{ "type": "URL", "indicator": "https://ccz.jdssp.com/390", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ccz.jdssp.com/390", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4107673317, "indicator": "https://ccz.jdssp.com/390", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a19ab3077e26f1ba3c8cd51", "name": "Credit Q.Vashti \"Unknown - Established hacker group. Affects banking\" clone", "description": "", "modified": "2026-05-31T05:26:42.780000", "created": "2026-05-29T15:05:20.198000", "tags": [ "united", "search", "entries", "unknown ns", "ip address", "creation date", "record value", "date", "showing", "moved", "body", "encrypt", "lowfi", "trojanspy", "checkin", "passive dns", "trojan", "next associated", "cryp", "win32", "phishing", "virtool", "hstr", "backdoor", "ipv4", "pulse pulses", "associated urls", "show", "date checked", "url hostname", "server response", "google safe", "results feb", "header http2", "accept encoding", "gmt related", "domains show", "domain related", "response ip", "address google", "safe browsing", "entries http", "scans show", "title", "link", "present mar", "meta", "starfield", "dynamicloader", "qaeaav12", "medium", "high", "malware", "windows wget", "qbeipbdii", "write", "suspicious", "copy", "yara rule", "gravityrat", "detectvm", "x00 x00", "x00x00", "doviacmd", "rootjob", "getfiles", "updateserver", "ethernetid", "unknown", "yara detections", "filehash", "sha256 add", "av detections", "ids detections", "alerts", "analysis date", "file score", "oinetsim", "oudevelopment", "write c", "demo", "mtb sep", "trojandropper", "cookie", "path max", "age86400 set", "win32qqpass sep", "results aug", "script urls", "script domains", "a domains", "cache control", "cache status", "fury", "zenedge", "present jun", "present dec", "present jan", "present nov", "for privacy", "present may", "name servers", "no expiration", "filehashmd5", "filehashsha256", "filehashsha1", "iocs", "extract", "enter source", "url or", "text drag", "drop or", "domain", "expiration", "url http", "hostname", "email abuse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": "688f1ce317fc8b3f9d5d5f33", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 459, "FileHash-MD5": 553, "FileHash-SHA256": 1042, "URL": 1429, "hostname": 478, "domain": 521, "email": 3, "SSLCertFingerprint": 1, "JA3": 1 }, "indicator_count": 4487, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688f1ce317fc8b3f9d5d5f33", "name": "Unknown - Established hacker group. Affects banking, financial and much more.", "description": "Crowdsourced. Identifies as a Dark Web gang stalking entity. Research suggests that this is a very organized, possibly quasi governmental entity with shadowy state figures that social engineer targets. Even though they have been considered scammers and they are grifters, they are very established, dangerous and a very large force with claims of military alignments which has not yet been fully confirmed.\n\nThis group is anything you want them to be, attorney, accountant, technician, nurse, uber driver.", "modified": "2025-09-02T08:02:34.108000", "created": "2025-08-03T08:25:07.135000", "tags": [ "united", "search", "entries", "unknown ns", "ip address", "creation date", "record value", "date", "showing", "moved", "body", "encrypt", "lowfi", "trojanspy", "checkin", "passive dns", "trojan", "next associated", "cryp", "win32", "phishing", "virtool", "hstr", "backdoor", "ipv4", "pulse pulses", "associated urls", "show", "date checked", "url hostname", "server response", "google safe", "results feb", "header http2", "accept encoding", "gmt related", "domains show", "domain related", "response ip", "address google", "safe browsing", "entries http", "scans show", "title", "link", "present mar", "meta", "starfield", "dynamicloader", "qaeaav12", "medium", "high", "malware", "windows wget", "qbeipbdii", "write", "suspicious", "copy", "yara rule", "gravityrat", "detectvm", "x00 x00", "x00x00", "doviacmd", "rootjob", "getfiles", "updateserver", "ethernetid", "unknown", "yara detections", "filehash", "sha256 add", "av detections", "ids detections", "alerts", "analysis date", "file score", "oinetsim", "oudevelopment", "write c", "demo", "mtb sep", "trojandropper", "cookie", "path max", "age86400 