184.168.131.241 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 184.168.131.241 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 80/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Network: AS26496 godaddy.com llc
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, China, Czechia, Denmark, Estonia, France, Germany, Japan, Latvia, Lithuania, Netherlands, Norway, Poland, Romania, Seychelles, Singapore, Spain, Taiwan, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Tor Node: No
• Associated Malware Samples: 52815

Tags

• 10357
• 114.114.114.114
• 320700
• 368600
• a1ginaprincipal
• a9dia
• aaaa
• abuse
• abuse contact
• accept
• accept encoding
• access
• a checkin
• acint
• active related
• active threat
• adaptivebee
• added active
• address
• address first
• address google
• address list
• a div
• adload
• admin
• admin country
• administrator
• a domains
• adult content
• advisory
• adware
• adwaresig
• aes256gcm
• a fleecy
• africa
• afrinic
• agent
• agent tesla
• agenttesla
• ah6itbtgl
• ai
• aig
• AIG Claims
• akamaias
• alerts
• alexa
• alexa proxy
• alexa safe
• alexa top
• algorithm
• alienvault name
• allocates rwx
• all octoseek
• all rights
• all scoreblue
• all search
• already
• amadey
• amazon
• amazon 02
• amazon02
• amazonaes
• amazon legal
• america asn
• analysis date
• analyze
• anchor hrefs
• android
• andromeda
• anomalous file
• anonymizer
• anti-detection
• antivirus
• a nxdomain
• anydesk
• apache
• apeaksoft ios
• api blog
• apnic
• apnic whois
• apollo
• appdata
• appdatalocal
• apple
• apple hacking
• apple id
• appleid
• apple ios
• applenoc
• apple phone
• apple private
• applicunwnt
• april
• apt ip
• arbor networks
• arin
• arizona
• arsys internet
• artemis
• articles
• artro
• as11042
• as13335
• as136800 sun
• as139021
• as14061
• as14576
• as14720 gamma
• as15169 as16509
• as15169 google
• as16276
• as16625 akamai
• as19871 as22612
• as20940
• as21499 host
• as22612
• as24940 hetzner
• as25577 ide
• as26710 icann
• as2914 ntt
• as29182 jsc
• as29789
• as30148 sucuri
• as31898 oracle
• as3257 gtt
• as35994 akamai
• as396982
• as396982 google
• as397241
• as40509
• as41357
• as43350 nforce
• as44273 host
• as46606
• as54113
• as54252
• as54455 madeit
• as54990
• as55286
• as55293 a2
• as6185 apple
• as62597
• as62597 nsone
• as62729
• as63949 linode
• as6453 tata
• as6461 zayo
• as714 apple
• as7843 charter
• as7922 comcast
• as8068
• as8075
• as9002
• as9009 m247
• as autonomous
• ascii text
• asia pacific
• asn15169
• asn16276
• asn16509
• asn209242
• asn4583
• asnone bulgaria
• asnone germany
• asnone iran
• asnone united
• asyncrat
• atkafij0
• attack
• attacker
• attinternet4
• attorney
• august
• auth algorithm
• author avatar
• authority
• avast avg
• av detections
• avg clamav
• awful
• aws
• axelo
• aylo premium
• azorult
• baaa
• babar
• back
• backdoor
• bambernek
• bandoo
• bangladesh
• bank
• banker
• banker ip
• banking
• bazaarloader
• bazaloader
• b body
• bbonline uk
• bcminfonetas
• beach research
• beginstring
• behav
• benefits plus
• benjamin
• bhagam bhag
• bhja
• bill
• binary file
• binder
• bios
• bitfender
• bitminer
• bits
• black
• blackievirus.com
• blacklist
• blacklist http
• blacklist https
• blacknet rat
• bladabindi
• blister
• blockchain
• body
• body doctype
• body length
• bomb
• boolean
• boost mobile
• bot
• botnet
• botnet campaign
• botnetwork
• bot networks
• bouvet island
• br
• bradesco
• brashears
• brian
• brian sabey
• briansabey
• brochure url
• brontok
• bt6lcuigydc9yc
• bundled
• business email compromise
• button
• bypass
• c2
• C2
• c2ae
• c2 raccoon
• caaa
• caas
• caca
• caca4baaa
• cacf
• cachecontrol
• caea
