204.79.197.212 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 204.79.197.212 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Denmark, Finland, France, Georgia, Germany, Guatemala, Hong Kong, Indonesia, Ireland, Italy, Japan, Jordan, Lithuania, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Philippines, Poland, Romania, Russian Federation, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Seychelles, Singapore, Sint Maarten (Dutch part), Spain, Sweden, Taiwan, Tanzania United Republic of, Trinidad and Tobago, Türkiye, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 443, 80
• Tor Node: No
• Associated Malware Samples: 220

Tags

• 0pgtwhu
• 10 behavioral1
• 114.114.114.114
• 1575038779
• 188 palantir results
• 4328
• 5943
• 720.282.2025
• aaaa
• aaaa nxdomain
• ability
• abuse
• abuse contact
• accept
• accept encoding
• acceptencoding
• acceptranges
• access
• access denied
• acint
• active
• active related
• activity
• adaptivebee
• added active
• address
• address domain
• address google
• a div
• adload
• admin country
• adobe
• adobe dynamic
• a domains
• adult content
• adversaries
• adware
• a free
• age86400 set
• agent
• agenttesla
• aig
• ajax
• akamaias
• akamaiasn1
• akamai rank
• aleksey silakov
• alerts
• alexa
• alexa top
• algorithm
• algorithm generated domains
• a li
• alive
• allegations
• allocate
• allocate rwx
• all octoseek
• allow
• allow attribute
• all scoreblue
• all search
• alohatube
• amazon
• Amazon
• amazon02
• amazonaes
• amazon legal
• america
• america asn
• america flag
• analysis
• analysis date
• analysis ob0001
• analysis ob0002
• analyze
• analyzer
• anchor hrefs
• android
• Android
• android device
• anti-detection
• a nxdomain
• anyone else
• apache
• apache vary
• appdata
• apple
• apple id
• appleid
• apple ios
• apple private data collection
• application
• april
• archive href
• arial helvetica
• arizona
• array
• artemis
• artem zahvatkin
• artro
• as10796 charter
• as10906
• AS 10975 (NET-AIG) US
• as11042
• as11284
• as1136 kpn
• as13414 twitter
• as13768 aptum
• as13916
• as14061
• as15133 verizon
• as15169
• as15169 google
• as16276
• as16509
• as16625 akamai
• as17816 china
• as19527 google
• as206834 team
• as20940
• as21499 host
• as22612
• as22843
• as24940 hetzner
• as25825
• as2635
• as2914 ntt
• as29182 jsc
• as29873
• as30081
• as30148 sucuri
• as31034 aruba
• as31109
• as31898 oracle
• as3356 level
• as3359
• as36459
• as396982 google
• as397240
• as397241
• as4134 chinanet
• as42 woodynet
• as44273 host
• as45102 alibaba
• as46606
• as46691
• as4812 china
• as49505
• as53665 bodis
• as54113
• as6185 apple
• as61969 team
• as62597 nsone
• as6336 turn
• as63949 linode
• as7018 att
• as701 verizon
• as714 apple
• as7296 alchemy
• as7922 comcast
• as8068
• as8075
• as852
• as8987 amazon
• as9009 m247
• ascii
• ascii text
• asn13335
• asn15169
• asn16276
• asn16509
• asn396982
• asn as13335
• asn as14618
• asn as16509
• asn as18693
• asn as32475
• asn as36459
• asn as63949
• asn as9110
• asn asnone
• asnone germany
• asnone iran
• asnone united
• asp.net
• assault
• assaulter
• assessment
• assistant
• associated urls
• atlas
• atom
• attack
• attack bad
• attacker
• Attack origin: United States
• attacks against
• attempts
• attorney
• august
• aurora
• authentihash
• author
• author avatar
• authority
• auto-generated security
• available from
• avast avg
• av detection
• av detections
• avg clamav
• awful
• azorult
• azureadmyorg
• b0001 process
• b0003 delayed
• baaa
• back
• backdoor
• backdoor type
• backend
• bad login
• bad request
• bam
• bam.nr-data.net
• bandoo
• bank
• banker
• bankerx
• BankerX
• banking
