20.112.250.133 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 20.112.250.133 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Argentina, Aruba, Australia, Austria, Bahamas, Barbados, Belgium, Brazil, Canada, Cayman Islands, Chile, China, Costa Rica, Croatia, Curaçao, Finland, France, Georgia, Germany, Guatemala, Hong Kong, Hungary, Ireland, Italy, Japan, Kenya, Korea Republic of, Malaysia, Mexico, Morocco, Netherlands, Panama, Peru, Philippines, Poland, Russian Federation, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Singapore, Sint Maarten (Dutch part), Slovakia, Spain, Taiwan, Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 443, 80
• Tor Node: No
• Associated Malware Samples: 12170

Tags

• 114.114.114.114
• 1575038779
• 443 ma2592000
• 65536
• a3 a4
• a7 ff
• aaaa
• aaaa nxdomain
• ab aa
• accept
• accept encoding
• access
• accessibility
• access ta0001
• access ta0006
• activity
• activity mirai
• ad de
• added active
• address
• address domain
• address google
• address range
• admin city
• admin country
• adobe portable
• a domains
• advanced
• adversaries
• adware
• adware malware
• ag alberto
• agent
• agent tesla
• ag ingo
• ai device id
• aids
• aig
• air force
• akamai
• akamaias
• akamaiasn1
• Alberta
• Alberta Doctors
• Alberta Health Services
• Alberta Medical Association
• Alberta NDP
• Alberta UCP
• alerts
• alexa
• alexa top
• alf features
• alfper
• a li
• all ipv4
• allocation type
• all octoseek
• allow
• allowed server
• alloy
• all quiet
• all scoreblue
• all search
• altar
• amazon 02
• amazon02
• amber a
• america
• america asn
• america flag
• analysis date
• analyzer paste
• analyzer threat
• andariel
• android
• and vids
• anomalous file
• anomaly
• anomaly id
• anton kutepov
• a nxdomain
• any
• any quality
• any quality videos
• any source
• apache
• apache x
• apis
• apnic
• appdata
• apple
• apple ios
• apple notepad
• application
• april
• arcane
• arial helvetica
• arnim rupp
• artro
• as10906
• as11284
• as12337 noris
• as133618
• as13414 twitter
• as14061
• as15133 verizon
• as15169
• as15169 google
• as15598
• as16276
• as16509
• as16552
• as16552 tiggee
• as16625 akamai
• as174 cogent
• as17816 china
• as19024
• as1921
• as19527 google
• as19679 dropbox
• as206834 team
• as20940
• as21342
• as22612
• as24940 hetzner
• as25019
• as25019 saudi
• as25825
• as2914 ntt
• as29789
• as30081
• as31034 aruba
• as31898 oracle
• as32787 akamai
• as32934
• as3359
• as35680
• as35819
• as35994 akamai
• as36459
• as396982 google
• as397240
• as397241
• as40021 contabo
• as4134 chinanet
• as42 woodynet
• as44273 host
• as45430
• as46606
• as47846
• as4812 china
• as49505
• as51167 contabo
• as53665 bodis
• as54113
• as56864 xeon
• as57416 llc
• as6185 apple
• as61969 team
• as62597
• as62597 nsone
• as63949 linode
• as7018 att
• as701 verizon
• as714 apple
• as7296 alchemy
• as7303 telecom
• as8068
• as8075
• as8151
• as852
• as8560
• as8972 host
• as9009 m247
• as9318 sk
• as autonomous
• ascii text
• asep
• ashburn
• asn8075
• asn as13335
• asn as13414
• asn as15169
• asn as15598
• asn as16509
• asn as16625
• asn as18693
• asn as36459
• asn as48684
• asn as49505
• asn as63949
• asn as714
• asnone dns
• asnone germany
• asnone hong
• asnone related
• asnone united
• asp
• aspack
• aspackv2xxx
• as-protect
• assigned pi
• assistant
• associated urls
• astaroth
• asyncrat
• atlas
• atom
• attachment
• attack
• attack bad
• attempts
• audio recording
• august
• aurora
• australia
• austria
• authentihash
• author avatar
• autorun
• autorun keys
• available now
• avast avg
• av detections
• avg clamav
• avgetblockcc
• awful
• azorult
• azureadmyorg
• azure tls