• camera usage
• canada unknown
• cancel anytime
• capture
• cascade
• cayman
• cdata
• cdate
• certificate
• certificates
• chase personal
• checkbox
• checked url
• checkin
• child pornographer
• child teen content illegal
• china cobalt
• china telecom
• chrome
• cins active
• ciphersuite
• cisco
• cisco umbrella
• citadel
• city
• civicalg
• civicalg.com
• ck id
• ck matrix
• cl0p
• class
• classic poems
• cleaner
• click
• clng
• close
• cloudflare
• cloudflarenet
• cloudfront
• cloud marketing
• cname
• cnc
• CNC
• cnc feodo
• cnc ransomware
• cnc server
• cnc zeus
• cndigicert sha2
• cngo daddy
• cnnic
• cnr3 cus
• cobalt strike
• code
• coinminer
• colibri loader
• collections
• colorado
• column
• comcast
• comcast tmobile
• com cnt
• com laude
• command
• command decode
• common upatre
• communicating
• community score
• comodo rsa
• company limited
• compiler
• components
• computer
• comspec
• conduit
• connect
• connection
• contact
• contacted
• contacted hosts
• contacted ip
• contacted urls
• contact phone
• contained
• contentencoding
• content length
• content reputation
• content type
• contextualizing
• control server
• cookie
• cookie bot
• copy
• copy c
• copyright
• core
• corporation
• corrupt
• count blacklist
• country
• country unknown
• covid19
• covid19 scam
• cp cyber
• cpm fun
• cpm network
• crack
• crash
• create c
• created
• createdate
• create new
• creates exe
• creation date
• creation_of_an_executable_by_an_executable
• critical
• critical risk
• crlf line
• cryp
• crypter
• cryptinject
• crypto
• cryptor
• cryptowall
• csc corporate
• csv order
• cuckoo
• currentversion
• cus cnr3
• cus ogoogle
• cus olet
• cus starizona
• customer
• cutwail
• CVE-2017-0147
• CVE-2017-0147 alsofound in Pegasus
• cve201711882
• CVE-2023-4966
• cve cve20178977
• cve overview
• cyber
• cyber army
• cybercrime
• cyber criminal
• cyber espionage
• cyber harassment
• cyber security
• cybersecurity
• cyber stalking
• cyberstalking
• cyber threat
• cyberwar
• cyber warfare
• czech
• daddy
• daisy
• daisy coleman
• danger
• dapato
• darpa
• data
• data center
• data collection
• datalayer
• data rticon
• date
• date hash
• date thu
• death threats
• debugger evasion
• december
• deepscan
• defacement
• default
• defaulttabtip
• defender
• de indicators
• delaware
• delete c
• del f
• delphi
• dem fin
• denver
• de page
• dept
• desktop
• destination ip
• de summary
• detail domains
• detection list
• detections file
• detections type
• detplock
• deuteronomy 28:7
• dev
• developer
• device control
• devoted high
• dga
• digicert global
• dinkle threat
• discovery
• discovery t1057
• district
• div div
• divergent
• dllinject
• dnspionage
• dns replication
• dns resolutions
• dnssec
• dock
• docs pricing
• document
• document file
• domain
• domain address
• domain name
• domainpeople
• domain related
• domain robot
• domains
• domains domains
• domains dropped
• domains files
• domains ii
• domains show
• domain status
• domain tree
• dos executable
• downer
• downldr
• download
• download csv
• downloader
• download json
• downloads
• driverpack
• dropped
• dropper
• dtrack
• dumped buffer
• dynadot
• dynadot inc
• dynadot llc
• dynamic
• dynamic dns
• dynamic link
• dynamicloader
• easy
• ebury
• ecc root
• ecdhersa
• ec oid
• edsaid
• elevated exposure
• elf collection
• elf executable
• elf wgetboat
• email
• emails
• embeddedwb
• emotet
• @emreimer
• enablement
• encirca
• encpk
• encrypt
• encrypt cnr3
• endpoints all
• engineering
• enigma
• enigmaprotector
• enjoy
• enom
• enter
• entries
• epss
• eqsray
• error
• error resume
• et
• et cins
• et tor
• et trojan
• et useragents
• evasive
• evoplus ltd
