Tag Archives: IP Address

Sophos, Uncategorized

Sophos Services FQDN and IP Address List

Leave a comment

This list includes some of the FQDNs and IP Addresses used by Sophos Services, this may be useful for identifying outgoing traffic and creating web filtering exceptions.

*.cloudfront.net
*.ctr.sophos.com
*.hydra.sophos.com
*.sophos.com
*.sophosupd.com
*.sophosupd.net
*.sophosxl.net
108.128.21.191
108.128.75.57
176.34.202.39
18.200.140.39
18.200.233.166
18.200.76.187
18.201.4.220
23.56.184.93
3.248.161.254
3.248.236.19
3.248.239.225
34.240.132.250
34.240.132.63
34.240.70.198
34.240.87.136
34.241.47.153
34.242.175.229
34.242.189.0
34.242.190.168
34.243.109.72
34.243.155.26
34.243.46.159
34.246.1.161
34.246.93.20
34.247.133.51
34.247.19.150
34.248.0.181
34.249.116.122
34.249.16.38
34.249.213.108
34.249.56.234
34.249.75.71
34.250.177.130
34.250.201.204
34.250.232.147
34.251.0.214
34.251.206.176
34.252.99.77
34.253.34.19
34.254.24.5
4.sophosxl.net
46.137.119.69
46.51.205.49
52.16.156.95
52.16.224.248
52.18.132.38
52.18.142.239
52.18.201.121
52.19.111.54
52.19.130.35
52.19.133.193
52.208.138.248
52.208.151.187
52.208.47.80
52.208.61.137
52.209.113.230
52.209.174.16
52.209.74.179
52.211.118.19
52.211.181.255
52.211.215.132
52.211.33.11
52.211.40.77
52.212.179.152
52.212.19.181
52.212.243.39
52.212.80.79
52.213.185.15
52.213.222.108
52.213.224.21
52.213.227.181
52.213.81.142
52.214.122.237
52.214.193.2
52.215.191.67
52.31.157.236
52.48.158.77
52.48.251.68
52.49.52.52
52.49.55.251
52.51.136.43
52.51.19.238
54.154.78.113
54.155.110.171
54.155.150.168
54.155.54.127
54.171.179.249
54.171.2.113
54.171.211.242
54.171.39.210
54.171.82.87
54.194.136.103
54.194.149.107
54.194.158.193
54.194.23.13
54.194.31.233
54.216.250.187
54.220.121.131
54.228.154.173
54.229.182.239
54.229.193.103
54.229.26.205
54.229.29.253
54.246.206.153
54.246.225.42
54.73.159.85
54.73.59.214
54.75.131.11
54.76.53.13
54.77.101.166
54.77.103.108
54.77.109.237
54.77.183.40
54.77.190.39
54.78.168.73
54.78.85.182
63.32.154.88
63.32.247.92
63.34.49.237
63.35.134.40
99.81.41.145
99.81.95.11
amazonaws.com
api.stn100yul.ctr.sophos.com
api-cloudstation-us-east-2.prod.hydra.sophos.com
az416426.vo.msecnd.net
central.sophos.com
cloud.sophos.com
cloud-assets.sophos.com
d1.sophosupd.com
d1.sophosupd.net
d2.sophosupd.com
d2.sophosupd.net
d3.sophosupd.com
d3.sophosupd.net
dc.services.visualstudio.com
dci.sophosupd.com
dci.sophosupd.net
downloads.sophos.com
dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com
dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com
http.00.a.sophosxl.net
http.00.s.sophosxl.net
id.sophos.com
mcs.stn100hnd.ctr.sophos.com
mcs.stn100syd.ctr.sophos.com
mcs.stn100yul.ctr.sophos.com
mcs2.stn100hnd.ctr.sophos.com
mcs2.stn100syd.ctr.sophos.com
mcs2.stn100yul.ctr.sophos.com
mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com
mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
mcs2-cloudstation-us-west-2.prod.hydra.sophos.com
mcs-cloudstation-eu-central-1.prod.hydra.sophos.com
mcs-cloudstation-eu-west-1.prod.hydra.sophos.com
mcs-cloudstation-us-east-2.prod.hydra.sophos.com
mcs-cloudstation-us-west-2.prod.hydra.sophos.com
samples.sophosxl.net
sdds3.sophosupd.com
sdds3.sophosupd.net
sdu-feedback.sophos.com
sophos.com
sophosupd.com
sophosxl.net
ssp.feedback.sophos.com
sus.sophosupd.com
sus.sophosupd.net
t1.sophosupd.com
Microsoft, Windows

Microsoft Services FQDN and IP Address List

Leave a comment

This list includes some of the FQDNs and IP Addresses used by Microsoft Services, this may be useful for identifying outgoing traffic and creating web filtering exceptions.

