104.18.27.211 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.27.211 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 48/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1068 - Exploitation for Privilege Escalation, T1105 - Ingress Tool Transfer, T1548 - Abuse Elevation Control Mechanism

• Tags: Apple phishing, asyncrat, attacks, contacted, crypto threat, dark web, email phishing, emotet, error, execution, iPhone phishing, quasar, referrer, remote, resolutions, social engineering, ssl certificate, stealer, threat roundup

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: India, United States of America
• Passive DNS Results: lucky2208.com www.boats.com.cdn.cloudflare.net it.boats.com.cdn.cloudflare.net 777barcash.com servicios.casaley.com.mx greexguse.gq couponbirds.com.cdn.cloudflare.net salon-happy-plus.com gt-20250204-afuid-testawsf-noid.authzerotest.com members-suite.de qa-dk-xmt-choredsi-4903-updatefittingbox.az.ssdgws.co.uk offer.couponbirds.com offer.couponbirds.com.cdn.cloudflare.net 2.opofak.xyz 77win882.com www.vinndittpris.com t2.couponbirds.com aplicaciones.casaley.com.mx ecompassion.com qa-se-uex-shrsvc-2698-envvarmodule.az.ssdgws.co.uk www.sikagrout.com appsvc.xyz vinndittpris.com www.acluvt.org acluvt.org www.couponbirds.com.cdn.cloudflare.net v5-betrich.com directpayment.nexway.com aplicaciones.casaley.com.mx.cdn.cloudflare.net www.bethesignal.com www.bethesignal.com.cdn.cloudflare.net qa-no-swa-fbmvp-21155-patchforupload.az.ssdgws.co.uk bihar.yalwa.in bulut2.youtora.com risa3.youtora.com lenet2.youtora.com salat2.youtora.com drlabrasca.com jetcarhifi.nl 888a.ro mobo.youtora.com molot2.youtora.com thedentalofficeofmckinney.com sikagrout.com www.bfmbahamas.com erikadecasier.com bfmbahamas.com aa-core.phonepe.com.cdn.cloudflare.net music.provider.plex.tv mp.plex.tv metadata-staging.provider.plex.tv email.provider.plex.tv ump-paas.plex.tv meta.plex.tv play.provider.plex.tv play-dev.provider.plex.tv legadata-dev.provider.plex.tv thetvdb.plex.tv epg-dev.provider.plex.tv sonos-staging.plex.tv app-qa.plex.tv links.plex.tv watch.plex.tv www.pedigree.co.th.cdn.cloudflare.net clients.plex.tv epg.provider.plex.tv sonos.plex.tv downloads.plex.tv app.plex.tv decafy-notification-saar.decathlon.net vod.provider.plex.tv www.plex.tv stage-jobs.hervis.com aa-core.phonepe.com www.fortrade.com.cdn.cloudflare.net devere-planner.com badworkers.org anag-repo.lbl.gov chargely.com www.luminalives.com trace.luminalives.com user.luminalives.com asapzacy.com portal-platform.cnno1.uds.lenovo.com www.lyricatreatmentpdpn.com geo.cnno1.uds.lenovo.com portal-aui.cnno1.uds.lenovo.com npm-registry.cnno1.uds.lenovo.com api-ar.cnno1.uds.lenovo.com oobe.cnno1.uds.lenovo.com wt.doma.auth0app.com doma.auth0app.com edge.tenants.doma.auth0app.com dpltportal.tdplt.com www.sommos.fit www.tdplt.com tdplt.com connect.tdplt.com qa-au-vty-fbmvp-12553-updateauaudioapptt.az.ssdgws.co.uk alb-qaint-ext.dxtenpro.qa.finra.org edge.tenants.test-aws-peaceful-leech-8993.auth0c.com wt.test-aws-peaceful-leech-8993.auth0c.com test-aws-peaceful-leech-8993.auth0c.com floridabuildingmaterials.com zby3d.com www.essentracomponents.com.my essentracomponents.com.my 9l3yju.org qa-no-lep-ecrp-9825-automateeventhubregr.az.ssdgws.co.uk 87xx.net qa-ca-awp-caecom-3031-customerupdatedema.az.ssdgws.co.uk www.bowlerocorp.com 8i890st.com inte.themoon.com autobedrijfvanhuygevoort.nl www.bdcofamerica.com www.pedigree.co.th bdcofamerica.com teamsmaven.com l.qa.curalate.com owner-api.stag.wealth-park.com owner.stag.wealth-park.com www.mendhamwealth.com.cdn.cloudflare.net dev.pedigree.co.th test.pedigree.co.th live.pedigree.co.th www.bowlerocorp.com.cdn.cloudflare.net www.economistasia.com qa.napacanada.com af8d30c15973cef4acdb27fa53f57c8edb00a18d.vercel-workers.com www.llgbqdnq.com www.adultroute.com 09fd13709691a71eca047313b37c4500a6f6301f.vercel-workers.com bowlerocorp.com edge.tenants.velan-manual-az.auth0c.com velan-manual-az.auth0c.com renalcareus.baxter.com www.mazdatraining.com.au www.ayuntamientopolo.gob.do www.thebeeandtheacorn.com edge-staging.curalate.com cfwww.peek-cloppenburg.com staging.peek-cloppenburg.com edge.tenants.icims-beta.auth00.com icims-beta.auth00.com landinsurancerates.com staging.economistasia.com prep.attendo.fi prod.attendo.fi inte.attendo.fi www.attendo.fi www.peek-cloppenburg.com www.villeroy-boch.hu pre-production.mazdatraining.com.au l.curalate.com edge-cf.curalate.com cdn.curalate.com loadtest.symtuza.com www.symtuza.com boaboa8.com www.crevelingwealthmanagement.com economistasia.com ayuntamientopolo.gob.do edge.curalate.com www.mendhamwealth.com seahorseameliavacations.com adultroute.com platform.beta.reorg-research.com peek-cloppenburg.com symtuza.com youtora.com sahajsolutions.co.uk r.landinsurancerates.com hinesinsulation.com cosmeticosvogue.uy cdn.curalate.com.cdn.cloudflare.net edge-staging.curalate.com.cdn.cloudflare.net l.curalate.com.cdn.cloudflare.net edge.curalate.com.cdn.cloudflare.net l.qa.curalate.com.cdn.cloudflare.net americanprofile.com symtuza.com.cdn.cloudflare.net www.americanprofile.com www.symtuza.com.cdn.cloudflare.net superbahis613.com prep.attendo.fi.cdn.cloudflare.net chrome.cloudflare-dns.com lamperks.com www.attendo.fi.cdn.cloudflare.net ai507.com platform.beta.reorg-research.com.cdn.cloudflare.net autoly.reorg-research.com.cdn.cloudflare.net www.thebeeandtheacorn.com.cdn.cloudflare.net kex9.com ecwd.tofideventresfa.info acc-overveen.com lr7d.tofideventresfa.info t0xm.tofideventresfa.info pixel.tofideventresfa.info www.ehmac.ca.cdn.cloudflare.net www.crevelingwealthmanagement.com.cdn.cloudflare.net taylorauto.com

Malware Detected on Host

Count: 2 a33c32f9b73c3f18d37c31e7d805ea9da8d04d0e844a6d1dfa27c7d97c5e6fd5 646862186545a3a183400a159369d6b6acc6dae961a5eaf18850d7c1d777bb5d

Open Ports Detected

2082 2083 2086 2087 2095 2096 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS13335
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN

Links to attack logs

anonymous-proxy-ip-list-2025-06-23 anonymous-proxy-ip-list-2025-06-22