104.18.86.42 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.86.42 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1056 - Input Capture, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1071 - Application Layer Protocol, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1113 - Screen Capture, T1129 - Shared Modules, T1480 - Execution Guardrails, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1568 - Dynamic Resolution, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information

• Tags: aaaa, accept, acku new, active related, added active, address port, address range, adobe document, adversaries, aes128gcm, akamaias, akamaiasn1, alerts, algorithm, alienvault, allocation, amazon02, amazonaes, amazon cigle, amazon s3, amazons3, amer, analysis, analysis date, analysis ob0001, analysis ob0002, analyze api, ansi, api key, april, apt, arin rdapwhois, arin search, as15169, as16509, as20940, as3359, as8075, as852, ascii, ascii text, ascio, asusa, asyncrat c, authentihash, autom93, automattic, available from, av detections, azure rsa, backdoor, bad actor, base64uidenc, b first, binary file, body, bulk export, cab c, ca odigicert, catalog tree, cdck, centrum, change theme, china, cidr, cjutxg, ck id, ck ids, ck techniques, classinfobase, click, close, cloud, cloudflare, cloudflarenet, cnamazon rsa, cname, cndigicert sha2, cnmicrosoft ecc, code, collection, com laude, command, community, comspec, connection, contact, contact us, contentencoding, content length, control ta0011, copy, copy md5, copyright, copy sha1, copy sha256, corporation c, corporation cus, country name, created, creation date, crlf, crowdsourced, cuba, cus oamazon, cus olet, cus subject, cve list, czytaj dalej, data, datacrashpad, data oc0004, date, date mon, dcrat, dead, default, defense evasion, delegation, delphi, detects, directui, discovery, dns resolutions, dnssec, dokument xml, domain, domain add, domain name, domains, domain status, download, drop your, drweb, duration cuckoo, dynamicloader, ecdsa, edge, element, email, emails, emotet, emulation, encrypt, encrypt cne6, enigma, entity, entity autom93, entries, entries pe, error, error https, europedublin, evasion ta0005, exchange meta, exploit, externalnet, extraction, ezhquqlvois, facebook, fastly, feed, file, filedataports, filehash, filehashmd5, filehashsha256, files, file score, files location, filter, first ioc, first seen, flag united, gandi sas, gecko, general, geofeed https, geoip, getclassinfoptr, get http, get https, ghost, github, gmbh, gmt contenttype, gmt ifnonematch, google, google detected, google tag, gtmkvjvztk, gtmkvjvztk dl, handle, handlebars, hashes, hash seen, high, homenet, hong kong, hostname, hosts, hours ago, html c, html document, html internet, http, https, httpurl, hybrid, hybrid analysis, icmp, ids detections, iframe tags, impact ta0040, imphash, inc abuse, inc cus, indicator of compromise, indicator role, indonesia, info file, informative, inquest labs, insert, intelligence, internalname, ioc, iocs, ip address, ipv4, january, javascript, jest jeszcze, june, key algorithm, key identifier, key info, khtml, learn, level3, levelblue, lf line, link, linux x8664, lnk c, local, look, ltd dba, m03 validity, machine label, malware, malware unread, markus, mask, md5 add, md5hashdata, media, medium, mexico, microsoft, mini, miss xrq, mitre att, model, moderate, moved, movie, msr jul, mtb jun, mutexes nothing, name automattic, namecheap, namecheap inc, namecheapnet, name servers, name tactics, net1920000, net type, network dropped, network name, next, next associated, none file, norton, notes supported, nothing, nowe zenbooki, null, number, ob0007 impact, ob0012 file, oc0006, oc0008, oid2, omicrosoft c, online, open threat, optanon, optanonwrapper, orcusrat c, origin as, overview, pandastealer c, parent net192, parsely, passive dns, path, pattern match, pcap, pcap processing, platform, please, please note, png image, port, post https, prefetch8 ansi, premium, present mar, present nov, process oc0003, program, protocol, proton, public url, pulse pulses, pulses, pulses none, pulse submit, pulses url, quasarrat, range, ransomware, rate limits, rdapwhois, record type, refresh, registrar, registrar abuse, registrarsafe, registrar url, registry, related nids, related pulses, related tags, reporting, report spam, request, resolved ips, resources api, response, restart, restful link, results, rhadamanthys c, rich pe, role title, roth, russia, sample, sandbox, script tags, search, secure server, security, seen, sentinel labs, server, server ca, server nginx, servers, service, seznam, sha1, sha1hashdata, sha256, sha256hashdata, share, show, showing, show process, show technique, shutdown, size, socks5systemz c, spaceship, span, spawns, ssdeep, ssl certificate, static, status, stixtaxii, stq function, street, strings, strong, stwa lredmond, subject, subject public, submit, susp, suspicious, switch, swkmtfsr1, system oc0001, t1027, t1057, t1071, t1105, t1480, ta0004 defense, ta0007 command, ta0009 command, tabs, tags twitter, tekst ascii, tekst w, telecom, text c, themida, threat, threat intelligence, threat level, threats api, threats explore, thumbprint, thursday, title added, tls issuing, toggle, tomkomp napisz, tools, tool transfer, Tracking Domains, transformer pro, trojan, trojandropper, ttl value, tucows, twitter, type, type csv, type indicator, type javascript, typeof function, ukraine, unicode text, unit, united, unknown ns, updated, update secure, upxoepplace, url add, url analysis, url data, url http, url https, urls, uss c, usvw, usvwu, utc gtm53l4wgzn, utc na, utf16 unicode, utf8 text, utf8 unicode, v3 serial, validity, value, variables, verified, verify, version file, vetting process, vhash, virus, vis1, vxstream, whoisrws, whois server, widar c, win32, win64, window, windows, windows nt, wojtek napisz, wordpress vip, write, write c, x509v3 subject, xml c, xml format, xmp data, xored keyword, xor key, x string, yara, yara detections, z bardzo, z kocwkami, zoliwym, z terminatorami

• JARM: 27d27d27d00027d00042d43d00041df04c41293ba84f6efe3a613b22f983e6

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 25 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Georgia, Guatemala, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: dd-patch.200403.xyz cookielaw.org www.cookielaw.org cdn.cookielaw.org www.bikester.fr.cdn.cloudflare.net easychoicetime.com hcp185.com www.yatutea.com yatutea.com

Malware Detected on Host

Count: 112 1a43a1791862e5f075a59690def3e7adcbdeeaa2a7a31e01b66703c0bf1fe66d 110c8d3de15fbc8fa31085bbef47bc99a5c44955a6432ff7df869b1c8daa8c01 29d7ad6fe5226166bf4472b874b93289fddf8f2365c03fa83bd6740cacf1b8d7 e2c283438e5f9236c5cb2e6b8b95ca78d520f7b776d64a050664972cb51076f5 401c5d2157d303df1ca465ff4097ee4474574c39f614cbb5734193a3917354c0 0c8d22d58a747ceccad56317b9c0afe58fe4b9f3c2138134e978e43a5f5ac390 13265c0e32312a0763f3f8fed0f017a606355987ac9398bfb38f47c760ad32b0 5e5af4d277809762fdf3829291eb0f44e7f31eea0d37fe714eae3e4cd46f4c17 b7aa1a8206e48fb7623904ae9cc87a68fcf52c19c9b016805e9b34cffdc15dd5 a8eb13f7fd63d522dec6a011a1569af37e35fcd14bff40bb2f06a123ef962b0b

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22