104.18.42.231 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.42.231 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 53/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1123 - Audio Capture, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1566 - Phishing

• Tags: acint, adam lee, adware, agent, alexa, alexa top, amazon02, america, android, anonymizer, api blog, apple, artemis, asn15169, asn16509, asn20446, asn54113, asp.net, asyncrat, august, azorult, back, bank, beach research, behav, blacklist, blacklist http, blacklist https, blacknet rat, browsing, centura health, cisco umbrella, cleaner, cobalt strike, coinminer, colorado jobs, communicating, conduit, contacted, control server, cookie, copyright, cowrie, crack, cyber threat, danger, data.net, ddos, de indicators, denial of service, detection list, docs pricing, domains, downldr, download, dropper, eeo public, emotet, engineering, erika lee, et, exchange, execution, exploit, facebook, fakealert, fastly, filetour, filing url, firehol, first, follow, frankfurt, fusioncore, gamehack, general full, generic, generic malware, genkryptik, germany, gesponsert url, get h2, ghost rat, gmbh version, google, google safe, hacktool, hash, hashes, heur, highwinds3, hiloti, historical ssl, hostname, hostnames, http, http attacker, ice fog, iframe, indonesia, industry and commerce, installpack, ip address, ip summary, jimburkedentistry, july, june, laplasclipper, leder-family, line, listen live, login, main, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, metasploit, microsoft, million, mimikatz, miner, monitoring, msil, name value, netherlands, nircmd, no data, noname057, november, nr-data.net, nreum, october, oid2, opencandy, outputldjh, page url, pe resource, philadelphia, phishing, phishing site, pinnacol insurance, postrelease, prague, presenoker, protocol h2, ramnit, ransomware, redline stealer, reinsurance, relic, resolutions, resource, reverse dns, riskware, runescape, safe site, sample, samples, scam, search live, security tls, sentrypeer, server, service, services, sftp, sip, site, skynet, softcnapp, software, ssh, ssl certificate, state, states, stealer, steam, subdomains, summary, suppobox, swrort, systweak, tag count, tags, tanner, team, threat report, threat roundup, thu dec, thu nov, tiggre, trojan, trojanspy, trojanx, tsara brashears, uah1200, uaw1600, ucd24, uh1200, uhis2, union, united, unsafe, url http, url https, url summary, usd1, us summary, utz60, uw1600, value, variables, wacatac, warning, webtoolbar, whois record, win64, xrat, xtrat, zbot

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 4 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: United States of America
• Passive DNS Results: documents.worldbank.org.cdn.cloudflare.net secure.worldbank.org ppi.worldbank.org.cdn.cloudflare.net ida.worldbank.org.cdn.cloudflare.net secure.worldbank.org.cdn.cloudflare.net projects.worldbank.org.cdn.cloudflare.net www.justcloud.com datacatalog.worldbank.org pip.worldbank.org larscmapp.worldbank.org larscmapp.worldbank.org.cdn.cloudflare.net datacatalog1.worldbank.org resiliencetool.worldbank.org.cdn.cloudflare.net climatechange.worldbank.org.cdn.cloudflare.net snowinv.worldbank.org snowinv.worldbank.org.cdn.cloudflare.net a9472u.com chickychick.sides-shop.com.cdn.cloudflare.net