{ "type": "URL", "indicator": "https://2917.ns2.abovedomains.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://2917.ns2.abovedomains.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3739412722, "indicator": "https://2917.ns2.abovedomains.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "65b4624c5bb71879020ceb1c", "name": "Spyware | Ransomware | Direct Search Network | Trellian", "description": "Large, hard to believe fraudulent threat network. Fraud services from private investigators to attorneys. Social engineering by phone, email, sponsored advertising, malvertizing, remote attacks. tracking, in person, emails, surveys, text, ongoing espionage campaigns, info stealing, cyber attacks, arrange in person meetings , identified as 'gang stalking' by detective, service staging. Very real. Bad actors take advantage of targets devices installing overlays on windows,android. iOS. Targets can only see what adversary wants seen.\n\nLarge threat network in Colorado and abroad.\nScreenshot: https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://1redirc.com/r2.php\nCouldn't submit 1st pulse. contacted, spyware, phishing,trojan, registrar abuse", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T01:54:20.513000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b474c9c9bed0cdd00a9480", "name": "Spyware | Ransomware | Threat & Direct Search Network | Trellian", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T03:13:13.978000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65b4624c5bb71879020ceb1c", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b86568e1eaace7d9f062b4", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:40.484000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b865697c59050da541247f", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:41.045000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65a20ff8db3854e863dca324", "name": "Shared Modules | Hijacker | Masquerading", "description": "", "modified": "2024-02-12T04:01:56.040000", "created": "2024-01-13T04:22:16.961000", "tags": [ "filehashmd5", "no expiration", "iocs", "next", "scan endpoints", "all octoseek", "create new", "pulse use", "pdf report", "pcap", "filehashsha1", "filehashsha256", "ipv4", "hostname", "expiration", "domain", "url https", "url http", "source", "stix", "email", "email abuse", "goreasonlimited", "cc no", "tompc", "sum35", "domain xn", "searchbox0", "domainname0", "view", "apple", "apple id", "hijacking", "masquerading", "exploit", "cams", "monitoring", "loki bot", "dns", "open ports", "malvertizing", "malware hosting", "apple script", "js user", "dga", "dga domains", "malware", "multiple_versions", "wagersta", "decode", "system information discovery", "decrypt", "evasion", "defense evasion", "emotet", "android", "ios", "wannacry", "trojan", "worm", "cyber threat", "benjamin", "whois record", "ssl certificate", "contacted", "historical ssl", "referrer", "contacted urls", "execution", "whois whois", "whois sslcert", "and china", "drop", "uchealth", "university of cincinnati health" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2701, "FileHash-SHA1": 2296, "FileHash-SHA256": 3362, "URL": 6191, "domain": 2033, "hostname": 3097, "email": 37, "CVE": 2 }, "indicator_count": 19719, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "797 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fe5e685939cb8ce7486", "name": "Direct Search Network", "description": "", "modified": "2023-12-06T16:23:01.912000", "created": "2023-12-06T16:23:01.912000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1105, "domain": 665, "FileHash-SHA256": 1203, "URL": 2334, "FileHash-MD5": 384, "FileHash-SHA1": 62, "email": 2 }, "indicator_count": 5755, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dac57e96082bfaec2f2334", "name": "Direct Search Network", "description": "Direct Search Network - Direct Navigation Traffic\nBat Downloader, Riskware, Malware, Ransomware, AdWare spam, Bots\nMalicious Host\n\nTags:\ncve-2007-0774\ncve-2011-5007\ncve-2009-1122\nbobsoft\ncontains-embedded-js\ncontains-elf\nnsis\ncve-1999-0016\narmadillo\nattachment\ncve-2020-11899\ncve-2016-2211\ncontains-pe\ncve-2010-3281", "modified": "2023-09-14T15:04:53.181000", "created": "2023-08-15T00:23:26.018000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2552, "FileHash-SHA256": 2345, "domain": 1477, "email": 31, "URL": 5053, "FileHash-MD5": 544, "FileHash-SHA1": 79 }, "indicator_count": 12081, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 32546 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/abovedomains.com", "whois": "http://whois.domaintools.com/abovedomains.com", "domain": "abovedomains.com", "hostname": "2917.ns2.abovedomains.