34.205.242.146 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 34.205.242.146 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: United States
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Colombia, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Israel, Japan, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 80
• Tor Node: No
• Associated Malware Samples: 7075

Tags

• 5511940750757
• aaaa
• a about
• accept
• accept encoding
• acceptencoding
• access
• access ta0001
• acint
• acku new
• active
• active related
• active threat
• active threats
• a dd
• added active
• address
• address range
• a div
• admin city
• adobea
• adobe portable
• a domains
• advanced email
• adversaries
• advertising botnet
• adware
• adwind
• a foreign
• africa
• afrinic
• age86400 set
• agent
• agent tesla
• agenttesla
• aig
• akamai
• akamaias
• akamaiasn1
• aka xloader
• alberta
• alberta meta
• alerts
• alexa
• alexa top
• alf features
• algorithm
• a li
• alienvault
• allocation type
• all octoseek
• all scoreblue
• all search
• alternate data
• amadey
• amazon
• amazon 02
• amazon02
• amazonaes
• amazon data
• amazon ec2
• amazon ses
• analysis
• analysis date
• analyze
• analyzed
• analyzer paste
• analyzer threat
• android
• anne
• anonymizer
• apache
• apache fop
• api key
• apnic
• apnic whois
• apple
• apple ios
• apple notepad
• apple phone
• apple private
• apple stuff
• application
• april
• arin
• arin whois
• artemis
• artro
• as131148 bank
• as131316 slnet
• as133296 web
• as133618
• as13789
• as14061
• as140641
• as15169
• as15169 google
• as16276
• as16509
• as16625 akamai
• as1680 cellcom
• as174
• as20940
• as21342
• as22075
• as22612
• as2635
• as2906 netflix
• as30148 sucuri
• as30456
• as3209 vodafone
• as3257
• as3359
• as3462
• as396982 google
• as397240
• as43350 nforce
• as44273 host
• as45638
• as46606
• as46691
• as47846
• as4808 china
• as4812 china
• as4837 china
• as54113
• as54600 peg
• as56047 china
• as58461
• as58542 tianjij
• as63949 linode
• as797 att
• as8068
• as8075
• as852
• as8987 amazon
• as9009 m247
• as9808 china
• ascii text
• ascio
• asia pacific
• asn as13335
• asn as16625
• asn as1680
• asnone germany
• asnone united
• asyncrat
• attack
• attempts
• august
• aurora
• australia
• authority
• auto-generated security
• autoit
• avast avg
• av checkin
• av detections
• avg clamav
• awful
• aws
• azorult
• azure tls
• babar
• back
• bambernek
• bank
• banker
• bankerx
• basic
• basic telephone
• bayrob
• b body
• bc https
• best targets
• betabot
• b file
• bing ads
• bios
• bitfender
• bitrat
• bits
• blacklist
• blacklist http
• blacklist https
• blacknet
• blacknet rat
• blind eagle
• blister
• blockchain
• blocklist
• blog meta
• bluehost
• bobby fischer
• body
• body doctype
• body h1
• body html
• body length
• boot
• botnet
• botnet command
• bot networks
• bq apr
• bq mar
• brashears
• brent kimball
• brian
• brian sabey
• brontok
• bundled
• bundled files
• business
• bypass
• c2
• cache entry
• canada unknown
• cape
• capture
• caribbean
• cascade
• catalog tree
• cbe oglobalsign
• cdck
• center
• centerchecks
• centos
• certificate
• chaos
• checkin
• checking
• checkin m1
• checks
• china
• china telecom
• china unknown
• chrome
• ch ua
• cidr
• ciphersuite
• cisco umbrella
• city
• ck id
• ck matrix
• cl0p
• cl0p ransomware
• class
• classname
• cleaner
• click
• clickjacking
• clipper dos
• close
• closeup view
• cloud
• cloudflare
• cloudflarenet
• cname
• cnc
• cnc feodo
• cnc server
• cngo daddy
• coalition et
• cobalt strike
• Cobalt Strike
• code
• collection
• collections
• college
• colorado
• columbia
• combined
• com cnt
• com laude
• command _and_control
• communicating
• community https
• company limited
• compiler
• compromised websites
• computer
• conhost
• connect azurepc
• connection
• contacted
• contacted circa 10.23.2023-
• contacted ip
• contacted urls
• contact email
• contact phone
• contained
• content type
• control panel
• control server
• control ta0011
• cookie
• copy
• copying
• copyright c
• core
• corp
• count blacklist
• country
• covid19
• cp
• cpm fun
• cpm network
• crack
• create
• create c
• created
• createdate
• created bus
• creation date
• crime
• critical
• critical risk
• crlf line
• cronup threat
• crowdsourced
• cryp
• crypt
• crypto
• cryptowall
• csc corporate
• c span
• csqvrkwsqka
• cuba
• cultureneutral
• cus cnmicrosoft
• cus olet
• cus starizona
• cyber attack
• cyber crime
• cybercrime
• cyber security
• cyberstalking
• cyber threat
• cyber warfare
• daga
• dan.com
• dangeroussig
• dapato
• dark
• dark consultants
• darkgate
• dark power
• darpa
• data
• database
• data center
• data collection
• data registry
• date
• date checked
• date fri
• date hash
• date mon
• date sat
• db2maestro
• dbatloader
• dcrat
• december
• decode
• deepscan
• default
• defense
• defense evasion
• delete
• delete c
• delphi
• dem fin
• denied trackers
• deploys fake
• description
• description ype
• design meta
• design og
• design trackers
• detection list
• detections file
• detections type
• detplock
• dev
• digicert inc
• digicert tls
• dirtsearch
• disability
• discovery
• district
• div div
• div section
• djin
• dll sideloading
• dns
• dnspionage
• dns replication
• dns resolutions
• dnssec
• dock
• document
• document format
• domain
• domain holder
• domain name
• domains
• domains domain
• domain status
• dos com
• downer
• downldr
• download
• download csv
• downloader
• dridex
• drivertalent
• dropper
• dword
• dynadot
• dynadot inc
• dynadot llc
• dynamic
• dynamicloader
• e1082 impact
• e1203 data
• e1564 discovery
• eagle eyed
• edmonton
• e emeseieee
• e eue
• elastic blog
• elderly
• else
• email
• emails
• email trash
• emotet
• emotet ip
• encrypt
• encrypt cnr11
• end game
• engineering
• english
• enom
• enterprise
• entity
• entries
• entries related
• epik llc
• erase
• error
• etpro malware
• evasion ob0006
• events
• evil
• evil c
• exchange meta
• exe32
• executable
• execution
• exif standard
• expiration date
• expired
• expiressat
• expires thu
• expirestue
• exploit
• exploitation
• explorer
• export
• external-resources
• facebook
• factory
• faculties
• fakealert
• fakedout threat
• fake host
• falcon sandbox
• fall
• false
• fareit
• fastly
• february
• federal credit
• feodo
• file
• file execution
• filehash
• filerepmalware
• files
• file samples
• file score
• files ip
• file size
• files matching
• files not
• files show
• file type
• final url
• financial
• find
• findwindowa
• fireeye
• firehol
• firewall
• first
• first ioc
• flag united
• flow t1574
• font format
• footer
• form
• format
• formbook
• formbook cnc
• for privacy
• found
• found network
• found sigma
• fraud services
• free
• fri oct
• fsociety
• fuery
• full name
• fusioncore
• g2 validity
• gamers
• gandcrab
• gandcrab dns
• gandi sas
• gecko
• general
• generic
• generic malware
• generic windos
• genkryptik
• geoip
• germany
• germany unknown
• getcursor getdc
• get http
• getlasterror
• get na
• getprocaddress
• ghost
• github
• github pages
• gmbh
• gmt cache
• gmt content
• gmt contenttype
• gmtn
• gmt path
• gmt server
• goatsinacoat
• google
• google safe
• google tag
• gootloader
• gov int
• graph
• graph api
• graph community
• greatcall
• grum
• gsddf3d2bzf
• gtmkr32
• guard
• gui32
• gvb gelimed
• gzip chrome
• h3 p
• hackers
• hackers utilize
• hacktool
• hajime
• hallrender
• hash
• hash avast
• hashes
• head
• header intel
• headers
• headers date
• head title
• health
• health phone
• heur
• hichina
• hiddentear
• hide artifacts
• hide samples
• high
• high level
• highly targeted
• high process
• high security
• hijacker
• historical ssl
• history
• history first
• hit
• hit age
• hitmen
• home pg
• honeybots
• host
• hostname
• hostnames
• hotkey
• hr rtd
• html
• html info
• html internet
• http
• http attacker
• http requests
• http response
• https link
• huge domains
• hwp support
• hybrid
• hyperv
• iana
• icann whois
• icedid
• icmp traffic
• icon
• icons library
• identifier
• ids detections
• iframe
• iframes
• iframe tags
• impact ta0034
• impact ta0040
• india
• india asn
• india unknown
• indicator
• indicator role
• indonesia
• industry_and_commerce
• inetsim http
• info
• info compiler
• info header
• info ids
• infrastructure
• initial checkin
• injection
• injection t1055
• injects ads
• inmortal
• input
• installcore
• installer
• installs
• intel
• internal
• internet
• internet domain
• into search
• invalid url
• ioc
• iocs
• ios
• ip address
• ip addresses
• ip asn
• ip detections
• ip summary
• ip traffic
• ipv4
• ipv4 add
• ipv4 address
• is2osecurity
• issuer
• issuing ca
• item
• japan
• javascript
• javascript code
• jfif
• jid960554243
• join
• jpeg image
• json
• json url
• judiciary
• july
• june
• jwxkrhdlrivprs
• kb acrotray
• kb body
• kb file
• kb microsoft
• keepalive
• key algorithm
• keybase
• keygen
• key identifier
• key info
• keylogger
• keyloggers
• keys
• keys deleted
• keys set
• khtml
• known infection source
• korplug
• kraken
• kuaizip
• kyriazhs1975
• lacnic
• language
• learn
• learn more
• lemon duck
• length
• lenovo type
• less
• level3
• life
• light
• limerat
• limited
• limited yotta
• link
• linker
• link library
• li ol
• lively
• loader
• local
• localappdata
• location india
• location israel
• location united
• lockbit
• log id
• logon autostart
• lolkek
• lookup
• lowfi
• low risk
• ltd dba
• lumma stealer
• m
• magic html
• mail spammer
• main
• malicious
• malicious site
• malicious url
• maltiverse
• maltiverse safe
• maltiverse top
• malware
• malware beacon
• malware found
• malware repository
• malware service
• malware site
• malware sites
• malware stealer trojan evader
• malware unread
• man
• manager anchor
• manjusaka
• march
• markus
• mas
• masquerade
• maui ransomware
• maxage31536000
• mb iesettings
• mb opera
• m brian sabey
• mbs
• mccormick
• media
• media center
• media sharing
• medium
• medium high
• melbourne it
• memcommit
• memory pattern
• men
• meta
• meta name
• metastealer
• meta tags
• meterpreter
• methodpost
• metro
• mexico
• milehighmedia
• milesit
• million
• million alexa
• mimikatz
• miner
• mini
• minimal low
• mining
• mirai
• mitre
• mitre att
• mncau
• modifydate
• modify system
• module load
• monitoring
• mon jul
• moved
• mozi
• mozilla
• mr windows
• msclkidn
• ms defender
• msdefender feb
• msdefender mar
• msie
• msil
• ms visual
• ms windows
• ms word
• mtb dec
• mtb feb
• mtb jul
• mtb mar
• mtb may
• mtis
• multi scan
• murderers
• my boy dan
• name
• namecheap
• namecheap inc
• namecheapnet
• name file
• name md5
• name servers
• nanocore
• nanocore rat
• nav onl
• net192
• net1920000
• nethandle
• netrange
• netsky
• network
• network name
• networm
• news
• next
• Nextray
• nexus category
• nimda
• nivdort
• no data
• nonads
• noname057
• none related
• north america
• notes avast
• not found
• nsa utah
• ns nxdomain
• null
• number
• nxdomain
• nxscspu
• nymaim
• ob0005 defense
• ob0007 system
• ob0012 hide
• object
• observer
• oc0008
• occamy
• october
• office open
• ollydbg
• open
• opencandy
• open ports
• open threat
• organization
• os2 executable
• otx scoreblue
• otx telemetry
• outbound connection
• outlook
• overlay
• ovh sas
• p2404
• packages found
• packer
• packing t1045
• page dow
• parent domain
• parking crew
• partru
• passive dns
• password
• password bypass
• paste
• path
• path max
• pattern match
• paypal
• pcidump rasman
• pdb path
• pdf dealer
• pdf document
• pdf my
• pdf tripwire
• p div
• pe32
• pe32 compiler
• pe32 executable
• pe32 packer
• pecompact
• pepo campaigns
• pe resource
• persistence
• phish
• phishing
• phishing airbnb
• phishing site
• phishtank
• photos
• phy pre
• physical threat
• plasma
• please
• png image
• po box
• pony
• porkbun
• possible fake
• post
• postal code
• poster
• post http
• powershell
• pragma
• prefetch8
• premium
• presenoker
• price list
• prism
• privacy admin
• privacy tech
• private limited
• privateloader
• problems
• process
• process32nextw
• processes tree
• process t1543
• producer apache
• products
• products id
• protect
• proton
• proxy
• psexec
• pty ltd
• public
• public url
• pulse pulses
• pulses
• pulse submit
• push
• pxnzj
• qakbot
• qbot
• qt translation
• quasar
• quasar rat
• quasi
• query
• qxrfnjuodik
• r6 alphassl
• raccoon
• rally
• ransom
• ransomexx
• ransomware
• raspberry robin
• rc2i
• read c
• reads