• excel
• exe32
• exe appdata
• executable
• execution
• execution t1547
• exit
• exit node
• expiration
• expiration date
• expiro
• expiry
• exploit
• exploitation
• exploits
• explore
• explorer
• external ip
• extra
• extraction
• facebook
• facebook link
• factory
• failed_code_integrity_checks
• fakealert
• fakedout threat
• fakeinstaller
• falcon
• falcon sandbox
• false
• fareit
• fastly
• february
• feeds ioc
• feodo
• ffcdcb
• figma
• file
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• filerepmalware
• filerepmetagen
• files
• file samples
• files deleted
• files domain
• files files
• file size
• files location
• files matching
• files related
• file system
• filetour
• file type
• final
• final url
• financial
• find
• findwindowa
• finland
• firefox c
• firehol
• first
• flag
• flag united
• flashpix
• floxif
• follow
• footer
• form
• format
• formbook
• formbook cnc
• for privacy
• found
• frames domain
• frame src
• france
• france mail
• france unknown
• frankfurt
• fraud
• fraud service
• free
• freemake
• free poems
• friendship poems
• fri jun
• fri may
• fuery
• fusioncore
• g2 tls
• g2 validity
• g5nxq655fgp
• gamesessionid
• gandi sas
• gb summary
• gecko
• general
• general full
• generator
• generic
• generic malware
• generic windos
• genkryptik
• genpack
• geotracking
• germany
• germany unknown
• getcursor getdc
• get dns
• get h2
• get http
• get https
• get na
• getprocaddress
• get updates
• ghost rat
• github pages
• glupteba
• gmbh
• gmbh version
• gmt connection
• gmt content
• gmt contenttype
• gmt date
• gmt etag
• gmt server
• gmt united
• godaddy online
• goldfinder
• goldmax
• google
• google play
• google safe
• gopher
• government relations
• gp practice
• grafana labs
• graph
• graph api
• graph community
• graph summary
• green
• group
• gsqueue
• gti9080l
• gti9128v
• gti9158
• gts ca
• gvb gelimed
• gvt google video transcoding
• hackers
• hackers for hire
• hacking
• hacktool
• hall law
• hall render
• hallrender
• hallrender.com
• hallrender.com/attorney/brian-sabey
• hall render denver
• hash
• hashes
• hashes c2ae
• hashes hashes
• header intel
• headers
• headers age
• headers date
• headers nel
• headers via
• header target
• health benefits
• heaven
• heavens
• helper
• heodo
• her beam
• herself
• hetzner online
• heur
• hiddentear
• hidden users
• high
• highest f
• high level
• highly targeted
• high process
• hijacker
• hijacking
• historical ssl
• history first
• hit
• hitmen
• hiv
• hkeyusers
• home screen
• honey client
• hong kong
• host
• hosting
• hostmaster
• hostname
• hostnames
• hostname server
• hours ago
• hr rtd
• hsbc
• hstr
• html
• html info
• html internet
• html public
• http
• http header
• http host
• http method
• http requests
• http response
• http route
• https
• hunk
• hupigon
• hx88x89
• hx88x9ax1e
• hybrid
• iana
• iana id
• iana ref
• iana special
• icann whois
• icedid
• ice fog
• icloud
• iconcacheinit
• ico rtgroupicon
• id
• identifier
• identifying
• identity_helper.exe
• ids detections
• ietfdtd html
• iextract2
• iframe
• ii llc
• impact
• imphash
• import
• impressum
• indicator
• indicator facts
• indicator role
• indonesia
• indostealer
• infected
• info
• info compiler
• info header
• infor
• information
• inject
• injection runpe
• injection t1055
• injector
• inmortal
• innova co
• inprocserver32
• input
• install
• installation
• installcore
• installer
• installpack
• intel
• intellectual property theft
• internal
• internet
• internet files
• internet se
• internet storm
• iobit
• ioc
• iocs
• ioc search
• ionos se
• ip address
• ipasns ip
• ip block
• ip check
• ip detections
• iphone unlocker
• ip information
