172.64.41.3 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 172.64.41.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 39 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Aruba, Australia, Canada, China, Croatia, Denmark, Finland, France, Germany, Hong Kong, Hungary, India, Indonesia, Ireland, Italy, Japan, Poland, Singapore, Spain, Switzerland, Türkiye, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096, 443, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 73438

Tags

• 0110542
• 0 report
• 12.30.2025
• 33
• 443 ma2592000
• 443 ma86400
• 45470
• 99u25f.exe
• aaaa
• abuse contact
• accept
• accept ch
• accept encoding
• acceptencoding
• accessibility
• access windows
• active
• active related
• added active
• address
• address domain
• address range
• admin city
• admin country
• admin id
• administrator
• admin postal
• a domains
• ad temdac
• adult content
• adversaries
• a file
• age72000 path
• agent tesla
• aig
• alerts
• alexa
• alexa top
• alex karp
• algorithm
• alibaba
• alien labs
• alive thailand
• all ipv4
• allocation type
• all octoseek
• allowed date
• all scoreblue
• alltypes
• ally
• ally s
• amazon02
• amber a
• america
• america asn
• america flag
• analysis
• analysis date
• analysis ob0001
• analysis tip
• android
• and vids
• anorexx
• antivm_generic_bios
• any quality
• any quality videos
• any source
• apache
• apache x
• api key
• apple
• Apple
• apple app
• apple safari
• appointment
• appstorio
• april
• arial
• arizona
• array
• artemis
• as13335
• as139646 hong
• as14618
• as15169
• as15169 google
• as16509
• as197540
• as24940 hetzner
• as32934
• as36081 state
• as46606
• as47846
• as54113
• as7018 att
• as8068
• as autonomous
• ascii
• ascii text
• ascio
• asn15169
• asn20473
• as name
• asn as13335
• asn as24940
• asn as29522
• asn as714
• asn asnone
• asnone
• asnone country
• asnone related
• asnone united
• aspen insureds
• assigned pa
• associated urls
• Associates
• asvultr
• atlassian
• attempts
• august
• aurora
• australia
• Authorities
• authority
• authorized line
• autocad
• autodesk.com
• available
• available now
• avast avg
• av detections
• avg clamav
• aws dns
• azerbaijan asn
• b778b1
• back
• backdoor
• bad login
• bad traffic
• beginerror
• beginstring
• benefits
• bigint
• binary file
• binbusybox
• Bing
• black hat
• blacklist
• blacknet
• blacknet rat
• blocked by quad9
• blog
• blog von
• body
• body doctype
• body length
• bokeh onlycanon
• boobs130432 nov
• book
• bot
• botnet
• bounce
• brand
• brashears
• brashears porn
• brazil as28604
• brazil as396982
• brian sabey
• bricked.wtf
• browser
• browsing
• built
• bullseye
• bulz
• bundled
• business select
• busty xxx
• busybox
• BusyBox
• butt pirates
• ‘buzz’
• buzz ahmann
• c1 c0
• c1 e8
• cache
• cache control
• calling
• calls
• canada
• canada asn
• canada flag
• canada hostname
• canada unknown
• candyopen
• canvas
• cape
• cape_detected_threat
• cape_extracted_content
• capture
• carol
• cash amtincart
• catalog tree
• category
• ca validity
• ccbase
• cddad ad
• cdle
• cdn.calltrk.com
• center
• century link llc
• certificate
• cgb stgreater
• cgjerrieegaggq
• cgjjtbieggagla
• chaos
• checkin
• checks
• checks adapter
• checks system
• china unknown
• christopher ahmann
• christopher p ahmann
• christopher p. ahmann
• chrome
• ch ua
• cidr
• circle
• cisco umbrella
• ck id
• ck matrix
• ck techniques
• class
• classinfobase
• click
• close
• cloudflar
• cloudflare
• cloudfront x
• cloud provider
• cname
• cnc beacon
• cnlocalhost
• cnr12
• cnsectigo rsa
• cobalt strike
• code
• code overlap
• codeoverlap
• college guy
• ColoCrossing
• colombia asn
• colorado
• coloradoif
• colorado state
• Colorado State Fixer: Christopher P. Ahmann
• col ta0011
• comedy
• command
• command decode
• comments
• community
• community score
• company
• computer system
• comspec
• concentra