*.aadrm.com
*.acompli.net
*.adl.windows.com
*.appex.bing.com
*.appex-rf.msn.com
*.aria.microsoft.com
*.azure-apim.net
*.azureedge.net
*.azurerms.com
*.blob.core.windows.net
*.broadcast.skype.com
*.cdn.office.net
*.cloudapp.net
*.compliance.microsoft.com
*.config.office.net
*.events.data.microsoft.com
*.flow.microsoft.com
*.helpshift.com
*.hip.live.com
*.hockeyapp.net
*.informationprotection.azure.com
*.itunes.apple.com
*.keydelivery.mediaservices.windows.net
*.localytics.com
*.lync.com
*.manage.microsoft.com
*.manage.office.com
*.media.azure.net
*.microsoft.com
*.microsoftonline.com
*.microsoftonline-p.com
*.microsoftstream.com
*.microsoftusercontent.com
*.msauth.net
*.msauthimages.net
*.msecnd.net
*.msedge.net
*.msftauth.net
*.msftauthimages.net
*.msftidentity.com
*.msidentity.com
*.msocdn.com
*.mstea.ms
*.o365weve.com
*.office.com
*.office.net
*.office365.com
*.officeapps.live.com
*.onenote.com
*.online.office.com
*.onmicrosoft.com
*.outlook.com
*.outlookmobile.com
*.portal.cloudappsecurity.com
*.powerapps.com
*.protection.office.com
*.protection.outlook.com
*.secure.skypeassets.com
*.security.microsoft.com
*.sfbassets.com
*.sharepointonline.com
*.skype.com
*.skypeforbusiness.com
*.staffhub.office.com
*.streaming.mediaservices.windows.net
*.teams.microsoft.com
*.tenor.com
*.urlp.sfbassets.com
*.users.storage.live.com
*.virtualearth.net
104.208.16.88
104.208.16.89
104.208.16.90
104.208.16.94
104.46.162.224
104.46.162.226
104.47.0.0/17
104.82.250.212
104.86.110.136
104.86.110.153
104.86.110.155
104.86.110.170
104.86.110.171
104.86.110.186
104.86.110.233
104.86.110.250
104.86.111.10
104.86.111.147
104.86.111.48
13.107.128.0/22
13.107.136.9
13.107.140.6/32
13.107.18.10/31
13.107.18.15/32
13.107.22.200
13.107.22.239
13.107.5.80
13.107.6.152/31
13.107.6.171/32
13.107.64.0/18
13.107.9.158
13.69.109.130
13.69.116.104
13.69.239.74
13.71.55.58
13.78.111.198
13.78.111.199
13.85.23.206
13.89.178.26
13.89.178.27
13.89.179.10
13.89.179.12
13.89.179.8
13.89.179.9
131.253.33.200
131.253.33.215/32
131.253.33.239
132.245.0.0/16
150.171.32.0/22
184.31.15.195
2.18.66.224
2.18.66.241
2.20.38.10
2.21.202.71
2.tlu.dl.delivery.mp.microsoft.com
20.106.86.13
20.119.174.243
20.123.141.233
20.126.21.36
20.140.147.201
20.166.126.56
20.166.2.191
20.189.173.1
20.189.173.11
20.189.173.12
20.189.173.13
20.189.173.14
20.189.173.15
20.189.173.20
20.189.173.22
20.189.173.3
20.189.173.4
20.189.173.5
20.189.173.6
20.189.173.7
20.189.173.9
20.190.128.0/18
20.231.213.110
20.254.138.227
20.254.144.98
20.42.65.84
20.42.65.85
20.42.65.89
20.42.65.90
20.42.65.92
20.42.72.131
20.42.73.24
20.42.73.25
20.42.73.26
20.42.73.27
20.44.10.123
20.44.239.154
20.49.150.241
20.50.201.195
20.50.201.200
20.50.201.201
20.50.73.10
20.50.73.11
20.50.73.9
20.50.80.209
20.50.80.210
20.54.103.203
20.58.112.2
20.72.205.209
20.73.59.29
20.90.202.62
20.90.205.241
204.79.197.215/32
209.197.3.8
23.103.160.0/20
23.214.150.57
23.215.181.185
23.56.184.209
23.97.153.169
2603:1006::/40
2603:1006:1400::/40
2603:1006:2000::/48
2603:1007:200::/48
2603:1016::/36
2603:1016:1400::/48
2603:1016:2400::/40
2603:1017::/48
2603:1026::/36
2603:1026:2400::/40
2603:1026:3000::/48
2603:1027::/48
2603:1027:1::/48
2603:1036::/36
2603:1036:2400::/40
2603:1036:3000::/48
2603:1037::/48
