IOC Radar
IPMediumSignal 0/100

150.171.27.11

Location
United StatesUnited States
Toronto, Ontario
ASN
AS8075
Microsoft Corporation
First Seen
Apr 17, 2025
Last Seen
Jun 10, 2026
Apr 17
First Seen
419d ago
Jun 10
Last Seen
today
5
Reports
source reports
0%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionToronto, Ontario
ASNAS8075
OrganizationMicrosoft Corporation

Feed Intelligence Summary

5 reports0% confidence
5
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
5
Reports
First seenApr 17, 2025
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationToronto, Ontario
ASNAS8075
OrgMicrosoft Corporation
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS8075 microsoft corporation
raw
NetRange: 150.171.0.0 - 150.171.255.255 CIDR: 150.171.0.0/16 NetName: MSFT NetHandle: NET-150-171-0-0-1 Parent: APNIC-ERX-150 (NET-150-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Microsoft Corporation (MSFT) RegDate: 2015-11-24 Updated: 2021-12-14 Ref: https://rdap.arin.net/registry/ip/150.171.0.0 OrgName: Microsoft Corporation OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2024-03-18 Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: Comment: * https://cert.microsoft.com. Comment: Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact: Comment: * [email protected]. Comment: Comment: To report security vulnerabilities in Microsoft products and services, please contact: Comment: * [email protected]. Comment: Comment: For legal and law enforcement-related requests, please contact: Comment: * [email protected] Comment: Comment: For routing, peering or DNS issues, please Comment: contact: Comment: * [email protected] Ref: https://rdap.arin.net/registry/entity/MSFT OrgAbuseHandle: MAC74-ARIN OrgAbuseName: Microsoft Abuse Contact OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN OrgTechHandle: BEDAR6-ARIN OrgTechName: Bedard, Dawn OrgTechPhone: +1-425-538-6637 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN OrgRoutingHandle: CHATU3-ARIN OrgRoutingName: Chaturmohta, Somesh OrgRoutingPhone: +1-425-882-8080 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN OrgTechHandle: MRPD-ARIN OrgTechName: Microsoft Routing, Peering, and DNS OrgTechPhone: +1-425-882-8080 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN OrgTechHandle: SINGH683-ARIN OrgTechName: Singh, Prachi OrgTechPhone: +1-425-707-5601 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN OrgTechHandle: KIMAV-ARIN OrgTechName: Kim, Avery OrgTechPhone: +1-425-882-8080 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/KIMAV-ARIN OrgTechHandle: IPHOS5-ARIN OrgTechName: IPHostmaster, IPHostmaster OrgTechPhone: +1-425-538-6637 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
references
https://www.youtube.com/watch?v=5KmpT-BoVf4, https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D5KmpT-BoVf4, critical-failure-alert8768.70jf59844149.com-1kafl-hs0pt4m8f.trade, http://www.whatbrowser.com/intl/en/ • ghb.console.adtarget.com.tr.88.1.8b13f8ac.roksit.net, canary5.nycl.do.ubersmith.com • debian-test.nyc3.do.ubersmith.com, docs-old.ubersmith.com • edgevana.trial.ubersmith.com, ghb.unoadsrv.com.88.1.8b13f8ac.roksit.net, malware.sale • http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf, IDS: Win32/Tofsee.AX google.com connectivity check Query to a *.top domain -, Likely Hostile Http Client Body contains pwd= in cleartext Cleartext WordPress Login, Yara Detections: RansomWin32Apollo • 