20.99.132.105 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 20.99.132.105 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 55/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Network: AS8075 microsoft corporation
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Australia, Belgium, Canada, Chile, Czechia, Denmark, Estonia, France, Germany, Hong Kong, Israel, Italy, Latvia, Lithuania, Malaysia, Netherlands, Norway, Palestine, Poland, Qatar, Romania, Turkey, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America, Virgin Islands British
• Tor Node: No

Tags

• 0110542
• 12345
• 720.282.2025
• a9 no
• aaaa
• abuse
• abuse contact
• accept
• accept encoding
• access
• access ta0006
• access type
• acint
• active
• active related
• active threat
• active threats
• activity
• activity mirai
• actmsgs1
• added active
• address
• address domain
• address list
• address virtual
• administrator
• a domains
• adult content
• advanced email
• advertising botnet
• adware
• africa
• afrinic
• age86400 set
• agent
• agent tesla
• ah6itbtgl
• aibv hostmaster
• aig
• akamai
• akamaias
• akamai as36786
• alerts
• alexa
• alexa top
• algorithm
• algorithm generated domains
• a li
• alienvault
• allocates
• allocation
• all octoseek
• all scoreblue
• all search
• alphacrypt cnc
• amadey
• amazon
• amazon02
• amazonaes
• amazon data
• amazon ec2
• amazons3
• amazon ses
• america asn
• analysis
• analysis date
• analytics na
• analyze
• analyzer threat
• android
• anity
• anonymizer
• apache
• apeaksoft ios
• api ip
• api key
• apnic
• apollo
• apple
• apple id phishing
• apple ios
• apple iphone
• apple itunes
• apple private
• apple safari
• application/binary
• april
• apt ip
• apt suspects
• arbor networks
• archive
• arin
• arizona
• artemis
• artro
• as10796 charter
• as1136 kpn
• as131392
• as13768 aptum
• as13789
• as14061
• as140641
• as14315
• as14618
• as15169
• as15169 google
• as16276
• as16509
• as16625
• as16625 akamai
• as19527 google
• as19905
• as20546 soprado
• as20940
• as21342
• as22075
• as22773 cox
• as23724
• as2635
• as26710 icann
• as2906 netflix
• as29580 a1
• as30456
• as3209 vodafone
• as32934
• as3320 deutsche
• as33387
• AS33387 nocix llc
• as3356 level
• as35280 acorus
• as36081 state
• as38731 vietel
• as396982 google
• as41357
• as43350 nforce
• as44273 host
• as45102 alibaba
• as47846
• as4808 china
• as4812
• as4812 china
• as4837 china
• as51407 mada
• as51852
• as54113
• as55293 a2
• as56047 china
• as58461
• as58542 tianjij
• as60558 phoenix
• as62597
• as6336 turn
• as63949 linode
• as7018 att
• as7552
• as7552 viettel
• as7922 comcast
• as797 att
• as8068
• as8075
• as8100
• as8560
• as8866
• as9009 m247
• as9808 china
• ascii text
• asia pacific
• asn13335
• asn15169
• asn16509
• asn396982
• as name
• asn asn
• asn database
• asnone
• asnone india
• asnone ukraine
• asnone united
• assaulter
• assembly
• assembly common
• assembly name
• asyncrat
• attack
• auction
• audiologist inc
• august
• australia
• authentication
• authority
• autoit
• automate
• avast avg
• av checkin
• av detections
• avg clamav
• awful
• b59bn timestamp
• babar
• back
• backend
• bank
• banker
• base
• bashlite
• bayrob
• b body
• bbonline uk
• bc https
• beacon
• beefpizzac
• beginstring
• behav
• benjamin c
• bernhardplein
• best current
• betting
• bhagam bhag
• bhja
• big tech
• bing ads
• bitcoin
• bitfender
• bitrat
• bits
• blacklist
• blacklist http
• blacknet
• blacknet rat
• blister
• blob
• blockchain
• body
• body doctype
• body doubles
