Pulse Detail — Threat Intelligence

PULSE NAME

ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

WHITE Arek-BTC 2025-04-30 Modified: 2025-04-30

102

IOCs

HIGH VOLUME

Source IP: 212.1.211.209 JA3 Client hashes: d8c87b9bfde38897979e41242626c2f3 JA3 Server hashes: 2e721a91f6a6db92f1622699c895d2d4 https://www.virustotal.com/gui/file/7d09dfde4593a882172047308b701611ff9fd4c10d753fe89cb093965fbe67de/detection

Indicators of Compromise (23 / 102 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://www.google.com/dfp/sendDebugData	—	2025-04-30
URL	https://www.google.com/dfp/linkDevice	—	2025-04-30
URL	https://www.google.com/dfp/inAppPreview	—	2025-04-30
URL	https://www.google.com/dfp/debugSignals	—	2025-04-30
URL	https://support.google.com/dfp_premium/answer/7160685#push	—	2025-04-30
URL	https://plus.google.com/	—	2025-04-30
URL	https://pagead2.googlesyndication.com/pagead/ping?e=2&f=1	—	2025-04-30
URL	https://pagead2.googlesyndication.com/pagead/gen_204?id=gmob-apps	—	2025-04-30
URL	https://imasdk.googleapis.com/admob/sdkloader/native_video.html	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/sdk-core-v40-loader.html	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.html	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/native_ads.js	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/mraid/v3/mraid_app_interstitial.js	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/mraid/v3/mraid_app_expanded_banner.js	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/production/mraid/v3/mraid_app_banner.js	—	2025-04-30
URL	https://googleads.g.doubleclick.net/mads/static/mad/sdk/native/native_ads.html	—	2025-04-30
URL	https://csi.gstatic.com/csi	—	2025-04-30
URL	https://adservice.google.com/getconfig/pubvendors	—	2025-04-30
URL	https://admob-gmats.uc.r.appspot.com/	—	2025-04-30
URL	http://schemas.android.com/apk/res/android	—	2025-04-30
URL	http://schemas.android.com/apk/res-auto	—	2025-04-30
URL	http://ns.adobe.com/xap/1.0/	—	2025-04-30

References (3)

↗ http://193.230.215.3 ↗ http://www.sanselo.com ↗ http://audiostories.xyz/remote_config/similar_apps/kids_eng.json