beta.kent.gov.uk sourcegraphdev.com datacatalog.worldbank.org.cdn.cloudflare.net selfservice.worldbank.org aemdatauat.worldbank.org isimulate.worldbank.org.cdn.cloudflare.net iresearch.worldbank.org iresearch.worldbank.org.cdn.cloudflare.net pubdocsqa.worldbank.org tacomundo.sides-shop.com api.worldbank.org.cdn.cloudflare.net climateportal.worldbank.org gsdtfs.worldbank.org api.worldbank.org stepapiext2.worldbank.org apps.worldbank.org giadms.worldbank.org www5.worldbank.org datacatalog1.worldbank.org.cdn.cloudflare.net wbgextspapiqa.worldbank.org haitiqa.worldbank.org budget.eightbarcollective.com cbadev.worldbank.org wbstst.worldbank.org extsearchapidev.worldbank.org id4dqa.worldbank.org cifqa.worldbank.org datapartnershipqa.worldbank.org boseventsapiqa.worldbank.org operationsxqa.worldbank.org artfradqa.worldbank.org covid19vaccinedeploymenttrackerqa.worldbank.org fundschain-ext.worldbank.org carbonregistry.worldbank.org proxyspamondev.worldbank.org wbgtapqa.worldbank.org 360leadership-admin-qa.decathlon.net countrysurveys.worldbank.org www.amweb.worldbank.org pppirc.worldbank.org dimewiki.worldbank.org.cdn.cloudflare.net ebizprd.worldbank.org.cdn.cloudflare.net tpf.fifsapi.worldbank.org 50x2030methods.worldbank.org qsmservices.worldbank.org intranetsearchapi.worldbank.org careers.worldbank.org lars.worldbank.org pension.worldbank.org crinfo.worldbank.org giadmsv2.worldbank.org step.worldbank.org wbgawsdsgnp2.worldbank.org climatechange.worldbank.org receiptscapturemapp.worldbank.org ibm.worldbank.org entsearchapiqa.worldbank.org api.matata.live povertydata.worldbank.org.cdn.cloudflare.net qa-gb-ykp-fixapd-4801-fixjavacomponentte.az.ssdgws.co.uk intranetassetsdev.worldbank.org peopleapiqa.worldbank.org testawsext4.worldbank.org stepapiextqa2.worldbank.org governorsportaldev.worldbank.org xaed.worldbank.org betterevalqa.worldbank.org rainkmsapidev.worldbank.org rapxuat.worldbank.org beta-maps.worldbank.org bulletinboardqa.worldbank.org databankapiqa.worldbank.org iegsqa.worldbank.org climatedatadev.worldbank.org cevaldev.worldbank.org progreenqa.worldbank.org dfqa.worldbank.org prep.d.eu1.caramelspec.com dint.d.eu1.caramelspec.com fddv.d.eu1.caramelspec.com d.eu1.caramelspec.com datacatalogbeta.worldbank.org cfrr.worldbank.org cfrr.worldbank.org.cdn.cloudflare.net chickychick.sides-shop.com scorecard.worldbank.org.cdn.cloudflare.net fundschain-extqa.worldbank.org link.focusfeatures.com jobs.kent.gov.uk www.kentfostering.co.uk kcc-web.matrix.squiz.cloud reproducibility.worldbank.org gmp.worldbank.org gmp.worldbank.org.cdn.cloudflare.net locochicken.sides-shop.com deberen.sides-shop.com lp.sun17.win watersecureworld.worldbank.org impactai.worldbank.org dunkin.sides-shop.com iris37.worldbank.org complexapppoc.worldbank.org api.prosperitydata360.worldbank.org www.cms.sandoz.gr pip.worldbank.org.cdn.cloudflare.net agw.ovo.id.cdn.cloudflare.net reproducibility.worldbank.org.cdn.cloudflare.net datacataloguat.worldbank.org decpm10-surveys.worldbank.org.cdn.cloudflare.net intranetx.worldbank.org newdatacatalog.worldbank.org entsearchwebapi.worldbank.org state-owned-enterprises.worldbank.org cif.fifsapi.worldbank.org iunlock.worldbank.org povertydata.worldbank.org af.fifscollab.worldbank.org datatopics.worldbank.org remittanceprices.worldbank.org