104.18.11.212 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.11.212 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056.001 - Keylogging, T1057 - Process Discovery, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1129 - Shared Modules

• Tags: 443 ma2592000, aaaa, accept, a domains, adult content, all octoseek, analyze, android, apple, apple ios, as12616 filanc, as14061, as15169 google, as16625 akamai, as20940, as396982 google, as51659 llc, as54113, ascii text, asn as131965, asn as13335, awful, banker, body, ccb455304, ccb455307, certificate, china unknown, click, cname, cobalt strike, code, collections, command, command decode, communicating, comspec, connection, contacted, control ta0011, copy, core, country name, courier, created, critical risk, data, datacrashpad, date, dns resolutions, domain, domain name, edge, emily reimer goldstien, emoji, emreimer, encrypt, eva lisa, eva lisa reimer, evasion ta0005, february, files, gecko, general, germany unknown, get http, gmt content, gmt etag, gmt ifnonematch, gtmkvjvztk dl, hacktool, highly targeted, historical ssl, hostname, hostnames, html document, html internet, httponly xcdn, http response, hybrid, icmp, ieedge date, installer, iocs, ip address, ipv4, japan unknown, jeffrey reimer, jid1221717543, keylogger, khtml, less, link, location japan, malicious, malvertizing, malware, maxage86400, meta, metasploit, metro, mitre att, model, moved, msie, mutexes nothing, name servers, next, nothing, oc0006, passive dns, password, paste, path, port, pragma, prefetch1, prefetch8, pulse pulses, pulses, pulse submit, record value, referrer, related tags, request, resolved ips, response, roboto, russia unknown, scan endpoints, script, script domains, script urls, search, segoe ui, servers, showing, slc1, slfrd1, ssl certificate, status, status code, strings, suricata ipv4, suricata udpv4, suspicious, ta0004 defense, tagging, targeting brashears, threat, tsara brashears, uhttps, united, unknown, unlocker, url analysis, url data, urls, urls http, urls https, uyebaauqaaaaaac, vary useragent, vj93, vj99, welcome, whois record, whois whois, win32, win64, windows nt

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Japan, United States of America
• Passive DNS Results: bd02-tps-wms-mob-5605-np5.jdadelivers.com wiganwarriors-hospitality.seatunique.com members.seatunique.com free-trial.adcreative.ai get.meetgeek.ai bloghands.grsm.io pandjlive.seatunique.com www.4232332.com 4232332.com diorama.suaramerdeka.com jogja.suaramerdeka.com xoilac66z.pro get.keap.com chester-races.seatunique.com 318win.com.ph get.instapage.com leicestershireccc-eventshospitality.seatunique.com leicestershireccchospitality.seatunique.com ao-arena-premium.seatunique.com inflow.grsm.io pipedrive.grsm.io premiershiprugby-hospitality.seatunique.com partners.webydo.com affiliate.notion.so www.suaramerdeka.com videopeel.grsm.io subbly.grsm.io immerss.grsm.io swag.grsm.io www.octopart.com join-chat.octopart.com symbols-footprints.octopart.com partnerstack.quartile.com postscript.grsm.io r2.staging-investorflow.com inboxaware.grsm.io join.surveysparrow.com skuiq.grsm.io yesware7054.grsm.io hippovideo.grsm.io