2603:1037:1::/48
2603:1046::/36
2603:1046:1400::/40
2603:1046:2000::/48
2603:1047::/48
2603:1047:1::/48
2603:1056::/36
2603:1056:1400::/40
2603:1056:2000::/48
2603:1057::/48
2603:1057:2::/48
2603:1096::/38
2603:1096:400::/40
2603:1096:600::/40
2603:1096:a00::/39
2603:1096:c00::/40
2603:10a6:200::/40
2603:10a6:400::/40
2603:10a6:600::/40
2603:10a6:800::/40
2603:10d6:200::/40
2620:1ec:40::/42
2620:1ec:6::/48
2620:1ec:8f0::/46
2620:1ec:900::/46
2a01:111:200a:a::/64
2a01:111:2035:8::/64
2a01:111:f400::/48
2a01:111:f403::/48
2a01:111:f406:1::/64
2a01:111:f406:1004::/64
2a01:111:f406:1805::/64
2a01:111:f406:3404::/64
2a01:111:f406:8000::/64
2a01:111:f406:8801::/64
2a01:111:f406:a003::/64
2a01:111:f406:c00::/64
3.tlu.dl.delivery.mp.microsoft.com
40.104.0.0/15
40.107.0.0/16
40.119.249.228
40.125.120.53
40.125.122.151
40.126.0.0/18
40.127.169.103
40.127.240.158
40.68.123.157
40.74.108.123
40.74.98.192
40.74.98.193
40.74.98.194
40.74.98.195
40.77.2.164
40.79.141.153
40.79.141.154
40.79.189.58
40.79.189.59
40.79.197.35
40.92.0.0/15
40.96.0.0/13
40.99.205.114
51.104.136.2
51.104.15.252
51.104.167.48
51.105.71.136
51.11.122.226
51.11.168.232
51.11.192.49
51.124.23.43
51.132.193.105
51.137.182.175
51.137.183.100
52.100.0.0/14
52.108.0.0/14
52.112.0.0/14
52.113.194.132
52.114.76.233
52.120.0.0/14
52.137.102.105
52.137.106.217
52.140.118.28
52.152.110.14
52.161.30.69
52.167.17.97
52.167.249.196
52.168.112.67
52.168.117.170
52.178.17.2
52.178.17.3
52.182.141.63
52.182.143.208
52.182.143.210
52.182.143.211
52.183.220.149
52.184.216.174
52.185.211.133
52.191.219.104
52.238.106.116/32
52.238.119.141/32
52.238.78.88/32
52.244.160.207/32
52.244.203.72/32
52.244.207.172/32
52.244.223.198/32
52.244.37.168/32
52.247.150.191/32
52.254.114.65
52.96.0.0/14
52.97.129.242
52.97.208.18
52.97.211.114
52.97.212.82
52.97.241.178
65.55.44.109
8.238.7.254
8.238.9.254
8.250.5.254
87.248.204.0
88.221.134.64
88.221.135.81
88.221.135.90
92.122.149.175
92.122.150.71
92.122.154.63
92.122.154.80
92.123.128.135
92.123.128.143
92.123.128.185
92.123.128.188
92.123.140.43
95.101.143.17
95.101.143.227
96.17.178.173
96.17.178.180
a.clarity.ms
a.config.skype.com
account.activedirectory.windowsazure.com
account.live.com
account.office.net
accounts.accesscontrol.windows.net
acdc-direct.office.com
activation.sls.microsoft.com
activity.windows.com
admin.microsoft.com
adminwebservice.microsoftonline.com
agave.myanalytics.cdn.office.net
ajax.aspnetcdn.com
aka.ms
amp.azure.net
apc.delve.office.com
api.cdp.microsoft.com
api.diagnostics.office.com
api.office.com
api.passwordreset.microsoftonline.com
apibasic.diagnostics.office.com
apis.live.net
appsforoffice.microsoft.com
array501.prod.do.dsp.mp.microsoft.com
array502.prod.do.dsp.mp.microsoft.com
array505.prod.do.dsp.mp.microsoft.com
array507.prod.do.dsp.mp.microsoft.com
array508.prod.do.dsp.mp.microsoft.com
array511.prod.do.dsp.mp.microsoft.com
array512.prod.do.dsp.mp.microsoft.com
array513.prod.do.dsp.mp.microsoft.com
array603.prod.do.dsp.mp.microsoft.com
array604.prod.do.dsp.mp.microsoft.com
array605.prod.do.dsp.mp.microsoft.com
array609.prod.do.dsp.mp.microsoft.com
array611.prod.do.dsp.mp.microsoft.com
ars.smartscreen.microsoft.com
assets.onestore.ms
atm-fp-direct.office.com
attachments.office.net
augloop.office.com
