104.47.55.33 Threat Intelligence and Host Information
Jan 11, 2024
ipinfopage
General
IP Address
104.47.55.33
Location
🇺🇸 United States
Network
AS8075
Threat Score
60/100
Attack Intelligence
MITRE ATT&CK Techniques
T1001.002 - Steganography, T1001.003 - Protocol Impersonation, T1001 - Data Obfuscation, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1010 - Application Window Discovery, T1011 - Exfiltration Over Other Network Medium, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1033 - System Owner/User Discovery, T1035 - Service Execution, T1036 - Masquerading, T1040 - Network Sniffing, T1041 - Exfiltration Over C2 Channel, T1045 - Software Packing, T1046 - Network Service Scanning, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114.002 - Remote Email Collection, T1114 - Email Collection, T1119 - Automated Collection, T1122 - Component Object Model Hijacking, T1127 - Trusted Developer Utilities Proxy Execution, T1129 - Shared Modules, T1134.001 - Token Impersonation/Theft, T1140 - Deobfuscate/Decode Files or Information, T1147 - Hidden Users, T1156 - Malicious Shell Modification, T1176 - Browser Extensions, T1184 - SSH Hijacking, T1210 - Exploitation of Remote Services, T1213 - Data from Information Repositories, T1218 - Signed Binary Proxy Execution, T1408 - Disguise Root/Jailbreak Indicators, T1410 - Network Traffic Capture or Redirection, T1415 - URL Scheme Hijacking, T1416 - URI Hijacking, T1421 - System Network Connections Discovery, T1422 - System Network Configuration Discovery, T1427 - Attack PC via USB Connection, T1428 - Exploit Enterprise Resources, T1429 - Capture Audio, T1444 - Masquerade as Legitimate Application, T1445 - Abuse of iOS Enterprise App Signing Key, T1448 - Carrier Billing Fraud, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1453 - Abuse Accessibility Features, T1460 - Biometric Spoofing, T1473 - Malicious or Vulnerable Built-in Device Functionality, T1491 - Defacement, T1496 - Resource Hijacking, T1497.002 - User Activity Based Checks, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1523 - Evade Analysis Environment, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1548 - Abuse Elevation Control Mechanism, T1560 - Archive Collected Data, T1563 - Remote Service Session Hijacking, T1566 - Phishing, T1583.002 - DNS Server, T1583.005 - Botnet, T1584.005 - Botnet, T1604 - Proxy Through Victim, TA0001 - Initial Access, TA0004 - Privilege Escalation, TA0011 - Command and Control, TA0030 - Defense Evasion
Open Ports Detected
25
Geographic Location
Country
United States
City
Unknown
Region
Washington
Coordinates
47.6034, -122.3414
Network Information
ASN
AS8075
Organization
MICROSOFT-CORP-MSN-AS-BLOCK
Network
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
WHOIS Information
NetRange
104.40.0.0 - 104.47.255.255
CIDR
104.40.0.0/13
NetName
MSFT
NetHandle
NET-104-40-0-0-1
Parent
NET104 (NET-104-0-0-0-0)
NetType
Direct Allocation
OriginAS
Organization
Microsoft Corporation (MSFT)
RegDate
1998-07-10
Updated
2023-11-17
Ref
https://rdap.arin.net/registry/entity/MSFT
OrgName
Microsoft Corporation
OrgId
MSFT
Address
One Microsoft Way
City
Redmond
StateProv
WA
PostalCode
98052
Country
US
Comment
* IOC@microsoft.com
OrgTechHandle
BEDAR6-ARIN
OrgTechName
Bedard, Dawn
OrgTechPhone
+1-425-538-6637
OrgTechEmail
dabedard@microsoft.com
OrgTechRef
https://rdap.arin.net/registry/entity/BEDAR6-ARIN
- Country: United States
- Network: AS8075 microsoft corporation
- Noticed: 31 times
- Protcols Attacked: SSH
- Countries Attacked: Canada, France, Germany, India, Italy, Korea Republic of, Netherlands, Singapore, United States of America
Malware Detected on Host
Count: 340 b5dd67db64a9dd01f354a648a19c25e65b9c9f8ea36d8d753ddb255dec8ddead e0005a5fa84be6d7f8355fd3c671053490e2d1cfc8e968c7a35f51b750538752 b71a568f4e0867c0910d242c430d1972984b66794d8cb01053daf38c9197c65c 10626f8c0f6128aec64ebc4bf5acbc77ef016ae706dc8c627d038bf13d505e08 bf6c6c074398a9a732ef02663546930035b1d8142d5af5bda401bd62a24a9a97 4414fb01e9f6af379dd329045945371a5f09aa9f149eea22a65e05ed7b5d7432 5a31ac37c544ff8b194aea4b643bc35f391ed974432d3d4e69cbd29113a514d8 7bb7f4e514fa243d94221c5660cbf4935fbbf7ae9da27419f8b0cb6d01ce86ee d44226b35374141ebb037bf77a806466e66f0fcaa0050f960ddadab6915b656f 895766e4fa767838411b7f478416feb402cfb90a294dcbf2789a3fbe45c0a795
Disclaimer
This page contains threat intelligence information for the IPv4 address 104.47.55.33 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.