DomainMediumSignal 86/100

`server.microsoftsvc.com`

Location

Taiwan, Province of China

First Seen

Sep 11, 2024

Last Seen

Jun 19, 2026

Sep 11

First Seen

646d ago

Jun 19

Last Seen

today

Reports

source reports

86%

Confidence

medium

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

86%

Signal Score

86 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

135 techniques

Feed Intelligence Summary

11 reports86% confidence

Source reports

86%

Confidence score

Category tags

abuseaccount brute forceaccount enumerationack scanactive scanningaerospace & defenseanti-analysis techniquesapplication layer protocolasiaattackauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication bypassautomotive manufacturingaws identitybackdoorbotnetbrute forcebrute force attackbrute force attacksbrute force attemptscentercertcivil servicesclientendpoint.dll mainclntendclntend backdoorcommandcommand and controlcommand executioncommunication protocolcompromised credentialsconceptcredential accesscredential attackcredential brute forcecredential brute forcingcredential dumpingcredential harvestingcredential stuffingcredential theftcustom backdoorcustom malwarecxclntcxclnt backdoordata encryptiondata enumerationdata exfiltrationdata theftdatabase securitydefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedigiwindigiwin erp targetdistributed attacksdll injectiondnsdownstream attacksdrone industryearth ammitelectronic health recordselectronics manufacturingenumerationenumeration activityexample codeexception handlingexploitationexploitation attemptexploitation attemptsextortionfailed login attemptsfalsefiber technologyfiber-basedfiber-based evasionfiber-based network intrusionfinfin scanftpftp brute forcegovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemsheavy industryhospital managementhttphttp brute forcehttp communicationhttp scannerhttpshttps communicationimapimap brute forceindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfostealeringress tool transferinitial accessinjection attacksintrusion detectioninvalid login attemptsiocit infrastructurekimsukylambdalateral movementlogin attacklogin attemptlogin attemptslogin brute forcemalicious activitymalicious loadersmalicious powershell activitymalicious softwaremalwaremalware implantmanufacturing technologymasscanmediamedical servicesmicrosoft wordmilitary industrymilitary operationsmilitary sectornational securitynetworknetwork activitynetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmap scannorth americantdllntds credentialsnull scanopen-source toolsparagonpassword attackpassword attackspassword sprayingpatient carephishingphishing attackpop3 brute forcepossible credential stuffingpossible malicious activitypossible reconnaissancepotential botnet activitypotential compromisepotential intrusionprocess dumpingprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policypythonqilinqilin ransomwarequality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessremote access attemptsremote servicesresearchedscannerscanning activityscreencap malwarescripting attackssecurity operationsself-signedservice discoveryservice enumerationservice exploitation attemptshellsmb brute forcesmb scanningsmtpsmtp brute forcesmtp enumerationsocial engineeringsoftware developmentsoftware service providerssouth koreassh attacksupply chain attacksupply chain injectionsupply chain managementsuspected compromisesuspected intrusion attemptsynsyn scansyn scanningsystem accesssystem disruptiont1003t1003.001t1003.003t1005t1012t1016t1018t1021t1021.001t1021.002t1021.003t1021.006t1027t1027.002t1027.003t1027.007t1033t1036t1036.005t1036.007t1040t1041t1046t1047t1048t1048.003t1049t1053t1053.005t1055t1055.001t1055.002t1055.004t1056t1057t1059t1059.001t1059.003t1059.004t1065t1068t1070t1071t1071.001t1071.004t1076t1077t1078t1082t1083t1086t1087t1090t1090.001t1090.002t1095t1102t1104t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1114t1115t1129t1132t1133t1136t1140t1187t1189t1190t1195t1195.002t1199t1204t1204.002t1213t1218t1486t1489t1490t1496t1497t1499.001t1499.002t1499.003t1503t1539t1543t1547t1547.001t1553t1555t1560t1562t1562.001t1563t1564t1564.001t1564.004t1565t1566t1566.001t1566.002t1566.003t1569t1570t1571t1573t1574t1574.001t1574.002t1583t1584t1585t1586t1588t1588.002t1589t1589.002t1590t1592t1592.004t1595t1595.001t1595.002t1595.003t1598t1606t1608tagstaiwantargettcp protocoltcp scantcp scanningtcp syn scantelnet threatthreat actorthreat intelligencetidrone campagintidrone campaigntrojan malwareturkeyudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesvalid accountsvenfrpcvenom campaignvenomfrpcvenomrdivextriovnc protocolweb application scanningweb shellweb trafficwebsocket communicationwinwordwinword exploitationxmasxmas scan

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **server.microsoftsvc.com** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Taiwan, Province of China. First observed on September

Threat ScoreHigh Risk

SIGNAL

Signal Score

86%

Confidence

Reports

First seenSep 11, 2024

Last seenJun 19, 2026

VirusTotal

Not checked

WHOIS

registrar: GMO Internet, Inc.
creation date: 2026-01-06T08:50:43
expiration date: 2027-01-06T08:50:43
updated date: 2026-01-06T08:50:43
name servers: NS11.VALUE-DOMAIN.COM, NS12.VALUE-DOMAIN.COM, NS13.VALUE-DOMAIN.COM
country: JP
emails: [email protected], [email protected]
org: Whois Privacy Protection Service by VALUE-DOMAIN
status: ok https://icann.org/epp#ok

`server.microsoftsvc.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey