104.18.15.226 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.15.226 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 51/100

Host and Network Information

• Mitre ATT&CK IDs: T1031 - Modify Existing Service, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1156 - Malicious Shell Modification, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1560 - Archive Collected Data, TA0011 - Command and Control

• Tags: aaaa, accept, active, active threat, address, aig, akamai, all octoseek, android, a nxdomain, a poster, aposter, apple, apple attack, apple engineering, apple id, applenoc, as16625, as20940, as24940 hetzner, as58061 scalaxy, as714, attack, authority, backdoor, bahamut, bell south, bellsouth, body, body length, brian, brian sabey, briansabey, browse scan, brute force passwords, bundled, ca, canvas, cellbrite, china, cidr, ck id, ck matrix, class, click, cmd, cname, cobalt strike, communicating, config, contact, contacted, contentencoding, contextualizing, copy, create new, creation date, critical, crypto, cybercrime, cyber stalking, dashboard, dns replication, domain, domain entries, endpoints all, error, et, et cins, execution, expiration, falcon sandbox, false, fear, file, filehashmd5, filehashsha1, filehashsha256, final url, final url summary, forbidden, formbook, general, generator, germany, germany unknown, graph, hallrender, hashes files, headers nel, historical, hostname, http response, https, icefog, icloud, install, installer, iocs, ioc search, iocs kb, ipv4, ipv6, japan national police agency, jekyll, local, localappdata, mail spammer, malicious host, malvertizing, malware, masquerading, meta, metro, mitre, mitre att, mitre attk, mtsub26293293, name, name servers, national police agency japan, network, new ioc, next, no expiration, nuance, nxdomain, octoseek, passive dns, paste, pattern match, pcap, pdf report, pegasus, phishing, pulse use, quasar, record type, record value, referrer, reinsurance, relacion, relay, remote, resolutions, root, root ca, sabey, samples, sandbox, scalaxy, scan endpoints, script, search, serving ip, sha256, showing, show technique, simple, small, span, speakez securus, ssh on server, ssl certificate, ssl hostname, state, status codes, stix, strings, subdomains, subid, submit, submit quasar, tagging, teams api, temp, threat, threat analyzer, tofsee, tracker, tracking, trojan, tsara brashears, ttl value, tulach, united, United states, unknown urls, url http, url https, urls https, verdict, win32, workaposter, xobo