dapsharepointwebhook.worldbank.org surveyfeedbackv2.worldbank.org smscon.worldbank.org isimulatenew.worldbank.org versionone.worldbank.org jobsgatewaysee.worldbank.org pubdocs.worldbank.org mapsapim.worldbank.org onespace.worldbank.org asktheplanet.worldbank.org b2cmonitoringeas.worldbank.org financesappprod.worldbank.org financesappprod.worldbank.org.cdn.cloudflare.net icsidfiles.worldbank.org.cdn.cloudflare.net idaweb.worldbank.org apietst.worldbank.org apieqa.worldbank.org apieprd.worldbank.org apiestg.worldbank.org centralxqa.worldbank.org aixqa.worldbank.org web.sun17.win dataingestuat.worldbank.org kcc-web.kcc-9721.saas.squiz.cloud.cdn.cloudflare.net webshop.chickychick.de wspqa.worldbank.org govdata360dev-backend.worldbank.org traveladvisoryapiqa.worldbank.org esfextqa.worldbank.org gefreportuat.worldbank.org pensionqa.worldbank.org ocops4qa.worldbank.org onespacexqa.worldbank.org stepqa2.worldbank.org freddyschilling.sides-shop.com web.worldbank.org wbgscorecardcdn.worldbank.org wbgalumni.worldbank.org isimulatestg.worldbank.org gpss.worldbank.org.cdn.cloudflare.net surveys.worldbank.org olc.worldbank.org notino.pl surveys.worldbank.org.cdn.cloudflare.net webapi.worldbank.org.cdn.cloudflare.net financesone.worldbank.org financesone.worldbank.org.cdn.cloudflare.net mdbqa.worldbank.org dataviz.worldbank.org.cdn.cloudflare.net online.familyfirst.com.au online.familyfirst.com.au.cdn.cloudflare.net pubdocdata.worldbank.org.cdn.cloudflare.net cats.worldbank.org catsweb.worldbank.org catsapim.worldbank.org www.a9472u.com kinnovation-plants.knaufinsulation.eu www.knaufinsulation.eu www.playindiana.com esgdata.worldbank.org esgdata.worldbank.org.cdn.cloudflare.net fifsgpeapi.worldbank.org www.ovo.id.cdn.cloudflare.net climatedata.worldbank.org.cdn.cloudflare.net wits.worldbank.org.cdn.cloudflare.net designstudio.worldbank.org.cdn.cloudflare.net rohhaeppchen.sides-shop.com valora.sides-shop.com aix.worldbank.org ahcp.worldbank.org.cdn.cloudflare.net switch-csa.ovoenergy.com static.beta.matata.live.cdn.cloudflare.net qa-fi-4li-fbmvp-20618-restorerevisedlogg.az.ssdgws.co.uk www.solar.sandoz.gr prod.solar.sandoz.gr focus.politico.com step2.worldbank.org step2.worldbank.org.cdn.cloudflare.net www.tabrecta-now.com dellwyseext.worldbank.org idasysext.worldbank.org sun17.win grsfdisability.worldbank.org seejobsgateway.worldbank.org pubdocdata.worldbank.org ppiadmin.worldbank.org apie.worldbank.org wbwcfe.worldbank.org netpensiontax.worldbank.org ahcp.worldbank.org myhrschedulerext.worldbank.org financesapp.worldbank.org clientconnection.worldbank.org grasfile.worldbank.org wbtranslation.worldbank.org operationsapi.worldbank.org wbgfellowship.worldbank.org godata.worldbank.org boomerangprod.worldbank.org wdi.worldbank.org groupshare.worldbank.org stepexternapi.worldbank.org data360api.worldbank.org qa-dk-ngk-fbmvp-20010-upstreamcalldurati.az.ssdgws.co.uk cckpapi.worldbank.org maap.worldbank.org static.beta.matata.live dev.developer.finra.org www.bibme.se dev.sandoz.gr stg.sandoz.gr financesapp.worldbank.org.cdn.cloudflare.net info.worldbank.org.cdn.cloudflare.net www.notino.pl globalfindex.worldbank.org.cdn.cloudflare.net search.worldbank.org.cdn.cloudflare.net decpm4-surveys.worldbank.org bics2024.worldbank.org decpm6-surveys.worldbank.org