DomainHighVerifiedSignal 100/100

`assets.md.docs.tw`

Location

Poland

First Seen

Aug 21, 2022

Last Seen

Jun 7, 2026

Aug 21

First Seen

1392d ago

Jun 7

Last Seen

6d ago

Reports

source reports

99%

Confidence

high

0/91

VirusTotal

detections

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

219 techniques

Feed Intelligence Summary

5 reports99% confidence

Source reports

99%

Confidence score

Category tags

.cc domain.milaaaaaacrabuseacademic institutionsacceptaccept encodingaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoveraclsactive scanactive scanningaddressaddress asaddress rangeadministrative accessadvanced persistent threatafricaafrica flagagent teslaahmannai generatedakamaialertsalex karpalexa topalfreyalienvault_ransomwareall ipv4allocation typeamazonamazon awsamazon s3amazons3 tlsamericaamerica asnamerica flaganalysis dateanalysis ob0001analysis ob0002analysis tipandroidanonsanonsecbotnetapex domainapnicapnic whoisappearance codeappleapple privateapplication developmentaptapt 1apt grouparc fileascii textasiaassociated urlsatrosattackauthentication brute forceauthentihashautorunav detectionsazure rsab documentb scriptb stylesheetbackdoorbad reputationbad requestbad trafficbankerbinary filebingblack bastablack-bastabodybody doctypebody lengthbotnetbotnet activitybrowse tobrute forcebusiness smallc2cabinet archivecamerascamscapturecatalog treecdncdn amazoncertificate analysischeckschopperchristopher p. ahmannchromecidrcisco devicecisco umbrellacitycity sancivilcivil servicescivilian targetingcjutxgck idck matrixck techniqueclassclickclick-based attackclosecloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecloudfrontcnamecnc activitycni safecnmicrosoft eccco phancobalt strikecode executioncode injectioncoinbasecartelcolognecommandcommand and controlcommand executioncommentcommunication protocolcommunication technologiescomodo cacompany limitedcompromised routercompromised sitecompromised_site_redirector_fromcharcodecontacted hostscontent typecontrol ta0011copycopy md5copy sha1copy sha256corecorporate lawcorporationcouncilcountrycovacova cryptbotcps httpscre pulcreation datecredential accesscredential harvestingcredential stuffingcredential theftcrlf linecrowdsourced informationcrypcryptbotcti98current dnscus subjectcvecyber crimecyberstalking techniquesczech republicdarkdark webdatadata accessdata breachdata breach attemptdata collectiondata copyingdata encryptiondata exfiltrationdata exfiltration indicatorsdata oc0004data recoverydata store exposuredata transferdata udata uploadddosddos attacksdefense evasiondefense-evasiondeletedelete cdelivery statusdelphidemodenial of servicedepartment of defensedetail domaindetailsdetections typedevelopment attdevelopment methodologiesdevice managementdevopsdigital culturedigital pressdigital signaturedirectdisinformation campaigndisk wipingdistributed attacksdiv divdll windowsdllsdnsdnssecdockdoddomaindomainpath namedomains topdotnetdrivedrive drivedriver prodropdrop ordroppeddropped filesdropperdynamicdynamic loadingdynamic_contentdynamicloadereb e1ebeeeedgeeducational resourceseducational serviceseducational technologyee emeee fceeeeeeeee eeeeeeeeeeeeeeeeefee eeefeeeheeeelectronic health recordselon muskelseemailemailsemotetempencryptencryptionengine dllenglishenricenterenter scenter sourceenterprise networkingenterprise securityentity amazon4entriesentries httpenumerationerrorerror httpsetet infoet policyetag weulaeuropeeva lisaeva reimerevasionevasion ta0005exchange metaexclude suggesexcluded icexe uploadexfiltrationexpirationexpiration dateexploitexploitationextortionextr includeextraextracted filesextri dataf0 fffailedfailurefaithfemme fatalesff bbff d5fihafileless malwarefilesfiles domainfiles ipfiles locationfiles matchingfiles relatedfinal urlfindfind sfind suggestedfind sugifingerprintingfireeyefirmware infectionfirmware modificationfirstfirst pqcflagflag unitedfollow bot activityformatfoundryframe b830ftp brute forcegat objectgc abusegeckogenericgeneric httpgermanyget httpget httpsget nagithubgithub httpsgoogl2googlegoogle drivegoogle llcgoogle safegoogle taggoogle updategov porngovernment