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 2 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Canada, Netherlands, United States of America
• Passive DNS Results: thecountyrewards.org g6bmk.com experior.olivercloud.com fr.openclassrooms.com betterbill.co.uk daicatdailoi.com local-hero.at neml.peerdirect.com hr-plus.se alborzismiles.com extranet.vivo-le.com.br.cdn.cloudflare.net partner.openclassrooms.com click.highsierra.com.au motus-tata-select.co.za image.thebuild.com.au link.skygatenews.com.au link.brisbaneairportparking.com.au emartracking.vente-unique.ch link.3rdlvl.emarsystest.com pm-img.gibson.com link.email.fr.sportsdirect.com link.email.nz.sportsdirect.com newsletters.shirtinator.ch suite45-cf.emarsys.net.cdn.cloudflare.net suite54-cf.emarsys.net.cdn.cloudflare.net suite40-cf.emarsys.net.cdn.cloudflare.net suite67-cf.emarsys.net.cdn.cloudflare.net suite36-cf.emarsys.net.cdn.cloudflare.net suite29-cf.emarsys.net.cdn.cloudflare.net suite22-cf.emarsys.net.cdn.cloudflare.net suite11-cf.emarsys.net.cdn.cloudflare.net www.peerdirect.com api.flashpoint.io webassign.info qa-nl-mdg-fbmvp-19589-xliff4.az.ssdgws.co.uk login.flashpoint.io bot-hc-prod-savex.ddecathlon.nl api.openclassrooms.com capcitoyenreunion.re test-aws-thankful-lynx-9313.auth0c.com api.inline.app icetravelgroup.xyz app-staging.flashpoint.io www-u.gettingheretothere.com www.gettingheretothere.com preview.gettingheretothere.com uat.gettingheretothere.com sears.com gateway.icetravelgroup.xyz t.signauxtrois.com www.lakemedelsinformation.se selfservice.arlo.com www.estimator.sg estimator.sg www.xn--umker-nra.se carrierglobal.com search.app.flashpoint.io app.especast.com.br aramarkpassuat2.e-invoice.com bestbuyuat2.e-invoice.com denvergovuat2.e-invoice.com atriumuat2.e-invoice.com alasuat2.e-invoice.com subaruuat2.e-invoice.com cpruat2.e-invoice.com ee6611.com bancopopularuat2.e-invoice.com truistuat2.e-invoice.com alticoruat2.e-invoice.com samson-test.inline.app huggies.africa onetablenews.com paradisedelivery.evabioz.dev delivery.evabioz.dev royalexch999.com www.openclassrooms.com widgets.healcode.com.cdn.cloudflare.net www.pfizer.eg app.flashpoint.io flashpoint.io www.flashpoint.io qa-no-kzl-ecrp-10117-hcdgsconnfailure.az.ssdgws.co.uk kor234.com www.ecsteyr.com cycoflower.com www.coppercanyon-tx.org www.coppercanyon-tx.org.cdn.cloudflare.net staging.inline.app missionreport.openclassrooms.com www.forums.cycoflower.com cloud2.vtenergystarhomes.com vtenergystarhomes.com qa-dk-syc-caecom-0000-scope-limit.az.ssdgws.co.uk mapletreehousetw.com qa.dol.revolade.com dev.dol.revolade.com uat.dol.revolade.com stg.dol.revolade.com delivery.paradisegp.com area1.ninja api-demo.openclassrooms.com demo.openclassrooms.com stag.images.contentstack.com.cdn.cloudflare.net stag.images.contentstack.com edge.tenants.azure-tiebreak-nw-test1.auth0c.com wt.azure-tiebreak-nw-test1.auth0c.com azure-tiebreak-nw-test1.auth0c.com cmhc.ca peerdirect.com test.greamer.com blog.openclassrooms.com exercices.openclassrooms.com boutique.openclassrooms.com www.fashionid.de delightfulrefuge.com www.cmhc.ca 3c9908161cb8af9d6bcbc44ec1c44d2a083fa0bf.vercel-workers.com pfizer.eg testing.openclassrooms.com api-testing.openclassrooms.com api-perf-write.inline.app thebestinsurancequotes.com sentry.ahighapi.com moonapi.ahighapi.com apibk.ahighapi.com v2.ahighapi.com app.ahighapi.com api.ahighapi.com moon.ahighapi.com pushser.ahighapi.com ws.ahighapi.com testnet.ahighapi.com testnetws.ahighapi.com appup.ahighapi.com ucapi.ahighapi.com cf-dev.swissre.com lipitorchoicect.com cf.stearns.com fashionid.de siteduzero.com www.minunvalintani.com inline.app betmysport.com.mx mentor.openclassrooms.com minunvalintani.com new.teileshop.ch levelup.openclassrooms.com openclassrooms.com uat-share-us.dexcomdev.com imgmyu1.ahighapi.com imgv2e3.ahighapi.com imgmyu2.ahighapi.com otcapinew.ahighapi.com imgv2s2.ahighapi.com imgv2m2.ahighapi.com imgv2s1.ahighapi.com imgmyu1.ahighapi.com.cdn.cloudflare.net imgmye2.ahighapi.com imgmye1.ahighapi.com swap.ahighapi.com swapws.ahighapi.com imgv2e3.ahighapi.com.cdn.cloudflare.net otcapinew.ahighapi.com.cdn.cloudflare.net imgv2s1.ahighapi.com.cdn.cloudflare.net imgmyu2.ahighapi.com.cdn.cloudflare.net imgmye2.ahighapi.com.cdn.cloudflare.net imgv2s2.ahighapi.com.cdn.cloudflare.net imgmye1.ahighapi.com.cdn.cloudflare.net imgv2m2.ahighapi.com.cdn.cloudflare.net swapws.ahighapi.com.cdn.cloudflare.net swap.ahighapi.com.cdn.cloudflare.net r.thebestinsurancequotes.com callguard-demo.uat.securedataplatform.com.cdn.cloudflare.net www.fashionid.de.cdn.cloudflare.net mtest.teileshop.ch test.teileshop.ch vulkanstarrs.life echcry.icu www.echcry.icu bu122.com m.teileshop.ch www.teileshop.ch camanbet.com autoservice1chicago.com retrobet98.com teileshop.ch www.lakemedelsinformation.se.cdn.cloudflare.net www.schroders.co.uk.cdn.cloudflare.net 770ii.com www.lipitorchoicect.com.cdn.cloudflare.net ebooks.publish.csiro.au.cdn.cloudflare.net 355za.com www.calbassin.com.cdn.cloudflare.net pfizerpro.de www.pfizerpro.de.cdn.cloudflare.net www.activeden.net activeden.net

Malware Detected on Host

Count: 2 bbc66a7c45478a27bdaa7dabb1853367a1e912e8858340c16d34663d865718b0 e2d91a5930174d7f9cf13c9c5a2a31b1d6ed67dcf2aabc6cba1227833ce794d6

Open Ports Detected

2082 2083 2086 2087 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-07-20