• b0 d7
• b0 e9
• b6 b3
• b6 bb
• b6 d2
• b6 f8
• b8 c7
• b9 f3
• b9 ff
• back
• backdoor
• bad login
• bad request
• baidu
• baidu spider
• bambernek
• bandit stealer
• bank
• base64-embedded
• basic
• basilisk
• batch
• b body
• bbox
• be ad
• beast
• beginstring
• bekijk
• best targets
• betabot
• bill
• billing
• binbusybox
• bios
• bitcoinaltcoin
• bits
• b jan
• black
• blacklist
• blacklist http
• blacklist https
• bladabindi
• blast
• blaze
• blizzard
• blocklist
• bobsoft
• body
• body doctype
• body html
• body length
• bone
• boot
• botnet
• Botnet
• brashears
• brazil
• brazil unknown
• brent kimball
• brian sabey
• british virgin
• browser
• browse scan
• browsing
• brute force
• builds
• burkard
• busybox
• busybox busybox
• c++
• c0 ac
• c1 e3
• c1 e9
• c2 c1
• c3 aa
• c3 b8
• c3 e8
• c4 a8
• c4 f0
• c4 f4
• c6 a8
• c7 c7
• c8 f7
• c8 ff
• c9 c3
• ca certificate
• cachecontrol
• calls
• cameras
• canada canada
• canada unknown
• cape
• capture
• carnage
• catalog tree
• ca validity
• cc by
• cc cc
• cdn77 dat
• centerchecks
• certificate
• Certificates
• cf e5
• cgb stgreater
• channel command
• channelsurfcli
• chaos
• charm
• charter communications
• chat
• checkin
• checks
• checks system
• chi2
• china
• china unknown
• chrome
• ch ua
• cidr
• cisco
• cisco umbrella
• city
• City of Edmonton
• ck id
• ck matrix
• ck t1003
• ck techniques
• class
• classname
• click
• clickable urls
• clickjacking
• client env
• clientrender
• clipper dos
• close
• cloudflar
• cloudflare
• cname
• cnapple public
• cnc beacon
• cnc feodo
• cnc server
• cnection
• cnlet
• cnsectigo rsa
• coalition et
• cobalt strike
• code
• code injection
• cold
• college guy
• collisionbox
• colorado
• comi
• com laude
• command
• command line
• commandline
• command type
• comment
• communicating
• compiler
• computer
• conduit
• connect azurepc
• Connect Care
• connection
• connections id
• connector
• consent plugin
• contact
• contacted
• contact phone
• contained
• contains-apk
• contains-elf
• contains-pe
• contains-zip
• content copy
• content length
• content type
• continent na
• continue
• contracts
• control
• control att
• control ta0011
• cookie
• copy
• copy md5
• copyright
• copy sha1
• copy sha256
• core
• corpse
• country
• country ng
• country us
• Covenent Health
• covid19
• cp bus
• crazy
• crazy doll
• create
• create c
• created
• creates
• creation date
• creation id
• creation using
• critical
• critical risk
• crlf
• crlf line
• cronup threat
• cryp
• crypto
• crystal
• cuba
• cur cono
• cus cnmicrosoft
• cus stcolorado
• custom and
• custom malware
• cve20170147 sep
• cve201717215
• cyber attack
• cybercrime
• cyber folks
• cyberstalking
• cyber threat
• cyber warfare
• cybota
• czechia unknown
• d1 fa
• d3 f7
• damage
• dan.com
• dangeroussig
• danie id
• dark
• dark consultants
• darkgate
• data
• datacenter
• data redacted
• data upload
• date
• date checked
• date hash
• date mon
• date sun
• date tue
• david burkett
• days ago
• db e2
• ddos
• dead
• dead host
• december
• decrypted ssl
• default
• defender
• defense evasion
• delete
• delete c
• delete delete
• delete shadows
• delphi
• demon
• demonbot
• denvecolorado
• denver
• denver colorado
• designer
• desktop
• destination
• detailed error
• detailsendswith
• detected m1
• detection list
• detection rule
• detections
• detections elf
• detections name
• detects
• detects imphash
• detect use
• development att
• device local
• df e0
• DGA
• dga domain
• diablo
• diablo iii
• diablo immortal
• diamond
• director
• discovery
• discovery e1082
• discovery t1027
• displayname
• div div
• djvu
• dll sideloading
• dns
• dnspionage
• dns query