decpm8-surveys.worldbank.org decpm9-surveys.worldbank.org decpm2-surveys.worldbank.org cnpeval2.worldbank.org landsurvey.worldbank.org decpm7-surveys.worldbank.org solcem.worldbank.org itsdt-suso-testing.worldbank.org decpm5-surveys.worldbank.org decpm10-surveys.worldbank.org decpm-surveys.worldbank.org give.worldbank.org libraryapi.worldbank.org siteresources.worldbank.org.cdn.cloudflare.net uat.solar.sandoz.gr xaep.worldbank.org wbglibrarydevapi.worldbank.org wbgpension.worldbank.org business.ovo.id.cdn.cloudflare.net phcpqa.worldbank.org ieodev.worldbank.org ieoqa.worldbank.org sproster.worldbank.org wktqa.worldbank.org radqa.worldbank.org raddev2.worldbank.org gspsqa.worldbank.org raddev.worldbank.org amvirtual.worldbank.org wbappse.worldbank.org spxdocs.worldbank.org digitalforwomen.worldbank.org ddh.worldbank.org jamfcext.worldbank.org themployer.worldbank.org catsapi.worldbank.org decpm11-surveys.worldbank.org intranet.worldbank.org alerts.worldbank.org boredomfiles.com gfljd.worldbank.org search.worldbank.org projportalext.worldbank.org solhubapi.worldbank.org mytoken.worldbank.org magnet.worldbank.org decpm3-surveys.worldbank.org resiliencetool.worldbank.org lpi.worldbank.org.cdn.cloudflare.net climatescreeningtools.worldbank.org.cdn.cloudflare.net www1.worldbank.org www1.worldbank.org.cdn.cloudflare.net stg.cms.sandoz.gr wbgfiles.worldbank.org.cdn.cloudflare.net datatopics.worldbank.org.cdn.cloudflare.net matrixprofessional.ca qa.cms.sandoz.gr affiliation-chopper-apac-prod.decathlon.sg remittanceprices.worldbank.org.cdn.cloudflare.net climateknowledgeportal.worldbank.org.cdn.cloudflare.net ppp.worldbank.org.cdn.cloudflare.net olccustext.worldbank.org.cdn.cloudflare.net olc.worldbank.org.cdn.cloudflare.net genderdata.worldbank.org.cdn.cloudflare.net api.ovo.id www-wds.worldbank.org.cdn.cloudflare.net api.ovo.id.cdn.cloudflare.net web.worldbank.org.cdn.cloudflare.net videocrflaskqa.worldbank.org intranetsearchqa.worldbank.org message.worldbank.org.cdn.cloudflare.net extsearch.worldbank.org extsearch.worldbank.org.cdn.cloudflare.net pubdocs.worldbank.org.cdn.cloudflare.net documents1.worldbank.org.cdn.cloudflare.net databank.worldbank.org.cdn.cloudflare.net microdata.worldbank.org.cdn.cloudflare.net rimac-rotterdam.nl goroyalvegascasino.com sushidou.simplywebshop.ch.cdn.cloudflare.net sushi2go.simplywebshop.ch.cdn.cloudflare.net luckypanda.simplywebshop.ch.cdn.cloudflare.net halalkitchen.simplywebshop.ch.cdn.cloudflare.net 365soya.simplywebshop.ch.cdn.cloudflare.net arenaklosters.simplywebshop.ch.cdn.cloudflare.net sushitemple.simplywebshop.ch.cdn.cloudflare.net schnitzelkoenig.simplywebshop.ch.cdn.cloudflare.net nour.simplywebshop.ch.cdn.cloudflare.net mariospizzakurier.simplywebshop.ch.cdn.cloudflare.net pizzaspicy.simplywebshop.ch.cdn.cloudflare.net mamakang.simplywebshop.ch.cdn.cloudflare.net www.focusfeatures.com.cdn.cloudflare.net www.americanapparel.com riechieschicken.simplywebshop.ch oyshisushi.simplywebshop.ch nour.simplywebshop.ch sushitemple.simplywebshop.ch mariospizzakurier.simplywebshop.ch sushidou.simplywebshop.ch luckypanda.simplywebshop.ch halalkitchen.simplywebshop.ch 365soya.simplywebshop.ch knaufarmstrong.hu pizzaspicy.simplywebshop.ch getsquire.co.uk www.focusfeatures.com vmtest.crocus.co.uk mamakang.simplywebshop.ch