• base
• bazar
• bcnt1
• beefpizzac
• beginstring
• behav
• belgium belgium
• benjamin
• Berbew
• betting
• bifrose
• bill
• billing
• b image
• binary file
• binder
• bitcoinaltcoin
• black
• blackievirus.com
• blacklist
• blacklist http
• blacklist https
• black mercedes
• bladabindi
• boardman
• body
• body doctype
• body length
• body xml
• boolean
• boost mobile
• boot
• botnet
• Botnet
• br
• bradesco
• brashears
• brazil unknown
• breakpoint
• brian sabey
• Brian Sabey
• bricksfunction
• bricksintersect
• british virgin
• britney
• britney spears
• Britney Spears Official
• brontok
• browse scan
• bruschettab
• brute force
• b.scope
• b script
• b stylesheet
• builder
• built
• bundled
• business value
• busybox
• busybox busybox
• c2
• C2
• ca1 odigicert
• caaa
• caca
• caca4baaa
• ca certificate
• cacf
• caea
• ca g2
• ca issuers
• calgrc4
• callback phishing
• calzonec
• Campaign
• canada
• canada unknown
• capture
• carr
• catalog tree
• catherine daisy coleman
• ca validity
• ccbase
• cellbrite
• cellebrite
• cellebrite ufed
• certificate
• cfqirgdhj5
• cfqirgdhj5 http
• cfqirgdhj5 url
• cgb stgreater
• chain
• channel
• channelsurfcli
• chase personal
• checkbox
• checkin
• check registry
• checks system
• child exploitation
• child pornographer
• china
• china cobalt
• china unknown
• chinese
• chrome
• ch ua
• cidr
• cisco umbrella
• city personal
• city redmond
• Civil
• Civilians
• ck id
• ck ids
• ck matrix
• ck v13
• class
• class function
• classinfobase
• cleaner
• click
• close
• cloud
• cloudflare
• Cloudflare
• cloudflarenet
• cloudfront
• clyde murphy
• cname
• CNC
• cnc beacon
• cnc feodo
• cnc server
• cnsectigo rsa
• cntrustasia rsa
• cntrustasia tls
• cobalt strike
• code
• code injection
• collections
• collisionbox
• colorado
• comcast tmobile
• com cnt
• com laude
• command
• command and control
• command_and_control
• command decode
• commands
• command type
• communicating
• communications
• community
• complete
• components
• computer
• comspec
• conduit
• confed
• config
• confirm http
• confirm https
• conhost
• connection
• connector
• consent plugin
• consumed
• contact
• contacted
• contacted hosts
• contacted urls
• contact email
• contact phone
• contains pdb
• content
• contentlength
• content type
• continent na
• control
• control ob0004
• control server
• controls learn
• co number
• cookie
• cookie object
• cookie value
• copy
• copy c
• copyleft
• copy md5
• copyright
• copy sha1
• copy sha256
• core
• costa rica
• count blacklist
• country us
• covid19
• covid19 scam
• crack
• crash
• crazy doll
• create
• create c
• created
• create new
• creation date
• Crime
• critical
• crlf
• crlf line
• crowdstrike
• cryp
• cryptexportkey
• cryptgenkey
• crypto
• csccorpdomains
• csc corporate
• cuba
• cus cndigicert
• cus ou
• cus stcolorado
• cus stnew
• customer
• cutwail
• CVE-2016-7255
• CVE-2017-0147
• cve20170147 sep
• CVE-2017-11882
• CVE-2017-17215
• CVE-2017-8570
• CVE-2018-0802
• cve20185723
• cve cve20140322
• cve cve20178977
• cve overview
• cyber army
• cybercrime
• cyber defense
• cyber espionage
• cyber harassment
• cyber stalking
• cyberstalking
• cyber threat
• cybota
• cycbot
• daisy
• daisy coleman
• dap domain
• data
• datab
• database
• data center
• data manipulation
• data.net
• data upload
• date
• date checked
• date hash
• date sun
• date tue
• days ago
• dead
• death threats
• debian
• debugger evasion
• december
• defacement
• default
• defense evasion
• delete
• delete c
• delphi
• dem fin
• dept
• designer
• desktop
• destination
• detection b0009
• detection list
• detections
• detections elf
• detections name
• detections sf