technologygraph summarygse compromisedguardhackershandlehangover_appinbothead titlehealth care and social assistancehealth information technologyhealthcare information systemshelixhelvetica neuehelvetica segoehgnvastlaizhidden privacyhide sampleshighhigh defensehigher educationhistorical sslho chihoney pothoney trapshong konghospital managementhostinghostmaster namehostname addhostname enumerationhrefhtmlhtml documenthtml internethttp attackhttp responsehttp scannerhttpshttps httphybridhyundaiiamroberticmpicmp trafficidentity & access exploitationids detectionsiframeiframe functioniframe tagsimageimpact ta0040includeinclude reviewincluded i0india unknownindicatorindonesiainformation gatheringinformation stealinginformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanningingress tool transferinitial accessinjectinput validation bypassintelintellectual property lawinternet of thingsinvalid pointerinvalid urlinvestigacin yiociocsiosios malwareiot botnetiot/ics attackipasns ipipnnoysrdi triptvipv4ipv4 addipv4 internetireland flagireland unknownisrael israelit infrastructureja3sjeffrey reimerjsl objectk-12 educationkelihoskeyloggerkhtmlkns dropperkorealaw practicelazarus grouplearnlegacylegallegal abuselegal consultinglegal researchlegal serviceslegal technologylehashlevellg2enlifelimitedlimited stlinklink initiallinks apexlinuxlinux malwarelocallockbitlogin attacklooklookupslow riskltda mem. brian sabeymacmagic pe32malicious downloadmalicious imagemalicious linksmalicious powershell activitymalicious softwaremalicious urlsmalwaremalware distributionmalware indicatorsmalware signingmarkmonitormarkmonitor incmarkusmass surveillancematch infomediamedia centermedia defensemedical device securitymedical servicesmediummerits fakemetadata analysismexicanmexicomichelin lazy kmillionminh cityminimal headersmirai botnetmitre attmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatmobility crmodule loadmonitored targetmonitoringmovedmozillams defenderms windowsmsiemsilmulti-cloud managementmuscatmusicnamename cloudflarename datename servername serversname tacticsname verdictnamed pipenanocore rat infectionnc000000 upnetaceanetherlandsnetworknetwork infrastructurenetwork intrusion attemptnetwork namenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork_icmpnextnext associatednext penhs trustsnid valuenjratno expirationno such agencynorth americansa domainnsa domain spoofingnso groupntlm authenticationnumberob0007 impactob0012 fileobserved getoc0006 httpodigicert incoilok serverollydbg ollydbgomicrosoft comicrosoft cusonlvopen threatopenurl coperating systemoperating system securityopinionoptimizer proor droporg cloudflareorgidos2 executableosintpagepassive dnspassive dns analysispasswordpatch managementpath traversalpatient carepattern matchpdfpe injectionpe resourcepegasuspegasus projectpeter theilphishingphishing attackphishing emlpho exploitpleasepng imagepolandpoland asnpoland unknownpolicepolicypornportpostpost httpspostal codepotential codepotential data breachpragmapraiopresent augpresent decpresent febpresent janpresent julpresent junpresent marpresent novpresent octpresent sepprimary requestprinkprivacy adminprivacy techprivacy violationprivilege escalationprlaproblemprocess detailsprocess injectionprocess oc0003process32nextwprocess_martianproduct developmentprotectprotocol exploitationprotocol t1071province hcmprscpsychological manipulationpublic administrationpublic infrastructurepublic policypulse otxpulse pulsespulse submitpulses otxpushpwsquality assurancequantum roomsquasiquasi governmentramsomransomwareransomware leakratread creadsreconnaissancerecord valueredacted forredlineredline stealerredline stealer infectionredpacket securityredpacketsecurityrefreshregszregulatory agenciesregulatory compliancereimer dptreimer suspectrelated nidsrelated pulsesrelated tagsrelicremote accessremote access trojanremote servicesrequestrequest blockedresearchedresolved ipsresolver domainresource pathresources whoisresponse coderestartresults febresults novreverse dnsreview excludereview iocrgbarich contentrirsrsdsq jfurunning serverruntime processsabey typesafe sitesam somaliasample