otx.alienvault.com Open in urlscan Pro
108.138.36.104  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×
Loading...
   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

IPv4
44.205.66.76
Add to Pulse
Pulses
2
Related NIDS
0
Passive DNS
73
URLs
0
Files
0
Analysis Overview
Verdict
Whitelisted
Classification
Cloud provider
Reverse DNS
ec2-44-205-66-76.compute-1.amazonaws.com
Location
Ashburn, United States of America
ASN
AS14618 amazon.com inc.
DNS Resolutions
73 Domains
Top Level Domains
13 Unique TLDs
Related Pulses
OTX User-Created Pulses (2)
Related Tags
238 Related Tags
methodpost , 
threat , 
iocs , 
urls http , 
samples
More
Indicator Facts
Historical OTX telemetry
9 domains resolved in last 7 days
31 domains resolved in last 30 days
73 domains resolved in all time
13 top-level domains

Open Ports
1 Open Ports
53

External Resources
Whois, 
VirusTotal



Analysis

Related Pulses

Comments (0)



PASSIVE DNS

Show
10 25 50 100
entries
Search:
Status
Hostname

Query Type

Address

First Seen

Last Seen

ASN

Country

Unknown ns4.getall.host A 44.205.66.76 2024-05-14 04:222024-05-14 04:32AS14618
amazon.com inc. United States Unknown ns4.yhkovawjrtkkrxrljune.com A
44.205.66.76 2024-05-13 09:582024-05-13 11:14AS14618 amazon.com inc. United
States Unknown ns4.amljprgjacvourlekmqt.com A 44.205.66.76 2024-05-13
05:262024-05-13 05:35AS14618 amazon.com inc. United States Unknown
ns4.qpsptftnjf.info A 44.205.66.76 2024-05-10 10:182024-05-10 10:50AS14618
amazon.com inc. United States Unknown ns4.e81c3fa2.top A 44.205.66.76 2024-05-07
07:512024-05-07 08:30AS14618 amazon.com inc. United States Unknown
ns4.pspaxqajrntgwl.com A 44.205.66.76 2024-05-07 07:512024-05-07 08:32AS14618
amazon.com inc. United States Unknown ns4.rcpyobqewaljedgtv2.com A 44.205.66.76
2024-05-07 07:472024-05-07 07:53AS14618 amazon.com inc. United States Unknown
ns4.zrupkhwpqpmsy4.com A 44.205.66.76 2024-05-07 07:472024-05-07 08:32AS14618
amazon.com inc. United States Unknown ns4.columbinesummerfield.net A
44.205.66.76 2024-05-07 07:472024-05-07 08:31AS14618 amazon.com inc. United
States Unknown ns4.jjibjxgyciryv.com A 44.205.66.76 2024-05-07 07:462024-05-07
08:32AS14618 amazon.com inc. United States

SHOWING 1 TO 10 OF 73 ENTRIES
1
2
3
4
5
...
8
Next


NETWORK IDS SIGNATURE HITS

Authentication required. Login to view Network IDS Signature Hits.



ASSOCIATED FILES

Show
10 25 50 100
entries

Date
Hash
Avast
AVG
Clamav
MSDefender

No Entries Found


 * User Created (2)
   

TrojanSpy:Win32/Nivdort | Affected OTX accounts | Yotta Network
IPv4 Indicator Inactive
 * Created 2 months ago
   
 * Modified 1 month ago by scoreblue
 * Public
 * TLP: White

CIDR: 2 | CVE: 2 | FileHash-MD5: 688 | FileHash-SHA1: 422 | FileHash-SHA256:
3169 | URL: 6765 | Domain: 2171 | Email: 11 | Hostname: 1714
Part II -Some users OTX accounts connected to the following | Unexpected
revelation | A group of hackers masquerading as attorneys, government officials,
advocates, fake nsa, security professional, help desk, etc. I don't know the
association with otx.alienvault. Unauthorized logins OTX users. accounts.
Deleted and modified pulses, etc. Needs further research for me to fully
understand.
methodpost,  threat,  iocs,  urls http,  samples,  cnc,  phishing,  ransom, 
emotet,  fraud services,  command _and_control,  trojan,  scanning host,  active
threat,  malicious,  date hash,  avast avg,  susp,  win32,  paste,  hostnames, 
http response,  final url,  ip address,  status code,  body length,  b body, 
headers date,  connection,  first,  utc submissions,  submitters,  computer, 
company limited,  gandi sas,  ovh sas,  export,  summary iocs,  graph
community,  limited,  yotta network,  gvb gelimed,  kb microsoft,  indonesia, 
kyriazhs1975,  vj79,  bc https,  rexxfield,  brian sabey,  as21342,  united, 
passive dns,  unknown,  scan endpoints,  all scoreblue,  ipv4,  pulse submit, 
url analysis,  urls,  msie,  chrome,  creation date,  search,  dnssec, 
entries,  body,  date,  as63949 linode,  mtb feb,  checkin m1,  gmt content, 
type,  encrypt,  trojan,  artro,  moved,  pulse pulses,  yotta data,  yotta, 
private limited,  india,  limited yotta,  number,  as140641,  network, 
facebook,  info,  cisco umbrella,  site,  alexa top,  site top,  million,  safe
site,  million alexa,  site safe,  cobalt strike,  malicious url,  blacknet
rat,  union,  vidar,  malware,  stealer,  bank,  alexa,  deepscan,  phishing, 
team,  super,  blacknet,  babar,  detection list,  blacklist http,  sample, 
submission,  history first,  analysis,  utc http,  response final,  url http, 
kb body,  path,  as396982 google,  bq mar,  win32cve mar,  exploit,  virtool, 
status,  name servers,  emails,  servers,  next,  files,  as44273 host,  germany
unknown,  expiration date,  showing,  win32upatre mar,  milehighmedia,  ids
detections,  possible fake,  av checkin,  initial checkin,  checkin,  utah
data,  center,  june,  data center,  responsible,  nsa utah,  march,  closeup
view,  july,  view,  february,  prism,  cascade,  darpa,  twitter,  as20940, 
aaaa,  as16625 akamai,  nxdomain,  whitelisted,  domain,  as54113,  msil, 
cryp,  files show,  entries related,  domains,  as15169 google,  gmt cache, 
sameorigin,  trojandropper,  asnone united,  title error,  porkbun,  mtb mar, 
trojanspy,  installer,  loader,  hijacker,  targeting,  as30456,  sec ch,  for
privacy,  ch ua,  hash avast,  avg clamav,  msdefender mar,  lowfi,  dns
replication,  ip detections,  country,  contacted,  graph,  ssdeep,  file type, 
html internet,  magic html,  ascii text,  trid file,  file size,  open threat, 
learn,  html info,  exchange meta,  tags twitter,  alienvault,  script tags, 
iframe tags,  google tag,  manager anchor,  iana,  whois lookup,  ipv4 address, 
ripe ncc,  afrinic,  africa,  apnic,  asia pacific,  arin,  lacnic,  google, 
amazon ec2,  email,  city,  server,  amazon data,  amazon,  code,  form,  po
box,  tech,  show,  description ype,  collections,  partru,  execution,  fake
host
 * 86 Subscribers

