Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects delivered inbound emails with URLs that use a raw IPv4 address as the domain. This pattern often indicates phishing or malware delivery designed to evade domain-based reputation checks.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | 6492c4ea-5e56-4ceb-9974-3c0c39cb4d71 |
| Tactics | InitialAccess |
| Techniques | T1566, T1566.002 |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Email%20and%20Collaboration%20Queries/Phish/IP-as-URL-Domain-Detection.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