{ "type": "Domain", "indicator": "gohhs.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/gohhs.com", "alexa": "http://www.alexa.com/siteinfo/gohhs.com", "indicator": "gohhs.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3882353347, "indicator": "gohhs.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "66329f2e6378bd16250f5a4e", "name": "Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams", "description": "This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware and phishing scams. It analyzes three major malware campaigns, dubbed 'Downloader', 'eBook Phishing', and 'Website SEO', that exploited Docker Hub's repository documentation feature. The report provides insights into the attackers' tactics, techniques, and infrastructure, highlighting the challenges of moderating open platforms.", "modified": "2024-05-01T20:07:51.802000", "created": "2024-05-01T19:59:42.447000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 348, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 386604, "modified_text": "760 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e034c73048ac93a3a37d37", "name": "URLert Daily Threat Intel \u2014 2026-04-16", "description": "URLert Daily Threat Intel \u2014 2026-04-16\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 61 | Indicators: 102\nConfirmed: 26 | Likely: 34 | Domain intel: 1\nTop threats: Phishing (42), Malware Hosting (6), Dropper (6), Malvertising (5), Unknown (2)\nDomains: 09auth.ink, adescargar.net, allwatch.id, amazon-prime.my, baixinshiti.com, besofex.com, bunnyband.com, casajoys.com, cdn-videy.me, cmrpuntos.app, crashradar.info, dao-hu.com, dao-qp.cc, de...\n\n61 unique threats producing 102 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-15T23:52:26.002000", "created": "2026-04-16T01:00:55.191000", "tags": [ "account-login", "adult-content", "adware", "afcu-impersonation", "aggressive-advertising", "aggressive-marketing", "aggressive-redirects", "android-malware", "automated-scan", "automatic-download", "automatic-redirection", "botnet", "brand-impersonation", "browser-extension-hijacking", "click-to-view-scam", "clickbait", "cloudflare", "combosquatting", "credential-harvesting", "crypto-miner", "crypto-scam", "crypto-trading-scam", "cryptocurrency-exchange", "cryptominer", "daily-threat-intel", "data-harvesting", "dating-scam", "deceptive-ads", "deceptive-content", "deceptive-earning-promises", "deceptive-practices", "deceptive-redirects", "deceptive-registration", "deceptive-rewards", "deceptive-site", "deceptive-warning", "delivery-failure", "delivery-service-impersonation", "denmark", "deposit-scam", "docusign-impersonation", "domain-classification", "dpd", "dropper", "e-commerce-fraud", "elon-musk-impersonation", "empty-landing-page", "evasion-technique", "facebook", "fake-notification", "fake-profiles", "fake-reward", "fake-rewards", "fake-urgency", "fake-verification", "falabella", "file-download", "financial-scheme", "fiverr-impersonation", "forced-download", "fraud", "fraudulent-marketplace", "fraudulent-platform", "freelancer-targeting", "gambling-analytics", "gambling-platform", "game-cheats", "generic-signup", "high-risk", "high-risk-domain", "high-risk-tld", "homograph-attack", "information-harvesting", "intrusive-advertising", "investment-scam", "invitation-code", "ip-logger", "job-scam", "lead-generation", "malicious-affiliate", "malicious-redirect", "malicious-redirection", "malicious-redirects", "malvertising", "malware-bundling", "malware-delivery", "malware-distribution", "malware-download", "meta", "microsoft", "modded-android-apps", "monetized-url-shortener", "new-domain", "newly-registered-domain", "obscure-domain", "octet-stream", "payload-delivery", "paypal-scam", "personal-information-collection", "phishing", "phishing-infrastructure", "pirated-software", "pricesmart", "privacy-violation", "prize-scam", "pua-distribution", "recently-registered-domain", "recruitment-driven-income", "red-bull", "redirect-chain", "redirect-scam", "redirection", "scam", "scam-activity", "scam-allegations", "search-engine-blocking", "siemens", "social-engineering", "spam-promotion", "spyware", "steam-credential-phishing", "steam-impersonation", "suspicious-domain", "suspicious-tld", "sweepstakes-scam", "task-based-scam", "task-scam", "tld-squatting", "traffic-redirection", "trojan", "typosquatting", "unauthorized-tracking", "unsecured-files", "unverified-downloads", "unvetted-content", "url-shortener", "urlert", "webcam-streaming", "xbox", "zero-day-domain", "zoho" ], "references": [ "https://urlert.com/domain/09auth.ink", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/allwatch.id", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/baixinshiti.com", "https://urlert.com/domain/besofex.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/casajoys.com", "https://urlert.com/domain/cdn-videy.me", "https://urlert.com/domain/cmrpuntos.app", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/dao-hu.com", "https://urlert.com/domain/dao-qp.cc", "https://urlert.com/domain/demoteam.ch", "https://urlert.com/domain/divinex.at", "https://urlert.com/domain/elamigosgamez.net", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/filecr.com", "https://urlert.com/domain/g2mstone.com", "https://urlert.com/domain/gaocast24.