• body length
• body xml
• book
• borland delphi
• botnet
• botnet command
• bot networks
• bq mar
• bradesco
• brashears
• breakpoint
• brian
• brian sabey
• briansabey
• bricksfunction
• bricksintersect
• browse scan
• bruschettab
• brute force
• b server
• bt6lcuigydc9yc
• bulz
• bundled
• business select
• bv
• bvorgid cambridge
• c-67-181-73-197.hsd1.ca.comcast.net
• cachecontrol
• caddywiper
• ca issuers
• calzonec
• cambridge
• campaign
• campus
• canada
• canada unknown
• cane
• canvas
• capbgxz
• cape
• carol
• cascade
• ccleaner
• c cmd
• cdate
• cellbrite
• cellebrite
• cellerebrand
• center
• certificate
• certificate city
• certificates
• chain
• channel
• chaos
• checkin
• checkin m1
• checks
• child exploitation
• china
• china as37963
• china telecom
• china unknown
• christmas
• chrome
• ch ua
• cidr
• ciphersuite
• cisco umbrella
• citadel
• city
• ck id
• ck matrix
• cl0p
• class
• cleaner
• click
• clng
• closeup view
• cloud
• cloudflare
• cloudflarenet
• cloudfront x
• cloud marketing
• clr version
• cname
• cnc
• cndigicert
• cn note
• cobalt strike
• code
• code signing
• coinminer
• colibri loader
• collections
• colorado
• comcast
• com cnt
• comedy
• com laude
• command
• command _and_control
• command and control
• command decode
• common upatre
• communicating
• community score
• company isp
• company limited
• compiler
• computer
• comspec
• conduit
• configure
• confirm http
• confirm https
• conhost
• connect
• connection
• contact
• contacted
• contacted urls
• contact email
• contact made by mark brian sabey
• contact made by o'dea
• contact phone
• contained
• content
• contentlength
• content type
• control panel
• control server
• control ta0011
• co number
• cookie
• cookie bot
• copy
• copy core
• copyright
• copyright c
• core
• corp
• cosmotown
• count
• count blacklist
• country
• country code
• cowboy
• cp
• crack
• crash
• create
• create c
• created
• createdate
• create new
• createsuspended
• creation date
• crime
• critical
• critical cmd
• crlf line
• cry kill
• cryp
• crypt
• cryptexportkey
• crypto
• crypto_obfuscator
• csc corporate
• csv order
• ctsu
• cus
• cus cnamazon
• cus cnr3
• cus ogoogle
• cus olet
• cve201711882
• cv jogjacamp
• cvss v2
• cyber
• cyber army
• cyber attack
• cyber crime
• cyber defense
• cyber security
• cyberstalking
• cyber threat
• cyberwar
• cyber warfare
• cymulate
• dapato
• dark
• darkgate
• darklivity podcast
• darpa
• data
• data brokers
• data center
• data collection
• datalayer
• data redacted
• data rticon
• date
• date fri
• date hash
• date sat
• dead host
• december
• decode
• deep malware
• deepscan
• default
• default page
• defender
• defense
• de indicators
• delete
• delete c
• delphi
• delphi generic
• dem fin
• denied trackers
• denmark as32934
• denver police
• deny
• deptid23922
• deptid23936
• deptid24124
• description ype
• desktop
• destination ip
• detect-debug-environment
• detection
• detection list
• detections
• detections file
• detections type
• detection type
• dga
• dga domain
• dhs
• dhs discover
• digicert inc
• direct-cpu-clock-access
• disability
• discover
• district
• div div
• divergent
• dlls
• dns
• dns replication
• dns resolutions
• dnssec
• dock
• document file
• domain
• domain check
• domain name
• domainpath name
• domain robot
• domains
• domains domain
• domain status
• domaiq
• dom-modification
• downldr
• download
• download csv
• downloader
• downloads
• download sample
• drama
• dridex
• dropped
• dropper
• dtamlb
• dumping t1003
• dynadot
• dynadot inc
