff-meals.bannerhealth.com elasticsearch.goldenhippo.com uat.profesionalessanitarios.novartis.es prod1.novartis.es www-prod.securitas.cz talentcommunity.bannerhealth.com intranetredirect.bannerhealth.com woundcare.bannerhealth.com www.calcoastcu.org qa-msg.bannerhealth.com qa-mybanner-api.bannerhealth.com sbx-mybanner-admin.bannerhealth.com dev-msg.bannerhealth.com dev-videovisits.bannerhealth.com cimage-cf.latinflirts.com api.bannerhealth.com monitor.goldenhippo.com quickquotematchers.com bankfinancial.com mytime.bannerhealth.com bannerhealth.com qa-account-cdn.bannerhealth.com dev-account.bannerhealth.com qa.onlinescheduling.bannerhealth.com wandelanleihen.lu payables.goldenhippo.com dev.novartis.es cdnverify.sbx-mybanner.bannerhealth.com stage.scheduling.bannerhealth.com imaging.bannerhealth.com www.pfizerpro.com.mx.cdn.cloudflare.net account-cdn.bannerhealth.com www.orderaamiles.com.cdn.cloudflare.net account.bannerhealth.com www.nnc.gov.ph www.bannerhealth.com fssystem.ca wt.ntt-docomo-jp-dev-1.auth0app.com edge.tenants.ntt-docomo-jp-dev-1.auth0app.com avan.no ntt-docomo-jp-dev-1.auth0app.com www.orderaamiles.com edge.tenants.focus-optimization-ca-prod-1.auth0app.com wt.focus-optimization-ca-prod-1.auth0app.com focus-optimization-ca-prod-1.auth0app.com m-id.ideal.dbs.com dietprepz.com trentsgarage.com www.agrivisor.com agrivisor.com www.tudorhall.gr domocomfort.it carolinahomeinspectorsplus.com gopinion.app www.mdannuprint.xyz mdannuprint.xyz lnstagram-forlite.ml www.slrmagic.co.uk xsw79.com wvdbw.com napengedekecu.tk tnradtoea.store faiplancuosub.ga midterscorre.ml tighherrolibpe.ga adulawhoranar.tk justcalineasasla.cf steeparariclan.cf pasalapsick.tk viasiahygere.cf kothhouefort.tk sawibacdenerse.tk dianadosnaparcons.tk clinunavhitje.cf www.mamaal.com ariamovie10.site erhja.club www.ditsolution.com.np tieroycapgoldre.ga finanscio.com ctbjm.com chat2.chat.hinetworks.com.br chat.hinetworks.com.br prinodricomsizav.tk janeskryddbod.se xxxgirlsnn.xyz bloodalpenole.cf bsrvmod.com rempraracorverster.gq blog.mamaal.com grasunadin.ml hydraruzxpnew4afu.ru ketodeb.ml cepmehypahaver.ga livelinvaburglitt.tk www.neurosync.net neurosync.net cribseentogarbkinding.tk buistylec.tk hozenredina.tk cuiverthemosre.tk crabhelchi.ga elzecelsubsco.tk imgkkk.com www.confidence10.online.cdn.cloudflare.net gasline.site www.bgenerators.store dragonsart.ru sinirtas.com newbalanceitaly.it rogdamenuhenmi.tk prinik.in bgenerators.store slim-your-bin.com www.cwswe.com.cdn.cloudflare.net cwswe.com accidentcarhire.co.uk www.accidentcarhire.co.uk nouhatersgozasinc.tk hautastwelself.tk eartuapepcia.tk doegerloh-betonpumpen.de cyhuwagocy.tk presvenmeckrugti.gq pernilisnessrocpa.tk gm-engineering.org confidevictorylaureate.cyou ojoho.io ojoho.com quaffsuperbjester.online lighpade.biz diffa-forced-displacement.info mtcore.theforexgo.com cursoroblox.com 8payvn.com be-intl-infrared-thermometers-ok.live misstiwedcuna.tk lesigilactaga.tk antraninicin.tk quisquojus.cf tips4life.site cmonday.ga www.teenfreesite.com teenfreesite.com slopizsonnisoukel.cf avbofurlatip.tk tocate.xyz ck3y.com www.afroditaspa.sk ilbet214.com knapsack-and-bags.ru adobotom.cf freegou.tech squatamnotusawa.tk perdieseameces.ml momolufalind.tk sandtocuadalri.tk reefeeddyrica.gq narasvebeka.ml tsoho.autocoda.com www.autocoda.com compudaymar.com nm1388.com 8002248.info server2.simplecraft.eu xequemateh.com.br www.xequemateh.com.br bemostpulhozuare.tk cafedubaineuss.de daustamdentwebveycran.gq mamaal.com www.handcraftedbizacademy.com lynod.de rbeh.site hintahaukka.fi www.hintahaukka.fi infinityark.org www.infinityark.org www.metrotubei.com.cdn.cloudflare.net kaos.ga www.instagosmm.com prototypes.autocoda.com canwa.autocoda.com frenchsoup.live yiyi11.xyz akberg.nl snowisfandemenaps.gq silvia-narayana.com registercredentialnewpinactive.cf confidence10.online mathildelacombe.com atoycity.com avia-lohovoz.online lamistytibeti.ml coemersneflepounthamp.gq tsj151.ru 1kmarketplace.com eflamerdifur.ml epsonkauppa.fi www.epsonkauppa.fi jobw1h.com gooddar.ml polodowcowa.pl warehouseblueprint.com trackcabn.com bumererebawarc.tk poetshack.com clients.autocoda.com pin-up-carts3.ru afroditaspa.sk www.asiatipsfootball.com asiatipsfootball.com www.duvar.info marketindex.autocoda.com rel.thegravity.agency