104.47.20.36 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.47.20.36 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 35/100

Host and Network Information

• Mitre ATT&CK IDs: T1071 - Application Layer Protocol

• Tags: abuse contact, all search, apeaksoft ios, apple phone, apple private, asn owner, attack, author avatar, awful, banker, cisco umbrella, code, comments, concerning link, copy, creation date, critical, cyber criminal, data collection, date, dga domain, dnssec, domain name, drive, email, emotet, external, firewall sync, first, hackers, high level, hijacker, historical otx, historical ssl, hybridanalysis, info api, installer, keylogger, malicious, malware, metro, million alexa, monitoring, mon mar, neworder.doc, online sun, open, otx octoseek, record type, red team, related, report spam, resolutions, resolved ips, scan endpoints, script, search, server, shell code, siem, site, skynet, soar, ssl certificate, status, tsara brashears, ttl value, tue mar, united, unknown, unlocker, url http, url https, urls, urlvoid, vt graph, whois, whois lookup, whois record, whois show, whois whois

• View other sources: Spamhaus VirusTotal

• Country: United Kingdom
• Network: AS8075 microsoft corporation
• Noticed: 50 times
• Protcols Attacked: SSH
• Passive DNS Results: swimnorthwest-org.mail.protection.outlook.com covid19-fasttrakltd-co-uk.mail.protection.outlook.com www.marlinliftservices.com marlinliftservices.com cht-nhs-uk.mail.protection.outlook.com viviennewestwood-fr.mail.eo.outlook.com andytech-co-uk.mail.protection.outlook.com stridefm.co.uk antmarketing-com.mail.eo.outlook.com aelelectrical-co-uk0i.mail.protection.outlook.com houstonnet-com01i.mail.protection.outlook.com theriskbusters-co-uk.mail.protection.outlook.com marlinleisuremarine.co.uk autoumbaultd.com acmswaste.co.uk theriskbusters.co.uk chasepublishing-co-uk.mail.protection.outlook.com drill4.com jpconcretes.co.uk skillstar-co-uk.mail.protection.outlook.com aspect-propertyservices.com meeddubai-com01b.mail.eo.outlook.com o1nk-net.mail.protection.outlook.com door2tour-com.mail.protection.outlook.com coatingapplications-co-uk.mail.protection.outlook.com foillco.com xylopialtd.com perfectsolutions.ltd houston-net.com hpeuk-com.mail.protection.outlook.com perfectsolutions-ltd.mail.protection.outlook.com mbabel-com.mail.protection.outlook.com gosouthampton-co-uk.mail.protection.outlook.com bollingroup-com.mail.eo.outlook.com piksel-com.mail.protection.outlook.com industrypeople-co-uk.mail.protection.outlook.com bkgroup-co-uk.mail.protection.outlook.com financeplanning-co-uk.mail.protection.outlook.com perfeq-co-uk.mail.protection.outlook.com findlaybrown-co-uk.mail.protection.outlook.com boutiqueretreats-co-uk02b.mail.protection.outlook.com highsociety-co-uk01b.mail.protection.outlook.com huntersafetysolutions-co-uk.mail.protection.outlook.com investorcompensation-co-uk.mail.protection.outlook.com trophystore-co-uk.mail.protection.outlook.com greenwichtheatre-org-uk.mail.protection.outlook.com elastomer-co-uk.mail.protection.outlook.com branwellford-co-uk.mail.protection.outlook.com abacusconsulting-co-uk.mail.protection.outlook.com setpointherts-org-uk.mail.protection.outlook.com somerfordpark-co-uk.mail.protection.outlook.com citizenshipfoundation-org-uk.mail.protection.outlook.com puxton-co-uk.mail.protection.outlook.com michaelsbridalfabrics-co-uk.mail.protection.outlook.com pureinnovations-co-uk.mail.protection.outlook.com aquariumtechnology-co-uk.mail.protection.outlook.com yearsley-co-uk.mail.protection.outlook.com connellbrothers-co-uk.mail.protection.outlook.com countygroup-co-uk01e.mail.protection.outlook.com donwoodglass-co-uk01i.mail.protection.outlook.com normanhbarnett-co-uk.mail.protection.outlook.com jwmediamusic-co-uk.mail.protection.outlook.com alkenengineering-co-uk.mail.protection.outlook.com cockburnonline-co-uk02b.mail.protection.outlook.com tonerandmccartney-co-uk.mail.protection.outlook.com dats-co-uk.mail.protection.outlook.com sseng-co-uk.mail.protection.outlook.com dmpoconnell-co-uk.mail.protection.outlook.com foliorecruitment-co-uk.mail.protection.outlook.com tcsgroup-co-uk0i.mail.protection.outlook.com tricycle-co-uk.mail.protection.outlook.com murlands-co-uk.mail.protection.outlook.com gulliverstravel-co-uk.mail.protection.outlook.com geniusreserve-co-uk.mail.protection.outlook.com nortonlaw-co-uk01e.mail.protection.outlook.com dennons-co-uk.mail.protection.outlook.com speedystamps-co-uk.mail.protection.outlook.com goscomb-net.mail.protection.outlook.com griefencounter-org-uk.mail.protection.outlook.com haffhoff-co-uk.mail.protection.outlook.com nnuh-nhs-uk.mail.protection.outlook.com harrisondesign-co-uk.mail.protection.outlook.com concordiavolunteers-org-uk.mail.protection.outlook.com pilot-co-uk.mail.protection.outlook.com coblandslandscapes-co-uk.mail.protection.outlook.com rondadge-co-uk0i.mail.protection.outlook.com maydayemployment-co-uk.mail.protection.outlook.com stmarkssheffield-co-uk.mail.protection.outlook.com firstport-org-uk.mail.protection.outlook.com studiostalbans-co-uk.mail.protection.outlook.com loseleypark-co-uk.mail.protection.outlook.com granitesearch-co-uk.mail.protection.outlook.com adlibrecruitment-co-uk01c.mail.protection.outlook.com afselection-co-uk.mail.protection.outlook.com blueskiescareers-co-uk.mail.protection.outlook.com cosmos-co-uk.mail.protection.outlook.com voicetheunion-org-uk.mail.protection.outlook.com networkrailgraduates-co-uk.mail.protection.outlook.com jacksonrose-co-uk.mail.protection.outlook.com jfcsports-co-uk.mail.protection.outlook.com peacockinsurance-co-uk.mail.protection.outlook.com royalcollection-org-uk.mail.protection.outlook.com digitalgurus-com-au.mail.protection.outlook.com nigelcabourn-co-uk01c.mail.protection.outlook.com omicron-uk-com.mail.protection.outlook.com volksclub-co-uk.mail.protection.outlook.com galvinrestaurants-com.mail.protection.outlook.com fmerrifield-co-uk.mail.protection.outlook.com lctsupport-com.mail.protection.outlook.com sitewizard-co-uk.mail.protection.outlook.com burnsnice-com.mail.protection.outlook.com borronshaw-co-uk.mail.protection.outlook.com ablecarehomes-co-uk02b.mail.protection.outlook.com bndabrasives-co-uk.mail.protection.outlook.com nacukie-org.mail.protection.outlook.com activeassistance-com.mail.protection.outlook.com beehealth-co-uk.mail.protection.outlook.com bnml-co-uk.mail.protection.outlook.com abelhomes-co-uk.mail.protection.outlook.com castlebs-co-uk.mail.protection.outlook.com bondcare-co-uk.mail.protection.outlook.com capeyamu-com.mail.protection.outlook.com mail-cwlgbr010036.inbound.protection.outlook.com astraofficeinteriors-co-uk.mail.protection.outlook.com capitaintouch-co-uk01e.mail.protection.outlook.com euroheadhunter-com.mail.protection.outlook.com mail.access-electrical.co.uk mail.aztekservices.co.uk mail.cannadinesbathrooms.co.uk mail.cityismw.co.za mail.greystone-energy.co.uk mail.longwear.co.uk mail.pulsecateringequipment.co.uk mail.reflections-care.org mail.thebodyworks.co.uk mail.thm77.com thompsonandcooke-co-uk.mail.protection.outlook.com