• detections type
• detplock
• dev
• developer
• development att
• dga
• dga domain
• dga nxdomain
• digital privacy
• director
• directui
• disable
• discovery
• discovery att
• displayname
• div div
• dll sideloading
• dmitry urin
• dname
• dns
• DNS
• dns any
• dns replication
• dns resolutions
• dnssec
• dns server
• dock
• document file
• domain
• domain add
• domain address
• domain admin
• domain database
• domain name
• domain names
• domainpath name
• domain related
• domain robot
• domains
• domains dropped
• domains part
• domains show
• domain status
• domains top
• domain tracker
• dos executable
• dotcisoffer
• downer
• downldr
• download
• download csv
• downloader
• download json
• drag
• drop
• dropbox
• dropped
• dropper
• drows type
• drup uk
• dsp1
• ducktail
• duptwux
• dvid
• dv tls
• dynadot llc
• dynamic
• dynamic link
• dynamicloader
• dynamics
• dynamitelab
• e1082 file
• e1083 impact
• e1203 windows
• eanioae
• east
• economic impact
• edge
• ee fc
• element
• elements
• elf64 crypto
• elf collection
• elf info
• elf wgetboat
• email
• email add
• emails
• embeddedwb
• emotet
• emotet type
• emulation
• encrypt
• encryption
• Endgame
• endpoints all
• engineering
• enigmaprotector
• enom
• enterprise
• enter soukue
• entity
• entries
• entries related
• entrust
• enumerate
• e oct
• epss
• error
• error all
• error code
• error f
• error jun
• error mar
• Espionage
• et
• et info
• etpro tr
• etpro trojan
• et tor
• et trojan
• Europe
• evasion
• evasion att
• evasion ob0006
• evasive
• exclude
• exclude sugges
• executable
• executable code
• execute
• execution
• execution t1547
• exe upload
• exif data
• exit
• exodus
• expiration
• expiration date
• expiresthu
• expires wed
• exploit
• exploits
• explorer
• external source
• extraction
• extre
• f2f2f2 color
• facebook
• factory
• facts dga
• facts domain
• failed
• failure
• fakealert
• falcon sandbox
• falling
• false
• families
• fancy bear
• fareit
• farrahgrey
• fastly error
• fbq object
• february
• federation flag
• feeds ioc
• ff d5
• file
• file guard
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file samples
• file score
• files domain
• files dropped
• files ip
• files location
• files matching
• files related
• files show
• file system
• filetour
• file transfer
• fileversion
• file viewer
• final
• final url
• find
• find your
• finland
• firehol
• first
• flag
• flag united
• flowid22101
• flow t1574
• floxif
• folder
• footer
• forbidden
• forbidden date
• forbidden tls
• form
• format
• formbook
• FormBook
• formbook cnc
• for privacy
• forward elf
• found
• foundry
• Foundry
• found title
• frame src
• france
• france unknown
• franchise url
• frankfurt
• fraud service
• front
• ftp username
• full
• fulldisc
• full name
• fusioncore
• gambino
• game
• gameoverpanel
• gandcrab
• gandi sas
• gapd5d
• garbage
• gartner
• gdpr cookie
• gecko
• general
• general full
• generator
• generic
• generic http
• generic malware
• generic pong
• generic windos
• genkryptik
• geoip
• germany
• germany as24940
• germany unknown
• get file
• get http
• getprocaddress
• ghost
• ghost rat
• github
• github pages
• global
• gmbh version
• gmo internet
• gmt cache
• gmt connection
• gmt content
• gmt contenttype
• gmt date
• gmt etag
• gmtn
• gmt server
• go
• go daddy
• goldfinder
• goldmax
• google
• Google
• google llc
• google safe
• gopher
• go.sabey
• gotham
• graph community
• Graphite
• great britain
• green
• group
• grs limited
• guard
• hacker
• hackers
• Hackers
• hacking
• hacking apple
• hacktool
• hack type
• hallrender
• Hall Render
• hall render denver
• harassment
• hash
• hash avast
