The compromise of data is attributed to an unintentional disclosure by non-malicious actors on a web page, social media, or peer-to-peer site.
The compromise of data is attributed to botnet activity.
This data was compromised as part of an organization's data breach.
A consolidated collection of new and/or previously compromised credentials were made available for bulk consumption.
The data was disclosed as a part of a Doxing effort. Doxing is the research, collection, and broadcast of private or personally identifiable information (PII) about an individual or organization. Doxing may be carried out for various reasons, including extortion, coercion, inflicting harm, harassment, and online shaming.
Keylogged / Phished:
The compromise of data is attributed to entering into a phishing website or extracted through software designed to surreptitiously harvest personally identifiable information (PII)
The corresponding metadata associated with the collected information is currently insufficient to accurately attribute to a specific compromise type.
The data was legally tested to determine if it is live/active data.
Spam server that presents as the destination server.
Spam server that presents a forged value.
Spam server that presents as a different IP.
Spam server that presents as own IP.
Spam server that does not present an identity.
The IP address has been identified as associated with the Asprox botnet, also known by its aliases Badsrc and Aseljo, and is mostly involved in phishing scams and performing SQL injections into websites in order to spread malware
The IP address has been identified as being associated with a Command-and-control (C2) Server. Command-and-control servers are used by attackers to maintain communications with compromised endpoints within a targeted network. These compromised endpoints collectively are referred to as a botnet. This is achieved through infecting endpoints with malware. Botnets are leveraged by attackers to conduct malicious activity (send spam, distribute malware, etc) without the knowledge of the system owner.
This data was discovered in a hidden Dark Web internet relay chatroom (IRC).
The IP address has been identified as associated with the Cutwail botnet and is mostly involved in sending spam e-mails. The bot is typically installed on infected machines by a Trojan component called Pushdo. It affects computers running Microsoft Windows.
The IP address has been identified as associated with malicious file-sharing activities.
ID Theft Forum:
This data was discovered being exchanged on a dark web forum or community associated with ID theft activities.
This data was discovered as part of a file being exchanged through a peer-to-peer file sharing service or network.
Public Web Site:
This data was discovered on a publicly accessible web forum or data dumpsite.
This data was discovered being shared as a post on a social media platform.
This data was discovered on a hacker website or data dumpsite.
The IP address has been identified as associated with the Zero Access botnet. At the time of discovery, the ZeroAccess rootkit responsible for the botnet's spread is estimated to have been present on at least 9 million systems (2012).
The origin of the breach has not been disclosed for one of two reasons: The name of the site has not yet been determined or the breached organization has not yet publicly acknowledged a cyber incident.