aus.delve.office.com
auth.gfx.ms
autodiscover.outlook.com
autodiscover-s.outlook.com
autologon.microsoftazuread-sso.com
az416426.vo.msecnd.net
az826701.vo.msecnd.net
becws.microsoftonline.com
bing.com
broadcast.skype.com
browser.events.data.microsoft.com
browser.events.data.msn.com
browser.pipe.aria.microsoft.com
business.bing.com
c.bing.com
c.bing.net
c.live.com
c1.microsoft.com
can.delve.office.com
cdn.odc.officeapps.live.com
cdn.onenote.net
cdn.uci.officeapps.live.com
cdnprod.myanalytics.microsoft.com
checkappexec.microsoft.com
cl2.apple.com
client.wns.windows.com
clientconfig.microsoftonline-p.net
clients.config.office.net
cloudcheckenabler.azurewebsites.net
companymanager.microsoftonline.com
compass-ssl.microsoft.com
compliance.microsoft.com
config.edge.skype.com
config.office.com
connect.facebook.net
contentstorage.osi.office.net
cp501-prod.do.dsp.mp.microsoft.com
cp601-prod.do.dsp.mp.microsoft.com
crl.microsoft.com
ctldl.windowsupdate.com
cxcs.microsoft.net
d.docs.live.net
dc.services.visualstudio.com
delve.office.com
delve-gcc.office.com
device.login.microsoftonline.com
dgps.support.microsoft.com
directory.services.live.com
disc501.prod.do.dsp.mp.microsoft.com
disc601.prod.do.dsp.mp.microsoft.com
dmd.metaservices.microsoft.com
docs.live.net
docs.microsoft.com
eas.outlook.com
ecn.dev.virtualearth.net
ecs.office.com
edge.activity.windows.com
edge.microsoft.com
edge-enterprise.activity.windows.com
edgeservices.bing.com
enterprise-eudb.activity.windows.com
enterpriseregistration.windows.net
eu-office.events.data.microsoft.com
eur.delve.office.com
eu-teams.events.data.microsoft.com
excelbingmap.firstpartyapps.oaspapps.com
excelcs.officeapps.live.com
exo.nel.measure.office.net
fe2cr.update.microsoft.com
fe3cr.delivery.mp.microsoft.com
firstpartyapps.oaspapps.com
forms.office.com
fp-afd.azurefd.us
francecentral-prod.notifications.teams.microsoft.com
fs.microsoft.com
functional.events.data.microsoft.com
gbr.delve.office.com
geo.prod.do.dsp.mp.microsoft.com
go.microsoft.com
graph.microsoft.com
graph.windows.net
home.office.com
i.s-microsoft.com
ic3.events.data.microsoft.com
ieonlinews.microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
in.applicationinsights.azure.com
ind.delve.office.com
informationprotection.hosting.portal.azure.net
insertmedia.bing.office.net
jpn.delve.office.com
kor.delve.office.com
kv501.prod.do.dsp.mp.microsoft.com
kv601.prod.do.dsp.mp.microsoft.com
lam.delve.office.com
licensing.md.mp.microsoft.com
licensing.mp.microsoft.com
livetileedge.dsx.mp.microsoft.com
login.live.com
login.microsoft.com
login.microsoftonline.com
login.microsoftonline-p.com
login.windows.net
login.windows-ppe.net
logincert.microsoftonline.com
loginex.microsoftonline.com
login-us.microsoftonline.com
loki.delve.office.com
manage.office.com
management.azure.com
mem.gfx.ms
messaging.office.com
mlccdn.blob.core.windows.net
mlccdnprod.azureedge.net
mscrl.microsoft.com
msdn.microsoft.com
msedge.api.cdp.microsoft.com
msedge.b.tlu.dl.delivery.mp.microsoft.com
msgapi.teams.microsoft.com
myanalytics.microsoft.com
myanalytics-gcc.microsoft.com
nam.delve.office.com
nexus.microsoftonline-p.com
nexusrules.officeapps.live.com
nleditor.osi.office.net
nps.onyx.azure.net
o15.officeredir.microsoft.com