216.239.32.27, https://www.alberta.ca/innovation-technology, https://www.virustotal.com/gui/url/02ac643ab4887f1369e972111782ffb97a98e476ba9277217b048e9c529c7b67/details, https://www.virustotal.com/gui/url/50a0c769107dd6645c080610169f2da5a43d64d06839800fdb426b2b1dc8b552/details, https://www.alberta.ca/technology-and-innovation, https://hybrid-analysis.com/sample/8f73a016e04056778913b3a3192cd57649f6243488898938874b7f31831002aa/68c6dbeb73994f791800aa28, https://urlquery.net/report/9e772488-395e-4d54-a170-c148a573c337, https://urldna.io/scan/68c6dc443b7750000f71bb02, https://www.filescan.io/uploads/68c6de05732879482929ac55/reports/ed420243-2df7-46a3-89e0-f807373b8885/overview, https://hybrid-analysis.com/sample/e81eb1d6abbf1818869d857b2dba4b432cfdb69d11d02336946c229f252e8f03/68c6de4c44d253a54b0e2076, https://urlquery.net/report/b68eb048-4eca-43f6-8f8e-f58064296d03, https://urldna.io/scan/68c6e2653b7750000ab1b015, https://www.virustotal.com/graph/embed/ge6af493614484a64b8f6778d729f95faeb8d09db49ea4e8da0a3e1e5d6497ca4?theme=dark, http://[email protected], [email protected], https//mscz.pl, http//mscz.pl, Kontakt – MSCZ Pruszków.html, https://www.virustotal.com/graph/embed/g69422d071856425cb7ef01a90232cae9aef9af2362ad45db8fc83caabe618606?theme=dark, https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13/iocs, https://urlquery.net/report/54993e5a-9b3f-4eef-a219-6ed529b4ea66, https://www.filescan.io/uploads/6775f8d1108e6fdea94ba637/reports/ba88f2c2-96e9-4106-9b93-4f7fa7f1519a/overview, https://malpedia.caad.fkie.fraunhofer.de/details/win.tofsee, https://www.virustotal.com/gui/collection/malpedia_win_tofsee/summary, https://viz.greynoise.io/analysis/ade7d4f8-0bf7-4582-9a91-f7b26c0bb9f7, https://rcmp[.]ca/en/alberta, https://www.virustotal.com/gui/collection/22cbfd4f1a868301f4f66c5914ab66d63695118f829e90ede0c8450876d4dd13, https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a/67e0baae85aff10b880edd20, https://www.hybrid-analysis.com/sample/32fee8f77b43f62e89c2156fd15a6fa350beff81429a6bc7984c0e54fe608f2a, https://forward.ro/, https://vtbehaviour.commondatastorage.googleapis.com/db4e2e018a3e7f1227d7ee73590290cbd2c5f85083d7d2cd2bfbfce2d86bc85b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1757802136&Signature=ZMB94nTTqlBqbckg%2Bto3APyffn72wQ8c%2BtAJCCTNE3HE7lF3WYAXyjdMPB0xKY6TVdQIXYiGj6C8cK925JJttjjW91Be%2BG5oJQ2Tkmou66cPgSgOdOAQEKXq2RNXSvvZUTKgJSbxJritEPsUDcE%2FOZrDG1fY%2FtVq7cxQdLdhKacpB%2FiFLNzlcCWDCLJtwGhyRwoESchlxvvy%2Bazy40CNs35Eiw1rci3tBqQS97F7mBV1GnSrz%2FFZKh, http://clients2.google.com/time/1/current?cup2key=8:ZnsjfqkCHZe8ziQKNl-PZVHX2EXyFv9m6Q0Dnd_a_t8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, Colorado corruption will be exposed one day., Discovery of targets pirated music led to her website down the next day! After 9 years?, These greedy people & government grifters steal money from victims, including life insurance policies, Stop following targets relatives everywhere , associates. Stop circling former residence.., Targets mother passed in 2014. So much malicious activity obituary had to be taken down when hackers put target in obituary, Targets mother died in her bed in Castke Rock, Douglasc County, Colorado, Moms body moved by Douglas County to Jefferson County after cause of death ruled natural causes., Jefferson County, Coroner falsely states Mom died in car accident in Lakewood on death certificate ., This information was brought to target by concerned entities who handled