• dynamicloader
• early iowa
• echobot
• echobot malware
• ec oid
• elderly
• elf64 data
• elf executable
• elf info
• elite
• email
• emails
• emotet
• enablement
• encrypt
• encrypt cnr3
• endpoints all
• engb
• english
• enterprise
• entries
• entries related
• entropy chi2
• enumerates
• epic games
• eqsray
• error
• error resume
• et
• etag
• eternalblue
• et exploit
• etpro malware
• etpro trojan
• et tor
• europeberlin
• evilnum
• exact
• exchange meta
• exe32
• exec
• executable
• executable file
• execution
• exe upload
• exif standard
• exit
• expiration
• expiration date
• expiressat
• expiresthu
• expiry
• exploit
• exploitation
• explore
• explorer
• export
• express
• external ip
• external-resources
• external source
• facebook
• fake host
• falcon
• falcon sandbox
• false
• february
• feeds
• feeds ioc
• ff2c217402202b
• ffcdcb
• figma
• file
• file execution
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• filerepmalware
• filerepmetagen
• files
• file score
• files deleted
• files domain
• files ip
• file size
• files location
• files referring
• files show
• file system
• filetour
• file type
• final url
• find
• find your
• fireeye
• firefox c
• firehol
• first
• f json
• flags
• flashpix
• floyd
• font format
• footer
• forbidden
• form
• format
• formats
• formbook
• formbook cnc
• for privacy
• found
• fragtor
• france unknown
• franchise url
• frankfurt
• fraud services
• free automated
• fri dec
• fri mar
• from
• fulldisc
• full name
• fusioncore
• g2 tls
• g5nxq655fgp
• gambino
• gameskinny
• gandcrab
• gandcrab dns
• gandi sas
• gecko
• general
• general full
• general info
• generic
• generic cil
• generic flags
• generic http
• generic malware
• generic windos
• genkryptik
• geo shanghai
• germany
• germany unknown
• get hello
• get http
• get na
• getprocaddress
• get updates
• g htpps
• gift
• gifts
• github pages
• gmbh
• gmbh version
• gmt cache
• gmt content
• gmt contenttype
• gmt etag
• gmt location
• gmt max
• gmtn
• gmt path
• gmt server
• go daddy
• google
• google chrome
• google tag
• gootloader
• gopher
• gov
• government
• gov int
• grabber
• grafana labs
• graph
• graph api
• graph community
• graph summary
• greatcall
• group
• groups
• guid
• gvb gelimed
• gvt google video transcoding
• hacker
• hackers
• hacking
• hacktool
• hall law
• hall render
• hallrender
• hash
• hash avast
• hashes
• head
• header class
• header intel
• headers
• headers age
• headers date
• header version
• health phone
• heartbleed
• hello
• hetzner online
• heur
• hichina
• hidden privacy
• hiddentear
• hide
• high
• high attack
• highly targeted
• high process
• hijacker
• historical ssl
• history first
• hit
• hitmen
• hiv
• home pg
• home screen
• honeybots
• honey client
• hong kong
• host
• hostname
• hostname c
• hostnames
• hp hpsbmu02998
• hp hpsbmu03018
• hp hpsbmu03019
• hp hpsbmu03030
• hr rtd
• html
• html head
• html info
• html internet
• html public
• http
• http host
• http requests
• http response
• https
• hupigon
• hybrid
• hybridanalysis
• iana
• iana id
• iana special
• ibm
• ibm business
• icann
• icons library
• icp2021030667
• identifier
• identity_helper.exe
• ids detections
• iframe
• iframes
• iframe tags
• ii llc
• illegal activity
• impact
• impacting azure
• impressum
• inbound
• india
• indicator
• indicator facts
• indicator role
• indicator type
• indonesia
• indostealer
• inetsim http
• infected
• inflight
• inflight entertainment
• info
• info compiler
• info header
• info sections
• infrastructure