• confluence data
• contact
• contacted
• contacted hosts
• contacted urls
• contact phone
• contact us
• content
• content type
• control
• controls learn
• convagent
• cookie
• cop supply
• copy
• copy md5
• copyright
• copy sha1
• copy sha256
• core
• corruption
• country
• country code
• crack
• crash
• create
• create c
• create new
• creation date
• crlf line
• crossrider
• crowdstrike
• crowdstrike.com
• crying
• cryp
• crypto
• cryptobit
• ctsu
• current
• currently
• cus cnamazon
• cus cnr3
• custom and
• customercare
• custom malware
• cve20040791
• cve cve20178977
• cve overview
• cyber crime
• cybercrime
• cybergate
• cyber risk
• cybota
• cycbot
• czech republic
• d9e4f4
• daily
• dane json
• dapato
• dap domain
• dark
• data
• datab
• database
• data protected
• data recovery
• dataset
• data upload
• date
• date checked
• date hash
• datei
• date tue
• dclocal
• dcom
• dded active
• ddos
• dead
• death threats
• ded active
• default
• defender
• defense evasion
• delete
• delete app
• delete c
• delete service
• delphi
• denmark as32934
• denmark asn
• denmark unknown
• dennis schrder
• dennis schroder
• denver
• denver highmark
• destination
• detection list
• detections
• detections alf
• detections dns
• detections type
• developer
• development att
• diamond
• diplomatic
• directui
• disable
• discovery
• displayname
• district
• div div
• div id
• dll windows
• dns admin
• dns query
• dns requests
• dns resolutions
• dnssec
• dock
• doctors
• doctype html
• document
• domain
• domain add
• domain address
• domain admin
• domain database
• domain manager
• domain name
• domainpath name
• domain related
• domain robot
• domains
• domain status
• domain url
• domain v
• dominet
• dot tags
• dowc
• download
• drama
• drop
• dublin
• dynamic
• dynamic_content
• dynamicloader
• dyndns domain
• e1203 windows
• eb e1
• eb e8
• ebony
• ebony riding
• edf2f8
• edge
• ee fc
• egg hunt
• element
• elon musk
• email
• email add
• email domain
• emails
• embed
• emotet
• employment
• encoder
• encoding
• encrypt
• encrypted ch
• endgame
• endpoints
• endpoints all
• enigma
• enigma vladmir
• enter so
• enter soudcfidi
• enter soupce
• enter source
• entity ah36ripe
• entity type
• entries
• entries elf
• entries http
• epic games
• epss
• eregec4
• eric everest
• error
• et info
• et malware
• et policy
• et smtp
• et telnet
• eva lisa
• eva reimer
• evasion
• evasion att
• evasion b0003
• evasion ta0005
• event
• event category
• everest
• exchange
• excludea
• exclude data
• exclude sugges
• execution
• execution att
• exe size
• exe upload
• exif standard
• experience
• expiration
• expiration date
• expiresthu
• expirestue
• expiro
• expl
• exploit
• exploits
• explorer
• external
• external-resources
• extr
• extra
• extract indic
• extraction
• extraction data
• extraction f
• extraction fail
• extra data
• f0 ff
• facebook
• failed
• failure
• fake news
• fake pinterest
• fall
• false
• fastest privacy
• fastly error
• father sex
• february
• feet pics
• ff bb
• ff d5
• ff ff
• file
• file attributes
• file defense
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• file monitor
• file name
• files
• file score
• files domain
• files ip
• files location
• files matching
• files related
• file type
• file v2
• filter tsara
• find
• find s
• fingerprinting
• finished
• finland unknown
• first
• first dns
• flag
• flag clilease
• flag united
• florence colorado
• floyd
• focus region
• footer
• For: AIG
• forbidden
• For: Concentra
• For Industry and Commerce
• form
• format
• formbook cnc
• for privacy
• For: Quasi Government
• For: Workers Compensation
• found
• founder
• foundry
• found title
• fragtor
• france unknown
• fraud
• freeman mathis
• fresh
• fuck
• gaig insureds
• game
• game development
• gamer
• games
• game servers
• gapd5d
• gay man
• gay porn
• gaz1
• gbdyllo
• gecko
• general