• dns requests
• dns resolutions
• dnssec
• dns status
• docguard
• dock
• document file
• document format
• dodaj
• domain
• domain add
• domain address
• domain name
• domain related
• domain robot
• domains
• domain secure
• domains show
• domains top
• dos com
• dotcisoffer
• download
• downloader
• download rule
• downloads-pe
• downloads-zip
• dridex
• drivertalent
• drop
• druid
• dumping t1005
• dynamic
• dynamicloader
• dynamics
• dzan
• e1082 impact
• e1203 data
• e1564 discovery
• e1564 hidden
• e4 f8
• e8 ba
• e8 db
• e8 ed
• e8 f7
• e8 ff
• e9 cd
• east
• eb ed
• ec c7
• ec d0
• ec e8
• echo request
• eclipse
• Edmonton Police Services
• EduRoam
• ee edcje4j
• ef be
• eid1338769034
• eid4828312
• ekyxe
• elf64 crypto
• elf info
• e lisa
• elisa
• elite
• elton avundano
• email address
• emails
• emails info
• emilemando22
• emotet
• emotet ip
• emotet type
• empty
• encoding
• encrypt
• endgame
• endpoints all
• energy
• engineering
• english
• enigmaprotector
• enom
• enterprise
• entity
• entity ipripe
• entries
• entries related
• entropy
• environ
• e oct
• eofae
• erase
• error
• error all
• error aug
• error f
• error jul
• e safe
• eternal
• et info
• etpro malware
• et smtp
• eu alexey
• european union
• evasion att
• evasion defense
• evasion ob0006
• evil
• evil c
• exclusions
• exe32
• executable
• execution
• exif data
• existing pulse
• expiration
• expiration date
• expires thu
• expiresthu
• exploit
• exploitation
• exploit none
• explorer
• explosive
• external
• externalport
• extgstate
• extraction
• extra window
• f0 c0
• f0 c9
• f1 e8
• f2f2f2 color
• f3 a6
• f6 c1
• f7 f9
• f7 ff
• f8 ff
• face
• facebook
• facts dga
• fa fc
• failure
• fakeav
• fakedout threat
• fake news
• falling
• false
• fastly error
• fb d1
• fb ff
• fc c6
• fc c7
• fc e8
• fc eb
• fc ff
• fear
• feast
• february
• federation asn
• federation flag
• feet pics
• fe ff
• feodo
• ff e1
• ff e8
• ff e9
• ff f3
• ff ff
• file defense
• file discovery
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file samples
• file score
• files domain
• files ip
• file size
• files location
• files matching
• files related
• files show
• file transfer
• file type
• file version
• final url
• find
• findwindowa
• fin ivdo
• flag
• flag united
• flow t1574
• flubot
• font format
• footer
• forbidden
• form
• format
• formbook
• formbook cnc
• for privacy
• forums
• found
• found https
• fractured
• frame src
• france
• france asn
• france flag
• france hostname
• france unknown
• freeze
• front
• frozen
• fuck
• fuery
• full
• full service
• full url
• fury
• fusioncore
• gafgyt
• game
• gameoverpanel
• gamers
• gandi
• gandi sas
• gdpr cookie
• gecko
• general
• general full
• generic
• generic windos
• geoip
• germany
• germany mail
• germany unknown
• get her
• get http
• getobject
• getprocaddress
• ghost
• github
• github og
• github pages
• gmt cache
• gmt connection
• gmt content
• gmt contenttype
• gmt date
• gmt max
• gmt path
• gmt server
• gmt setcookie
• gmt vary
• gone
• google
• googlecl
• google safe
• google search
• GovAB
• green
• grum
• guard
• gui32
• h3 p
• hackers
• hacking
• hacktool
• hack type
• hallrender
• handle
• hardwareid
• harmony
• hash
• hash avast
• hashes
• hashes cape
• hatred
• hawk
• head body
• header http2
• header intel
• headers
• headers date
• health type
• heat
• helaas
• hell
• hellokitty
• helloworld
• hellspawn
• helper objects
• helvetica neue
• heur
• hichina
• hidden
• hide artifacts
• high
• high assurance
• high defense
• high level
• highly targeted
• high process
• high security
• highvol
• historical ssl
• history
• hitmen
• holidaycheck ag
• home network