• ingestion time
• initial checkin
• injection
• injection t1055
• injector
• input
• insight tag
• installcore
• installer
• installer internet
• installpack
• intel
• internet
• internet access
• internet domain
• internet files
• internet se
• invalid pointer
• iobit
• ioc
• iocs
• ioc search
• ionos se
• ios
• ip address
• ip addresses
• ip block
• ip check
• ip connectivity
• ip detections
• ip geolocation
• ip hostname
• ipinfo
• ip related
• ip reputaion
• ip summary
• ip sun
• ip traffic
• ipv4
• ipv4 address
• ireland
• ireland unknown
• issuer
• issues tab
• italy unknown
• item
• itunes
• jackson
• jansky
• january
• japan
• javascript
• javascript code
• javascript lux
• jaws webserver
• Jays Youtube Bot.exe
• jb
• jb country
• jeffrey scott reimer
• jeremy
• join
• jomax
• jpeg image
• jsc regional
• json
• json sample
• july
• juming network
• june
• just
• jxaavf4jnzza0
• k0pmbc
• kansas city
• karen
• kb body
• kb file
• kb microsoft
• kevin
• key algorithm
• key identifier
• key info
• keylogger
• keysystems gmbh
• khtml
• known tor
• k wersvcgroup
• kyrgyz default
• kyriazhs1975
• label
• label saudi
• lacnic
• lakewood
• langid1
• language
• launchres
• law firm
• lazarus
• learn
• legal
• legend
• lemon duck
• length
• lenovo type
• less whois
• l http
• life
• limited
• limited yotta
• link
• linkedin
• linkid252669
• link library
• linux
• listen
• little
• live
• lively
• loader
• local
• local government
• location
• location dublin
• location lao
• location viet
• loccel1
• lockbit
• log id
• login
• logistics
• loki password
• lolkek
• look
• lookup
• lookup country
• lookups
• lost
• love
• lowfi
• low software
• lskeyc
• ltd dba
• lumma stealer
• m
• machinename
• magic elf
• magic html
• magic msdos
• mail spammer
• main
• makop
• malibot
• malicious
• malicious site
• malicious url
• maltiverse
• malvertising
• malvertizing
• malware
• malwarebazaar
• malware beacon
• malware generic
• malware infection
• malware site
• man
• manager anchor
• march
• markmonitor
• markus
• masquerade
• masquerading
• matches rule
• maxage31536000
• mbs
• md5 chi2
• media center
• mediaget
• medium
• memcommit
• memscan
• men
• mercenary
• meta
• methodhead
• methodpost
• metro
• mgeinteg
• michael roberts
• michelle
• microsoft
• microsoft root
• microsoft stuff
• milehighmedia
• miles2
• million
• million alexa
• mimikatz
• miner
• mining
• mirai
• mirai 04022024
• mirai malware
• mirai variant
• misc attack
• misc http
• misc https
• mitre att
• mobsterstageda
• model
• module load
• monitoring
• mono
• mon sep
• moved
• mozilla
• msclkidn
• msdefender mar
• ms excel
• msf style
• msie
• msil
• msr jan
• ms windows
• mtb feb
• mtb jan
• mtb mar
• mtb may
• multiple
• music
• mvpower dvr
• name
• namecheap inc
• name hyperlink
• name md5
• name microsoft
• name name
• name server
• name servers
• namesilo
• name value
• name verdict
• name virtual
• nanocore
• nastya
• navmode3
• nav onl
• nciipc
• n cvss
• net10464001
• net192
• net1920000
• nethandle
• netrange
• netsupport rat
• network
• neutral
• new ioc
• next
• next franchise
• next noc
• next pe
• Nextray
• nice botet
• ninite
• ninite feb
• nivdort
• njrat
• nl page
• nobits
• no data
• node traffic
• no expiration
• nora
• no security
• nothing number
• november
• npzk765
• nsa
• nsa utah
• nsis
• ns nxdomain
• ntmzac
• null
• number
• nxdomain
• object
• observed
• october
• octoseek
• odx3x33jk9w3
• office open
• offset size
• ogilvy
• olet
• ommidsf3558
• online
• online sat
• online sun
• open
• opencandy