www.thegravity.agency thegravity.agency mlthyur.asia drawarovprefan.ml www.stingtao.info blog.stingtao.info zahnheilkunde-bayreuth.de v-kyc.headstrait.com v16110.com www.v16110.com nisttiphosalpe.ml menmeddvaput.tk tier5partners.com www.elgazzarcoffee.com www.compostdenton.com compostdenton.com akhdaa.com jetevurixumo.tk pokereral.monster cuttlihyrdcomta.gq satosayoko.com optpg.ru paragon-partners.top loja.flamemc.com.br onmogylimidik.tk authyk.ml www.pawpools.space pacli1.ga excharreme.ml handmetcirckinsu.tk api.pawpools.space ciofecpecoper.ml crosturlosifarc.ml kavbet97.com www.ryvibranceshop.com ryvibranceshop.com acregoogsatp.tk epjataprifopo.tk bluesky78.com duvar.info nerhumbknoconin.tk winemeup.co brooke.biz suftotusa.tk dirtysneakers.co prosexpenicvoi.cf conkmasatalun.ga mistsaderriafewi.cf store.gsxroc.com slotechautolec.tk keyjconkentevi.tk vulealky.site aviationjobsguide.com go-lagu.my.id fengbodev.com demulkearecchicht.cf dersrumegansopar.cf onfline.shop tribagvini.tk www.mudodondurma.com www.marasloks.lv busditacenbo.gq facturama.bid www.medeltidsdagar.se ranalinnada.tk mawacloduback.tk lcwyf44u.icu alsobsesstorrepu.tk davidvuong.com zlg111.com twetiors.xyz zberpigkeuquito.tk drerpardo.com thewateridgegroup.com eboy.com.tr lilikoicookbook.com xsuwfd0r.icu memosunre.tk mmobiles.site klp858.icu daki-host.tk stresser.vip openfrpqnx.fun www.bibliacronologica.org bibliacronologica.org elgazzarcoffee.com quegomere.cf myapeprero.ml placalinno.tk tifibackti.tk edanenbi.tk ag.nagapedia.com rupkendsapowijn.tk ganndawige.tk kbohclk.tk brrhlkb.tk 96975638.cn duzizoqowemucu.gq zentcapramix.tk azyfygesecax.tk stategreats.icu 12weekcreditchallenge.com geluvevazise.ml blestoteta.ml outflavvehamax.tk ichranramila.cf alltekdemo.noreverse.digital tembereado.tk charbsignpetguwer.gq h0j5qo.buzz daydinilowre.cf solityroxttus.ml takkusangkacepatberlaludiriruki.ml gacicofybacyka.ml branensas.tk johnrilu.gq thronelatatwil.cf perchartdyspsimp.ml tasadisga.cf campcountaesnakab.tk groundzn.ga icyhohyhigutoco.ml bekevedefe.tk guryvuho.ga weluguzibepo.gq kobayyxuh.gq xewyximavaty.gq gawitchlangsiporsa.ml cilitu1.xyz www.natsuosawa.online centlofabouti.ga credtidicentme.ml 1slotbar.com natsuosawa.online sumayagustavsson.tk alltek.noreverse.digital rectpetdelity.gq sebo999.cf excilitisti.gq nifejivynumu.tk searchberpestfirira.tk leibacontdescsysle.tk cloud.world.blisshairglobal.com.cdn.cloudflare.net static.blisshairglobal.com.cdn.cloudflare.net scienzadellosport.org maudati-nall.buzz osmosaics.com shophousedanang.net logotype3d.com freeebooksgh9umfe.cf frolinpartners.com infosanmigueldeallende.com mc-cloud.tk shanghaozhongji.com nzm-gm.com genesisconstruccion.com.mx kaba-kaba.com alpenland-abbund.ch bleedzcrimson.net riahambrerkthist.tk www.rebelgalshop.com selvastresser.xyz rebelgalshop.com trituradoras.pro 700kids.ru gzxhjl.com pornnod.com presadsosdege.ml www.3strandsoutfittersoptin.com 3strandsoutfittersoptin.com jitsi.headstrait.com chishiki.vn slrmagic.co.uk zdbot2342342345934085038402.tk cpcalendars.trioxic.com cpcontacts.trioxic.com tronanglarat.tk croft-git.tystuff.com croft-admin.tystuff.com croft-api.tystuff.com croft-user.tystuff.com comtech-ne.com xn–d1abbwleacog.xn–p1ai inventmusic.gq elkstore.tk kalegrouptekno.com visittomorrowland.com ghaid-store.com tiuaralwyecillau.tk specephriluper.tk energizedlive.com ceutireminpicog.tk kaufeinzentrum.de elsayang.com hidraiptv.com instagosmm.com www.suckhoephunu247.xyz www.noreverse.digital noreverse.digital www.saveandshops.com saveandshops.com cpcontacts.comedianstellingstuff.com cpcalendars.comedianstellingstuff.com www.71b.co.uk.cdn.cloudflare.net snapshotgamesspot.com misufu.info do-an-intl-suvrun.live desobamvotoddmon.gq ccomguy.com littxarahancepil.ml modelco.icu moadda2.com doubletasteonline.co.uk sextoyinsights.com radomizle.tk www.ccomguy.com cdn.omronbrandshop.com.cdn.cloudflare.net anlamitu.tk www.pizzaking-aldershot.org.uk pizzaking-aldershot.org.uk mullanagrihire.co.uk swieykowski.eu www.dryprawns.in dryprawns.in athtaculpa.tk ponuki.gq cpcalendars.abogadopenalchile.cl abogadopenalchile.cl cpcontacts.abogadopenalchile.cl www.abogadopenalchile.cl moslavka-bj.hr daltumbdaen.tk naijiggpergaicava.cf aprilsip.top

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22