start.trainual.com afcwimbledonhospitality.seatunique.com sigma.octopart.com ps.scoreapp.com cometchat.grsm.io kaseandassociates.com try.restream.io get.brevo.com trial.nextiva.com get.capsulenow.io jgfslo.net aff.storychief.io origin.octopart.com cad-images.octopart.com staging-gpa-tool.octopart.com auth.octopart.com try.drip.com burnleyfchospitality.seatunique.com ospreysrugby.seatunique.com sunsama.grsm.io blora.suaramerdeka.com get.growtal.com seatuniqueriverside-internationals.seatunique.com dxctaydagitw1j32prep-slot.paastest.epimore.com collector-px0py5pczn.octopart.com www.blog.octopart.com searchpilot.octopart.com sport.suaramerdeka.com notifications.octopart.com try.airdeck.co refer.slite.com freshworks4391.grsm.io boconnect55jl.com utilitabowl-onedaycup.seatunique.com get.learnworlds.com vyper.grsm.io carro.grsm.io borrowell.grsm.io suaramerdeka.com visualcv.grsm.io pstk.smtp.com leicestertigers.seatunique.com 080340.com ustatic.octopart.com gpa-tool.octopart.com www.sbet008.com barcodestalk.grsm.io freshmarketer.grsm.io get.justworks.com powr2155.grsm.io www.seatunique.com seatunique.com www.tikdiscover.com deliverr.grsm.io datasheet.octopart.com sanebox.grsm.io get.autonix.io get.lindoai.com tikdiscover.com drip.grsm.io assistantly.grsm.io fiverr.grsm.io hackthebox.grsm.io jaguarslondonvip.seatunique.com projectmanagementinstitute.grsm.io sendinblue.grsm.io maropost.grsm.io airwallex.grsm.io liquidweb.grsm.io cloudtask.grsm.io get.incfile.com get.goodaccess.com superleaguehospitality.seatunique.com mlmiamimag.com partner.thryv.com referrals.optionalpha.com try.hiverhq.com get.overloop.com get.particl.com quartile.grsm.io scotts247.net vyond.grsm.io ps.alliancevirtualoffices.com get.sinchemail.com partner.functionpoint.com partner.missinglettr.com gcp-staging.iheartdogs.com reviewaffiliates.stripeconnectors.com try.snappy.com ps.screencloud.com get.openphone.com apollo.grsm.io ps.joinicontact.com get.transactionpro.com partners.hibob.com simpletexting.stptnr.net accu-chek.com.ve refer.teamtailor.com link.salesimpact.io try.sunsama.com try.belonghome.com oyster.grsm.io get.bitskout.com partners.connecteam.com get.overpass.com partnerstack.powr.io sendcloud.getsc.eu try.designpickle.com refer.entreprenista.com pstk.campaigner.com try.mysalescoach.com pstack.sellersfi.app get.process.st affiliate.bluejeans.com partner.perpetua.io try.passpack.com partners.crowdcontent.com partners.getpipelinepro.net buy.partnerstackprm.com try.be-addy.com try.selectfew.co indonesia-exitwidget.com refer.fundraiseup.com productionv1.s2sreviews.com www.indonesia-exitwidget.com audiense.grsm.io leadfeeder.grsm.io get.ruby.com get.firstbase.io try.wistia.com try.vyond.com partner.instoried.com affiliates.vwo.com partners.simplepractice.com get.textline.com get.buzzguru.com unitelvoice.grsm.io www.abitacs.it salesflare.grsm.io storychief.grsm.io napoleoncat.grsm.io subflowinc.grsm.io softrplatformsgmbh.grsm.io incfile.grsm.io partnerreferral.boast.ai get.todoist.io partners.glances.com get.onedge.co get.clrblt.com affiliates.houzz.com get.markcopy.ai get.landbotlab.com use.cleverly.co get.smtp2go.com adventure-affiliates.polaris.com