Nivdort | Affected OTX accounts | Yotta Network (Cloned OTX user)
IPv4 Indicator Inactive
 * Created 2 months ago
   
 * Modified 1 month ago by OctoSeek
 * Public
 * TLP: White

CIDR: 2 | CVE: 2 | FileHash-MD5: 688 | FileHash-SHA1: 422 | FileHash-SHA256:
3169 | URL: 6765 | Domain: 2171 | Email: 11 | Hostname: 1714

methodpost,  threat,  iocs,  urls http,  samples,  cnc,  phishing,  ransom, 
emotet,  fraud services,  command _and_control,  trojan,  scanning host,  active
threat,  malicious,  date hash,  avast avg,  susp,  win32,  paste,  hostnames, 
http response,  final url,  ip address,  status code,  body length,  b body, 
headers date,  connection,  first,  utc submissions,  submitters,  computer, 
company limited,  gandi sas,  ovh sas,  export,  summary iocs,  graph
community,  limited,  yotta network,  gvb gelimed,  kb microsoft,  indonesia, 
kyriazhs1975,  vj79,  bc https,  rexxfield,  brian sabey,  as21342,  united, 
passive dns,  unknown,  scan endpoints,  all scoreblue,  ipv4,  pulse submit, 
url analysis,  urls,  msie,  chrome,  creation date,  search,  dnssec, 
entries,  body,  date,  as63949 linode,  mtb feb,  checkin m1,  gmt content, 
type,  encrypt,  trojan,  artro,  moved,  pulse pulses,  yotta data,  yotta, 
private limited,  india,  limited yotta,  number,  as140641,  network, 
facebook,  info,  cisco umbrella,  site,  alexa top,  site top,  million,  safe
site,  million alexa,  site safe,  cobalt strike,  malicious url,  blacknet
rat,  union,  vidar,  malware,  stealer,  bank,  alexa,  deepscan,  phishing, 
team,  super,  blacknet,  babar,  detection list,  blacklist http,  sample, 
submission,  history first,  analysis,  utc http,  response final,  url http, 
kb body,  path,  as396982 google,  bq mar,  win32cve mar,  exploit,  virtool, 
status,  name servers,  emails,  servers,  next,  files,  as44273 host,  germany
unknown,  expiration date,  showing,  win32upatre mar,  milehighmedia,  ids
detections,  possible fake,  av checkin,  initial checkin,  checkin,  utah
data,  center,  june,  data center,  responsible,  nsa utah,  march,  closeup
view,  july,  view,  february,  prism,  cascade,  darpa,  twitter,  as20940, 
aaaa,  as16625 akamai,  nxdomain,  whitelisted,  domain,  as54113,  msil, 
cryp,  files show,  entries related,  domains,  as15169 google,  gmt cache, 
sameorigin,  trojandropper,  asnone united,  title error,  porkbun,  mtb mar, 
trojanspy,  installer,  loader,  hijacker,  targeting,  as30456,  sec ch,  for
privacy,  ch ua,  hash avast,  avg clamav,  msdefender mar,  lowfi,  dns
replication,  ip detections,  country,  contacted,  graph,  ssdeep,  file type, 
html internet,  magic html,  ascii text,  trid file,  file size,  open threat, 
learn,  html info,  exchange meta,  tags twitter,  alienvault,  script tags, 
iframe tags,  google tag,  manager anchor,  iana,  whois lookup,  ipv4 address, 
ripe ncc,  afrinic,  africa,  apnic,  asia pacific,  arin,  lacnic,  google, 
amazon ec2,  email,  city,  server,  amazon data,  amazon,  code,  form,  po
box,  tech,  show,  description ype,  collections,  partru,  execution,  fake
host
 * 128 Subscribers


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2024 LevelBlue, Inc.
   
 * Legal
   
 * Status