• hashes
• head body
• headers
• headers date
• headers xcache
• health type
• heartbleed
• helvetica neue
• heodo
• heur
• hidden
• hide samples
• high
• high defense
• highest
• high level
• highly targeted
• high process
• historical
• historical ssl
• home welcome
• hostid ec
• hostile
• hosting
• hostmaster
• hostname
• hostname add
• hostnames
• host sinkhole
• HP
• hp hpsbmu02998
• hp hpsbmu03018
• hp hpsbmu03019
• hp hpsbmu03030
• hr description
• href
• hr rtd
• hsbc
• html document
• html head
• html info
• html internet
• html public
• html_smuggling
• http
• http header
• httponly
• http requests
• http response
• https
• httpsupgrades
• hwndhost
• hx88x89
• hx88x9ax1e
• hybrid
• hybrid analysis
• hyundaitx
• iana id
• icann whois
• icloud
• icmp traffic
• ico rtgroupicon
• id
• identifier
• ide value
• idlogin sep
• idnischdr http
• ids detections
• ieedge chrome1
• ietfdtd html
• iframe
• illegal activity
• impact
• import
• impressum
• inbound
• incapsula
• includec review
• include review
• incorporated
• inc validity
• india
• indicator
• indicator facts
• indicator of compromise
• indicator role
• indonesia
• infected
• infectednight
• infection
• info
• infor
• informative
• infostealer
• infrastructure
• initial access
• injection t1055
• injector
• inmortal
• install
• installation
• installcore
• installer
• installpack
• instrumentation
• insurance company
• intel
• intelligence
• interfacing
• internal server
• internet
• invalid url
• iobit
• ioc
• iocs
• ioc search
• ios
• iOS
• ip address
• ip check
• iphone unlocker
• ip related
• ip summary
• ip traffic
• ipv4
• ipv4 add
• ipv6
• iran
• islands flag
• ISP
• issues tab
• italy
• italy unknown
• itemid14
• itre att
• james
• january
• javascript
• jeff
• jeff4son
• jfif
• jfif standard
• joejr
• join
• jpeg image
• json
• json sample
• julia
• july
• june
• junkpoly
• kansas city
• kb body
• kb document
• kb font
• kb image
• kb script
• kb stylesheet
• key0
• key algorithm
• keygen
• key identifier
• keylogger
• keys
• key value
• kgs0
• khtml
• kimsuky
• kls0
• known tor
• kristaw
• kx81xdbx0f
• kyriazhs1975
• l1k validity
• label netaig
• lance mueller
• lanc type
• landsdirector
• langchinese
• law
• law enforcement aware complacent or complicit?
• layer protocol
• Lazarus
• learn
• legacy
• legal
• legalcopyright
• legal entities
• less see
• less whois
• level3
• levelblue
• levelbluelabs
• lf line
• libel
• library
• library exe
• line
• link
• link function
• linux
• Linux
• linux mint
• linux x8664
• listening
• list planting
• live
• llc registry
• loader
• local
• localappdata
• location russia
• location united
• log id
• login yara
• logistics
• logo analysis
• logon autostart
• lokibot
• look
• looquer
• love
• lowfi
• low risk
• low security
• ltd dba
• Mac
• magic pe32
• magic quadrant
• magnus
• mail spammer
• main
• major
• malicious
• malicious site
• malicious url
• maltiverse
• malvertizing
• malware
• Malware
• malware beacon
• malware cve
• malware found
• malware host
• malware hosting
• malware infection
• malware site
• march
• mark brian sabey
• markmonitor
• markus
• mascore2
• masquerading
• matrix
• matsnu
• matthew pynhas
• maudio firewire
• maudio fw
• maui ransomware
• may sleep
• mcig sep
• md5 add
• media
• media center
• mediamagnet
• medium
• medium risk
• meister
• memcommit
• memory pattern
• meta
• meta http
• meta name
• meta tags
• meterpreter
• metro
• metro t-mobile
• metro tmobile
• mexico
• mh may
• microsoft
• Microsoft
• microsoft azure
• microsoft crm
• microsoft power
• microsoft teams
• microsoft way
• mike
• mile high media
• million
• mimikatz
• miner
• mini
