104.47.74.10 Threat Intelligence and Host Information

Share on:
Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.47.74.10 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1011 - Exfiltration Over Other Network Medium, T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1043 - Commonly Used Port, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1179 - Hooking, T1410 - Network Traffic Capture or Redirection, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1496 - Resource Hijacking, T1497 - Virtualization/Sandbox Evasion, T1560 - Archive Collected Data, T1583.002 - DNS Server, T1583 - Acquire Infrastructure, TA0011 - Command and Control

  • Tags: abuse, accept, acint, active related, added active, address, adload, advisory, adware, adwaresig, aes256gcm, agent, agent tesla, agenttesla, akamaias, alexa, alexa top, algorithm, all octoseek, all search, amazon02, amazonaes, api blog, apnic, apnic whois, apple, apple hacking, apple ios, apple phone, applicunwnt, april, artemis, articles, ascii text, asia pacific, attack, attorney, august, author avatar, azorult, babar, bank, bazaloader, b body, beach research, behav, binder, bitminer, bitrat, blacklist, blacklist http, blacklist https, blister, body, body length, bomb, botnetwork, bradesco, brian, brian sabey, brochure url, brontok, button, bypass, c2, c2ae, c2 raccoon, chaos, china telecom, cisco umbrella, civicalg, civicalg.com, ck id, ck matrix, cl0p, class, cleaner, click, close, cloud, cloudflare, cloudflarenet, cnc server, cnnic, cobalt strike, Cobalt Strike, code, collection, column, com laude, communicating, community https, company limited, computer, conduit, connection, contact, contacted, contacted circa 10.23.2023-, contact phone, control server, copy, copyright, core, count blacklist, covid19, crack, create new, creation_of_an_executable_by_an_executable, critical, critical risk, cryptinject, csc corporate, cutwail, cve201711882, cyberstalking, cyber threat, dapato, dark, dark power, data, date, december, deepscan, de indicators, description, detection list, detections type, detplock, digicert global, district, dllinject, dnspionage, dns replication, dnssec, docs pricing, domain, domains, domain status, downer, downldr, download, download csv, downloader, driverpack, dropper, emotet, encpk, engineering, entries, error, et tor, excel, execution, exit, expiration, exploit, export, facebook, facebook link, failed_code_integrity_checks, fakealert, fakeinstaller, falcon sandbox, fareit, feodo, file, filerepmalware, files, filetour, final url, firehol, first, floxif, footer, form, formbook, freemake, fri jun, fusioncore, g2 tls, gecko, general, general full, generator, generic, generic malware, genkryptik, genpack, get h2, github, glupteba, gmbh version, google, gootloader, government relations, graph community, gti9080l, gti9128v, gti9158, hackers, hacktool, hall render, hallrender.com, hallrender.com/attorney/brian-sabey, hash, hashes, headers, heodo, heur, highly targeted, hijacking, historical ssl, host, hostname, hsbc, html, http response, hybrid, hyperv, icann whois, identifier, iframe, ii llc, indicator, indicator role, indonesia, info, information, inmortal, innova co, input, installcore, installer, installpack, iobit, iocs, ip address, ip summary, ipv4, issuer, java, jpeg image, json ip, jul jan, july, june, kb acrotray, key algorithm, keygen, key identifier, khtml, known tor, kraddare, kuaizip, label, laplasclipper, level3, light, linkedin link, linkid252669, link url, loadmoney, local, localappdata, lockbit, login, lolkek, lovgate, lsmeta function, lsoldgsqueue, ltd dba, lumma stealer, macros sneaky, magazine, main, malicious, malicious host, malicious site, malicious url, maltiverse, malware, malware generic, malware site, march, mark, maui ransomware, mb iesettings, mb opera, mb qimage, mb setup, mb super, media, mediaget, memscan, meta, metastealer, meterpreter, metro, microsoft, million, mimikatz, miner, mirai, misc attack, mitre att, modernizr, mo.gov, monitoring, name, namecheap, namecheap inc, name verdict, nanjing, nanocore, nanocore rat, networm, next, nircmd, njrat, no data, node tcp, node udp, no expiration, noname057, notepad, nsis, number, nymaim, occamy, offercore, opencandy, optimizer, otx octoseek, p2404, passive dns, password, password bypass, patcher, path, pattern match, paypal, phish, phishing, phishing chase, phishing site, phishtank, physical threat, pony, porkbun llc, powershell_create_scheduled, pragma, predator, premium, presenoker, project, protocol h2, proxy, psexec, pulse pulses, pulses, pulses url, pykspa, python_initiated-connection, qakbot, qbot, quasar, quasar rat, raccoon, ramnit, ransomexx, ransomware, redirector, redline, redline stealer, referrer, registrar, registrar abuse, registrar url, registrar whois, relacionada, related pulses, relayrouter, relic, remcos, render, report spam, resource, reverse dns, riskware, rms, role title, root ca, rsa sha256, runescape, safebae.org, safe site, sality, sample, samplepath, samples, samuel tulach, scan endpoints, script, search, search live, secrisk, sector, security, security tls, seraph, server, service, serving ip, setup stub, sha256, show technique, site, site safe, site top, softcnapp, softonic, software, sonbokli, spammer, span, spearfishing, spyrixkeylogger, spyware, ssl certificate, startpage, status code, stealer, strings, subject key, submitters, summary, summary iocs, suppobox, suspected, suspicious, swisyn, swrort, systweak, tag count, tag tag, target, team, team malware, technology, telecom, temp, textarea, this, threat report, threat roundup, threats et, thu aug, tiggre, title, title added, tld count, tofsee, tor exit, tor known, tor relayrouter, traffic, trickbot, trojan, trojanspy, trojanx, trust, tsara brashears, tue dec, tulach, tulach.cc, twitter, type name, ubot, ultimate, unauthorized, union, united, unknown, unlocker, unruy, unsafe, update checker, url http, url https, urls, url summary, ursnif, usage, user, utc submissions, uztuby, v3 serial, value, variables, verisign, veryhigh, vidar, virus network, virustotal, virut, vitzo, vmprotect, wacatac, wannacry kill, webtoolbar, whois database, whois parent, whois record, whois whois, win32 dll, win32 exe, win32.pdf.alien, win64, windows, windows nt, wiper, x509v3 key, xrat, xtrat, zbot, zeus, zpevdo

