1,923 questions
We have outgoing traffic from an IP address belonging to Microsoft with a bad reputation "13.107.4.50", is it malicious?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 98%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Misael Enriquez Viramontes
0
Reputation points
Hello everyone, we regularly ingest indicators of compromise into our threat protection systems from different intelligence sources. We noticed that there is an IP address belonging to Microsoft/Azure "13.107.4.50", which according to these sources belongs to the "BlackByte" threat. We have been investigating on some sites where they describe that this address belongs to Microsoft update services, however in other cases they mention that it is known as a malware spreader. Has anyone dealt with this case? Could you help us with the verdict to know if we have to block or allow this IP? Thanks and regards!
Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
Sign in to answer