body., Off subject: Don’t try to kill Tucker Carlson for asking valid questions about an apparent murder Sam., First they discredit you, wear you down mentally , hunt you down , then….They have to deal with God., Sorry! I can’t help being upset about the unfairness of this constant cruel harassment., Jeffrey Scott Reiner was considered a skilled predator by Bryan Counts MD. He later attacked target., https://hybrid-analysis.com/sample/2a7c54ca17738297776342dc3a5bd4578aaba6e56bb6078fd9c55b723797869f/68c052f2bd461078ea003af4, https://hybrid-analysis.com/sample/2a7c54ca17738297776342dc3a5bd4578aaba6e56bb6078fd9c55b723797869f, https://open.alberta.ca/opendata, https://www.filescan.io/uploads/68c05809cfa59bfdc7f5ef69/reports/3b15b8c9-551f-423d-8d61-ba70b5f6b9c6/overview, https://app.threat.zone/submission/8cdb3972-c669-4f91-b733-a8938b91793e/url-analysis-report, https://www.virustotal.com/gui/url/70d2a79628f43ebec3807522dcc429f6799f1cd1cd2734e5f721a6887245fc62, https://urlscan.io/result/01992f35-a2b8-75bf-a8c3-dec4444781a0/, http://www.isap.sejm.gov.pl/, isip.sejm.gov.pl, isap.sejm.gov.pl, http://remote.edikamin.com/, http://flat.trafficadvance.net/AccessMySOL.IVRMobileEntra?D=10927&C=7&MP=41%7C, http://deposito.hostance.net/dialer/, Found in Alt YouTube = Titled ‘watch’ | Infected System uploads to YT, Domains Contacted:Wealthy2019.com.strangled.net • wealth.warzonedns.com • wealthyme.ddns.net, DYNAMIC_DNS Query to a *.strangled .net Domain 192.168.122.91 1.1.1.1 • DNS Query to DynDNS Domain *.ddns .net, Observed DNS Query to a *.warzonedns .com domain - Likely Hostile 192.168.122.91 1.1.1.1, simswap.in (possible Mirai or relationship to), https://www.virustotal.com/graph/embed/ga070fb8bbaee47c7a44b6fb7f2ee3f5c61939f5faeba4e19acde6413bdba6b14?theme=dark, https://www.virustotal.com/gui/collection/649e51cc1ed2151973a50c0d90f5d032dc30ab66616e31e2f81586aa8a6536cc/iocs, https://www.filescan.io/uploads/680935bc218c4a98adde2eb8/reports/7284eb6f-a9de-48e2-9c34-77e4192e32bf/overview, https://www.hybrid-analysis.com/sample/d662eb398df37fa65b74da50473e646c88cd28a33a95f0fd98143659653d90c2/68093c46ad9c95b8e707afd6, https://www.virustotal.com/gui/collection/649e51cc1ed2151973a50c0d90f5d032dc30ab66616e31e2f81586aa8a6536cc, https://www.hybrid-analysis.com/sample/d662eb398df37fa65b74da50473e646c88cd28a33a95f0fd98143659653d90c2, https://www.hybrid-analysis.com/sample/ee6070bdbddb747669c43acfe123d63f2e3ca75d3f3271fe8b73c921cefeb518/68222b11c71dd3f1e703fe55, https://www.hybrid-analysis.com/sample/ee6070bdbddb747669c43acfe123d63f2e3ca75d3f3271fe8b73c921cefeb518 - Malicious 78/100, https://www.filescan.io/uploads/68222b420b64e174c4236a93/reports/e2eaa5ad-b2cd-462f-a7cf-612b7a0b5cd0/ioc, AvastBrowserUpdate.exe, update.avastbrowser.com, icarus.exe, honzik.avcdn.net, branding.avast.com, 172.66.175.47, C:\Windows\system32\drivers\asw489b6244737c3046.tmp, \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswbIDSAgent\ImagePath = "\"C:\\Program Files\\Avast Software\\Avast\\aswidsagent.exe\"", \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus\ImagePath = "\"C:\\Program Files\\Avast