13.107.246.10 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 13.107.246.10 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 60/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: United States
- Network: AS8068 microsoft corporation
- Noticed: 42 times
- Protocols Attacked: SSH
- Countries Attacked: Australia, Canada, France, Germany, India, Italy, Korea Republic of, Netherlands, Singapore, Ukraine, United States of America, Virgin Islands British
- Open Ports: 443, 80
- Tor Node: No
- Associated Malware Samples: 1998
Tags
- aaaa
- accept
- accept encoding
- acceptencoding
- acint
- address
- admin city
- admin email
- a domains
- adware
- aes128gcm
- aes256
- agent
- agenttesla
- alerts
- alexa
- alexa top
- algorithm
- all octoseek
- all search
- amadey
- amazon02
- amazonaes
- amazon rsa
- amazons3
- analysis
- analysis date
- android
- android file
- anonymizer
- ansi
- a nxdomain
- api blog
- api key
- apple
- apple ios
- Apple phishing
- applicunwnt
- april
- apt
- archive
- artemis
- article
- as13335
- as15169 google
- as16625 akamai
- as19527 google
- as19905
- as20940
- as23724
- as2914 ntt
- as29580 a1
- as3257 gtt
- as35280 acorus
- as393648
- as46606
- as4808 china
- as4812 china
- as54113
- as54990
- as6185 apple
- as62597 nsone
- as62729
- as6453 tata
- as6461 zayo
- as714 apple
- as7843 charter
- as7922 comcast
- as8866
- ascii text
- ashburn
- asn15169
- asn16509
- asnone united
- assaulter
- assault victim
- assured id
- asyncrat
- atlanta admin
- attack
- attacks
- august
- authentihash
- authority
- av detections
- awful
- azorult
- backdoor
- bank
- b body
- behav
- benjamin c
- bersicht
- bingo
- bitcoin
- bitrat
- blacklist
- blacklist https
- blacknet rat
- blob
- body
- body length
- bouvet island
- browse scan
- buildtosuit
- bundled
- c-67-181-73-197.hsd1.ca.comcast.net
- catalog file
- cellbrite
- cellebrite
- centers
- certificate
- certs frames
- chaos
- chat
- chi2
- china
- china telecom
- chrome
- cil executable
- cisco umbrella
- citadel
- ck id
- ck matrix
- class
- cleaner
- click
- close
- cloud
- cloudflare
- cloudflarenet
- cname
- cobalt strike
- Cobalt Strike
- code
- code signing
- collection
- collections
- colocation data
- com laude
- communicating
- community
- community https
- comodo valkyrie
- conduit
- connection
- consumer
- contact
- contacted
- contacted circa 10.23.2023-
- contacted urls
- contact email
- contact made by mark brian sabey
- contact made by o'dea
- contact phone
- contained
- controller
- cookie
- copy
- copyright
- core
- country
- crack
- create c
- creation date
- creoletohtml
- cre toolkit
- critical
- critical risk
- crypto
- crypto threat
- csc corporate
- cus cnentrust
- cus cnr3
- cutwail
- CVE-2014-3153
- CVE-2017-0143
- CVE-2017-0147
- CVE-2017-0199
- CVE-2017-11882
- CVE-2017-8570
- CVE-2018-4893
- CVE-2020-0601
- CVE-2023-22518
- cyber
- cybercrime
- cyber criminal
- cyber security
- cyber threat
- dapato
- dark
- dark power
- dark web
- data
- data redacted
- datatask
- date
- daten
- date sat
- december
- defacement
- default
- de indicators
- delphi
- delphi sha1
- de redirected
- description
- details links
- details module
- detection list
- detections type
- detplock
- dnspionage
- dns records
- dns replication
- dnssec
- dock
- docs pricing
- document
- domain
- domain name
- domain related
- domains
- domains domain
- domains ii
- domains show
- domain status
- done adding
- doublepulsar
- downer
- downldr
- download
- downloader
- dropped
- dropper
- echelon
- ec oid
- email holokaust
- email phishing
- emails
- emotet
- encrypt
- endpoints all
- engineering
- enterprise
- entries
- entropy
- entropy chi2
- entrust
- error
- espionage
- eternalblue
- et exploit
- execution
- expiration date
- exploit
- export
- facebook url
- february
- file
- filehash
- filehashsha1
- files
- files ip
- files location
- filetour
- file type
- final url
- firehol
- first
- follow
- footer
- forbidden
- form
- format
- formbook
- for privacy
- found
- frankfurt
- fullyear
- function
- functionality
- fusioncore
- ga creation
- galore
- gecko
- general
- general full
- generator
- generic