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "65b4624c5bb71879020ceb1c", "name": "Spyware | Ransomware | Direct Search Network | Trellian", "description": "Large, hard to believe fraudulent threat network. Fraud services from private investigators to attorneys. Social engineering by phone, email, sponsored advertising, malvertizing, remote attacks. tracking, in person, emails, surveys, text, ongoing espionage campaigns, info stealing, cyber attacks, arrange in person meetings , identified as 'gang stalking' by detective, service staging. Very real. Bad actors take advantage of targets devices installing overlays on windows,android. iOS. Targets can only see what adversary wants seen.\n\nLarge threat network in Colorado and abroad.\nScreenshot: https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://1redirc.com/r2.php\nCouldn't submit 1st pulse. contacted, spyware, phishing,trojan, registrar abuse", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T01:54:20.513000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b474c9c9bed0cdd00a9480", "name": "Spyware | Ransomware | Threat & Direct Search Network | Trellian", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T03:13:13.978000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65b4624c5bb71879020ceb1c", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b86568e1eaace7d9f062b4", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:40.484000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b865697c59050da541247f", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:41.045000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65a20ff8db3854e863dca324", "name": "Shared Modules | Hijacker | Masquerading", "description": "", "modified": "2024-02-12T04:01:56.040000", "created": "2024-01-13T04:22:16.961000", "tags": [ "filehashmd5", "no expiration", "iocs", "next", "scan endpoints", "all octoseek", "create new", "pulse use", "pdf report", "pcap", "filehashsha1", "filehashsha256", "ipv4", "hostname", "expiration", "domain", "url https", "url http", "source", "stix", "email", "email abuse", "goreasonlimited", "cc no", "tompc", "sum35", "domain xn", "searchbox0", "domainname0", "view", "apple", "apple id", "hijacking", "masquerading", "exploit", "cams", "monitoring", "loki bot", "dns", "open ports", "malvertizing", "malware hosting", "apple script", "js user", "dga", "dga domains", "malware", "multiple_versions", "wagersta", "decode", "system information discovery", "decrypt", "evasion", "defense evasion", "emotet", "android", "ios", "wannacry", "trojan", "worm", "cyber threat", "benjamin", "whois record", "ssl certificate", "contacted", "historical ssl", "referrer", "contacted urls", "execution", "whois whois", "whois sslcert", "and china", "drop", "uchealth", "university of cincinnati health" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1546.015", "name": "Component Object Model Hijacking", "display_name": "T1546.015 - Component Object Model Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2701, "FileHash-SHA1": 2296, "FileHash-SHA256": 3362, "URL": 6191, "domain": 2033, "hostname": 3097, "email": 37, "CVE": 2 }, "indicator_count": 19719, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "797 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fe5e685939cb8ce7486", "name": "Direct Search Network", "description": "", "modified": "2023-12-06T16:23:01.912000", "created": "2023-12-06T16:23:01.912000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1105, "domain": 665, "FileHash-SHA256": 1203, "URL": 2334, "FileHash-MD5": 384, "FileHash-SHA1": 62, "email": 2 }, "indicator_count": 5755, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dac57e96082bfaec2f2334", "name": "Direct Search Network", "description": "Direct Search Network - Direct Navigation Traffic\nBat Downloader, Riskware, Malware, Ransomware, AdWare spam, Bots\nMalicious Host\n\nTags:\ncve-2007-0774\ncve-2011-5007\ncve-2009-1122\nbobsoft\ncontains-embedded-js\ncontains-elf\nnsis\ncve-1999-0016\narmadillo\nattachment\ncve-2020-11899\ncve-2016-2211\ncontains-pe\ncve-2010-3281", "modified": "2023-09-14T15:04:53.181000", "created": "2023-08-15T00:23:26.018000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2552, "FileHash-SHA256": 2345, "domain": 1477, "email": 31, "URL": 5053, "FileHash-MD5": 544, "FileHash-SHA1": 79 }, "indicator_count": 12081, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://2917.ns2.abovedomains.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://2917.ns2.abovedomains.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776651224.2251592 }