Software\\Avast\\AvastSvc.exe\" /runassvc", \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000000000, \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000, \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion, \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{7C4966F0-D502-412D-A636-ACCC39A24BB2}, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\Common, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{2243A056-84B3-4327-8E46-5FE41F72EE91}, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\Languages, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{D93EF81A-B92F-27FE-AF54-9278EA8BF910}, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{CC13CA7D-229B-4D0A-8D27-E26129CDDF10}, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{A9682249-08E7-4BBF-B870-EFBC63AA2888}, \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings\{93876F24-B4F5-4DBC-97B9-762CD8066719}, C:\Windows\system32\aswBoot.exe, https://tria.ge/250717-z7b8kssly4, https://tria.ge/250717-zt5yqsbp8z/behavioral1, https://tria.ge/250715-xd58fsysc1, https://tria.ge/250717-zt5yqsbp8z, https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-0803, https://hackread.com/fake-antivirus-sites-malware-avast-malwarebytes-bitdefender/, https://levelblue.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you, https://tria.ge/250426-d7g8yassfv/behavioral1, https://any.run/report/b206d141d10bfc17040dd7feb70d0a35267aee0f8493b6406c502104d9a8a546/1a03b630-06fa-4c33-959c-50a307fade7a, https://hybrid-analysis.com/sample/aa15fe9c07f104c8373ce3844140ce06834c0201eacfb9e55a6d8b7cbf430bff/67d32a44606a9ad5f804d20a, https://www.malwareurl.com/listing.php?domain=150.171.27.11, https://tria.ge/250516-kbx3vazvev/behavioral1, https://tria.ge/250516-l2w4xaem2y/behavioral2, https://outbound.tiiny.site, https://www.virustotal.com/graph/embed/gf3de459eb283404e9f258937b8f0dbf20d5a18c113f44cd6ba094af9d302c918?theme=dark, https://report.netcraft.com/submission/wSKHZprZCkFd2jVQe8GsiNIWYjitfPrZ?tab=urls - Reported to Netcraft 07.23.25, https://www.hybrid-analysis.com/sample/2df0978d569e55b6c2176959734d9a6a776eab8c11e2742d7b0cde7a7fb72011/68422003376961f119095141, https://metadefender.com/results/url/aHR0cHM6Ly9naXRodWIuY29tL0NvY29hUG9kcw==, https://www.filescan.io/uploads/68421f7dfd02ed5e059acb43/reports/6eb07c34-b325-4107-8652-fe9503ca076e/overview, https://www.virustotal.com/gui/file/9054fc526befddddb30e9df6dade3c405327951f2cd2add9cb27effd4e64ebc7?nocache=1, https://urlquery.net/report/ae80c540-8c9b-48e4-a6e1-b18cb4426dbf, https://otx.alienvault.com/indicator/domain/stcigroup.com, https://www.filescan.io/uploads/67d9a1b50a7899f3579c2e15/reports/e94f370c-9b21-4fc7-be6d-a23f17a236a0/ioc, https://hybrid-analysis.com/sample/225749540c7c585ae4567062cfb85980f0966cc3386540b5259471b8e2e5315e, https://www.virustotal.com/gui/domain/ssl.com/details, https://hybrid-analysis.com/sample/225749540c7c585ae4567062cfb85980f0966cc3386540b5259471b8e2e5315e/67d9a21c369b542db10921d1, https://www.virustotal.com/graph/embed/ga5becca9d0964040a5408d2de66d37952e5d92e7a3694941a8d11cc8bbf1fc94?theme=dark, https://www.virustotal.com/gui/collection/9ba080a708abedd7a118bdc24ce5cf5d842d87a86b89b9cc2191afe0f0d4231c, https://www.virustotal.com/gui/collection/9ba080a708abedd7a118bdc24ce5cf5d842d87a86b89b9cc2191afe0f0d4231c/iocs, https://www.virustotal.com/gui/collection/9ba080a708abedd7a118bdc24ce5cf5d842d87a86b89b9cc2191afe0f0d4231c/summary, https://metadefender.com/results/url/aHR0cDovL3NzbC5jb20=, https://pastebin.com/yYxyUWra - 03.18.25 = Paste to CERT Related Pulses/References, https://www.virustotal.com/graph/embed/ga5becca9d0964040a5408d2de66d37952e5d92e7a3694941a8d11cc8bbf1fc94?theme=dark - 04.09.25

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen today
Appeared in 5 threat reports