• general full
• generator
• generic
• generic http
• generic pong
• germany
• germany asn
• germany unknown
• getclassinfoptr
• get her
• get https
• getprocaddress
• get updates
• g htpps
• gift
• gift hunt
• github
• github https
• github pages
• global
• globalc
• global llc
• gmt cache
• gmt connection
• gmt content
• gmt contenttype
• gmt etag
• gmt flag
• gmt max
• gmt path
• gmt server
• go daddy
• google
• Google
• google chrome
• google llc
• google maps
• google safe
• google search
• government
• gpl telnet
• green
• grifter
• group
• grum
• guard
• gw5hjz7t975
• h5 data center
• hacker
• hackers
• hacktool
• hallows quest
• hall render
• hallrender
• handle
• hash avast
• hashes
• head
• head body
• head microsoft
• healthgrades
• hello
• hello2malware
• helloworld
• hellspawn
• help v
• helvetica neue
• helvetica segoe
• heur
• hidden files
• hide samples
• high
• high automated
• highest
• high process
• high security
• Hijacker: Brian Sabey
• hio52 p3
• hired hit men
• historical ssl
• history
• hit men
• hong kong
• hos hos
• host
• hostile
• hosting
• hostname
• hostname add
• hostname xn
• hourly rl
• hours ago
• href
• hstr
• html
• html content
• html info
• html public
• http
• https
• https domain
• http traffic
• hwndhost
• hwp support
• hxa6cxafxdexdaz
• hybrid
• iana id
• ic excluded
• icloader apr
• icloud
• icmp
• icmp error
• icmp traffic
• icp2021030667
• icpc
• ids
• ids detections
• ieedge chrome1
• iemobile
• iframe
• illegal
• images
• images news
• impact
• inbound
• incapsula
• include
• included
• included iocs
• included review
• include review
• include u
• include v
• independent
• indicator
• indicator role
• indicators hong
• industrial
• industry and commerce
• infinity
• inflight
• inflight entertainment
• info
• infor
• information
• informative
• infostealer_browser
• infostealer_cookies
• info stealing
• initial access
• injection
• injection_inter_process
• injection t1055
• insert
• inside
• install
• installcapital
• installer
• installs
• intel
• internal
• internal server
• internet
• internet access
• iocs
• ip address
• ip hostname
• ip related
• ip traffic
• ipv4
• ipv4 add
• ip whois
• ireland asn
• island
• israel israel
• jackson
• jaik
• january
• japan unknown
• javascript
• javascript api
• jeff
• jeffrey reimer
• jeffrey scott
• jest
• jmt99
• jmt studios
• josh paul
• josh theriault
• jpeg image
• json
• july
• june
• k0pmbc
• kb body
• kevin
• key0
• key algorithm
• keygen
• key identifier
• key info
• keylogger
• khtml
• killer gecko
• kl0hsy
• kong
• labor
• lakewood
• lander script
• landy insureds
• launcher
• launchres
• law christopher
• Law Enforcement Dark
• learn
• learn more
• leave
• legal entities
• less
• less see
• let me jerk
• leveidiuelabs
• levelblue
• level domain
• l http
• liar
• life
• light
• lightrail
• line
• links
• listened
• listeners
• live
• livesex
• llc name
• loading captcha
• local
• localappdata
• locate human
• location
• location canada
• location poland
• location united
• logon autost
• look
• lookup country
• lost
• love
• lowfi
• lowfijavazkm
• lredmond
• l t1071
• ltd domain
• macbook
• mail spammer
• main
• malicious
• malicious ids
• malicious site
• maltiverse
• malvertising
• malware
• malware type
• manually add
• manufacturing
• marker
• markmonitor
• markus
• maxfehlinger.de
• maya
• may god
• mb first
• m. brian sabey
• mcsonnar
• md5 add
• md5 google
• md5 sha256
• medelln
• media
• media center
• medium
• medium risk
• melika
• memcommit
• memory pattern
• memscan
• message
• meta
• Meta
• meta http
• meta name
• method
• mexico
• mh alf
• mi11255597wp
• microsoft
• Microsoft
• microsoft azure
• microsoft edge
• million
• million alexa
• mirai
• mirai att
• mirai botnet
• mira malware
• misc activity
• misc http
• misc https
• mitre att
• mobile sec
• model
• model sec
• modern asset
• modified
