{ "type": "Domain", "indicator": "ecomscan.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ecomscan.com", "alexa": "http://www.alexa.com/siteinfo/ecomscan.com", "indicator": "ecomscan.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3871079689, "indicator": "ecomscan.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "667d5bd4a98d33d3486fff19", "name": "Polyfill supply chain attack hits 100K+ sites", "description": "A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into over 100,000 websites that embed the polyfill.io content delivery network. The malware redirects mobile users to a fraudulent sports betting site hosted on a domain impersonating Google Analytics. The attack employs various evasion techniques and targets specific devices and time windows. While trustworthy alternatives are available, it's recommended to remove any references to polyfill.io from your codebase as the library is no longer necessary for modern browsers.", "modified": "2024-06-27T12:36:54.510000", "created": "2024-06-27T12:32:20.075000", "tags": [ "polyfill.js", "malvertising", "supply chain", "redirection" ], "references": [ "https://sansec.io/research/polyfill-supply-chain-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "polyfill.js", "display_name": "polyfill.js", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1036.003", "name": "Rename System Utilities", "display_name": "T1036.003 - Rename System Utilities" }, { "id": "T1557.002", "name": "ARP Cache Poisoning", "display_name": "T1557.002 - ARP Cache Poisoning" }, { "id": "T1564.003", "name": "Hidden Window", "display_name": "T1564.003 - Hidden Window" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 384, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 3, "domain": 2, "hostname": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386446, "modified_text": "702 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d73f806377e1786da61411", "name": "EbeeApril2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-09T05:12:44.308000", "created": "2026-04-09T05:56:16.764000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5.", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 77, "FileHash-MD5": 180, "FileHash-SHA1": 136, "FileHash-SHA256": 280, "CVE": 2, "domain": 162, "hostname": 56 }, "indicator_count": 893, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1314048ceac503810d4d4", "name": "Mass PolyShell attack wave hits 471 stores in one hour", "description": "Sansec has reported a significant wave of attacks exploiting the PolyShell vulnerability, resulting in the compromise of 471 online stores within just one hour. The attackers are utilizing a newly registered domain, http://lanhd6549tdhse.top, to inject obfuscated JavaScript into the compromised websites. The scale of the attacks continues to grow, with new victims emerging consistently.", "modified": "2026-05-04T15:01:49.491000", "created": "2026-04-04T15:41:52.214000", "tags": [ "magento", "adobe-commerce", "polyshell", "mass-hack", "lanhd6549tdhse.top", "accesson.php", "136c1e07507f4a97", "kztbscgb", "sansec", "scan", "javascript", "adobe commerce", "march", "sansec shield", "attacker", "block", "virustotal", "webshell", "live", "rce", "backdoor", "zero-day", "file-upload", "vulnerability", "strong", "update march", "shield", "rest api", "patched", "restrict", "verify", "apache", "pass", "date" ], "references": [ "https://sansec.io/research/polyshell-mass-attack-wave", "https://sansec.io/research/magento-polyshell" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1505.003", "name": "Web Shell", "display_name": "T1505.003 - Web Shell" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 2, "domain": 2, "FileHash-MD5": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68faddd6e6970683d194cb9d", "name": "SessionReaper Exploitation Sparks Alarms in E-commerce Security Community", "description": "We are at the forefront of cybersecurity research and research, bringing you the best of the news, analysis and insights from the world's leading technology companies and other companies, including Adobe, Google and Microsoft.", "modified": "2025-12-24T05:05:33.381000", "created": "2025-10-24T02:00:54.336000", "tags": [ "cyber security news", "cyber news", "cyber security news today", "cyber security updates", "cyber updates", "hacker news", "hacking news", "software vulnerability", "cyber attacks", "data breach", "ransomware malware", "how to hack", "network security", "information security", "the hacker news", "computer security", "cve202554236", "adobe commerce", "sansec", "cvss score", "adobe", "magento", "magento open", "source", "commerce rest", "sessionreaper", "cyber", "twitter", "skimming", "cve-2025-54236", "adobe-commerce", "rce", "deserialization", "patching", "exploitation", "zero-day", "sansec shield", "scan", "research", "september", "attack", "patch", "live" ], "references": [ "https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html", "https://sansec.io/research/sessionreaper-exploitation" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Ecommerce" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "157 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f9ac13eeb10cd3705730e", "name": "CosmicSting attack & defense overview", "description": "CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a rate of 3 to 5 per hour. Merchants need to implement these counter measures as soon as possible.", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:51:45.560000", "tags": [ "adobe commerce", "magento", "cosmicsting", "javascript", "cms block", "magento api", "sansec", "cnext", "cve20242961", "scoring system", "june", "execution" ], "references": [ "https://sansec.io/research/cosmicsting#group-peschanki%3A-automated-mass-cms-block-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 196, "CVE": 2, "domain": 177, "hostname": 25 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 867, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66fe4aa0dbe2f21a258bd30f", "name": "Persistent backdoors injected on Adobe Commerce via new CosmicSting attack", "description": "", "modified": "2024-11-02T07:02:37.426000", "created": "2024-10-03T07:41:20.668000", "tags": [ "adobe commerce", "scan", "cnext", "post", "devnull", "product pricing", "snip", "raid5wq", "sansec watch", "nl860920306b01", "august", "persistence", "magecart", "magento" ], "references": [ "https://sansec.io/research/cosmicsting-cnext-persistent-backdoor" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "URL": 19, "domain": 17, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "574 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703c76116c3332fd52d3113", "name": "Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns", "description": "Thousands of Magento and Adobe stores have been hacked in a series of attacks called CosmicSting, according to research by Sansec Forensics Team, which has identified and collected malware loaders.", "modified": "2024-10-07T11:34:57.065000", "created": "2024-10-07T11:34:57.065000", "tags": [ "adobe commerce", "sansec", "magento", "scan", "cosmicsting", "cnext", "product pricing", "adobe", "battle", "hidden", "june", "malware", "segway", "surki" ], "references": [ "https://sansec.io/research/cosmicsting-fallout" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "CosmicSting", "display_name": "CosmicSting", "target": null }, { "id": "Segway", "display_name": "Segway", "target": null }, { "id": "Surki", "display_name": "Surki", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 26, "domain": 14, "hostname": 14 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "600 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66d96a3d67f791ac4434ffa5", "name": "CosmicSting attack threatens 75% of Adobe Commerce stores", "description": "", "modified": "2024-10-05T08:02:37.282000", "created": "2024-09-05T08:22:21.925000", "tags": [ "adobe commerce", "sansec", "magento", "adobe", "scan", "june", "update june", "product pricing", "cosmicsting", "cvss", "upgrade", "exploit", "attack", "april", "virustotal" ], "references": [ "https://sansec.io/research/cosmicsting" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "URL": 6, "domain": 4, "hostname": 1 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "602 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "666 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "667eb57494f8692a2889b88b", "name": "Polyfill supply chain attack hits 100K+ sites", "description": "", "modified": "2024-06-28T13:07:00.349000", "created": "2024-06-28T13:07:00.349000", "tags": [ "kuurzabitget", "polyfill", "update june", "scan", "google", "sansec watch", "product pricing", "june", "cloudflare", "sansec", "date", "magento", "february", "win32", "window" ], "references": [ "https://sansec.io/research/polyfill-supply-chain-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 8, "hostname": 4 }, "indicator_count": 17, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "701 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "667bfe48d017f87b1f475fd7", "name": "Polyfill supply chain attack hits 100K+ sites", "description": "A security firm, Sansec Forensics, has decoded malware injected into more than 100,000 web sites by the new owner of the Polyfill JS project, which inject malware into users' devices.", "modified": "2024-06-26T11:40:56.230000", "created": "2024-06-26T11:40:56.230000", "tags": [ "kuurzabitget", "polyfill", "scan", "google", "sansec watch", "product pricing", "update june", "sansec", "iswin", "0x5ae1f8", "date", "magento", "june", "february", "win32", "window" ], "references": [ "https://sansec.io/research/polyfill-supply-chain-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluenumberone", "id": "246058", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "domain": 2, "hostname": 3 }, "indicator_count": 8, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "703 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66155c206080da1a7f2e92c3", "name": "Persistent