- generic flags
- generic malware
- genkryptik
- germany
- germany unknown
- get fdm
- get h2
- github
- global payments
- gmbh version
- gmt content
- goldfinder
- goldmax
- google tag
- gootloader
- gtm5wjlq2
- guid
- gvb gelimed
- hacktool
- hallrender
- hash
- hashes
- hashes hashes
- headers
- headers date
- header target
- hell
- heur
- historical ssl
- hostname
- hostnames
- hotmail
- hours
- html document
- html info
- http
- http redirect
- http response
- hybrid
- hyperv
- iana id
- identifier
- ids detections
- iframe
- imphash
- indicator
- infinity
- info
- informationen
- ingestion time
- input
- installcore
- installer
- installpack
- intel
- intellectual property theft
- iobit
- iocs
- ios
- ip address
- ip detail
- ip detections
- iPhone phishing
- ip summary
- ipv4
- ipv4 domain
- ipv4 url
- ireland
- ireland unknown
- issuer
- issuer issuer
- j490s6lkpppw
- january
- javascript
- join
- join url
- jpeg
- july
- june
- kb acrotray
- kb body
- key algorithm
- key identifier
- key info
- khtml
- kraken
- kronos
- kuaizip
- l1m oentrust
- lang
- langpage string
- lazarus
- lfqprnkje8dni0
- light
- link
- live
- local
- localappdata
- locale
- location dublin
- location united
- lockbit
- login
- lolkek
- lucifer
- machine intel
- magic pe32
- mail spammer
- main
- makop
- malicious
- malicious file transfers
- malicious host
- malicious site
- malicious url
- maltiverse
- malware
- malware site
- march
- markmonitor inc
- matomo
- matsnu
- maui ransomware
- maxage0
- maxage2592000
- mb iesettings
- mb opera
- mb super
- media
- mediaget
- meta
- meta tags
- metro
- million
- miner
- mitre att
- monitoring
- mono
- month
- moved
- msf style
- msie
- msr jan
- ms windows
- ms word
- mtb jan
- mtb md5
- music
- name
- namecheap
- namecheap inc
- name servers
- name verdict
- netsky
- network
- networm
- neutral
- new collection
- next
- nircmd
- njrat
- no data
- no expiration
- noknowledge
- noname057
- none related
- november
- null
- number
- nwappleappnone
- nwfqav
- nwfqbe
- nwfqvi
- nwfqvo
- nxdomain
- nymaim
- obsession
- october
- olet
- online
- open
- opencandy
- optimizer
- optional
- otx octoseek
- otx telemetry
- outbreak
- p11674523086
- p11674791151
- p11674860430
- p2404
- paq object
- parent
- parent domain
- passive dns
- password
- password bypass
- paste
- path
- pattern match
- pe32
- pegasus
- pe resource
- period
- phish
- phishing
- phishing site
- phishtank
- photo portal
- physical threat
- piwik
- pixel
- playgame
- point
- popularity
- postal code
- powered shells
- premium
- presenoker
- prior
- privilege abuse
- privilege escalation
- privilege https
- probe
- probe ms17010
- problems
- profis
- program files
- protocol h2
- public
- publish
- pulse pulses
- pulse submit
- push
- pykspa
- qakbot
- quasar
- quasar rat
- query
- rabatte fr
- raccoon
- ramnit
- rank position
- ranks rank
- ransom
- ransomexx
- ransomware
- raw size
- real profile
- record type
- record value
- redline stealer
- red team
- referrer
- refresh
- regexp
- registrant
- registrant fax
- registrar abuse
- registrar csc
- registrar url
- registrar whois
- related nids
- related pulses
- relic
- remcos
- remote
- request chain
- resolutions
- resource
- retaliation
- revenue service
- reverse dns
- riskware
- rms
- root ca
- rouge admin
- rticon
- rtmanifest
- runescape
- russia unknown
- saal
- saal digital
- saalgroup
- sabey
- safe site
- sality
- sample
- samplepath
- samples
- samuel tulach
- sandbox
- sa victim
- scan endpoints
- scheme
- screenshot
- script
- script urls
- search
- search live
- sections
- sections name
- sector
- security
- security tls
- self
- september
- serial number
- server
- servers
- service
- services
- serving ip
- sha1
- sha256
- show
- showing
- sibot
- sign up
- simda
- site
- smbds ipc
- snatch
- soc
- social engineering
- softcnapp
- software
- sophos
- sorefang
- span
- spyware
- ssdeep
- ssl certificate
- startpage
- status
- status code
- status status
- stealer
- streams size
- strings
- strong
- subdomains
- subject key
- subject public
- submission
- submit
- submitters
- summary
- summary iocs
- sunburst
- suppobox