• homepage
• honduras
• horn
• host
• hostile
• hosting
• hostmaster
• hostname
• hostname add
• hostname query
• hostnames
• hostsettings
• hours ago
• how search
• href
• htm align
• html
• html info
• http
• http attacker
• http headers
• http host
• httponly
• http request
• http requests
• http response
• https
• httpsupgrades
• huawei hg532
• huawei remote
• hub
• hungary unknown
• hunt
• hunter
• hybrid
• hydra
• iana id
• icmp traffic
• idlogin sep
• idnischdr http
• ids detections
• ieedge chrome1
• iframe
• ii llc
• imageendswith
• images
• images news
• images sign
• immobilien ag
• immortal
• impact ob0008
• impact ta0040
• imphash
• inbound
• incapsula
• indicator facts
• indonesia
• industry_and_commerce
• info
• info compiler
• info header
• informative
• injection
• injection t1055
• install
• installcore
• installer
• installing
• installs
• installs ip
• instrumentation
• intel
• interactive map
• internal
• internalport
• internalsapiip
• iocs
• ios
• ip
• ipad
• ip address
• ip check
• ip country
• ip detections
• iphone
• ip related
• ip summary
• ip traffic
• ipv4
• ipv4 add
• ipv6
• ip whitelisted
• ip whois
• irc server
• ireland
• ireland unknown
• islands flag
• issuing ca
• italy
• italy unknown
• itre att
• jaik
• javascript
• jeff
• judi
• june
• kaishhhhhh
• kb body
• keepalive
• key identifier
• keys
• key value
• kgs0
• khtml
• kls0
• knight
• Kong unknown
• kraken
• kraupa
• kryptikxp
• kurt walther
• labs pulses
• ladder
• lance mueller
• lanc type
• langchinese
• langgeorgian
• language
• lazarus
• lazarus group
• learn
• less see
• less whois
• let me jerk
• level
• level3
• levelblue
• lex name
• license
• license v2
• licess
• lidfileupd
• life
• light
• lightning
• link
• linker
• links
• linux x8664
• list planting
• live
• llc dba
• llc registry
• llc status
• lnmp
• lnmp a
• loaderid
• local
• localappdata
• local system
• location france
• location united
• login yara
• logon autostart
• look
• looks
• lowfi
• lredmond
• ltd dba
• lucky
• m1
• m417
• magic
• magic pdf
• magnus
• mail spammer
• main
• maker
• Malcerts
• malicious
• malicious site
• malicious url
• malpedia family
• maltiverse
• malvertising
• malware
• malware beacon
• malware cve
• malware_onenote_delivery_jan23
• malware site
• malware traffic
• malware worm
• manjusaka
• markmonitor
• markus neis
• masquerade
• maya
• maze
• mcig sep
• md5 add
• md5 nazwa
• media
• media center
• medium
• medium risk
• meister
• memcommit
• memory
• memory pattern
• memreserve
• mephisto
• message
• meta
• meta http
• meta name
• meta tags
• method
• method status
• metro
• mexico
• mexico unknown
• mh may
• miaxdx
• microsoft
• microsoft azure
• microsoft crm
• microsoft oem
• microsoft power
• microsoft teams
• million
• mini
• miniigd upnp
• Ministry of Advanced Education
• Ministry of Health
• Ministry of Tech & Innovation
• minutes ago
• miny
• miori hackers
• mirai
• mirai type
• mirai variant
• misa
• mitm
• mitre
• mitre att
• mobile sec
• model
• model sec
• modification id
• modify system
• module load
• monitored target
• mon jul
• mother
• moved
• mozilla
• mr windows
• msdefender apr
• msie
• msms57295540
• msr feb
• ms visual
• ms windows
• mtb apr
• mtb aug
• mtb dec
• mtb description
• mtb feb
• mtb jan
• mtb jul
• mtb jun
• mtb may
• mtb oct
• mtb sep
• mtd1
• mueller
• murderers
• my boy dan
• my health
• myrakez
• name
• name david
• name md5
• name path
• name server
• name servers
• name tactics
• name value
• nanocore rat
• navegador
• nazwa typ
• nemtih
• net168
• net1680000
• nethandle
• netherlands
• netname uch
• netrange
• nettype direct
• network
• network name
• network related
• networks