Malware Detected on Host

Count: 1 a955538df166858434b27dabb19b821501dea1a44fad080e5bc049af6409744c

Open Ports Detected

25

Map

Whois Information

• NetRange: 104.40.0.0 - 104.47.255.255
• CIDR: 104.40.0.0/13
• NetName: MSFT
• NetHandle: NET-104-40-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Microsoft Corporation (MSFT)
• RegDate: 2014-05-07
• Updated: 2021-12-14
• Ref: https://rdap.arin.net/registry/ip/104.40.0.0
• OrgName: Microsoft Corporation
• OrgId: MSFT
• Address: One Microsoft Way
• City: Redmond
• StateProv: WA
• PostalCode: 98052
• Country: US
• RegDate: 1998-07-10
• Updated: 2023-11-17
• Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
• Comment: * https://cert.microsoft.com.
• Comment:
• Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
• Comment: * abuse@microsoft.com.
• Comment:
• Comment: To report security vulnerabilities in Microsoft products and services, please contact:
• Comment: * secure@microsoft.com.
• Comment:
• Comment: For legal and law enforcement-related requests, please contact:
• Comment: * msndcc@microsoft.com
• Comment:
• Comment: For routing, peering or DNS issues, please
• Comment: contact:
• Comment: * IOC@microsoft.com
• Ref: https://rdap.arin.net/registry/entity/MSFT
• OrgTechHandle: BEDAR6-ARIN
• OrgTechName: Bedard, Dawn
• OrgTechPhone: +1-425-538-6637
• OrgTechEmail: dabedard@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
• OrgTechHandle: IPHOS5-ARIN
• OrgTechName: IPHostmaster, IPHostmaster
• OrgTechPhone: +1-425-538-6637
• OrgTechEmail: iphostmaster@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
• OrgTechHandle: MRPD-ARIN
• OrgTechName: Microsoft Routing, Peering, and DNS
• OrgTechPhone: +1-425-882-8080
• OrgTechEmail: IOC@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
• OrgTechHandle: SINGH683-ARIN
• OrgTechName: Singh, Prachi
• OrgTechPhone: +1-425-707-5601
• OrgTechEmail: pracsin@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
• OrgAbuseHandle: MAC74-ARIN
• OrgAbuseName: Microsoft Abuse Contact
• OrgAbusePhone: +1-425-882-8080
• OrgAbuseEmail: abuse@microsoft.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
• OrgRoutingHandle: CHATU3-ARIN
• OrgRoutingName: Chaturmohta, Somesh
• OrgRoutingPhone: +1-425-882-8080
• OrgRoutingEmail: someshch@microsoft.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN

Links to attack logs

****** ****** ******