• minutes ago
• miori hackers
• mirai
• Mirai
• mirai att
• mirai botnet
• mirai type
• misc attack
• misc https
• missouri
• mitre att
• mmi online
• mobileoptimized
• Mobileye
• mobsterstageda
• model
• modify system
• modify tools
• modules t1129
• monitored target
• monitored tsara
• monitoring
• montreal
• mootools
• moscow
• moved
• mozilla
• msclkidn
• msdefender feb
• msdefender sep
• msie
• msil
• ms windows
• mtb apr
• mtb aug
• mtb description
• mtb feb
• mtb sep
• mtd1
• mueller
• multiple
• multi scan
• mutexes
• mx81xd1r
• my health
• name
• namecheapnet
• namecheap url
• name domain
• name hyperlink
• name personal
• name servers
• namesilo
• name tactics
• name verdict
• nanocore
• nanocore rat
• nastya
• nct1
• net148
• net1480000
• net168
• net1680000
• nethandle
• netherlands
• netlify
• netlify edge
• netname uch
• netrange
• nettype direct
• network
• network ascii text
• network traffic
• networm
• Neurotoxin Institute
• neutral
• new ioc
• new problems
• newsletter
• new york
• next
• next associated
• nextc type
• next franchise
• next http
• next yara
• nids
• ninite
• ninite feb
• nircmd
• njrat
• nl page
• no data
• node traffic
• no expiration
• no match
• noname057
• none indicator
• norad.mil
• norad tracker
• Norton
• november
• nr-data.net
• NSA tool Tulach malaware
• nso
• NSO
• NSO Group
• null
• number
• nxdomain
• nymaim
• ob0007 system
• object
• observed email
• obz4usfn0
• obz4usfn0 http
• obz4usfn0 url
• occamy
• ocloudflare
• october
• oentrust
• office
• office open
• official
• oglobalsign
• ogoogle trust
• ok server
• ok set
• online
• online pcap
• onload
• open
• opencandy
• open ports
• openssl
• openssl tls
• open threat
• openurl c
• options
• ord52c2 via
• orgid
• org microsoft
• orgtechhandle
• orgtechref
• orkut
• os2 executable
• osi application
• otrustasia
• otx octoseek
• otx scoreblue
• outbound
• outbreak
• overlay
• override
• overview domain
• overview ip
• packer
• packing
• packing t1045
• page
• page dow
• page url
• palantir
• panda
• pandas
• Paragon
• parent net168
• passive dns
• paste
• patch
• patcher
• path
• path max
• path size
• pattern domains
• pattern match
• payment
• paypal
• pcap frame
• pdf cellebrite
• pdfcreator.sf.net
• pdf report
• pe32
• pe32 executable
• pecompact
• pe file
• pegasus
• Pegasus
• pegatech
• pega type
• People
• pe resource
• persistence
• pe section
• phi
• phishing
• phishing chase
• phishing google
• phishing site
• phishtank
• phonenumber
• photography
• pid425870621
• pii
• pine street
• Pixel
• pixelevtid11771
• pizza
• platform
• please
• please forgive me
• poland unknown
• pony
• pornhub
• porn tagging
• porn type
• port
• poser
• possible
• possible virut
• post
• postal code
• post http
• post method
• potential scan
• powershell
• poweshell
• pragma
• predict70 sep
• prefetch2
• prefetch8
• premium
• presenoker
• present apr
• present aug
• present dec
• present feb
• present jan
• present jul
• present jun
• present mar
• present may
• present nov
• present oct
• present sep
• primary request
• private investigator
• privilege https
• probe
• problems
• process
• process32nextw
• process t1543
• productversion
• programfiles
• project skynet
• proofpoint
• property value
• prorat
• protect
• protocol h2
• proton
• psexec
• public url
• pulse
• pulse pulses
• pulses
• pulses cve
• pulses email
• pulses none
• pulses otx
• pulse submit
• pulses url
• pulse use
• push
• putty
• python
• quasar
• query
• quoth
• radar ineractive
• radio hacking
• ramnit
• ransom
• ransomware
• raven
• rdap
• read
• read c
• realized
• recon
• record type
• record value
• recreation
• redacted for
• redirect