• network traffic
• new firewall
• new pulse
• new service
• next
• next associated
• nextc type
• next http
• next passive
• next related
• nextron
• next yara
• nids
• nightmare
• ninite
• njrat
• no data
• no expiration
• nokoyawa
• nondns
• none google
• notes clamav
• nowy
• nreum
• nsis
• nsone as63949
• null
• number
• nxdomain
• ob0005 defense
• ob0007 system
• ob0012 hide
• object
• oc0008
• october
• odigicert inc
• office
• ogoogle trust
• okrnserver
• ok set
• ok transfer
• olet
• ollydbg
• onelouder
• onl our
• open
• opendir
• openioc
• open threat
• openurl c
• operation endgame
• orc5
• organization
• orgid
• orgtechhandle
• orgtechref
• os2 executable
• os credential
• otx scoreblue
• outbound m3
• outbound smtp
• output
• overkill
• overlay
• overview domain
• overview ip
• oxypumper
• packing
• packing t1045
• pandora
• param
• parent net168
• pass
• passive dns
• patch
• path
• patrick bareiss
• pattern domains
• pattern match
• payload hello
• pcap
• pcidump rasman
• pdb path
• pdf document
• pdf execution
• pdf report
• pe32
• pe32 compiler
• pe32 packer
• pecompact
• pedraz
• pe file
• pegasus
• pehash
• pejzasz
• pe resource
• perfect privacy
• persistence
• pe section
• phi
• phishing
• phishing site
• phishtank
• photography
• phy samo
• pics
• pii
• .pl
• plasma
• please
• please click
• plugx
• poison
• poland
• poland unknown
• polizeiberlin
• pony
• porn
• pornhub
• pornhub.software
• pornhub subsidiary
• pornography
• porn type
• port
• port method
• possible
• post
• post http
• post method
• postpuj zgodnie
• power
• powershell
• pragma
• prayer
• precreate read
• prefetch1
• prefetch2
• prefetch8
• premade
• premium
• present
• present apr
• present aug
• present dec
• present feb
• present jan
• present jul
• present jun
• present mar
• present may
• present nov
• present oct
• present sep
• privacy
• privacy name
• privacy tools
• process
• process32nextw
• processes tree
• process id
• process t1543
• procesu
• products id
• project pi
• promise
• property value
• protocol h2
• proton
• providers
• proxy
• przegld
• public key
• public url
• pulse pulses
• pulses
• pulses email
• pulses none
• pulses otx
• pulse submit
• pulses url
• puma se
• push
• pyinstaller
• python
• qakbot
• qbot
• quality
• quantum fiber
• quasar
• quasi
• query
• rage
• rangeerror
• rank
• ransom
• ransomware
• Ransomware
• raspberry robin
• rats
• raven
• read
• read c
• reads
• realm
• realtek sdk
• record type
• record value
• recycle bin
• redacted for
• redirect
• redline
• redline malware
• redline stealer
• redrum
• referrer
• refresh
• regbinary
• regdword
• registrant fax
• registrar
• registrar abuse
• registrar url
• registry arin
• registry keys
• registry run
• registry t1018
• regopenkeyexa
• regsetvalueexa
• regsz
• related nids
• related pulses
• related tags
• reload
• remote access
• remote system
• remotewd
• replacement
• repo
• report
• report spam
• repository
• repstefanik
• request
• request id
• research
• researched
• resolutions
• resolverror
• resource
• resource hash
• response
• response ip
• restart
• results jan
• results jul
• results may
• results oct
• returnurl
• reverse dns
• review
• rgba
• rhur3d
• ri falsek
• riskware
• river.rocks
• rlength
• robots content
• rogers
• Rogers
• rogue
• roleselfservice
• role title
• roth
• rpcs
• rsa ca
• rsa ov
• rsa tls
• rticon
• rticon neutral
• rule added
• rule details
• rule matching
• runner
• running webserver
• runtime process
• russia
• russia as49505
• russia unknown
• sabey
• sabey type
• saboteur
• safe
• safebae
• safe browsing
• safe site
• sale
• sameorigin
• samesitelax
• sample
• samplepath
• samples