• ip related
• ip summary
• ip tcp
• ip traffic
• ipv4
• ipv4 address
• ipv4 prefix
• iran
• ireland unknown
• isotope
• issuer enigma
• j490s6lkpppw
• jansky
• january
• java
• javascript
• jeffrey scott reimer
• jfif
• jfif standard
• jpeg
• jpeg image
• js
• jsauto25 jun
• json data
• json ip
• json sample
• jul jan
• july
• june
• jxaavf4jnzza0
• kali
• kb body
• kb file
• kb image
• key algorithm
• keygen
• key identifier
• key info
• keylogger
• keys
• keysystems gmbh
• kgs0
• khtml
• kls0
• known tor
• kong asn
• korplug
• kraddare
• kratona
• kuaizip
• k wersvcgroup
• kyrgyz default
• kyriazhs1975
• label
• lacnic
• language
• laplasclipper
• larimer st
• law
• law firm
• learn
• leasewebuklon11
• legal
• legend
• less see
• level3
• levelblue
• lfqprnkje8dni0
• lg dacom
• life
• link
• linkedin
• linkedin link
• linkid252669
• link library
• links certs
• link url
• linux
• linux x8664
• listen
• listening
• llwn
• lmenlo park
• loader
• loadmoney
• local
• localappdata
• location canada
• location hong
• location united
• lockbit
• locky
• login
• logon autostart
• logos
• london
• look
• los angeles
• love
• love poems
• lovgate
• lowfi
• lowfitrojan
• low software
• lsmeta function
• lsoldgsqueue
• ltd dba
• lumma stealer
• machine intel
• macros sneaky
• magazine
• magic html
• magic pe32
• magika html
• mail collection
• mail spammer
• main
• major
• malibot
• malicious
• malicious file transfers
• malicious host
• malicious site
• malicious url
• maltiverse
• maltiverse safe
• maltiverse top
• malvertizing
• malware
• malware beacon
• malware generic
• malware host
• malware hosting
• malware hunting
• malware site
• malware spreading evader
• malware stealer trojan evader
• man
• march
• mark
• mark brian sabey
• markmonitor
• mark sabey
• matches rule
• matsnu
• maui ransomware
• maxage5184000
• mb iesettings
• mb installer
• mb opera
• mb qimage
• mb setup
• mb super
• media
• media center
• mediaget
• mediamagnet
• media player
• medicare
• medium
• memcommit
• memory pattern
• memreserve
• memscan
• men
• message interception
• meta
• meta name
• metastealer
• meta tags
• meterpreter
• metro
• metro t-mobile
• mgeinteg
• michelle
• microsoft
• mile high
• mile high media
• milehighmedia
• milemighmedia
• million
• million alexa
• mimikatz
• mind
• miner
• minute tr
• mirai
• mirai malware
• misc attack
• missouri
• mitre att
• mitre attack
• model
• modernizr
• modified
• module load
• mo.gov
• monitoring
• months ago
• most viewed
• moved
• msdefender sep
• ms excel
• msie
• msil
• msms33388520
• ms visual
• ms windows
• ms word
• mtb feb
• mtb jan
• mtb may
• mtb oct
• music
• mutexes
• mwin
• mx81xd1r
• name
• namecheap inc
• name md5
• name servers
• name value
• name verdict
• nanjing
• nanocore
• nanocore rat
• net192
• net1920000
• netherlands asn
• netlify
• netlify edge
• net technology
• network
• network ascii text
• network icmp
• networks
• network traffic
• networm
• neutral
• new ioc
• next
• Nextray
• n∅ ip
• nircmd
• nivdort
• nixi special
• njrat
• no data
• node tcp
• node traffic
• node udp
• no expiration
• noname057
• none related
• nora
• no security
• notepad
• november
• npzk765
• nsis
• null
• number
• nxdomain
• nymaim
• object
• observed
• occamy
• october
• odigicert inc
• odx3x33jk9w3
• offercore
• office open
• ogilvy
• ok server
• ok set
• olet
• ollydbg
• ometa platforms
• omnipoint
• open
• opencandy
• openioc
• open threat
• optimizer
• oracle
• ord52c2 via
• orgabusephone
• organization
• orgid
• org log
• org meta
• org og
• org twitter
• orkut
• os2 executable
• otx octoseek
• otx scoreblue
• otx telemetry
• outbreak
• override
• overview ip
• pa
• packer entropy
