{ "type": "Domain", "indicator": "a.live", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/a.live", "alexa": "http://www.alexa.com/siteinfo/a.live", "indicator": "a.live", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3155077010, "indicator": "a.live", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627a3399312417bb7f844a55", "name": "hoster.kz", "description": "WebPacker.ru is a web-based tool designed to help people find and find the best way to get through the web, but only if you are a browser user or an administrator.", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T09:42:49.434000", "tags": [ "regexp", "null", "shift", "function", "click", "bksp", "width", "body", "namedepartment", "altgr", "span", "date", "error", "class", "this", "refresh", "prop", "close", "accept", "jquery", "iframe", "embed", "inputmask", "void", "chrs", "alternation", "seeknext", "type", "input", "masktoken", "window", "mask", "form", "backspace", "insert", "qe", "copyright", "closure library", "trackevent", "number", "string", "version", "uint8array", "gtmn3zrpw", "host", "path", "derek", "code", "bapunycode", "s700", "index", "label", "link", "stylesheet", "textcss", "script", "array", "10000", "style", "xmlhttprequest", "load", "virtualpageview", "ymuid", "post" ], "references": [ "xfe-IP-185.100.65.26-stix2-2.1-export.json", "xfe-URL-Hoster.kz-stix2-2.1-export.json", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/?code=75455&protocol=https://&url=https://hoster.kz/", "https://bitrix.info/ba.js", "https://www.googletagmanager.com/gtm.js?id=GTM-N3ZRPW", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1055680023/?random=1652174969236&cv=9&fst=1652174969236&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhoster.kz%2F&ref=https%3A%2F%2Fhoster.kz%2F&tiba=%D0%A5%D0%BE%D1%81%D1%82%D0%B8%D0%BD%D0%B3%20%D0%B2%20%D0%9A%D0%B0%D0%B7%D0%B0%D1%85%D1%81%D1%82%D0%B0%D0%BD%D0%B5%2C%20%D0%BA%D1%83%D0%BF%D0", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/js/jquery.inputmask.bundle.js", "https://hoster.kz/js/html5.js", "https://hoster.kz/js/jcarousellite_1.0.1.pack.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "hostname": 1225, "domain": 1427, "FileHash-SHA256": 136, "CVE": 1, "email": 2 }, "indicator_count": 5801, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hoster.kz/js/jcarousellite_1.0.1.pack.js", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "xfe-URL-Hoster.kz-stix2-2.1-export.json", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1055680023/?random=1652174969236&cv=9&fst=1652174969236&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhoster.kz%2F&ref=https%3A%2F%2Fhoster.kz%2F&tiba=%D0%A5%D0%BE%D1%81%D1%82%D0%B8%D0%BD%D0%B3%20%D0%B2%20%D0%9A%D0%B0%D0%B7%D0%B0%D1%85%D1%81%D1%82%D0%B0%D0%BD%D0%B5%2C%20%D0%BA%D1%83%D0%BF%D0", "xfe-IP-185.100.65.26-stix2-2.1-export.json", "https://bitrix.info/ba.js", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/?code=75455&protocol=https://&url=https://hoster.kz/", "https://www.googletagmanager.com/gtm.js?id=GTM-N3ZRPW", "https://hoster.kz/js/html5.js", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/js/jquery.inputmask.bundle.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Qe", "Wipes" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627a3399312417bb7f844a55", "name": "hoster.kz", "description": "WebPacker.ru is a web-based tool designed to help people find and find the best way to get through the web, but only if you are a browser user or an administrator.", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T09:42:49.434000", "tags": [ "regexp", "null", "shift", "function", "click", "bksp", "width", "body", "namedepartment", "altgr", "span", "date", "error", "class", "this", "refresh", "prop", "close", "accept", "jquery", "iframe", "embed", "inputmask", "void", "chrs", "alternation", "seeknext", "type", "input", "masktoken", "window", "mask", "form", "backspace", "insert", "qe", "copyright", "closure library", "trackevent", "number", "string", "version", "uint8array", "gtmn3zrpw", "host", "path", "derek", "code", "bapunycode", "s700", "index", "label", "link", "stylesheet", "textcss", "script", "array", "10000", "style", "xmlhttprequest", "load", "virtualpageview", "ymuid", "post" ], "references": [ "xfe-IP-185.100.65.26-stix2-2.1-export.json", "xfe-URL-Hoster.kz-stix2-2.1-export.json", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/?code=75455&protocol=https://&url=https://hoster.kz/", "https://bitrix.info/ba.js", "https://www.googletagmanager.com/gtm.js?id=GTM-N3ZRPW", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1055680023/?random=1652174969236&cv=9&fst=1652174969236&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhoster.kz%2F&ref=https%3A%2F%2Fhoster.kz%2F&tiba=%D0%A5%D0%BE%D1%81%D1%82%D0%B8%D0%BD%D0%B3%20%D0%B2%20%D0%9A%D0%B0%D0%B7%D0%B0%D1%85%D1%81%D1%82%D0%B0%D0%BD%D0%B5%2C%20%D0%BA%D1%83%D0%BF%D0", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/js/jquery.inputmask.bundle.js", "https://hoster.kz/js/html5.js", "https://hoster.kz/js/jcarousellite_1.0.1.pack.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "hostname": 1225, "domain": 1427, "FileHash-SHA256": 136, "CVE": 1, "email": 2 }, "indicator_count": 5801, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "a.live", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "a.live", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780337549.3327801 }