try.draftbit.com ps.sostocked.com affiliates.meliopayments.com aff.trypipedrive.com try.sanebox.com partners.snappykraken.com ref.getmoda.io get.loomly.com ats.recruitee.com get.brightdata.com try.zoominfo.com a.phonesites.com try.shore.com beta.sonepar.hu login.sonepar.hu qa-nl-xic-apd-462-consolidatedatadogstep.az.ssdgws.co.uk tryshift.grsm.io partners.triplewhale.com partnerstack.getida.com get.hostfully.com get.thefulfillmentlab.com start.retextion.com dev.api.us.dexcomdev.com airslate.grsm.io qa-nl-c7c-apd-855-step1fabaccesspolicy.az.ssdgws.co.uk invite.usewhale.io get.hive.com getstarted.trainerize.com try.swell.is partners.makeforms.io shop-preprod.sonepar.hu trk.iheartdogs.com sfstaging.villeroy-boch.be try.timedoctor.com login-preprod.sonepar.hu try.unrubble.com commerce-partner.maropost.com partnerstack.synder.com get.junglescout.com get.veem.com refer.crowdfireapp.com get.neo.tax get.workbuzz.com partnerwithus.rewind.com writer.grsm.io try.finaloop.com moxtra.grsm.io join.glideapps.com ps.pixelme.me skylum.grsm.io get.papayaglobal.com try.later.com get.wrike.com ps.zon.tools try.lucid.co partners.ps.teamwork.com fieldpulse.grsm.io partners.docyt.com ps.zenarbitrage.co get.creditrepaircloud.com ps.scanunlimited.com ps.carbon6.io try.soon.works ps.amzalert.com ps.prettymerch.com go.getjobber.com partners.easydmarc.com practicebetter.grsm.io touchbistro.grsm.io partnerstack.sembly.ai partners.ownr.co get.spotvirtual.com get.socialboost.co try.hypermedica.com ps.workable.com trymoo.moosend.com get.socialbee.io try.promo.com easydmarc.grsm.io lucidsoftware.grsm.io partner.ntaskmanager.com try.brand24.com affiliatepartner-freshservice.freshworks.com spocket.grsm.io affiliatepartner.freshservice.com affiliatepartner.freshdesk.com get.borrowell.com try.bambee.com get.kixie.com partnerstack.signnow.com tryfa.quadient.com bexleyauto.com get.segments.app partners.beefree.io affiliatepartner-freshchat.freshworks.com affiliatepartner-freshteam.freshworks.com affiliatepartner-freshcaller.freshworks.com affiliatepartner-freshsales.freshworks.com affiliatepartner-freshmarketer.freshworks.com partner.sendoso.com try.circle.so get.stamped.io marketing-partner.maropost.com try.monday.com partner.gorgias.com get.electric.ai get.swipedon.com octopart.com trial.ezycollect.io partner.zoko.io get.ine.com partners.bugherd.com refer.xero.com get.reply.io try.soos.io partners.smartsuite.com get.shopcircle.co get.motionapp.com try.buddypunch.com get.deel.com refer.viewabo.com try.quillbot.com partnerstack.tresorit.com get.zarmoney.com get.sunlighten.com try.auvik.com refer.close.com get.paymoapp.com start.switcherstudio.com get.timetastic.co.uk try.socialpilot.co bombbomb.grsm.io qa-fi-q2w-apd-47-testingupgradingcloudfl.az.ssdgws.co.uk rubiconatlas.net octaneai.grsm.io miro.grsm.io invite.hotjar.com get.airtable.com get.tryinteract.com pslink.cakemail.com get.omnisend.com share.outgrow.biz try.cometchat.com try.shortstack.com partners.aloware.com qa-ca-z63-caecom-4259-userlastactivetolo.az.ssdgws.co.uk reply.grsm.io ine.grsm.io aayut88.com apparelmagic.grsm.io promo.grsm.io h789d.com asana.grsm.io gorgias.grsm.io partners.shipware.com