• redirect chain
• redirected
• redline
• redline stealer
• redrum
• referen
• referencec
• referrer
• refresh
• regbinary
• regdword
• registrar
• registrar abuse
• registrar iana
• registrarsafe
• registrar url
• registrar whois
• registry
• registry arin
• registry domain
• registry keys
• registry run
• regsetvalueexa
• related nids
• related pulses
• related tags
• relayrouter
• remcos
• remote
• remote attack
• remote cnc
• remote system
• replacement
• report
• reported
• reporting arch
• reports
• report spam
• request
• request chain
• request email
• request id
• requestid
• research
• reserved
• resolutions
• resolverror
• resource
• resource path
• resources whois
• responder
• response
• response final
• response ip
• responses
• restart
• results aug
• results jul
• results may
• results oct
• retailexperts
• retaliation
• revenge
• reverse dns
• review iocs
• rgba
• rights reserved
• risk
• riskware
• rms
• robots content
• robtex
• roleselfservice
• role title
• root account
• roundup
• rsa ca
• rticon neutral
• rtversion
• runescape
• run keys
• runner
• runtime process
• russia
• russia showing
• russia unknown
• rust
• sabey
• sabey data centers
• sabey type
• safebae
• safebae.org
• safe browsing
• safe site
• salicode
• sality
• sameorigin
• sample
• sample analysis
• samplepath
• samples
• sample summary
• sample system
• Samsung
• sandbox
• sa victim
• scammer
• scan endpoints
• scanning_host
• scans record
• scans show
• score
• scottsdale
• screenshot
• script
• script domains
• script script
• script tags
• script urls
• sddl
• sea p
• search
• searchjstg
• search otx
• sea x
• sec ch
• secrisk
• sections
• sectrack
• secunia
• secure
• secure server
• security
• Security
• security no
• seen
• se extra
• se extri
• self
• server
• server google
• server response
• servers
• service
• service privacy
• services
• serving ip
• set registrya
• setup
• severe
• severity
• seychelles
• seznam
• sfqh4dt74w0 url
• sha1
• sha1 add
• sha256
• sha256 add
• sha512
• sharepoint
• shell
• shellexecuteexw
• show
• showing
• show process
• show technique
• show technique span
• sibot
• sid name
• signals mutexes
• signing defense
• silencing
• silly
• simda
• singapore
• singapore asn
• sinkhole cookie
• site
• size
• size17kib type
• skip
• skynet
• Skynet
• slcc2
• slider plugin
• slot1
• smoke loader
• smokeloader
• sneaky server
• sniffs
• soc http
• soc https
• social engineering
• softcnapp
• software
• sony
• Sony
• source
• source level
• source source
• southeast
• spaceship
• spain unknown
• spammer
• span
• span a
• spark
• spawns
• spigot
• spotify apple
• spying
• spyware
• Spyware
• squirrelwaffle
• ssdeep
• ssl certificate
• stack strings
• staging
• stalker
• starfield
• startpage
• startup
• startup folder
• state
• stateprovince
• static
• status
• status code
• status page
• stealer
• steals
• stealthyness
• steam route
• stop
• storage
• stream
• street
• strike
• strings
• studio created
• stylesheet
• subdomains
• subject key
• subject public
• submission name
• submit
• submitters
• subscribe
• subvert trust
• sucuri
• sucuri firewall
• suggest data
• suggested
• suite
• summary
• summary iocs
• superitaliansub
• suppobox
• suricata ipv4
• suricata stream
• suricata udpv4
• survivor
• susp
• suspicious
• suspicious path
• sweetheart videos
• swipper
• switch dns
• swrort
• system
• systemroot
• system vol
• system volume
• systweak
• t1012
• t1045
• t1047
• t1053
• t1055
• t1055.015
• t1055 system
• t1057
• t1059 accept
• t1060
• t1071
• t1105 ingress
• t1140
• t1204
• t1204 technique
• t1480 execution
• t1497 may
• t1497 query
• t1553 technique
• t1562 technique