• openssl
• openssl tls
• open threat
• optimizer
• orbiters
• orgabusehandle
• orgabuseref
• org log
• org meta
• org og
• orgtechhandle
• orgtechphone
• orgtechref
• org twitter
• origin1
• origin http
• orsam
• os2 executable
• os abi
• os credential
• otx
• otx octoseek
• otx scoreblue
• otx telemetry
• outbound
• outbound connection
• outbreak
• overlay
• ovh sas
• packer
• packing t1045
• page
• page dow
• page url
• panda
• parent domain
• parent siblings
• parked
• partru
• passive
• passive dns
• password
• paste
• path
• path max
• pattern match
• pcap
• pcname
• pdf report
• pe32
• pe32 compiler
• pe32 executable
• pecompact
• pegasus
• pegasystem
• pepo campaigns
• pe resource
• performs dns
• persistence
• pe section
• phish
• phishing
• phishing paypal
• phishing site
• phishtank
• phy pre
• pings c
• pinl2
• pinlbtn
• pitman and or dentisthired roberts obvi
• pixel
• pizza
• playgame
• please
• plesk
• plesk a
• plesklin
• png image
• png rticon
• po box
• policy windows
• pony
• poppy
• popularity
• porkbun
• porn tagging
• port scan
• poser
• possible
• possible fake
• postal code
• poster
• post http
• powershell
• poweshell
• practice
• pragma
• precreate read
• presenoker
• priority
• prism
• private limited
• privateloader
• privilege https
• probe
• probe ms17010
• problems
• process
• processes tree
• process hollowing
• products
• progbits
• programfiles
• project
• project skynet
• proofpoint
• pro platform
• protocol h2
• protocol t1071
• protocol t1095
• proxy
• psiusa
• ptls7
• public w3cdtd
• pulse pulses
• pulses
• pulses otx
• pulse submit
• pulse use
• pur sta
• push
• pyinstaller
• python
• qaeaav12
• qakbot
• q htpps
• q https
• qiwi hack
• quasar
• quasar rat
• query
• ramnit
• rank position
• ransom
• ransomexx
• ransomware
• rapid
• read c
• realteck audio
• record type
• record value
• recreation
• redacted
• redacted for
• redirect chain
• redirected
• redirection
• redline stealer
• redrum
• red team
• referrer
• refresh
• regdword
• registrant name
• registrar
• registrar abuse
• registrar apnic
• registrarsafe
• registrar url
• registrar whois
• registry
• registry domain
• registry techc
• regopenkeyexw
• regsetvalueexa
• regsz
• rekhter
• relacionada
• related
• related nids
• related pulses
• related tags
• relayrouter
• relic
• remote
• remote attacks
• remote debian spy
• remote procedure call
• replacement
• report
• report registrar abuse
• reports
• request
• request chain
• request email
• resolutions
• resource
• response final
• responsible
• restart
• reverse dns
• reverse ip
• rexxfield
• right person
• rights reserved
• ripe
• ripe ncc
• ripe network
• risk management
• riskware
• riyadh
• riyadh address
• role title
• romeo scheme
• root ca
• rostpay
• round
• route
• rsa sha256
• rticon kyrgyz
• rticon neutral
• runtime-modules
• russia unknown
• ruthless
• rva entry
• rwi dtools
• ryuk
• sabey
• safe site
• sakula malware
• sameorigin
• sample
• samplepath
• samples
• san francisco
• saudi
• saudi arabia
• saudi telecom
• sa victim
• say hello
• scammer
• scan endpoints
• scanning host
• scene unit
• scottsdale
• screenshot
• script domains
• scripting
• script script
• script tags
• script urls
• sdermh
• sdermh request
• search
• search debian available space
• search filter
• sec ch
• sectrack
• secunia
• secure
• security
• security tls
• select xmp
• self
• september
• serial number
• server
• server ca
• server redirect
• servers
• server tsa
• service
• service bs
• service privacy
• serving ip
• set cookie