• packing t1045
• page dow
• page url
• parent parent
• parent referrer
• paris
• parked
• parked domains
• partnerid0
• passive
• passive dns
• password
• paste
• patch
• patcher
• path
• pattern ips
• pattern match
• payment
• paypal
• pcap
• pdf report
• pe32
• pe32 compiler
• pe32 executable
• peexe
• pe features
• pe file
• pegasus
• pe resource
• persistence
• pe section
• pe unknown
• ph elf
• phish
• phishing
• phishing chase
• phishing google
• phishing site
• phishtank
• phonenumber
• pictures
• pings c
• pixel
• play
• please
• plesklin
• plus
• pm lowfitrojan
• png image
• poem
• poems
• poem topics
• poetry
• point
• pony
• poor reputation
• porkbun llc
• pornhub
• porno
• porn videos
• poser
• possible
• postal code
• post http
• powershell
• powershell_create_scheduled
• pragma
• pragma nocache
• predator
• prefetch8
• prefix
• premium
• presenoker
• present mar
• privacy admin
• privacy inc
• privacy tech
• privateloader
• probe
• problem
• problems
• process
• process32nextw
• process details
• products
• products id
• programfiles
• project
• project skynet
• prorat
• protect
• protector ca
• protocol h2
• proud evening
• proxy
• prynt
• prynt stealer
• psexec
• psiusa
• ps ord
• ptls7
• public folder
• public w3cdtd
• pulse indicator
• pulse pulses
• pulses
• pulse submit
• pulses url
• pulse use
• pykspa
• python
• python_initiated-connection
• qakbot
• qbot
• q https
• qiwi hack
• quasar
• quasar rat
• query
• query type
• raccoon
• radar ineractive
• radar tracking
• radio hacking
• ragnar locker
• rally cry
• ramnit
• rank
• ransom
• ransomexx
• ransomware
• rarsfx0
• ratel
• rdds service
• read c
• record
• record keeping
• record type
• record value
• redacted for
• redcap
• redirector
• redline
• redline stealer
• redrum
• red team
• referrer
• refresh
• regbinary
• regdword
• regex
• registrant
• registrar
• registrar abuse
• registrar iana
• registrarsafe
• registrar url
• registrar whois
• registry
• registry domain
• registry keys
• registry run
• regopenkeyexw
• regsetvalueexa
• regsetvalueexw
• regsz
• relacionada
• related nids
• related pulses
• relayrouter
• relic
• remcos
• remote attacks
• remote cnc
• remote debian spy
• remote procedure call
• render
• replacement
• report spam
• reputation ip
• requested
• reserved
• resolutions
• resource
• resource hash
• resource name
• resources cyber
• response
• response final
• response ip
• restart
• revengeporn
• reverse dns
• rich pe
• right person
• ripe ncc
• risk assessment
• riskware
• rms
• role title
• romantic poems
• romeo scheme
• root ca
• roundup
• rsa ca
• rsa sha256
• rticon english
• rticon kyrgyz
• rticon neutral
• runescape
• runresdll
• runtime modules
• runtime process
• russia
• rust
• sabey
• sabey data centers
• safebae
• safebae.org
• safe browsing
• safe site
• sales
• sality
• sample
• samplepath
• samples
• satellite tracking
• scaleway
• scammer
• scams
• scan endpoints
• scanning host
• scheme
• screenshot
• script
• script domains
• script script
• script tags
• script urls
• sdn bhd
• seaborgium
• search
• search debian available space
• search live
• searchmeup
• sec ch
• secrisk
• sections
• secure server
• security
• security tls
• seen asn
• seen last
• select xmp
• self
• september
• seraph
• serial number
• server
• servers
• service
• service privacy
• services
• serving ip
• set cookie
• setup stub
• seychelles
• sha1
• sha256
• shadowpad
• shared address
• shell
• shell code
• shell commands
• shellexecuteexw
• shell folders
• shinjiru msc
• shone pale
• show
• showing
• show technique
• show technique span
• siblings
• siblings domain
• sibot
• sides with
• siem compliance
• sign
• signals mutexes