• t1590 gather
• tag
• tag count
• tagging
• tag management
• tag manager
• tag tag
• tahoma arial
• taobao network
• target
• target: accounting firm devices
• target: brashears personal devices
• targeted
• targeting
• targeting tsara brashears
• targets
• targets: intellectual property
• targets sa
• target system
• target: tsara brashears
• target: whitesky communication network
• taskjob
• tasks
• tbody
• tcp include
• tcp syn
• tcp traffic
• td td
• td tr
• team
• team phishing
• teams api
• tech
• tech email
• teen porn
• telecom
• telefonica
• telefonica co
• telegram
• telnet login
• telper
• Telus
• temp
• temple
• test
• teukau
• therahand thouroughhand
• thread local
• threat
• threat analyzer
• threat network
• threat report
• threat roundup
• threats
• threats et
• tid700443057
• tiggre
• tiktok youtube
• title
• title added
• title error
• title safebae
• title style
• tjprojmain
• tls handshake
• tls rsa
• tlsv1
• tls web
• tlus
• t-mobile
• tofsee
• tool
• tools
• tool transfer
• top destination
• topropertykey
• top source
• total
• tpid425870621
• tracer tool
• tracker
• tracker malware
• tracking
• trex
• triage
• trident
• trid win32
• trim
• trojan
• Trojan
• trojanclicker
• Trojan Downloader
• trojandropper
• trojan features
• trojanproxy
• trojanspy
• trojanx
• TrojanX
• tr tbody
• tr tr
• true
• truetype
• tsara brashears
• ttl value
• tulach
• tulach.cc
• tulach type
• turn
• twitter
• type
• type indicator
• type mimetype
• type name
• typeof
• typeof function
• types of
• uaaa
• ucha
• uchealth
• UC Health
• uchealth app
• ufed4pc
• ufed iphone
• ufed release
• uid38009
• ukhdaauqaaaaaac
• ukraine
• unauthorized
• unicode
• unicode text
• unid88000705
• union
• unique
• unis
• united
• united kingdom
• united states
• university
• unix
• unknown
• unknown a
• unknown aaaa
• unknown ns
• unknown win
• unruy
• unsafe
• upack
• update date
• upgrade
• urgent care
• url
• url add
• url analysis
• url history
• url hostname
• url http
• url https
• urls
• urls http
• urls https
• urls show
• urls tcp
• url summary
• urls url
• url text
• url uk
• usage
• user
• user execution
• username
• userprofile
• users voice
• useruin
• utah
• utc bing
• utc na
• utc submissions
• utf8
• utf8 text
• v2 document
• v3 serial
• value
• value emails
• value snkz
• variables
• vary
• vbs
• ver2
• verdict
• verify
• verisign
• veryhigh
• vhash
• victim
• victim network
• vidar
• view whois
• vipre
• virtool
• virtool att
• virtual machine
• virtual mobile
• virus
• virustotal
• virut
• visible
• vitro mar
• vj87
• voicestram
• vtflooder
• vt report
• w3cdtd html
• waaa
• wacatac
• wannacry kill
• warehouse mgmt
• webshell
• website malware
• webtoolbar
• west domains
• white goldmax
• whitelisted
• whitelisted ip
• whitesky
• whois database
• whois lookup
• whois lookups
• whois record
• whois registrar
• whois ssl
• whois sslcert
• whois whois
• who's driving
• widget
• win16 ne
• win32
• win32dh
• win32 dll
• win32 exe
• win32spigot
• win32 type
• win32upatre apr
• Win32:Vitro
• win64
• windir
• windows
• Windows
• windows event
• windows link
• windows nt
• windows service
• Wix
• wolfgang reile
• wordpress
• workers compensation
• worm
• wow64
• wpbakery page
• wp engine
• write
• write c
• writeconsolew
• writes data to a remote process
• written c
• wx99xcdx11
• x509v3 extended
• x509v3 key
• x509v3 subject
• x82xd4
• x84xa8xe8i
• x86 baddr
• x86xd3
• x87xe1x1d
• x8dxb7xb7
• x92xac
• x93xaf
• x95xd3xa4
• xa1xf1
• xc2x84
• x content
• xe8xc2x14
• xe8xc6x13
• x frame
• xhr function
• xml document
• xmlns http
• xml rel
• xml rtmanifest
• x msedge
• xobo
• xport
• xserver