analysissaudi arabiascanning activityscans recordscript scriptscript tagsscript urlsscripting attacksse httpssearchsearch enginesecurity operationsseiko epsonselect fileselfserver caserver nginxserver responseserversserviceservice enumerationserving ipsetup sha256severity attsharedshowshow processshow techniqueshowingsigned filesilence malwaresimplesitesizeslcc2smart assemblysmssms exploitsocial engineeringsocial media attacksocial media manipulationsocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware integritysoftware testingsoftware vulnerabilitiessouth africaspanspan tdspawnsspyspycamssdeepssh attackssidssl certificatestarfieldstatestate-promovedstate-sponsoredstatusstatus codestealerstncphpphp morestorage companystrategystreetstringsstrongstudystwa lredmondsub domainsuck my nipssuggessummarysurveillance technologyswedensystemsystem disruptionsystem oc0001t1003t1003.001t1003.004t1004t1005t1012t1016t1018t1020t1021t1021.001t1021.006t1023t1027t1027.013 encrypted/encodedt1030t1031t1036t1036.004t1036.005t1037t1037.003t1039t1040t1041t1045t1046t1048t1053t1055t1055 jsevalt1056t1056.003t1057t1059t1059.001t1059.007t1060t1062t1063t1064t1068t1069t1069.001t1069.002t1070t1071t1071.001t1071.004t1076t1078t1081t1082t1084t1086t1087t1088t1089t1090t1091t1098t1102t1105t1106t1110t1110.001t1110.002t1112t1113t1114t1119t1125t1129t1130t1132t1133t1140t1143t1147t1155t1156t1158t1176t1180t1185t1187t1189t1190t1192t1193t1194t1199t1203t1204t1204.001t1204.002t1204.003t1205t1210t1211t1212t1480t1480 executiont1485t1486t1490t1491t1491.001t1495t1496t1497t1499t1499.001t1499.002t1499.003t1505t1518t1528t1529t1530t1534t1539t1543t1546t1552t1553t1553.002t1553.003t1554.001t1554.003t1555t1556t1557t1561t1562t1562.001t1562.004t1562.008t1563t1564t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.002t1568t1568.002t1569t1571t1573t1573 severityt1574t1578t1580t1583t1583.001t1583.005t1583.006t1584t1585t1586t1587t1587.001t1587.003t1588t1588.002t1589t1589.001t1589.002t1590t1590 gathert1590.001t1591t1592t1592.004t1593t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.004t1597t1598t1598.003t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666ta0004 defenseta0009 commandtag managertagstags nonetags twittertamtargeted spyware campaigntargeted-attackstelecom servicestelecommunicationstelnet threattemptempletexttext dragtext iptgt sessionthreatthreat actorthreat intelligencethreat roundupthreats httpstime stampingtitletitle headtlstls handshaketls issuingtlsv1toolstop destinationtop sourcetortor analysistor nodetownsend sttreecetrid windowstrojan malwaretrojanagenttrojandroppertrojanxtrue pragmatry drivetsaratsara brashearstwittertypetype datatype mimetypetype nametype opastetype pdfui arialuk governmentukraineumbrella rankunauthorized access attemptunicodeunicode textuniqueunique tldunitedunited statesunknown cnameunknown nsunknown soaupdate secureupdaterurlsurls serverurls showus creationuser agentuser executionutc amazonutc googleutf8 textutf8 unicodevalid signature. revoked.valuevalue statusvaryververdanaverdictverifyvhashvideovietnamvirlockvirtoolvirustotal apiwannacry attackwdigestweb application exploitationweb exploitationweb securityweb trafficwelcomewhois informationwhois lookupwhois recordwhois registrarwhois serverwhois whoiswife happywifi passwordwillwin32 exewin32 malwarewindirwindowwindows malwarewindows modulewindows nativewindows ntwmsspacer.gifwormwp enginewritewrite cx00x00nxportxservery.a.s.yarayara detectionsyara ruleyouthzero click exploitzero-day exploit

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **assets.md.docs.tw** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from Poland. First observed on August

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenAug 21, 2022

Last seenJun 7, 2026

Verified IOC

VirusTotal

0/ 91vendors flagged

0% detection rateJun 8, 2026

WHOIS

raw: Domain Name: docs.tw Domain Status: clientTransferProhibited Registrant: 3432650ec337c945 Registrar Abuse Contact Email: [email protected] Registration Service URL: http://myname.pchome.com.tw elsa.ns.cloudflare.com henry.ns.cloudflare.com

`assets.md.docs.tw`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy