104.47.59.138 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 104.47.59.138 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 60/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: United States
- Network: AS8075 microsoft corporation
- Noticed: 50 times
- Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Saudi Arabia, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
- Open Ports: 25, 443, 80
- Tor Node: No
- Associated Malware Samples: 1501
Tags
- 114.114.114.114
- address
- adload
- adobe acrobat
- adobe cloud
- adobe crash
- adobe sign
- adult content
- adwind
- agency
- agent
- agent tesla
- aig.com
- aig.rastreator.mx
- alexa
- alexa top
- algorithm
- all octoseek
- all search
- analyzed
- android
- apple
- apple ios
- april
- artemis
- ascii text
- asp.net
- assaulter
- asyncrat
- attack
- attempt goog
- august
- author
- ave maria
- awful
- azorult
- back
- bank
- banker
- bankerx
- b body
- blacklist
- blacklist http
- blacklist https
- body length
- both forensics
- bradesco
- brian sabey
- burma
- ca lann
- caltech.edu
- carnegie mellon
- carnegie mellon university
- cellbrite
- cellebrite
- cellebrite ufed
- charles
- chrome
- cisco umbrella
- citadel
- city
- ck id
- class
- cleaner
- click
- cloudfront
- cmu server
- cobalt strike
- code
- communicating
- conduit
- connection
- contact
- contacted
- contact phone
- copy
- core
- covid19
- crack
- created
- critical
- crypto
- csc corporate
- cus cnincommon
- cus ou
- cyber security
- cyber threat
- cyber warfare
- data
- date
- defence
- defense
- detection list
- detections type
- djvu
- dnspionage
- dns replication
- domain
- domain name
- domain record
- domains
- domain status
- downldr
- downloader
- dropper
- emotet
- engineering
- entrust
- error
- evasive
- examiner
- execution
- exploit
- fakealert
- falcon sandbox
- february
- filehashsha256
- files
- files domain
- file size
- files related
- filetour
- file type
- final url
- find
- first
- formbook
- fraud
- full name
- fusioncore
- gamehack
- general
- generator
- generic
- generic malware
- ghost rat
- gmail
- google attack
- google playstore
- group
- hacktool
- hall render
- hallrender
- hashes files
- headers
- heur
- hidden form
- historical ssl
- hostname
- hostnames
- html internet
- http
- http response
- hybrid
- iana id
- identifier
- iframe
- info
- installbrain
- installcore
- ioc
- iocs
- ioc search
- ios
- ip address
- ip summary
- ipv4
- issuer
- it legal
- july
- june
- kb body
- key algorithm
- key identifier
- keylogger
- killav
- kraken
- l1k validity
- lab command
- lazarus
- list
- lnew york
- lockbit
- logistics
- lokibot
- lolkek
- magic html
- makop
- malicious
- malicious site
- malvertizing
- malware
- malware site
- manage
- mark brian sabey
- markmonitor
- matsnu
- metro
- microsoft
- Miles IT
- million
- miner
- mitre att
- modified
- monitoring
- mon oct
- month ago
- months ago
- mydoom-90
- name
- name server
- name verdict
- nanocore rat
- net128
- net1280000
- netsky
- networm
- new ioc
- new york
- next
- Nextray
- nimda
- nircmd
- no data
- noname057
- none file
- nr-data.net
- number
- nymaim
- occamy
- october
- oentrust
- opencandy
- orgid
- origin1
- otx octoseek
- packed
- passive dns
- paste
- patcher
- pegasus
- phishing
- phishing site
- phishtank
- pittsburgh
- please select
- podcast
- ponmocup
- pornography
- postal code
- post root
- premium
- presenoker
- present jun
- privacy invasion
- privilege escalation
- privilege https
- protect
- pulses none
- qakbot
- qbot
- quasar
- raccoon
- ramnit
- ransomexx
- ransomware
- record type
- redirector
- redline stealer
- redlinestealer
- referrer
- registrar abuse
- registrar url
- registrar whois
- reimer
- related tags
- report spam
- resolutions
- reverse dns
- riskware
- rolefunction
- root ca
- rsa server
- rtechhandle
- safe site
- sample
- sample path
- samples
- sat aug
- sa victim
- scan endpoints
- seraph
- server
- serving ip
- sha256
- simda
- site
- skynet
- smart search
- solve
- ssl certificate
- status code
- stealer
- stealth
- stmi ouincommon
- strings
- subject key
- summary
- suppobox
- survey
- survivor
- swisscom root
- swrort
- t1140
- tag count
- targeting
- targets sa
- team
- team malware
- teams api
- threat
- threat analyzer
- threat report
- threat roundup
- threat score
- tiggre
- tinba
- tofsee
- tools
- tracking
- trid file
- trojan
- trojanspy
- trojanx
- trust
- tsara brashears
- ttl value
- tulach
- type textplain
- united
- unknown
- unruy
- unsafe
- upgrade
- url http
- url https
- urls
- urls https
- url summary
- ursnif
- utmsourcemailer
- v3 serial
- validity
- vawtrak
- vidar
- wacatac
- webcompanion
- webtoolbar
- whois record
- whois whois
- win32
- win32 exe
- win64
- winamp
- windir
- worm
- x509v3 key
- xrat
- xtrat
- zbot
- zeus
- zpevdo
MITRE ATT&CK TTPs
- T1001.002 - Steganography
- T1012 - Query Registry
- T1027 - Obfuscated Files or Information
- T1031 - Modify Existing Service
- T1036 - Masquerading
- T1038 - DLL Search Order Hijacking
- T1041 - Exfiltration Over C2 Channel
- T1056.001 - Keylogging
- T1057 - Process Discovery
- T1059.002 - AppleScript
- T1059.007 - JavaScript
- T1059 - Command and Scripting Interpreter
- T1068 - Exploitation for Privilege Escalation
- T1071.001 - Web Protocols
- T1071.002 - File Transfer Protocols
- T1071.003 - Mail Protocols
- T1071.004 - DNS
- T1071 - Application Layer Protocol
- T1074 - Data Staged
- T1082 - System Information Discovery
- T1083 - File and Directory Discovery
- T1105 - Ingress Tool Transfer
- T1106 - Native API
- T1114 - Email Collection
- T1122 - Component Object Model Hijacking
- T1129 - Shared Modules
- T1140 - Deobfuscate/Decode Files or Information
- T1147 - Hidden Users
- T1445 - Abuse of iOS Enterprise App Signing Key
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1518.001 - Security Software Discovery
- T1518 - Software Discovery
- T1546.015 - Component Object Model Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1564.001 - Hidden Files and Directories
- T1588.004 - Digital Certificates
- TA0004 - Privilege Escalation
- TA0011 - Command and Control
Attack Log References
Whois Information
NetRange: 104.40.0.0 - 104.47.255.255
CIDR: 104.40.0.0/13
NetName: MSFT
NetHandle: NET-104-40-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2014-05-07
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/104.40.0.0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2023-11-17
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-882-8080
OrgRoutingEmail: someshch@microsoft.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN