Dark Web ID Compromise Results

Compromise Type:


Accidental Exposure:

The compromise of data is attributed to an unintentional disclosure by non-malicious actors on a web page, social media, or peer-to-peer site.

Bot:

The compromise of data is attributed to botnet activity.

Breach:

This data was compromised as part of an organization's data breach.

BOT Prefixes
s_ sinkhole
l_ webserver compromise
w_ webserver attack
c_ miscellaneous

Data Dump:

A consolidated collection of new and/or previously compromised credentials were made available for bulk consumption.

Dox:

The data was disclosed as a part of a Doxing effort. Doxing is the research, collection, and broadcast of private or personally identifiable information (PII) about an individual or organization. Doxing may be carried out for various reasons, including extortion, coercion, inflicting harm, harassment, and online shaming.

Keylogged / Phished:

The compromise of data is attributed to entering into a phishing website or extracted through software designed to surreptitiously harvest personally identifiable information (PII)

Not Disclosed:

The corresponding metadata associated with the collected information is currently insufficient to accurately attribute to a specific compromise type.

Sample:

The data that was disclosed by an individual or organization to prove its validity of an exploit/breach.

Tested:

The data was legally tested to determine if it is live/active data.

MPD:

Spam server that presents as multiple unrelated domains.

MISC:

Spam server that presents a broken value.

BOGUS:

Spam server that presents an invalid value.

LH:

Spam server that presents as localhost.

FAM:

Spam server that presents identity we know to be valid, but not them.

LOC:

Spam server that presents as the destination server.

NEVER:

Spam server that presents a forged value.

BSIP:

Spam server that presents as a different IP.

SSIP:

Spam server that presents as own IP.

NOHELO:

Spam server that does not present an identity.

   Source Type:


Asprox:

The IP address has been identified as associated with the Asprox botnet, also known by its aliases Badsrc and Aseljo, and is mostly involved in phishing scams and performing SQL injections into websites in order to spread malware 

C2 Server:

The IP address has been identified as being associated with a Command-and-control (C2) Server. Command-and-control servers are used by attackers to maintain communications with compromised endpoints within a targeted network. These compromised endpoints collectively are referred to as a botnet. This is achieved through infecting endpoints with malware. Botnets are leveraged by attackers to conduct malicious activity (send spam, distribute malware, etc) without the knowledge of the system owner.

Chat Room:

This data was discovered in a hidden Dark Web internet relay chatroom (IRC).

Cutwail:

The IP address has been identified as associated with the Cutwail botnet and is mostly involved in sending spam e-mails. The bot is typically installed on infected machines by a Trojan component called Pushdo. It affects computers running Microsoft Windows.

File-Sharing:

The IP address has been identified as associated with malicious file-sharing activities.

ID Theft Forum:

This data was discovered being exchanged on a dark web forum or community associated with ID theft activities.

P2P File:

This data was discovered as part of a file being exchanged through a peer-to-peer file sharing service or network.

Public Web Site:

This data was discovered on a publicly accessible web forum or data dumpsite.

Social Media:

This data was discovered being shared as a post on a social media platform.

Webpage:

This data was discovered on a hacker website or data dumpsite.

Zero Access:

The IP address has been identified as associated with the Zero Access botnet. At the time of discovery, the ZeroAccess rootkit responsible for the botnet's spread is estimated to have been present on at least 9 million systems (2012).

 

   Website:


Not Disclosed:

The origin of the breach has not been disclosed for one of two reasons: The name of the site has not yet been determined or the breached organization has not yet publicly acknowledged a cyber incident.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section