- support
- survivor
- suspicious
- swisyn
- swrort
- symantec sha256
- synaptics
- systemdrive
- systweak
- tag count
- tag manager
- tags none
- target
- targeting
- targeting tsara brashears
- targets sa
- team
- team phishing
- team proxy
- telecom
- textarea
- this
- threat
- threat network
- threat report
- threat roundup
- threats
- tiggre
- time majestic
- title
- title saal
- tld count
- tofsee
- tools
- trackers google
- tree links
- trickboot
- trickbot
- trid generic
- trid win32
- trojan
- trojan.adload/ursu
- trojanspy
- trust
- tsara brashears
- ttl value
- tucows domains
- tulach
- tulach.cc
- turn
- typelib id
- type name
- type rticon
- umbrella
- union
- united
- united kingdom
- unknown
- unsafe
- upx md5
- url analysis
- url http
- url https
- urls
- urls http
- urls https
- url summary
- urls url
- ursnif
- usage
- us entropy
- user
- utc alexa
- utc aw741566034
- utc cisco
- utc entry
- utc redirection
- utc statvoo
- utc submissions
- v3 serial
- valid
- valid from
- valid issuer
- valid usage
- value
- value ingestion
- variables
- vawtrak
- verdict
- version id
- vhash
- vidar
- virgin islands
- virtool
- virtual address
- virtual size
- virustotal
- vmprotect
- vt community
- vt graph
- vxstream
- W32.AIDetectNet.01
- wacatac
- webtoolbar
- westlaw njrat
- whitelisted
- whois
- whois lookup
- whois lookups
- whois record
- whois ssl
- whois whois
- win32
- win32ausiv md5
- win32cve md5
- win32 dll
- win32 exe
- win32mydoom feb
- win32mydoom jan
- win32vhorse md5
- win64
- window
- windows
- windows nt
- wiper
- worm
- write
- x509v3 key
- x509v3 subject
- xport
- xrat
- x ua
- yara detections
- zbot
- zeus
MITRE ATT&CK TTPs
- T1003 - OS Credential Dumping
- T1005 - Data from Local System
- T1011 - Exfiltration Over Other Network Medium
- T1012 - Query Registry
- T1018 - Remote System Discovery
- T1027.002 - Software Packing
- T1027 - Obfuscated Files or Information
- T1031 - Modify Existing Service
- T1033 - System Owner/User Discovery
- T1043 - Commonly Used Port
- T1053 - Scheduled Task/Job
- T1056.001 - Keylogging
- T1057 - Process Discovery
- T1059.002 - AppleScript
- T1059 - Command and Scripting Interpreter
- T1060 - Registry Run Keys / Startup Folder
- T1068 - Exploitation for Privilege Escalation
- T1070 - Indicator Removal on Host
- T1071.001 - Web Protocols
- T1071.003 - Mail Protocols
- T1071.004 - DNS
- T1071 - Application Layer Protocol
- T1081 - Credentials in Files
- T1082 - System Information Discovery
- T1094 - Custom Command and Control Protocol
- T1100 - Web Shell
- T1105 - Ingress Tool Transfer
- T1110.002 - Password Cracking
- T1112 - Modify Registry
- T1114 - Email Collection
- T1119 - Automated Collection
- T1129 - Shared Modules
- T1140 - Deobfuscate/Decode Files or Information
- T1143 - Hidden Window
- T1158 - Hidden Files and Directories
- T1176 - Browser Extensions
- T1215 - Kernel Modules and Extensions
- T1410 - Network Traffic Capture or Redirection
- T1449 - Exploit SS7 to Redirect Phone Calls/SMS
- T1457 - Malicious Media Content
- T1460 - Biometric Spoofing
- T1491 - Defacement
- T1496 - Resource Hijacking
- T1497 - Virtualization/Sandbox Evasion
- T1547 - Boot or Logon Autostart Execution
- T1548 - Abuse Elevation Control Mechanism
- T1560 - Archive Collected Data
- T1566 - Phishing
- T1583.002 - DNS Server
- T1583.005 - Botnet
- TA0003 - Persistence
- TA0005 - Defense Evasion
- TA0011 - Command and Control
Passive DNS
- kcxdirect.com
Attack Log References
Whois Information
NetRange: 13.64.0.0 - 13.107.255.255
CIDR: 13.104.0.0/14, 13.96.0.0/13, 13.64.0.0/11
NetName: MSFT
NetHandle: NET-13-64-0-0-1
Parent: NET13 (NET-13-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-03-26
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/13.64.0.0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2024-03-18
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-882-8080
OrgRoutingEmail: someshch@microsoft.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN
OrgTechHandle: KIMAV-ARIN
OrgTechName: Kim, Avery
OrgTechPhone: +1-425-882-8080
OrgTechEmail: averykim@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/KIMAV-ARIN