Magento backdoor hidden in XML", "description": "Magento stores are being targeted by hackers who inject malware into their servers, writes Sansec Forensics, who has uncovered a hidden backdoor in the online shopping platform's database and found it to contain shell code.", "modified": "2024-05-09T15:01:35.613000", "created": "2024-04-09T15:17:52.506000", "tags": [ "magento", "scan", "product pricing", "sansec", "magecart", "init", "next", "attribution", "nl860920306b01", "support malware", "april", "february", "persistent magento" ], "references": [ "https://sansec.io/research/magento-xml-backdoor" ], "public": 1, "adversary": "Magecart", "targeted_countries": [], "malware_families": [ { "id": "Persistent Magento", "display_name": "Persistent Magento", "target": null }, { "id": "Magecart", "display_name": "Magecart", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 1, "domain": 2 }, "indicator_count": 4, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "751 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://sansec.io/research/magento-xml-backdoor", "https://sansec.io/research/cosmicsting#group-peschanki%3A-automated-mass-cms-block-updates", "https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html", "https://sansec.io/research/polyshell-mass-attack-wave", "https://sansec.io/research/sessionreaper-exploitation", "Book1.csv", "https://sansec.io/research/magento-polyshell", "https://sansec.io/research/cosmicsting", "https://sansec.io/research/cosmicsting-cnext-persistent-backdoor", "https://sansec.io/research/cosmicsting-fallout", "https://sansec.io/research/polyfill-supply-chain-attack" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Polyfill.js" ], "industries": [] }, "other": { "adversary": [ "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5.", "Magecart" ], "malware_families": [ "Cosmicsting", "Segway", "Surki", "Persistent magento", "Magecart" ], "industries": [ "Ecommerce" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "667d5bd4a98d33d3486fff19", "name": "Polyfill supply chain attack hits 100K+ sites", "description": "A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into over 100,000 websites that embed the polyfill.io content delivery network. The malware redirects mobile users to a fraudulent sports betting site hosted on a domain impersonating Google Analytics. The attack employs various evasion techniques and targets specific devices and time windows. While trustworthy alternatives are available, it's recommended to remove any references to polyfill.io from your codebase as the library is no longer necessary for modern browsers.", "modified": "2024-06-27T12:36:54.510000", "created": "2024-06-27T12:32:20.075000", "tags": [ "polyfill.js", "malvertising", "supply chain", "redirection" ], "references": [ "https://sansec.io/research/polyfill-supply-chain-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "polyfill.js", "display_name": "polyfill.js", "target": null } ], "attack_ids": [ { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1036.003", "name": "Rename System Utilities", "display_name": "T1036.003 - Rename System Utilities" }, { "id": "T1557.002", "name": "ARP Cache Poisoning", "display_name": "T1557.002 - ARP Cache Poisoning" }, { "id": "T1564.003", "name": "Hidden Window", "display_name": "T1564.003 - Hidden Window" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 384, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "URL": 3, "domain": 2, "hostname": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 386446, "modified_text": "702 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d73f806377e1786da61411", "name": "EbeeApril2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-09T05:12:44.308000", "created": "2026-04-09T05:56:16.764000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5.", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 77, "FileHash-MD5": 180, "FileHash-SHA1": 136, "FileHash-SHA256": 280, "CVE": 2, "domain": 162, "hostname": 56 }, "indicator_count": 893, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1314048ceac503810d4d4", "name": "Mass PolyShell attack wave hits 471 stores in one hour", "description": "Sansec has reported a significant wave of attacks exploiting the PolyShell vulnerability, resulting in the compromise of 471 online stores within just one hour. The attackers are utilizing a newly registered domain, http://lanhd6549tdhse.top, to inject obfuscated JavaScript into the compromised websites. The scale of the attacks continues to grow, with new victims emerging consistently.", "modified": "2026-05-04T15:01:49.491000", "created": "2026-04-04T15:41:52.214000", "tags": [ "magento", "adobe-commerce", "polyshell", "mass-hack", "lanhd6549tdhse.top", "accesson.php", "136c1e07507f4a97", "kztbscgb", "sansec", "scan", "javascript", "adobe commerce", "march", "sansec shield", "attacker", "block", "virustotal", "webshell", "live", "rce", "backdoor", "zero-day", "file-upload", "vulnerability", "strong", "update