schnitzelkoenig.simplywebshop.ch arenaklosters.simplywebshop.ch sushi2go.simplywebshop.ch nomad.simplywebshop.ch diner181.simplywebshop.ch demo2.simplywebshop.ch namsoup.simplywebshop.ch dokidoki.simplywebshop.ch petit-saigon.simplywebshop.ch churreria.simplywebshop.ch gladiatorpinza.simplywebshop.ch burgmoosbistro.simplywebshop.ch alpinesupport.simplywebshop.ch baripizzeria.simplywebshop.ch bigburger.simplywebshop.ch bigbabas.simplywebshop.ch plugpizza.simplywebshop.ch twistlock.apps.hats-dev.stack.gov.sg ilgransassoch.simplywebshop.ch gladiatorpinsa.simplywebshop.ch pcup.gov.ph auth.dexscreener.com zoragrill.simplywebshop.ch www.exitwidget-my.com leeplasticsurgery.net trade.dexscreener.com pl.dexscreener.com dexscreener.com www.matildpalace.hu api.switch-uat.ovoenergy.com edugen.wileyplus.com wwfcbc.org www.lipitorchoicebu.com lipitorchoicebu.com doordash.com.de mathseeds.co.uk encyclopedia.adventist.org edugen.wileyplus.com.cdn.cloudflare.net paamglesapparel.shop www.paamglesapparel.shop cuidandodegente.com.br maxdumiddbongobbci.tk hh279.com glisterokaybestower.top hugh.bhvgfb.xyz.cdn.cloudflare.net ivan.bhvgfb.xyz.cdn.cloudflare.net ivy.bhvgfb.xyz.cdn.cloudflare.net jake.bhvgfb.xyz.cdn.cloudflare.net dana.bhvgfb.xyz.cdn.cloudflare.net lee.bhvgfb.xyz.cdn.cloudflare.net elsa.bhvgfb.xyz.cdn.cloudflare.net ben.bhvgfb.xyz.cdn.cloudflare.net gabe.bhvgfb.xyz.cdn.cloudflare.net elle.bhvgfb.xyz.cdn.cloudflare.net beth.bhvgfb.xyz.cdn.cloudflare.net alex.bhvgfb.xyz.cdn.cloudflare.net duke.bhvgfb.xyz.cdn.cloudflare.net dora.bhvgfb.xyz.cdn.cloudflare.net abby.bhvgfb.xyz.cdn.cloudflare.net gina.bhvgfb.xyz.cdn.cloudflare.net emma.bhvgfb.xyz.cdn.cloudflare.net dina.bhvgfb.xyz.cdn.cloudflare.net amy.bhvgfb.xyz.cdn.cloudflare.net smetexyp.tk ircommereg.tk cpcontacts.youplay555.com cpcalendars.youplay555.com www.youplay555.com chlordaigoldse.gq e-pxn.com admin.cngov.xyz ealcali.ga enchrisjalosmawo.tk beengmonarigling.ml www.automotiveturbochargerspeh.xyz resturant.se poicoaco.tk proceftab.cf teicreaslechyligh.gq imermipersmic.cf onerezcomna.ga blazdontpuccasig.tk tiareiglasinad.ga dituwabare.tk mindcomlacafpo.tk zuxopohuheg.gq www.fundingdesigns.com.cdn.cloudflare.net thenortherngeeks.com uabnjjenig.cf lsdlinal.cf aldonsenuhale.tk historicseries.pk component-pl.com amdatemnie.gq scalgerlejehal.tk smartpayfrollz.cf yaadlashirion.tk yeahnot.space kalkdrageninecgi.tk haiformirespondcons.tk lobubamanti.ga proxcompparrecalpo.gq ccbsg.co.uk www.ccbsg.co.uk www.benthanhford.org benthanhford.org cpcontacts.fyting.com.cdn.cloudflare.net cpcalendars.fyting.com.cdn.cloudflare.net www.artygeek.com go.outstandingpolls.com tercompbast.tk maximkolosov.ru test.yourxsex.com digestionhealth.org boaverboforfini.tk be-medical-alarm-ygs-ok.live guncelyasak.com eppolacor.tk ketouimf.ga russkivape.ru nibrolitalgouatmot.tk laratolettceca.tk yourxsex.com investitureperfect.site outstandingpolls.com www.cnsk.ltd.cdn.cloudflare.net acexemscenenan.tk caesil.tk yrsp.xyz shakticon.com saichifik.com www.pixelwizzard.com derfwitilsearchde.tk smartbetedge.online www.trykitchennc.online bourwebscocanapa.tk

Malware Detected on Host

Count: 1 cb15685d40849d2269f464872f59c8ec6201b2b26781fb42412b3b51b605f987

Open Ports Detected

2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-07-07