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Manufacturing", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "URL": 33, "hostname": 8 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "554 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "554 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "668 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663f40976d937bff68b23ad4", "name": "JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories", "description": "", "modified": "2024-05-11T09:55:35.337000", "created": "2024-05-11T09:55:35.337000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": "66385e2bbab2bfcb1b08c44d", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "750 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385e2bbab2bfcb1b08c44d", "name": "JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories", "description": "", "modified": "2024-05-06T04:35:55.084000", "created": "2024-05-06T04:35:55.084000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": "66329f2e6378bd16250f5a4e", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66323200bdf54d16883d71a7", "name": "Malicious Repositories Planted on Docker Hub", "description": "", "modified": "2024-05-01T12:13:52.060000", "created": "2024-05-01T12:13:52.060000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 33, "hostname": 1 }, "indicator_count": 36, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "760 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6632221e3a5bd5666713a554", "name": "Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams", "description": "JFrog delivers Trusted Software with Speed, Securing your Software Supply Chain end-to-end with the help of DevOps, DevSecOps and MLOps tools, as well as cloud solutions.", "modified": "2024-05-01T11:06:06.279000", "created": "2024-05-01T11:06:06.279000", "tags": [ "docker hub", "strong", "docker", "campaign", "malware", "devops", "supply chain", "jfrog", "website", "downloader", "find", "code", "speed", "fast", "xray", "redir", "example", "sector", "service", "april", "murphy", "august", "malicious", "write", "trojan", "delphi", "daily", "prior", "python", "demo", "served" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Served", "display_name": "Served", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1525", "name": "Implant Internal Image", "display_name": "T1525 - Implant Internal Image" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluenumberone", "id": "246058", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 38, "hostname": 1 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "760 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlert.com/domain/cdn-videy.me", "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/casajoys.com", "https://urlert.com/domain/baixinshiti.com", "https://urlert.com/domain/dao-hu.com", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/besofex.com", "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/", "https://urlert.com/domain/cmrpuntos.app", "https://urlert.com/domain/gaocast24.com", "https://urlert.com/domain/09auth.ink", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/divinex.at", "https://urlert.com/domain/dao-qp.cc", "https://urlert.com/domain/allwatch.id", "https://urlert.com/domain/g2mstone.com", "https://urlert.com/domain/filecr.com", "https://urlert.com/domain/elamigosgamez.net", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/demoteam.ch" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Served" ], "industries": [ "Financial services", "Retail / e-commerce", "Manufacturing", "Technology", "Media / entertainment", "Logistics / supply chain" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "66329f2e6378bd16250f5a4e", "name": "Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams", "description": "This report details an investigation by JFrog Security researchers on a coordinated attack on Docker Hub, where millions of malicious repositories were planted to spread malware and phishing scams. It analyzes three major malware campaigns, dubbed 'Downloader', 'eBook Phishing', and 'Website SEO', that exploited Docker Hub's repository documentation feature. The report provides insights into the attackers' tactics, techniques, and infrastructure, highlighting the challenges of moderating open platforms.", "modified": "2024-05-01T20:07:51.802000", "created": "2024-05-01T19:59:42.447000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 348, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 386604, "modified_text": "760 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e034c73048ac93a3a37d37", "name": "URLert Daily Threat Intel \u2014 2026-04-16", "description": "URLert Daily Threat Intel \u2014 2026-04-16\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 61 | Indicators: 102\nConfirmed: 26 | Likely: 34 | Domain intel: 1\nTop threats: Phishing (42), Malware Hosting (6), Dropper (6), Malvertising (5), Unknown (2)\nDomains: 09auth.ink, adescargar.net, allwatch.id, amazon-prime.my, baixinshiti.com, besofex.com, bunnyband.com, casajoys.com, cdn-videy.me, cmrpuntos.app, crashradar.info, dao-hu.com, dao-qp.cc, de...