o365diagtelemetry.trafficmanager.net
ocos-office365-s2s.msedge.net
ocps.manage.microsoft.com
ocsredir.officeapps.live.com
odc.officeapps.live.com
odcsm.officeapps.live.com
offcatedge.azureedge.net
office.live.com
office15client.microsoft.com
officeapps.live.com
officecdn.microsoft.com
officecdn.microsoft.com.edgesuite.net
officeclient.microsoft.com
officeimg.vo.msecnd.net
officepreviewredir.microsoft.com
officeredir.microsoft.com
oneclient.sfx.ms
onedriveclubproddm20043.blob.core.windows.net
outlook.office.com
outlook.office365.com
outlook.uservoice.com
outlookdiagnostics.azureedge.net
partnerservices.getmicrosoftkey.com
passwordreset.microsoftonline.com
peoplegraph.firstpartyapps.oaspapps.com
platform.linkedin.com
policykeyservice.dc.ad.msft.net
portal.microsoftonline.com
portal.office.com
pptcs.officeapps.live.com
presence.teams.microsoft.com
prod.firstpartyapps.oaspapps.com.akadns.net
prod.msocdn.com
products.office.com
protection.office.com
provisioningapi.microsoftonline.com
r.bing.com
r.clarity.ms
r.office.microsoft.com
r1.res.office365.com
r3.res.office365.com
r3.res.outlook.com
r4.res.office365.com
res.delve.office.com
roaming.officeapps.live.com
sara.api.support.microsoft.com
searchhighlights.bing.com
secure.aadcdn.microsoftonline-p.com
securescore.office.com
security.microsoft.com
self.events.data.microsoft.com
services.bingapis.com
settings-win.data.microsoft.com
sfdataservice.microsoft.com
sfgbr.loki.delve.office.com
shellprod.msocdn.com
shredder-eu.osi.office.net
signup.live.com
slscr.update.microsoft.com
smartscreen.microsoft.com
smartscreen-prod.microsoft.com
staffhub.ms
staffhub.office.com
staffhub.uservoice.com
stamp2.login.microsoftonline.com
statics.teams.cdn.office.net
storage.live.com
store.office.com
storecatalogrevocation.storequality.microsoft.com
substrate.office.com
suite.office.net
support.content.office.net
support.microsoft.com
support.office.com
tasks.office.com
tasks.teams.microsoft.com
teams.events.data.microsoft.com
teams.microsoft.com
technet.microsoft.com
telemetryservice.firstpartyapps.oaspapps.com
tellmeservice.osi.office.net
templates.office.com
templateservice.office.com
th.bing.com
trouter2-azsc-euno-4-b.trouter.teams.microsoft.com
tse1.mm.bing.net
tsfe.trafficshaping.dsp.mp.microsoft.com
uci.cdn.office.net
uci.officeapps.live.com
uk.ng.msg.teams.microsoft.com
uk-api.asm.skype.com
ukc-excel.officeapps.live.com
uk-prod.asyncgw.teams.microsoft.com
upload.fp.measure.office.com
v10.events.data.microsoft.com
v10.vortex-win.data.microsoft.com
videocontent.osi.office.net
videoplayercdn.osi.office.net
view.atdmt.com
vortex.data.microsoft.com
watson.events.data.microsoft.com
webshell.suite.office.com
wikipedia.firstpartyapps.oaspapps.com
wordcs.officeapps.live.com
workplaceanalytics.cdn.office.net
workplaceanalytics.office.com
world.ces.microsoftcloud.com
wus-firstpartyapps.oaspapps.com
www.bing.com
www.microsoft.com
www.office.com
www.onedrive.com
www.outlook.com
Uncategorized

How to report Brute Force Attacks

Leave a comment

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

AbuseIPDB allows you to easily check the report history of any IP Address where Brute Force Attacks are originating from, you can also register for free to report abusive IP addresses

https://www.abuseipdb.com/