• modify tools
• module load
• modules
• monitored target
• monitoring
• montano mark
• moon engine
• most relevant
• moved
• movie
• mozilla
• mpgph131 hr
• mpgph131 lg
• mpress
• ms defender
• msdefender mar
• msdefender may
• msdefender nov
• msie
• msil
• ms windows
• mtb alf
• mtb apr
• mtb aug
• mtb dec
• mtb jul
• mtb jun
• mtb may
• mtb nov
• mtb oct
• mtb sep
• murderers
• music
• mydoom checkin
• mz response
• name
• named pipe
• nameilname
• name server
• name servers
• name strings
• name tactics
• name value
• navegador
• nemucod
• netherlands
• network
• network name
• network traffic
• newexternalport
• newinternalport
• newprotocol
• newremotehost
• newstatusurl
• next
• next associated
• next http
• nextimage
• next yara
• nfl sunday
• nids
• nid value
• nip group
• nivdort
• no analysis
• no entries
• no expiration
• none google
• none indicator
• none related
• north america
• no such agency
• nsis
• nsisinetc
• ntmzac
• null
• number
• object
• observed dns
• observer
• october
• ok accept
• olet
• ollydbg
• ol rop
• onload
• onlogon rl
• open
• openioc
• open threat
• openurl c
• ordinal name
• orgabuseref
• orgid
• orgtechhandle
• otx hp
• otx telemetry
• outbound
• output
• outside
• overview
• overview core
• p1377925676
• p3p cp
• packer
• packing f0001
• packing t1045
• palantir
• Palantir
• palantir doing
• panca type
• parent domain
• passive dns
• password-input
• path
• path mtu
• pattern match
• pattern urls
• pcap
• pdf library
• pdf report
• pe32
• pecompact
• pe exe
• pe export
• pe file
• pegasus
• Pegasus
• pegasystems
• pe packer
• persistence
• persistence_ads
• pe section
• peter theil
• phish
• phishing
• phishing paypal
• phishme
• pics
• piscataway
• platform make
• please
• please click
• plugx
• poland
• poland unknown
• polyline
• poppy
• porn
• pornhub
• pornhub subsidiary
• porn site
• porn videos
• port
• portfolio
• possible
• post
• postalcode
• post https
• potential ip
• potus
• powder sdk
• power
• powered
• powershell
• pragma
• praw type
• precreate read
• prefetch1
• prefetch2
• prefetch8
• premade
• presenoker
• present
• present apr
• present aug
• present dec
• present feb
• present jan
• present jul
• present jun
• present mar
• present may
• present nov
• present oct
• present sep
• press copyright
• pr extract
• privacy badger
• privacy policy
• privateloader
• process32nextw
• process_creation_suspicious_location
• process details
• process monitor
• process t1057
• program
• programfiles
• program gateway
• Prometheus Intelligence Technology
• promise
• Protecting Assaulter: Jeffrey Reimer
• prox
• proxies data
• proximity
• public
• public folder
• pulse
• pulse indicator
• pulse pulses
• pulses
• pulses none
• pulses otx
• pulse submit
• pulses url
• purm insureds
• push
• python
• qaeaav12
• q htpps
• q https
• quad host
• qualifier
• quasar
• quasar rat
• quasi
• quasi government
• query
• queueprogress
• queue security
• radar
• ransom
• ransomexx
• ransomware
• rapid
• rat
• rdap
• read
• read c
• reads
• recon_fingerprint
• record value
• recycle bin
• redacted for
• red hat
• redirect chain
• redirect date
• redirection
• redline
• ref b
• referen data
• referrer
• refresh
• registrar
• registrar abuse
• registrar whois
• registry value
• Regis university
• regsetvalueexa
• reimer
• reimerdpt
• related nids
• related pulses
• related tags
• relay
• relic
• remote access
• remote desktop
• reply flag
• reporting arch
• report spam
• reports v
• request
• request blocked
• request id
• research beacon
• researched
• residential
• resolutions
• resolved ips
• resolverror
• resource
• response are
• restart
• results aug
• results may
• results nov
• retailexperts
• reverse dns
• reverse ip
• review
• review iocs
• rgba
• rights reserved
• ripe
• ripe ncc
• ripe network
• risepro
• riskware
• roberta
• roblox