• signature
• silly
• simda
• singapore
• sinkhole cookie
• site
• site safe
• site top
• size
• skip
• skynet
• skynet bot
• slcc2
• smokeloader
• snatch
• sneaky server
• soc
• soc http
• soc https
• social engineering
• softcnapp
• softonic
• software
• solutran
• sonbokli
• song culture
• space
• space meta
• spaceship
• spain unknown
• spammer
• span
• span a
• span span
• spy cve
• spyrixkeylogger
• spyware
• sql
• squirrelwaffle
• sreredrum
• srsplus
• ssdeep
• ssdi
• ssh hijacking
• ssl certificate
• stalker
• stalkers
• star
• start
• startpage
• startup folder
• statement
• stateprovince
• status
• status code
• status hostname
• status page
• status url
• stcalifornia
• stealer
• stealthyness
• steam route
• stix
• stolec kradnie
• storage
• stream
• street
• strike
• strings
• strong
• subdomains
• subject
• subject key
• subject public
• submission
• submitters
• suite
• summary
• summary iocs
• super hentai
• suppobox
• suricata
• suricata ipv4
• suricata udpv4
• survivor
• suspected
• suspicious
• svg scalable
• swipper
• swrort
• system
• system process
• systweak
• sysv
• t1045
• t1055
• t1057
• t1129
• tag count
• tag manager
• tags
• tags none
• tags viewport
• tag tag
• target
• target: accounting firm devices
• target: brashears personal devices
• targeted
• targeting
• targets: intellectual property
• targets sa
• targets tsara brashears
• target: tsara brashears
• target: whitesky communication network
• tbody
• tcp traffic
• td td
• td tr
• team
• team malware
• team phishing
• teams api
• tech contact
• tech email
• technology
• telefonica
• telefonica co
• telefonica de
• telefonica peru
• temp
• template
• text
• text archiver
• than
• thebrotherssabey
• the org
• this
• thomsonreuters
• thou bearest
• threat
• threat analyzer
• threat network
• threat report
• threat round
• threat roundup
• threats
• threats et
• thu aug
• tiggre
• title
• title added
• title bhagam
• title healthy
• title rfc
• tld count
• t-mobile
• tmobile metro
• tofsee
• tool
• tools
• topic
• topics
• top rated
• tor exit
• tor known
• tor relayrouter
• tracker
• tracker malware
• tracking
• trademarks
• traffic
• traffic group
• treats
• trident
• trid win32
• trim
• trojan
• trojandropper
• trojan evader
• trojan features
• trojan malware
• trojanspy
• trojanx
• TrojanX
• tr tbody
• tr tr
• trust
• trustinfo
• tsara brashears
• ttl value
• tucows
• tue apr
• tue dec
• tulach
• tulach.cc
• twitter
• type
• type name
• typosquatting
• uaaa
• ubot
• uche6vol
• uc health medical campus colorado medical campus
• ultimate
• umbrella rank
• unauthorized
• unicode
• unicode text
• union
• unique
• united
• united kingdom
• unknown
• unknown traffic
• unlocker
• unruy
• unsafe
• upatre
• upd4
• update checker
• url
• url analysis
• url history
• url http
• url https
• urls
• urls date
• urls http
• urls https
• url summary
• urls url
• ursnif
• usage
• usage client
• user
• user agent
• username
• userprofile
• useruin
• utc entry
• utc google
• utc submissions
• uztuby
• v2 document
• v3 serial
• valid from
• validity
• value
• value1
• value snkz
• variables
• vbs
• vector graphics
• vendo
• verified
• verify
• verisign
• veryhigh
• vhash
• vidar
• videos
• views
• view whois
• virtool
• virus network
• virustotal
• virut
• visa scheme
• vitro mar
• vitzo
• voicestram
• voun2hd
• vs2005
• vs2008
• vs2008 sp1
• vs2010
• vs2013
• vs2013 upd4
• vt graph
• vt report
• waaa
• wacatac
• wannacry kill
• watch
• waypoint object
• webshell
• webtoolbar
• west domains
• westlaw
• westlaw njrat
• white cve
• whitelisted
• whitesky
• whois
• whois database
• whois domain
• whois lookup
• whois lookups
• whois parent
• whois record