• sanctuary
• sandbox
• sander wiebing
• san jose
• saudi arabia
• scan endpoints
• scans show
• school
• scoundrel
• script
• script domains
• script general
• script host
• script script
• script urls
• sea p
• search
• search help
• search otx
• search search
• season
• sea x
• secblinken
• sec ch
• sector
• secure
• secure server
• security
• security tls
• seen
• segoe ui
• selfextractor
• september
• serce internetu
• server
• server ca
• server error
• server response
• servers
• service
• services
• serving ip
• setting
• settings search
• seznam
• sha1
• sha256
• sha256 add
• shadow
• sharepoint
• shell
• shell commands
• shelltraywnd
• show
• showing
• show process
• show technique
• sid name
• sifalconteam
• signalblur
• silencing campaign
• sinkhole cookie
• site
• site ca0x1ex17r
• sites
• size
• skip
• skrt
• skull
• slcc2
• sliver stagers
• slovakia
• slow
• smoke loader
• smtp
• snatch
• sneaky server
• sniffs
• soap command
• softcnapp
• software
• solar
• solutions
• soul
• spain
• spam
• spammer
• span
• span div
• span h3
• spark
• spawns
• Speader
• spectrum
• speed
• spirit
• spotify artist
• spyware
• sqli dumper
• ssdeep
• ssl ca
• ssl certificate
• staff
• start service
• startsrv
• state
• status
• status code
• status domain
• stdin via
• stealer
• stealth
• steam
• steganography
• stix
• stone
• stop
• stop service
• storage
• store gmail
• strange
• stream
• strings
• stwashington
• sub autoopen
• subdomains
• sublangdefault
• submission
• submitted
• subtypeform
• summary
• sumo
• suppobox
• susp
• suspicious
• suspicious path
• svchost parent
• svchost rule
• svg scalable
• sweden
• sweep
• sweet heart
• swipper
• system
• system file
• t1012
• t1036
• t1045
• t1047
• t1053
• t1055
• t1055.015
• t1057
• t1060
• t1063
• t1071
• t1082
• t1114
• t1119
• t1129
• t1189 found
• t1480 execution
• t1573 encrypted
• ta0004 process
• tactics
• tag count
• tag manager
• tags
• tags twitter
• tape
• targeting
• tcp syn
• team
• team phishing
• team top
• telecom
• telefonica co
• telegram
• telnet
• telock
• telper
• Telus
• temp
• templates
• test
• texas
• thailand
• thebrotherssabey
• thomaskralow
• thread local
• threat roundup
• threats et
• thumbprint
• timo salzsieder
• tim shelton
• title
• title error
• title object
• title style
• title telegram
• tls handshake
• tls sni
• tlsv1
• tmobile
• toast
• tofsee
• tools
• tor analysis
• total
• tptjsw
• tracker
• Treaty 6
• Treaty 7
• Treaty 8
• t regdword
• trex
• trid adobe
• trier par
• trojan
• trojanclicker
• trojandropper
• trojan features
• trojanspy
• true
• tsara
• tsara brashears
• ttl value
• tulach
• tulach type
• twitch
• twitter
• twitter redirect
• type
• type data
• type get
• type indicator
• typeof
• types of
• ua arch
• ua bitness
• uacme akagi
• ua full
• UAlberta
• ua platform
• ubuntu
• ucha
• uchealth
• uchealth app
• ufffduf1a3
• uid38009
• ukraine
• ukraine unknown
• ultimate
• umbrella rank
• unauthorized
• unicode
• unicode text
• unique
• unique tlds
• unis
• united
• united kingdom
• united kingdom unknown
• United Nurses of Alberta
• united states
• university
• University of Calgary
• unknown
• unknown aaaa
• unknown ns
• unknown soa
• unsupported
• upatre
• update date
• updated date
• updater
• upx
• upx dump
• urgent care
• url add
• url analysis
• url host
• url hostname
• url http
• url https
• urls
• urls http
• urls https
• urls show
• url summary
• ursnif
• usd twitter
• user
• user agent
• useragent
• user execution
• users
• use short
• utc google
• utc gtmsxrf
• utf8
• utf8 text
• uwmlife
• v2 document
• v3 serial
• value snkz
• vbscript
• vendor finding
• verdict
• verify
• ver los