• real estate
• realteck audio
• record type
• record value
• redacted for
• redirector
• redline
• redline stealer
• redmond admin
• redrum
• ref b
• reference
• referrer
• regbinary
• regdword
• registrar
• registrar abuse
• registrar iana
• registrarsafe
• registrar url
• registrar whois
• registry
• registry keys
• registry run
• regsetvalueexa
• rejected sample
• relacionada
• related nids
• related pulses
• relic
• remcos
• remote system
• replacement
• reports
• reports upgrade
• request
• reredrum
• research
• resolutions
• resolved ips
• response
• response final
• responsible
• results
• results jun
• review
• rexxfield
• rgba
• rhttps
• rich text
• ripe ncc
• riskware
• root ca
• round
• rsa sha256
• rules not
• runescape
• rwi dtools
• sabey
• safe site
• sale
• sameorigin
• sample
• sample29
• sample analysis
• samplepath
• samples
• samsung
• samuel tulach
• sandbox
• scan endpoints
• scanning host
• scott mccormick
• script
• script domains
• script script
• script tags
• script urls
• search
• sea x
• sec ch
• secrisk
• section
• sector
• security
• security risk
• seen
• select contact
• self deleting
• september
• server
• server response
• servers
• service
• service bs
• services
• serving ip
• set cookie
• seznam
• sha1
• sha256
• share
• shell code
• shell commands
• shellexecuteexw
• shelltraywnd
• shop
• show
• showing
• show technique
• siblings
• siblings domain
• sides with
• simda
• simplified
• site
• sites
• site safe
• site top
• size68b type
• slcc2
• slfrd1
• smartchat
• Smokeloader
• snatch
• sneaky server
• sniffs
• socgholish
• social engineering
• softcnapp
• so funny
• songculture attacked
• sorano
• south carolina
• sp6 build
• spaceship
• span
• span div
• span td
• spawns
• sport
• spotify artist
• spyware
• sqli dumper
• ssdeep
• ssl certificate
• starfield
• startpage
• start service
• stateprovince
• static engine
• status
• status code
• stealer
• steganography
• stop service
• story
• stream
• strings
• strings http
• stuff
• subject key
• subject public
• submission
• submitters
• sucur2
• sucuri
• sucuri security
• sucuri website
• summary
• summary iocs
• super
• suppobox
• susp
• suspic
• suspicious
• swisyn
• switch
• switch dns
• swrort
• system restore
• t1031
• t1045
• t1060
• t1063
• t1129
• t1189 found
• t1676916559
• ta0004 process
• ta0007 command
• tabx explorer
• tag count
• tag manager
• tags
• tags none
• tags og
• tags twitter
• tags viewport
• tag tag
• taiwan unknown
• target
• target colombia
• targeted
• targeting
• targeting major
• td tr
• team
• team alexa
• team malware
• team memscan
• team phishing
• team proxy
• team top
• tech
• telecom
• telefonica co
• template
• temple
• ten process
• testpath path
• text
• textarea
• text/html
• third-party-cookies
• threat
• threat network
• threat report
• threat roundup
• threats et
• thumbprint
• tiff image
• title
• title access
• title added
• title error
• title head
• title home
• title ten
• title works
• tld count
• tls sni
• tls web
• tmobile
• tmobile metro
• tofsee
• tools
• tracker
• trackers
• trackers google
• tracking
• training
• tree
• trickbot
• trident
• trid file
• trojan
• trojandropper
• trojanspy
• trojanx
• true defense
• trust
• tsara
• tsara brashears
• ttl value
• tucows
• tucows domains
• tue jun
• tue mar
• tulach
• tulach.cc
• t whois
• twitter
• type
• type name
• typeof
• typosquatting
• ua71173394
• ua full
• ua platform
• ucddaocjgah
• uiebaae
• ukraine
• unauthorized
• union
• unique
• united
• united kingdom
• university
• unknown
• unlocker
• unruy
• unsafe
• upatre malware
• upd4
• update
• updated
• upgrade
• upgradestart
• url analysis
• url hostname
• url http
• url https
• urls
• urls http
• urls https
• url summary
• urls url
• ursnif
• usage
• usd twitter
• use collection
• user
• users
• utah data
• utc aw944900006
• utc facebook
• utc gnr5gzhd545
• utc google
• utc gtmsxrf
• utc http
• utc linkedin
• utc na
• utc submissions
• uue files
• v3 serial
• validity
• vary
• vawtrak
• vendor finding
• venom rat
• ver2
• verdict
• verisign
• vidar
• vids1
• view
• view details
• virgin islands
• virtool
• virut
• vj79
• vj83