march", "shield", "rest api", "patched", "restrict", "verify", "apache", "pass", "date" ], "references": [ "https://sansec.io/research/polyshell-mass-attack-wave", "https://sansec.io/research/magento-polyshell" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1505.003", "name": "Web Shell", "display_name": "T1505.003 - Web Shell" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 2, "domain": 2, "FileHash-MD5": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68faddd6e6970683d194cb9d", "name": "SessionReaper Exploitation Sparks Alarms in E-commerce Security Community", "description": "We are at the forefront of cybersecurity research and research, bringing you the best of the news, analysis and insights from the world's leading technology companies and other companies, including Adobe, Google and Microsoft.", "modified": "2025-12-24T05:05:33.381000", "created": "2025-10-24T02:00:54.336000", "tags": [ "cyber security news", "cyber news", "cyber security news today", "cyber security updates", "cyber updates", "hacker news", "hacking news", "software vulnerability", "cyber attacks", "data breach", "ransomware malware", "how to hack", "network security", "information security", "the hacker news", "computer security", "cve202554236", "adobe commerce", "sansec", "cvss score", "adobe", "magento", "magento open", "source", "commerce rest", "sessionreaper", "cyber", "twitter", "skimming", "cve-2025-54236", "adobe-commerce", "rce", "deserialization", "patching", "exploitation", "zero-day", "sansec shield", "scan", "research", "september", "attack", "patch", "live" ], "references": [ "https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html", "https://sansec.io/research/sessionreaper-exploitation" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Ecommerce" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CODERED_VTA", "id": "349568", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_349568/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "domain": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "157 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f9ac13eeb10cd3705730e", "name": "CosmicSting attack & defense overview", "description": "CosmicSting (aka CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years. Sansec observes that stores are getting hacked at a rate of 3 to 5 per hour. Merchants need to implement these counter measures as soon as possible.", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:51:45.560000", "tags": [ "adobe commerce", "magento", "cosmicsting", "javascript", "cms block", "magento api", "sansec", "cnext", "cve20242961", "scoring system", "june", "execution" ], "references": [ "https://sansec.io/research/cosmicsting#group-peschanki%3A-automated-mass-cms-block-updates" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 196, "CVE": 2, "domain": 177, "hostname": 25 }, "indicator_count": 400, "is_author": false, "is_subscribing": null, "subscriber_count": 867, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66fe4aa0dbe2f21a258bd30f", "name": "Persistent backdoors injected on Adobe Commerce via new CosmicSting attack", "description": "", "modified": "2024-11-02T07:02:37.426000", "created": "2024-10-03T07:41:20.668000", "tags": [ "adobe commerce", "scan", "cnext", "post", "devnull", "product pricing", "snip", "raid5wq", "sansec watch", "nl860920306b01", "august", "persistence", "magecart", "magento" ], "references": [ "https://sansec.io/research/cosmicsting-cnext-persistent-backdoor" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "URL": 19, "domain": 17, "hostname": 3 }, "indicator_count": 41, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "574 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6703c76116c3332fd52d3113", "name": "Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns", "description": "Thousands of Magento and Adobe stores have been hacked in a series of attacks called CosmicSting, according to research by Sansec Forensics Team, which has identified and collected malware loaders.", "modified": "2024-10-07T11:34:57.065000", "created": "2024-10-07T11:34:57.065000", "tags": [ "adobe commerce", "sansec", "magento", "scan", "cosmicsting", "cnext", "product pricing", "adobe", "battle", "hidden", "june", "malware", "segway", "surki" ], "references": [ "https://sansec.io/research/cosmicsting-fallout" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "CosmicSting", "display_name": "CosmicSting", "target": null }, { "id": "Segway", "display_name": "Segway", "target": null }, { "id": "Surki", "display_name": "Surki", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 26, "domain": 14, "hostname": 14 }, "indicator_count": 55, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "600 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ecomscan.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ecomscan.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780173775.472878 }