• roblox jmt99 \jmt studios\ \trick or treat\ \egg hunt\
• roboto
• robots content
• role title
• runner
• runtime error
• safe browsing
• safe site
• safety how
• samas
• samas ransom
• sameorigin
• sammie
• sample
• sample analysis
• samples
• scan endpoints
• scans show
• scott reimer
• scottsdale
• screen capture
• screenshots
• script
• script begin
• script domains
• script script
• script urls
• sct1
• s data
• sea alt
• search
• sea x
• sec ch
• secure all
• secure server
• security tls
• seen
• se fos
• sentinelone
• september
• server
• server response
• servers
• service
• service name
• services llc
• serving ip
• settings
• settingswpad
• sgpauiclassinfo
• sha1
• sha1 add
• sha256
• sha256 add
• show
• showing
• show process
• show technique
• siblings
• siblings domain
• sid1696503456
• siendownloader
• sigattr malware
• sigattr yara
• signing defense
• Silencing
• singapore
• singapore asn
• site
• site safe
• site top
• size
• skip
• skynet
• slcc2
• small
• smart assembly
• smartassembly
• smoke loader
• smokeloader
• snanning_host
• sneaker bots
• sniffs
• social engineering
• software
• software/ hardware
• sogou
• source hostname
• source quench
• source source
• south korea
• southwest
• southwest wifi
• spaceship
• spam
• span
• spawns
• spinner
• split
• sport
• spsfsb
• spynet
• ssdeep
• ssl certificate
• stack pivoting
• starfield
• star rating
• startpage
• state
• stateofcolorado
• State of Colorado.
• status
• status code
• stealer
• steals
• stealth_file
• stix
• stop
• store
• stream
• string
• strings
• strong
• studio
• studio head
• stwa
• sub domain
• subject key
• subject public
• subvert trust
• sugges data
• suggeste
• suggested ogs
• summer
• suricata alerts
• suricata ipv4
• suspicious
• suspicious path
• suspicioussectioname
• swipper
• system
• systemroot
• t1027
• t1027.013
• t1035 service
• t1055
• t1057
• t1059 shared
• t1063
• t1071
• t1129
• t1129 system
• t1179 boot
• t1179 hooking
• t1189 driveby
• t1480 execution
• t1553 technique
• t1562 technique
• t1569
• t1573
• t1590 gather
• ta0002
• ta0004
• tags na
• tags none
• tam legal
• Tampering with a Victim
• tape
• target
• targeted
• targeting
• target : Tsara Brasheaers
• tcp syn
• team
• tech email
• techtarget
• te hash
• tekst ascii
• telegram
• Telnet
• telnet login
• template
• templates
• terse
• test
• text
• thebrotherssabey
• themida
• therahand
• third eye tv
• this
• threat level
• ticket
• tiff image
• timestamp input
• tips
• title
• title added
• title error
• tls handshake
• tls issuing
• tls sni
• tlsv1
• tofsee
• tools
• top destination
• top source
• tor analysis
• tor role
• total
• t pain
• traceback man
• trailer
• treece alfrey
• trick or treat
• trident
• trojan
• trojanclicker
• trojan.crypted
• trojandropper
• trojanproxy
• trojanspy
• trojar data
• troja yara
• tr shared
• trydda dada
• tsara
• tsara brashears
• ttl value
• tulach
• tunneling
• twitter
• type
• type data
• type indicator
• types of
• type win32
• typ url
• ua arch
• ua bitness
• ua full
• ua platform
• udi ad
• u extractio
• ui arial
• ukraine
• undetermined
• unicode text
• united
• united kingdom
• united states
• university
• unknown
• unknown aaaa
• unknown cname
• unknown ns
• unknown soa
• unofficial
• unofficial trick or treat 2014
• unofficial trick or treat 2015
• unrealengine
• unsafe
• unsupported
• upadter
• upatre
• update date
• updater
• upei
• upgrade
• ur extraction
• url add
• url analysis
• url hos
• url hostname
• url http
• url https
• url indicator
• url or
• urls
• urls show
• url url
• usa windows
• users
• usuwa c
• utc scorecard
• utc yahoo
• utf16
• utf8
• utilads
• utmsourceawin
• v3 serial
• vadokrist
• validity
• value
• variables
• vashti hostname
• verdict
• verify
• ver los
• version list
• version sec
• v full
• vhash
• v hostname
• victim network
• video
• videos
• videos maps
• vids
• view
• virto
• virtool