• vmprotect
• vs2003
• vs2013
• vs2013 upd4
• vs98
• vt community
• vt graph
• wacatac
• web open
• webtoolbar
• west domains
• whitelisted
• whois
• whois database
• whois domain
• whois lookup
• whois lookups
• whois record
• whois registrar
• whois server
• whois status
• whois whois
• win16 ne
• win32
• win32cve mar
• win32 dll
• win32 dynamic
• win32 exe
• win32imali mar
• win32upatre feb
• win32upatre jan
• win32upatre jun
• win32upatre mar
• win64
• windefend
• windir
• window
• windows
• windows activex
• windows nt
• windows service
• windows startup
• winnt
• wiper
• wizard
• woocommerce
• wordpress
• workers compensation
• worm
• wow64
• write
• write c
• writeconsolew
• x509v3 key
• x509v3 subject
• x8bxe5
• xcitium verdict
• xcnfe
• xfbml1
• xml base64
• xml document
• xml spreadsheet
• x msedge
• xport
• xrat
• xsl stylesheets
• x sucuri
• xtra
• yandex
• yara detections
• yara rule
• yotta
• yotta data
• yotta network
• z1277946686
• z1767086795
• zbot
• zeus
• zpevdo
• zsextbzusbrvsk
• zusy

MITRE ATT&CK TTPs

• T1003.008 - /etc/passwd and /etc/shadow
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1007 - System Service Discovery
• T1011 - Exfiltration Over Other Network Medium
• T1012 - Query Registry
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1037.003 - Network Logon Script
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1049 - System Network Connections Discovery
• T1053 - Scheduled Task/Job
• T1054 - Indicator Blocking
• T1055.003 - Thread Execution Hijacking
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1089 - Disabling Security Tools
• T1091 - Replication Through Removable Media
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1098 - Account Manipulation
• T1100 - Web Shell
• T1102 - Web Service
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1112 - Modify Registry
• T1114.001 - Local Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1126 - Network Share Connection Removal
• T1129 - Shared Modules
• T1134.004 - Parent PID Spoofing
• T1136 - Create Account
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1156 - Malicious Shell Modification
• T1158 - Hidden Files and Directories
• T1183 - Image File Execution Options Injection
• T1185 - Man in the Browser
• T1189 - Drive-by Compromise
• T1203 - Exploitation for Client Execution
• T1204.001 - Malicious Link
• T1204.002 - Malicious File
• T1204.003 - Malicious Image
• T1204 - User Execution
• T1222 - File and Directory Permissions Modification
• T1410 - Network Traffic Capture or Redirection
• T1415 - URL Scheme Hijacking
• T1416 - URI Hijacking
• T1439 - Eavesdrop on Insecure Network Communication
• T1444 - Masquerade as Legitimate Application
• T1447 - Delete Device Data
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1463 - Manipulate Device Communication
• T1485 - Data Destruction
• T1486 - Data Encrypted for Impact
• T1496 - Resource Hijacking
• T1497 - Virtualization/Sandbox Evasion
• T1512 - Capture Camera
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1523 - Evade Analysis Environment
• T1543 - Create or Modify System Process
• T1546.015 - Component Object Model Hijacking
• T1546 - Event Triggered Execution
• T1547.006 - Kernel Modules and Extensions
• T1547 - Boot or Logon Autostart Execution
• T1552 - Unsecured Credentials
• T1553 - Subvert Trust Controls
• T1555 - Credentials from Password Stores
• T1560 - Archive Collected Data
• T1562 - Impair Defenses
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574 - Hijack Execution Flow
• T1578.003 - Delete Cloud Instance
• T1583.001 - Domains
• T1583.002 - DNS Server
• T1583.004 - Server
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1588.001 - Malware
• T1588.004 - Digital Certificates
• T1588 - Obtain Capabilities
• T1598 - Phishing for Information
• T1605 - Command-Line Interface
• T1610 - Deploy Container
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0009 - Collection
• TA0011 - Command and Control
• TA0029 - Privilege Escalation
• TA0030 - Defense Evasion
• TA0034 - Impact
• TA0037 - Command and Control
• TA0040 - Impact

Passive DNS

• hmpd.net

Attack Log References

Whois Information