• sfo5 c1
• sha1
• sha256
• sha256 file
• sha2 secure
• shadow
• shell
• shell commands
• shell uce
• shit
• shop
• show
• showing
• show technique
• siblings
• siblings domain
• sid339
• sign
• sign up
• simplified
• singapore
• sinkhole
• sinkhole cookie
• site
• site safe
• site top
• size
• size entropy
• size raw
• skynet
• slcc2
• smartchat
• smauthreason0
• smbds ipc
• smlb
• smokeloader
• sneaky server
• social engineering
• software
• song culture
• sophos
• sort
• southwest
• southwest wifi
• sp1 ddk
• sp6 build
• spain unknown
• span
• spider
• sprint personal
• spsfsb
• spyware
• sql
• srellik
• sreredrem
• sreredrum
• ssdeep
• ssl certificate
• stamping
• start
• startpage
• stateprovince
• static engine
• status
• status code
• status page
• stealer
• stix
• storage
• strapi app
• streams size
• strings
• striven
• strong
• strtab
• subdomains
• subject key
• subject public
• submission
• submitters
• summary
• summary iocs
• summer
• sun aug
• super
• superitaliansub
• suricata ipv4
• suricata udpv4
• surry hills
• survivor
• susp
• suspicious
• switch
• switch dns
• swrort
• synapse
• sysfreestring
• system
• system as
• systweak
• sysv
• t1045
• t1082
• t1129
• T1622 - Debugger Evasion
• tabx explorer
• tag
• tag count
• tagging
• tag manager
• tags twitter
• tags viewport
• tahoma arial
• taobao network
• target
• targeting
• targetsmhttps
• targets sa
• targets tsara brashears
• tcpip
• team
• teams api
• team top
• tech
• technology
• teen porn
• telecom
• telecom company
• telecom group
• telper
• template
• terry ave
• test
• text
• text/html
• thebrotherssabey
• the org
• third-party-cookies
• threat
• threat analyzer
• threat network
• threat report
• threat roundup
• threats
• thu dec
• thu jul
• thumbprint
• tiff image
• tiggre
• time
• title
• title access
• title added
• title bhagam
• title error
• tls web
• tools
• topropertykey
• tracey richter
• trackers
• tracking
• traffic et
• tree
• triangulation
• trid dos
• trid elf
• trident
• trid file
• trojan
• trojandropper
• trojan evader
• trojan malware
• trojanproxy
• trojanspy
• true defense
• trust
• trustinfo
• tsara
• tsara brashears
• ttl value
• tulach
• turn
• t whois
• twitter
• type
• type33554433
• type address
• type indicator
• type name
• typeof function
• type rtrcdata
• typosquatting
• uidtokenhttps
• uknown
• unauthorized
• unicode
• union
• unique
• united
• united arab
• united kingdom
• unix
• unknown
• unlocker
• unrealengine
• unsafe
• upatre
• upatre malware
• update p2p
• updater
• upgrade
• url analysis
• url collection
• url history
• url http
• url https
• urls
• urls http
• urls https
• url summary
• urls url
• ursnif
• usage
• us bundled
• usbuy no
• use collection
• user
• useragent
• utah data
• utc aw741566034
• utc gcfezl5ynvb
• utc google
• utc http
• utc linkedin
• utc na
• utc redirection
• utc submissions
• v2 document
• v3 serial
• v3 severity
• valid from
• validity
• value
• value snkz
• variables
• vary
• vault
• vbs
• ver2
• ver33
• verdict
• verify
• verisign time
• vhash
• vidar
• vids1
• viet nam
• vietnam
• vietnam unknown
• view
• vipre
• virgin islands
• virtool
• virtual mobile
• virus network
• virustotal
• visa scheme
• vj79
• v object
• voun2hd
• vs2005
• vs2008
• vs98
• vt community
• vwdzfe
• vy binh
• w3cdtd html
• wacatac
• wannacry
• wcry ransomware
• webcc
• web gateway
• web open
• wed dec
• wed jan
• west domains
• whitelisted
• whois
• whois domain
• whois lookup
• whois lookups
• whois record
• whois sneaky
• whois ssl
• whois whois
• wifi