socialbee.grsm.io dy02aicf.oe8de.com try.leadpages.com cn.ursa.london get.turbotax.ca join.subbly.co try.marketerhire.com wine.iheartdogs.com adcreative.grsm.io phonesites.grsm.io www.amusnet.com vendasta.grsm.io marketerhire.grsm.io silvermine.grsm.io adzooma.grsm.io smtp2go.grsm.io tiyuaiqi.com webflow.grsm.io partners.7shifts.com join.authory.com arbox.grsm.io coolbycarrier.az glide.grsm.io elementor.grsm.io loom.grsm.io share.trydesignlab.com team.postedprotein.co.uk res.easymusic.app printify.grsm.io productioncrate.grsm.io zymplify.grsm.io cartsguru.grsm.io messaging5.ooredoo.qa quillbot.grsm.io moosend.grsm.io partners.delighted.com amusnet.com grow.8fig.co doist.grsm.io caliva.grsm.io evernote.grsm.io helensburgh-lifeboats.org.uk mutualseries.com.gr mccmdms.metrobankcard.com close.grsm.io reveal.grsm.io freshsales.grsm.io realeflow.grsm.io reverb.grsm.io rec.cbc.fr ppr.cbc.fr int.cbc.fr crewdle.grsm.io melio.grsm.io honeybook.grsm.io leadpages.grsm.io chownow.grsm.io cbc-np.acquiaedge.net mccbotforms.metrobankcard.com looka.grsm.io zocdoc.grsm.io get.eventcadence.com get.timecamp.com brightdata.grsm.io share.designlab.com benzinga.grsm.io bouncer.grsm.io referral.honeybook.com junglescout.grsm.io withlove.usebouncer.com la-z-boy.shop ulla-trendingscanner.com castanet.grsm.io livestorm.grsm.io houzz.grsm.io zoominfo.grsm.io quickbooks.grsm.io campaignmonitor.grsm.io mbremote.metrobankcard.com bondic-toptechtoday.com freshcaller.grsm.io simpletexting.grsm.io apiuat1.portal.genpt.com cf.qa.napaprolink.com psref.katanamrp.com try.talmore.co www.metrobankcard.com rabbit.meitustat.com.cdn.jcloudcdn.com freshbooks.grsm.io freshchat.grsm.io calendly.grsm.io animaker.grsm.io cleverly.grsm.io paymo.grsm.io tundra.grsm.io sng.mcbmobile.com creditcardsoa.metrobankcard.com prod6.adhdtuntuu.fi.cdn.cloudflare.net prep6.adhdtuntuu.fi.cdn.cloudflare.net uk.starbucks-alfa.dev.monkapps.com.cdn.cloudflare.net www.mcbmobile.com.cdn.cloudflare.net s4stest.mcbmobile.com.cdn.cloudflare.net inte6.adhdtuntuu.fi.cdn.cloudflare.net s4s.mcbmobile.com.cdn.cloudflare.net toofit.grsm.io ib.mcbmobile.com.cdn.cloudflare.net sts.metrobankcard.com ww.metrobankcard.com creditrepaircloud.grsm.io staging.mytimeservices.com unbounce.grsm.io freshdesk.grsm.io prod6.adhdtuntuu.fi inte6.adhdtuntuu.fi prep6.adhdtuntuu.fi dev6.adhdtuntuu.fi thinkific6979.grsm.io s4s.mcbmobile.com ib.mcbmobile.com www.mcbmobile.com s4stest.mcbmobile.com helpscout.grsm.io moqups.grsm.io thryv.grsm.io get.streak.com interact.grsm.io processstreet.grsm.io pandadoc.grsm.io landingi.grsm.io crowdfire.grsm.io uk.starbucks-alfa.dev.monkapps.com www.mytimeservices.com restream.grsm.io omnisend.grsm.io vivahr.grsm.io taxjar.grsm.io instapage.grsm.io moodspike.com tobytides.co.uk neidpathinn.co.uk partners.cocoondata.com typeform.grsm.io qablue.politico.com keap.grsm.io streak.grsm.io grsm.io mondaycom.grsm.io shortstack.grsm.io cobalt.grsm.io get.landingi.com

Malware Detected on Host

Count: 2 0cb339f0a339ef2694d5442e3fc17db64cdc452e8f20374bdd52efd7bfc5704c d5ccfb7ee1bad88ea63e5bdbeab9891934157be5d5b6989822d79ca5aa55de10

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22