• whois service
• whois sslcert
• whois whois
• who's driving
• widget
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win32mydoom feb
• win32.pdf.alien
• win32upatre jan
• Win32:Vitro
• win64
• windir
• window
• windows
• windows nt
• wininit
• woman
• worm
• wow64
• write
• write c
• writeconsolea
• writeconsolew
• writes data to a remote process
• written c
• x00x00
• x509
• x509v3 extended
• x509v3 key
• x8bxe5
• x8dxb7xb7
• x92xac
• x93xaf
• x95xd3xa4
• xamzexpires300
• xc2x84
• xcitium verdict
• xhtml
• xml document
• xmlns http
• xobo
• xor ddos
• xorddos
• xpire.info
• x powered
• xrat
• x sucuri
• xtrat
• yaaa
• yandex
• yandex dropper extend
• yapaxi
• yara detections
• yara rule
• yaxpax
• ygjpaufscontext
• yixun
• yndx
• youtube video
• zanubis latam
• zbot
• zenbox
• zeppelin
• zeus
• zip blaze
• zp6axi0
• zpevdo
• zuorat

MITRE ATT&CK TTPs

• T1003.005 - Cached Domain Credentials
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1021.001 - Remote Desktop Protocol
• T1023 - Shortcut Modification
• T1027.002 - Software Packing
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.002 - AppleScript
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1089 - Disabling Security Tools
• T1090 - Proxy
• T1094 - Custom Command and Control Protocol
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1112 - Modify Registry
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1123 - Audio Capture
• T1129 - Shared Modules
• T1132 - Data Encoding
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1158 - Hidden Files and Directories
• T1173 - Dynamic Data Exchange
• T1176 - Browser Extensions
• T1179 - Hooking
• T1184 - SSH Hijacking
• T1192 - Spearphishing Link
• T1194 - Spearphishing via Service
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1212 - Exploitation for Credential Access
• T1213 - Data from Information Repositories
• T1215 - Kernel Modules and Extensions
• T1218 - Signed Binary Proxy Execution
• T1222.002 - Linux and Mac File and Directory Permissions Modification
• T1408 - Disguise Root/Jailbreak Indicators
• T1410 - Network Traffic Capture or Redirection
• T1415 - URL Scheme Hijacking
• T1416 - URI Hijacking
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1423 - Network Service Scanning
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1442 - Fake Developer Accounts
• T1445 - Abuse of iOS Enterprise App Signing Key
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1450 - Exploit SS7 to Track Device Location
• T1453 - Abuse Accessibility Features
• T1454 - Malicious SMS Message
• T1457 - Malicious Media Content
• T1472 - Generate Fraudulent Advertising Revenue
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497 - Virtualization/Sandbox Evasion
• T1518 - Software Discovery
• T1546 - Event Triggered Execution
• T1547 - Boot or Logon Autostart Execution
• T1553 - Subvert Trust Controls
• T1560 - Archive Collected Data
• T1563 - Remote Service Session Hijacking
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1573 - Encrypted Channel
• T1574.008 - Path Interception by Search Order Hijacking
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583.006 - Web Services
• T1583 - Acquire Infrastructure
• T1585.001 - Social Media Accounts
• T1586 - Compromise Accounts
• T1588 - Obtain Capabilities
• T1591.002 - Business Relationships
• TA0001 - Initial Access
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0008 - Lateral Movement
• TA0009 - Collection
• TA0010 - Exfiltration
• TA0011 - Command and Control
• TA0030 - Defense Evasion
• TA0034 - Impact
• TA0037 - Command and Control
• TA0040 - Impact

Passive DNS

• legere.asia

Attack Log References

Whois Information