• virtual machine
• virustotal
• virustotal api
• void
• vwdzfe
• wait
• warehouse mgmt
• warning
• watch
• watch tsara
• wed may
• welcome
• whitelisted
• whois privacy
• whois record
• whois server
• wifi
• wifi access
• wifi hotspot
• wifi internet
• win32
• win324shared
• win32berbew nov
• win32dh
• win32 dll
• win32 exe
• win32mediadrug
• win32mydoom dec
• win32mydoom nov
• win32mydoom oct
• win32spigot
• win32upatre aug
• win32upatre jul
• win32upatre nov
• win32upatre sep
• win64
• wind
• windir
• window
• windows
• windows nt
• windows wget
• wine emulator
• winnt
• woodynet
• wordpress
• workers
• workers compensation
• worm
• worn data
• wow64
• wp engine
• write
• write c
• x
• x509v3 subject
• x81xbcxa0
• x8fvx7fxc1px87f
• x90uxa4xf8
• x92r
• x adblock
• xadxb3x1d
• xaerx93lx88txc5
• x cache
• x.com
• xd7xacx87xd7xba
• xe7xf3xf2x14x9d
• xf0ux0fxee
• xfex04o
• xfinity
• xml title
• xor xor
• x pcrew
• xport
• xserver
• x tec
• x ua
• xxx adult
• xxx video
• xxx videos
• y013
• yara
• yara detections
• yara rule
• yara signature
• youtube
• zbot
• zeiss jena
• zusy
• zwdk9d
• 性感美女
• 清纯美女
• 美女主播
• 美女互动
• 美女交友
• 美女在线表演
• 美女直播
• 美女直播间
• 美女秀场
• 美女聊天
• 美女聊天室
• 美女视频
• 视频交友
• 视频聊天

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1007 - System Service Discovery
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036.004 - Masquerade Task or Service
• T1036.005 - Match Legitimate Name or Location
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1068 - Exploitation for Privilege Escalation
• T1069.002 - Domain Groups
• T1069 - Permission Groups Discovery
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1080 - Taint Shared Content
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1086 - PowerShell
• T1090 - Proxy
• T1095 - Non-Application Layer Protocol
• T1098 - Account Manipulation
• T1102 - Web Service
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1114 - Email Collection
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1147 - Hidden Users
• T1155 - AppleScript
• T1158 - Hidden Files and Directories
• T1176 - Browser Extensions
• T1179 - Hooking
• T1185 - Man in the Browser
• T1189 - Drive-by Compromise
• T1190 - Exploit Public-Facing Application
• T1197 - BITS Jobs
• T1199 - Trusted Relationship
• T1203 - Exploitation for Client Execution
• T1204.001 - Malicious Link
• T1204.002 - Malicious File
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1211 - Exploitation for Defense Evasion
• T1410 - Network Traffic Capture or Redirection
• T1428 - Exploit Enterprise Resources
• T1432 - Access Contact List
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1459 - Device Unlock Code Guessing or Brute Force
• T1462 - Malicious Software Development Tools
• T1464 - Jamming or Denial of Service
• T1472 - Generate Fraudulent Advertising Revenue
• T1480 - Execution Guardrails
• T1489 - Service Stop
• T1497 - Virtualization/Sandbox Evasion
• T1498 - Network Denial of Service
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1546 - Event Triggered Execution
• T1547 - Boot or Logon Autostart Execution
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1555 - Credentials from Password Stores
• T1557 - Man-in-the-Middle
• T1562 - Impair Defenses
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574.008 - Path Interception by Search Order Hijacking
• T1574 - Hijack Execution Flow
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1585.001 - Social Media Accounts
• T1590 - Gather Victim Network Information
• T1593.002 - Search Engines
• T1595.001 - Scanning IP Blocks
• T1608.004 - Drive-by Target
• T1614 - System Location Discovery
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0008 - Lateral Movement
• TA0011 - Command and Control
• TA0037 - Command and Control

Passive DNS

• chrome.cloudflare-dns.com

Attack Log References

• anonymous-proxy-ip-list-2026-01-03

Whois Information