104.47.73.138 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.47.73.138 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 10/100

Host and Network Information

• JARM: 2ad2ad0002ad2ad0002ad2ad2ad2adf9fdf4eeac344e8b5003264da73585be

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: times
• Protcols Attacked: SSH
• Passive DNS Results: tpcus-com.mail.protection.outlook.com abc-com.mail.protection.outlook.com univareurope-com.mail.protection.outlook.com topgolf-com.mail.protection.outlook.com christinegarner-net.mail.protection.outlook.com dfsfeed-com.mail.protection.outlook.com roccovidalpw-com.mail.protection.outlook.com licninc.mail.protection.outlook.com americanrepublic-com.mail.protection.outlook.com coronadokatz-com.mail.protection.outlook.com coronadoshoresco-com.mail.protection.outlook.com goodyearcoronado-com-mx.mail.protection.outlook.com www.ciassoc.com ciassoc.com coronacourtreporting-com.mail.protection.outlook.com annarborusa-org.mail.protection.outlook.com shearers-com.mail.protection.outlook.com coronadocondofl-com.mail.protection.outlook.com adobe-com.mail.protection.outlook.com sw-org.mail.protection.outlook.com ccm-com.mail.protection.outlook.com meriplex-com.mail.protection.outlook.com pikeenterprises-mail-onmicrosoft-com.mail.protection.outlook.com ssf-gob-sv.mail.protection.outlook.com coronaviruscommission-com.mail.protection.outlook.com nationalresearch-net.mail.protection.outlook.com alacritysolutions-com.mail.protection.outlook.com ankura-com.mail.protection.outlook.com coronadolawva-com.mail.protection.outlook.com stewartandstevenson-mail-onmicrosoft-com.mail.protection.outlook.com bswhealth-org.mail.protection.outlook.com solarwinds-com.mail.protection.outlook.com fhsinc.mail.protection.outlook.com admin.protection.outlook.com lacorona-mobi.mail.protection.outlook.com lacorona-com-mx.mail.protection.outlook.com ml314-com.mail.protection.outlook.com bombora-com.mail.protection.outlook.com coronado-com.mail.protection.outlook.com remote.licn.com wctatel-com.mail.protection.outlook.com astin-us.mail.protection.outlook.com kenpaxton-com.mail.protection.outlook.com newmail.theclarogroup.com t324-com.mail.protection.outlook.com childrensomaha.mail.protection.outlook.com coronadoruiz-com.mail.protection.outlook.com mail-mw2nam080138.inbound.protection.outlook.com tomorrowplanning-com.mail.protection.outlook.com hertz-com.mail.protection.outlook.com abeaconofhope-org.mail.protection.outlook.com spamfilter.getntense.com getntense-com.mail.protection.outlook.com coronadousd-net.mail.protection.outlook.com ohiodominican-edu.mail.protection.outlook.com witc-edu.mail.protection.outlook.com smartmatic-com.mail.protection.outlook.com coronadocountryclub-com.mail.protection.outlook.com mail.happyfaces.net happyfaces-net.mail.protection.outlook.com apple-com.mail.protection.outlook.com mjpelectric-com.mail.protection.outlook.com adobe.mail.protection.outlook.com coronadocc-com.mail.protection.outlook.com msisurvey-com.mail.protection.outlook.com smtp.tyli.com nustarmankato-com.mail.protection.outlook.com coronaproperty-us.mail.protection.outlook.com coronadopethospital-com.mail.protection.outlook.com org.mail.protection.outlook.com technicolor.mail.protection.outlook.com ygfinancial-com.mail.protection.outlook.com jrgconstruct-com.mail.protection.outlook.com thawte-com.mail.protection.outlook.com tmpw-com-sg.mail.eo.outlook.com coronabrosinstall-com.mail.protection.outlook.com smtp.pewresearch.org mx.pewresearch.org mlmcpas.com relay.pewresearch.org pewresearch-org.mail.protection.outlook.com sykesenterprises-mail-onmicrosoft-com.mail.protection.outlook.com rivercitychiroandrehab.com arrow-com.mail.protection.outlook.com eastidahocuorg-mail-onmicrosoft-com.mail.protection.outlook.com