• xtrat
• x ua
• yaaa
• yara detections
• yara rule
• yixun
• yixun tool
• youth
• youtube
• zbot
• zpevdo

MITRE ATT&CK TTPs

• T1001.003 - Protocol Impersonation
• T1001 - Data Obfuscation
• T1003.005 - Cached Domain Credentials
• T1003.008 - /etc/passwd and /etc/shadow
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1011 - Exfiltration Over Other Network Medium
• T1012 - Query Registry
• T1018 - Remote System Discovery
• T1019 - System Firmware
• T1021.001 - Remote Desktop Protocol
• T1021.006 - Windows Remote Management
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055.001 - Dynamic-link Library Injection
• T1055.012 - Process Hollowing
• T1055.013 - Process Doppelgänging
• T1055.014 - VDSO Hijacking
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.001 - PowerShell
• T1059.002 - AppleScript
• T1059.004 - Unix Shell
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1068 - Exploitation for Privilege Escalation
• T1069 - Permission Groups Discovery
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1078.004 - Cloud Accounts
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1089 - Disabling Security Tools
• T1094 - Custom Command and Control Protocol
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1129 - Shared Modules
• T1134.001 - Token Impersonation/Theft
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1147 - Hidden Users
• T1176 - Browser Extensions
• T1179 - Hooking
• T1184 - SSH Hijacking
• T1192 - Spearphishing Link
• T1199 - Trusted Relationship
• T1202 - Indirect Command Execution
• T1204.001 - Malicious Link
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1212 - Exploitation for Credential Access
• T1213 - Data from Information Repositories
• T1215 - Kernel Modules and Extensions
• T1218.001 - Compiled HTML File
• T1218 - Signed Binary Proxy Execution
• T1408 - Disguise Root/Jailbreak Indicators
• T1410 - Network Traffic Capture or Redirection
• T1415 - URL Scheme Hijacking
• T1416 - URI Hijacking
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1445 - Abuse of iOS Enterprise App Signing Key
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1453 - Abuse Accessibility Features
• T1454 - Malicious SMS Message
• T1457 - Malicious Media Content
• T1476 - Deliver Malicious App via Other Means
• T1480 - Execution Guardrails
• T1483 - Domain Generation Algorithms
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497.002 - User Activity Based Checks
• T1497 - Virtualization/Sandbox Evasion
• T1518 - Software Discovery
• T1523 - Evade Analysis Environment
• T1528 - Steal Application Access Token
• T1539 - Steal Web Session Cookie
• T1543 - Create or Modify System Process
• T1546.015 - Component Object Model Hijacking
• T1546 - Event Triggered Execution
• T1547 - Boot or Logon Autostart Execution
• T1548 - Abuse Elevation Control Mechanism
• T1553.004 - Install Root Certificate
• T1553 - Subvert Trust Controls
• T1562 - Impair Defenses
• T1563.002 - RDP Hijacking
• T1563 - Remote Service Session Hijacking
• T1565 - Data Manipulation
• T1566.001 - Spearphishing Attachment
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1583.001 - Domains
• T1583.002 - DNS Server
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1584.005 - Botnet
• T1588.004 - Digital Certificates
• T1588 - Obtain Capabilities
• T1589 - Gather Victim Identity Information
• T1590 - Gather Victim Network Information
• T1596.001 - DNS/Passive DNS
• T1596.004 - CDNs
• TA0001 - Initial Access
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0011 - Command and Control
• TA0030 - Defense Evasion
• TA0037 - Command and Control

Passive DNS

• live.919.live.com

Whois Information