• version sec
• veryhigh
• vhash
• victor sergeev
• videos
• videos maps
• vids
• vietnam
• view
• virginia
• virtool
• virus
• virustotal
• visible
• vmprotect
• vmprotectsdk
• vmprotectstub
• vps reverse
• vs2003
• vs2013
• v wczono
• warp
• watch
• watch tsara
• wave
• web open
• werewolf
• westlaw
• whasz
• whitelisted
• whitelisted ip
• whitesky
• whois
• whois lookup
• whois lookups
• whois record
• whois registrar
• whois server
• win16 ne
• win32
• win32autoit mar
• win32autokms no
• win32 cabinet
• win32 exe
• win32spigot jul
• win32 type
• win32upatre apr
• win32upatre jul
• win32upatre jun
• win64
• wind
• windir
• window
• window memory
• windows
• windows auto
• windows nt
• windows script
• windows service
• windows startup
• windows system
• wine emulator
• winnt
• winreagent
• workers compensation
• world
• worm
• wow64
• write
• write c
• writes a pe file header to disc
• wsasend
• x509v3 subject
• x86 baddr
• x8bxe5
• x cache
• xe e
• x frame
• xhr load
• xhr start
• xmpg
• xobject
• xport
• x powered
• xrat1
• x ua
• xxx video
• xxx videos
• yandex
• yandex spider
• yara
• yara detections
• yarahub
• yarahub entry
• yara rule
• yomi hunter
• youth
• y pkmsauto
• zbot
• zenbox
• zero
• zerossl ecc
• zeus

MITRE ATT&CK TTPs

• T1001.003 - Protocol Impersonation
• T1003.008 - /etc/passwd and /etc/shadow
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1007 - System Service Discovery
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1048 - Exfiltration Over Alternative Protocol
• T1053 - Scheduled Task/Job
• T1055.003 - Thread Execution Hijacking
• T1055.012 - Process Hollowing
• T1055.013 - Process Doppelgänging
• T1055.014 - VDSO Hijacking
• T1055 - Process Injection
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1065 - Uncommonly Used Port
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1089 - Disabling Security Tools
• T1090 - Proxy
• T1091 - Replication Through Removable Media
• T1092 - Communication Through Removable Media
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110 - Brute Force
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1114 - Email Collection
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1129 - Shared Modules
• T1133 - External Remote Services
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1179 - Hooking
• T1189 - Drive-by Compromise
• T1201 - Password Policy Discovery
• T1203 - Exploitation for Client Execution
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1222 - File and Directory Permissions Modification
• T1410 - Network Traffic Capture or Redirection
• T1428 - Exploit Enterprise Resources
• T1433 - Access Call Log
• T1443 - Remotely Install Application
• T1445 - Abuse of iOS Enterprise App Signing Key
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1472 - Generate Fraudulent Advertising Revenue
• T1478 - Install Insecure or Malicious Configuration
• T1480 - Execution Guardrails
• T1483 - Domain Generation Algorithms
• T1485 - Data Destruction
• T1489 - Service Stop
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497 - Virtualization/Sandbox Evasion
• T1530 - Data from Cloud Storage Object
• T1543 - Create or Modify System Process
• T1546 - Event Triggered Execution
• T1547 - Boot or Logon Autostart Execution
• T1552 - Unsecured Credentials
• T1553 - Subvert Trust Controls
• T1555 - Credentials from Password Stores
• T1560 - Archive Collected Data
• T1562 - Impair Defenses
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1585.001 - Social Media Accounts
• T1590 - Gather Victim Network Information
• T1614 - System Location Discovery
• TA0011 - Command and Control

Passive DNS

• micorosft.com

Whois Information