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network: AS8075 microsoft corporation
  • Noticed: 19 times
  • Protcols Attacked: SSH
  • Countries Attacked: United States of America

Malware Detected on Host

Count: 6526 e4163f2b92d8fd6bf5c1cf8ddbd95a66e873ab61c163e33d51e9437177e8cabd cf0d75469be898071a9f31a8ff557821ee7f01e67d2e914677ed489ec3cee012 e0005a5fa84be6d7f8355fd3c671053490e2d1cfc8e968c7a35f51b750538752 f115eef71831363362d2f0d14cd039ca3d05ab601c88e77c19df0705c81bf131 ea101799f81ce0bb44035857a8f549290acf5bcd3e564e08e6eb9917a2f372eb 98618a0d83fb4023ddd0d09cb5fb70bf0703a2486fc4eaf5cd90c0e8cb93db17 9f36c0ac7f40d0d24bc5da78125fdd2803d3e38874363b1e568b2bb24c009144 467144cbcc88643d78db12e57112366d7b4bf321ad301571707bcb5a601e8b70 09dc7ddcf805a889a2cf505b8803feea8bcc6c47d36533d2286d2b1faaaf318f d2418dff2db3eaa122ef91fdf13892869b8c61f7bb5ac1136092ba1f0b4a7478

Open Ports Detected

25 443 80

Map

Whois Information

  • NetRange: 104.40.0.0 - 104.47.255.255
  • CIDR: 104.40.0.0/13
  • NetName: MSFT
  • NetHandle: NET-104-40-0-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS:
  • Organization: Microsoft Corporation (MSFT)
  • RegDate: 2014-05-07
  • Updated: 2021-12-14
  • Ref: https://rdap.arin.net/registry/ip/104.40.0.0
  • OrgName: Microsoft Corporation
  • OrgId: MSFT
  • Address: One Microsoft Way
  • City: Redmond
  • StateProv: WA
  • PostalCode: 98052
  • Country: US
  • RegDate: 1998-07-10
  • Updated: 2023-11-17
  • Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
  • Comment: * https://cert.microsoft.com.
  • Comment:
  • Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
  • Comment: * abuse@microsoft.com.
  • Comment:
  • Comment: To report security vulnerabilities in Microsoft products and services, please contact:
  • Comment: * secure@microsoft.com.
  • Comment:
  • Comment: For legal and law enforcement-related requests, please contact:
  • Comment: * msndcc@microsoft.com
  • Comment:
  • Comment: For routing, peering or DNS issues, please
  • Comment: contact:
  • Comment: * IOC@microsoft.com
  • Ref: https://rdap.arin.net/registry/entity/MSFT
  • OrgTechHandle: BEDAR6-ARIN
  • OrgTechName: Bedard, Dawn
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: dabedard@microsoft.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
  • OrgTechHandle: IPHOS5-ARIN
  • OrgTechName: IPHostmaster, IPHostmaster
  • OrgTechPhone: +1-425-538-6637
  • OrgTechEmail: iphostmaster@microsoft.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
  • OrgTechHandle: MRPD-ARIN
  • OrgTechName: Microsoft Routing, Peering, and DNS
  • OrgTechPhone: +1-425-882-8080
  • OrgTechEmail: IOC@microsoft.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
  • OrgTechHandle: SINGH683-ARIN
  • OrgTechName: Singh, Prachi
  • OrgTechPhone: +1-425-707-5601
  • OrgTechEmail: pracsin@microsoft.com
  • OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
  • OrgAbuseHandle: MAC74-ARIN
  • OrgAbuseName: Microsoft Abuse Contact
  • OrgAbusePhone: +1-425-882-8080
  • OrgAbuseEmail: abuse@microsoft.com
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
  • OrgRoutingHandle: CHATU3-ARIN
  • OrgRoutingName: Chaturmohta, Somesh
  • OrgRoutingPhone: +1-425-882-8080
  • OrgRoutingEmail: someshch@microsoft.com
  • OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN

Links to attack logs

** ** **