fraudulent ip

About this tag
Discussions tagged with 'fraudulent ip' on WindowsForum.com focus on identifying and analyzing suspicious IP addresses that may indicate unauthorized access attempts, particularly in enterprise environments like Microsoft Exchange servers. Users share logs showing successful logins (event ID 4624) from external IPs, often flagged by security tools such as QRadar. A recurring theme is IPs registered to Microsoft Corporation datacenters that receive high fraud scores from services like IPQualityScore, raising questions about false positives versus genuine threats. The tag covers troubleshooting steps, log analysis, and best practices for distinguishing legitimate Microsoft traffic from potentially malicious connections.
  1. K

    Fraudulent IP connections to my exchange server? False positive or?

    Hello dear friends. I wanted to ask you about some logs that from my exchange server which i catch with qradar. They are all with qid: 5000830 or eventid:4624 which is a successful login to a server or anything. I use a rule which tells me if someone logs in to the exchange server from an...
Back
Top