{ "type": "Domain", "indicator": "fwerwe.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/fwerwe.com", "alexa": "http://www.alexa.com/siteinfo/fwerwe.com", "indicator": "fwerwe.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4241090977, "indicator": "fwerwe.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69a88b31dad43f4df1caab65", "name": "Using SSL Certificates and Graph Theory to Uncover Threat Actors", "description": "Researchers at Infoblox have developed an advanced technique leveraging graph theory and SSL certificates to uncover threat actor operational relationships. The approach analyzes Certificate Transparency logs, using the Subject Alternative Name field in certificates to identify domains under common control. By modeling domains as nodes and certificate relationships as edges, the system reveals comprehensive threat infrastructures. This method enables discovery of new malicious domains, consolidation of threat actor identities, and early detection of emerging threats. The system processes millions of certificates daily, providing actionable intelligence on threat actor operations across various types of cybercriminal activities.", "modified": "2026-03-05T09:38:32.181000", "created": "2026-03-04T19:42:41.028000", "tags": [ "graph theory", "certificate transparency", "infrastructure discovery", "threat intelligence", "ssl certificates", "domain clustering" ], "references": [ "https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1588.004", "name": "Digital Certificates", "display_name": "T1588.004 - Digital Certificates" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1608.003", "name": "Install Digital Certificate", "display_name": "T1608.003 - Install Digital Certificate" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 324 }, "indicator_count": 324, "is_author": false, "is_subscribing": null, "subscriber_count": 386664, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aa3478892973978de0ef52", "name": "avault clone \"Using SSL Certificates and Graph Theory to Uncover Threat Actor\"", "description": "", "modified": "2026-03-06T06:39:19.215000", "created": "2026-03-06T01:57:12.345000", "tags": [ "graph theory", "certificate transparency", "infrastructure discovery", "threat intelligence", "ssl certificates", "domain clustering" ], "references": [ "https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1588.004", "name": "Digital Certificates", "display_name": "T1588.004 - Digital Certificates" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1608.003", "name": "Install Digital Certificate", "display_name": "T1608.003 - Install Digital Certificate" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [], "TLP": "white", "cloned_from": "69a88b31dad43f4df1caab65", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 824, "hostname": 1 }, "indicator_count": 825, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69a88b31dad43f4df1caab65", "name": "Using SSL Certificates and Graph Theory to Uncover Threat Actors", "description": "Researchers at Infoblox have developed an advanced technique leveraging graph theory and SSL certificates to uncover threat actor operational relationships. The approach analyzes Certificate Transparency logs, using the Subject Alternative Name field in certificates to identify domains under common control. By modeling domains as nodes and certificate relationships as edges, the system reveals comprehensive threat infrastructures. This method enables discovery of new malicious domains, consolidation of threat actor identities, and early detection of emerging threats. The system processes millions of certificates daily, providing actionable intelligence on threat actor operations across various types of cybercriminal activities.", "modified": "2026-03-05T09:38:32.181000", "created": "2026-03-04T19:42:41.028000", "tags": [ "graph theory", "certificate transparency", "infrastructure discovery", "threat intelligence", "ssl certificates", "domain clustering" ], "references": [ "https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1588.004", "name": "Digital Certificates", "display_name": "T1588.004 - Digital Certificates" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1608.003", "name": "Install Digital Certificate", "display_name": "T1608.003 - Install Digital Certificate" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 324 }, "indicator_count": 324, "is_author": false, "is_subscribing": null, "subscriber_count": 386664, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aa3478892973978de0ef52", "name": "avault clone \"Using SSL Certificates and Graph Theory to Uncover Threat Actor\"", "description": "", "modified": "2026-03-06T06:39:19.215000", "created": "2026-03-06T01:57:12.345000", "tags": [ "graph theory", "certificate transparency", "infrastructure discovery", "threat intelligence", "ssl certificates", "domain clustering" ], "references": [ "https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1588.004", "name": "Digital Certificates", "display_name": "T1588.004 - Digital Certificates" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1608.003", "name": "Install Digital Certificate", "display_name": "T1608.003 - Install Digital Certificate" }, { "id": "T1590.001", "name": "Domain Properties", "display_name": "T1590.001 - Domain Properties" } ], "industries": [], "TLP": "white", "cloned_from": "69a88b31dad43f4df1caab65", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 824, "hostname": 1 }, "indicator_count": 825, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "fwerwe.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "fwerwe.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780317677.33851 }