\n\n61 unique threats producing 102 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-15T23:52:26.002000", "created": "2026-04-16T01:00:55.191000", "tags": [ "account-login", "adult-content", "adware", "afcu-impersonation", "aggressive-advertising", "aggressive-marketing", "aggressive-redirects", "android-malware", "automated-scan", "automatic-download", "automatic-redirection", "botnet", "brand-impersonation", "browser-extension-hijacking", "click-to-view-scam", "clickbait", "cloudflare", "combosquatting", "credential-harvesting", "crypto-miner", "crypto-scam", "crypto-trading-scam", "cryptocurrency-exchange", "cryptominer", "daily-threat-intel", "data-harvesting", "dating-scam", "deceptive-ads", "deceptive-content", "deceptive-earning-promises", "deceptive-practices", "deceptive-redirects", "deceptive-registration", "deceptive-rewards", "deceptive-site", "deceptive-warning", "delivery-failure", "delivery-service-impersonation", "denmark", "deposit-scam", "docusign-impersonation", "domain-classification", "dpd", "dropper", "e-commerce-fraud", "elon-musk-impersonation", "empty-landing-page", "evasion-technique", "facebook", "fake-notification", "fake-profiles", "fake-reward", "fake-rewards", "fake-urgency", "fake-verification", "falabella", "file-download", "financial-scheme", "fiverr-impersonation", "forced-download", "fraud", "fraudulent-marketplace", "fraudulent-platform", "freelancer-targeting", "gambling-analytics", "gambling-platform", "game-cheats", "generic-signup", "high-risk", "high-risk-domain", "high-risk-tld", "homograph-attack", "information-harvesting", "intrusive-advertising", "investment-scam", "invitation-code", "ip-logger", "job-scam", "lead-generation", "malicious-affiliate", "malicious-redirect", "malicious-redirection", "malicious-redirects", "malvertising", "malware-bundling", "malware-delivery", "malware-distribution", "malware-download", "meta", "microsoft", "modded-android-apps", "monetized-url-shortener", "new-domain", "newly-registered-domain", "obscure-domain", "octet-stream", "payload-delivery", "paypal-scam", "personal-information-collection", "phishing", "phishing-infrastructure", "pirated-software", "pricesmart", "privacy-violation", "prize-scam", "pua-distribution", "recently-registered-domain", "recruitment-driven-income", "red-bull", "redirect-chain", "redirect-scam", "redirection", "scam", "scam-activity", "scam-allegations", "search-engine-blocking", "siemens", "social-engineering", "spam-promotion", "spyware", "steam-credential-phishing", "steam-impersonation", "suspicious-domain", "suspicious-tld", "sweepstakes-scam", "task-based-scam", "task-scam", "tld-squatting", "traffic-redirection", "trojan", "typosquatting", "unauthorized-tracking", "unsecured-files", "unverified-downloads", "unvetted-content", "url-shortener", "urlert", "webcam-streaming", "xbox", "zero-day-domain", "zoho" ], "references": [ "https://urlert.com/domain/09auth.ink", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/allwatch.id", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/baixinshiti.com", "https://urlert.com/domain/besofex.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/casajoys.com", "https://urlert.com/domain/cdn-videy.me", "https://urlert.com/domain/cmrpuntos.app", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/dao-hu.com", "https://urlert.com/domain/dao-qp.cc", "https://urlert.com/domain/demoteam.ch", "https://urlert.com/domain/divinex.at", "https://urlert.com/domain/elamigosgamez.net", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/filecr.com", "https://urlert.com/domain/g2mstone.com", "https://urlert.com/domain/gaocast24.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Manufacturing", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "URL": 33, "hostname": 8 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "554 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "554 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "562 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "668 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663f40976d937bff68b23ad4", "name": "JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories", "description": "", "modified": "2024-05-11T09:55:35.337000", "created": "2024-05-11T09:55:35.337000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": "66385e2bbab2bfcb1b08c44d", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "750 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66385e2bbab2bfcb1b08c44d", "name": "JFrog research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories", "description": "", "modified": "2024-05-06T04:35:55.084000", "created": "2024-05-06T04:35:55.084000", "tags": [ "repositories", "freehtmlvalidator.exe", "campaigns", "phishing", "docker hub" ], "references": [ "https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1107", "name": "File Deletion", "display_name": "T1107 - File Deletion" }, { "id": "T1092", "name": "Communication Through Removable Media", "display_name": "T1092 - Communication Through Removable Media" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": "66329f2e6378bd16250f5a4e", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "URL": 8, "domain": 37, "hostname": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "gohhs.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "gohhs.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780285044.540849 }