Malware Detected on Host

Count: 6588 a658e777cf5e499f75d12d44ffab98c726dfa4e6f69d1a112ec9ce50f1fcb62d 31eaa5f8301b0b59041d20cb51882608dbeb47804847c7b0c297de8d0dded1d3 eb7cd88be7fa13bb10a6769702d455b7b1c305a45e645b70a685619e0c150379 3a906f2cf1253eb0173545e898bf2951e199d9f36f8b6c0964ff95f39daae47c 555d40fb5c08984d2a38ee2328772ab5138af33813b73262a6954a2728efc664 b672efecee1b1498032f43cbe6bf5962649bc5909799230d1b92b441eb9c5411 e70143309aca8fd6d899385f62444cea217b16abaed5ff87fd1cedc4c90a4ac9 10ad0df33edc0e5575a624cd23ff7fc6db963fd468980ef63e4646009908bb1f 28fcc97d150df5b444a1bf937ba480ee51e77eb39e7db3a0d029ade2d2d1fd70 e518e4eaff2eae34a00355541930410584b7bc4c113dab5af5ef6e9dd6a4df7f

Open Ports Detected

25 443 80

Map

Whois Information

• NetRange: 104.40.0.0 - 104.47.255.255
• CIDR: 104.40.0.0/13
• NetName: MSFT
• NetHandle: NET-104-40-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Microsoft Corporation (MSFT)
• RegDate: 2014-05-07
• Updated: 2021-12-14
• Ref: https://rdap.arin.net/registry/ip/104.40.0.0
• OrgName: Microsoft Corporation
• OrgId: MSFT
• Address: One Microsoft Way
• City: Redmond
• StateProv: WA
• PostalCode: 98052
• Country: US
• RegDate: 1998-07-10
• Updated: 2023-11-17
• Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
• Comment: * https://cert.microsoft.com.
• Comment:
• Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
• Comment: * abuse@microsoft.com.
• Comment:
• Comment: To report security vulnerabilities in Microsoft products and services, please contact:
• Comment: * secure@microsoft.com.
• Comment:
• Comment: For legal and law enforcement-related requests, please contact:
• Comment: * msndcc@microsoft.com
• Comment:
• Comment: For routing, peering or DNS issues, please
• Comment: contact:
• Comment: * IOC@microsoft.com
• Ref: https://rdap.arin.net/registry/entity/MSFT
• OrgTechHandle: BEDAR6-ARIN
• OrgTechName: Bedard, Dawn
• OrgTechPhone: +1-425-538-6637
• OrgTechEmail: dabedard@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
• OrgTechHandle: IPHOS5-ARIN
• OrgTechName: IPHostmaster, IPHostmaster
• OrgTechPhone: +1-425-538-6637
• OrgTechEmail: iphostmaster@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
• OrgTechHandle: MRPD-ARIN
• OrgTechName: Microsoft Routing, Peering, and DNS
• OrgTechPhone: +1-425-882-8080
• OrgTechEmail: IOC@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
• OrgTechHandle: SINGH683-ARIN
• OrgTechName: Singh, Prachi
• OrgTechPhone: +1-425-707-5601
• OrgTechEmail: pracsin@microsoft.com
• OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
• OrgAbuseHandle: MAC74-ARIN
• OrgAbuseName: Microsoft Abuse Contact
• OrgAbusePhone: +1-425-882-8080
• OrgAbuseEmail: abuse@microsoft.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
• OrgRoutingHandle: CHATU3-ARIN
• OrgRoutingName: Chaturmohta, Somesh
• OrgRoutingPhone: +1-425-882-8080
• OrgRoutingEmail: someshch@microsoft.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN

Links to attack logs

****** ****** ******