• wifi access
• wifi hotspot
• wifi internet
• win16 ne
• win32
• win32cve mar
• win32 dll
• win32 dynamic
• win32 exe
• win32mydoom jan
• win32sfone jul
• win32upatre feb
• win32upatre mar
• win64
• windir
• window
• windows
• windows activex
• windows module
• windows nt
• windows server
• windows wget
• wininit
• winnt
• wmi string
• woman
• women
• worm
• wow64
• write
• write c
• written c
• x00x00
• x509v3 extended
• x509v3 key
• xamzexpires600
• xcitium verdict
• x content
• xhtml
• xml
• xml document
• xmlns http
• xorddos
• xport
• xrat
• x show
• x ua
• yandex
• yandex dropper extend
• yara detections
• yara rule
• ygjpaufscontext
• yotta
• yotta data
• yotta network
• youtube
• youtube video
• yuming
• zbot
• zeus
• zip blaze
• zombie
• zusy
• zwdk9d
• 性感美女
• 清纯美女
• 美女主播
• 美女互动
• 美女交友
• 美女在线表演
• 美女直播
• 美女直播间
• 美女秀场
• 美女聊天
• 美女聊天室
• 美女视频
• 视频交友
• 视频聊天

MITRE ATT&CK TTPs

• T1001 - Data Obfuscation
• T1003.008 - /etc/passwd and /etc/shadow
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1037.003 - Network Logon Script
• T1038 - DLL Search Order Hijacking
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1051 - Shared Webroot
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1074 - Data Staged
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1089 - Disabling Security Tools
• T1091 - Replication Through Removable Media
• T1094 - Custom Command and Control Protocol
• T1095 - Non-Application Layer Protocol
• T1098 - Account Manipulation
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1107 - File Deletion
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1112 - Modify Registry
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1123 - Audio Capture
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1156 - Malicious Shell Modification
• T1158 - Hidden Files and Directories
• T1183 - Image File Execution Options Injection
• T1185 - Man in the Browser
• T1199 - Trusted Relationship
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1218 - Signed Binary Proxy Execution
• T1222.002 - Linux and Mac File and Directory Permissions Modification
• T1410 - Network Traffic Capture or Redirection
• T1415 - URL Scheme Hijacking
• T1443 - Remotely Install Application
• T1444 - Masquerade as Legitimate Application
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1459 - Device Unlock Code Guessing or Brute Force
• T1463 - Manipulate Device Communication
• T1468 - Remotely Track Device Without Authorization
• T1470 - Obtain Device Cloud Backups
• T1506 - Web Session Cookie
• T1512 - Capture Camera
• T1518 - Software Discovery
• T1534 - Internal Spearphishing
• T1547.006 - Kernel Modules and Extensions
• T1547 - Boot or Logon Autostart Execution
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1557 - Man-in-the-Middle
• T1559 - Inter-Process Communication
• T1560 - Archive Collected Data
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1571 - Non-Standard Port
• T1574.008 - Path Interception by Search Order Hijacking
• T1578.003 - Delete Cloud Instance
• T1583.004 - Server
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1584.004 - Server
• T1587.001 - Malware
• T1588 - Obtain Capabilities
• T1598 - Phishing for Information
• T1605 - Command-Line Interface
• TA0001 - Initial Access
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0008 - Lateral Movement
• TA0009 - Collection
• TA0010 - Exfiltration
• TA0011 - Command and Control
• TA0037 - Command and Control

Passive DNS

• displaycatalog-rp.md.mp.microsoft.com.akadns.net

Whois Information