set", "win32qqpass sep", "results aug", "script urls", "script domains", "a domains", "cache control", "cache status", "fury", "zenedge", "present jun", "present dec", "present jan", "present nov", "for privacy", "present may", "name servers", "no expiration", "filehashmd5", "filehashsha256", "filehashsha1", "iocs", "extract", "enter source", "url or", "text drag", "drop or", "domain", "expiration", "url http", "hostname", "email abuse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 459, "FileHash-MD5": 553, "FileHash-SHA256": 1042, "URL": 1426, "hostname": 476, "domain": 521, "email": 3, "SSLCertFingerprint": 1 }, "indicator_count": 4481, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "271 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68899ae621ead93f10b78da8", "name": "Hacking activities continue to affect multi block communities", "description": "Multi block complex (USA) continues to be affected by hacking and espionage activities. Every time I attempt to pulse a community, pulse is reset and malicious IoC\u2019s disappear. So here\u2019s another heap. #virtool #pws #crypter #ransom #tofsee #remote_activities #adversaries #berbew #hacking #denver_communities #infostealers", "modified": "2025-08-29T03:04:16.203000", "created": "2025-07-30T04:09:10.026000", "tags": [ "url https", "location united", "asn as16509", "et smtp", "message", "high", "et info", "domain", "yara detections", "contacted", "show", "icmp traffic", "irc server", "copy", "malware", "destination", "port", "united", "unknown", "united kingdom", "search", "entries", "write", "next", "google", "cloudflar", "amazon02", "akamaias", "microsoft", "ip address", "as autonomous", "system", "cdn77 dat", "googlecl", "cisco", "umbrella rank", "cisco umbrella", "rank", "date checked", "url hostname", "server response", "google safe", "results may", "present apr", "present may", "files show", "trojan", "error aug", "spain", "win32", "passive dns", "next associated", "meta name", "frame src", "ok set", "cookie", "gmt date", "encrypt", "gmt content", "type", "medium", "checks system", "total", "read", "upatre", "dynamicloader", "dynamic", "pcap", "reads", "pe section", "pe file", "mtb jul", "backdoor", "win32upatre jul", "mtb jun", "ipv4 add", "pulse pulses", "fakeav", "downloader", "trojandropper", "win32upatre jun", "urls", "script urls", "showing", "script domains", "meta", "certificate", "next http", "scans show", "hostname add", "pulse submit", "url analysis", "files", "files ip", "address", "hostname", "verdict", "date hash", "avast avg", "vps reverse", "america flag", "overview ip", "whois registrar", "url add", "http", "related nids", "files location", "flag united", "script general", "full url", "present jul", "aaaa", "present jun", "moved", "content length", "content type", "x powered", "date", "mtb may", "mtb sep", "b jan", "mtb jan", "mtb dec", "asn as13335", "creation date", "unknown aaaa", "results jul", "present feb", "present oct", "win32spigot jul", "alfper", "found", "error", "domain add", "enom", "urls show", "address domain", "ip related", "pulses none", "record value", "emails", "name david", "lex name", "city", "country ng", "asn as15169", "pulses", "tags", "all ipv4", "reverse dns", "ashburn", "unknown ns", "llc dba", "name servers", "present jan", "present dec", "service", "ransom", "new pulse", "existing pulse", "files domain", "files related", "body html", "lowfi", "worm", "virtool", "ch ua", "sec ch", "rsa tls", "issuing ca", "mtb apr", "yara rule", "hardwareid", "checks", "vmprotectsdk", "vmprotectstub", "avgetblockcc", "delphi", "vmprotect" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3262, "hostname": 3139, "FileHash-SHA256": 2614, "URL": 3078, "FileHash-MD5": 515, "FileHash-SHA1": 517, "email": 6, "CVE": 1 }, "indicator_count": 13132, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "275 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 18344 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/jdssp.com", "whois": "http://whois.domaintools.com/jdssp.com", "domain": "jdssp.com", "hostname": "ccz.jdssp.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a19ab3077e26f1ba3c8cd51", "name": "Credit Q.Vashti \"Unknown - Established hacker group. Affects banking\" clone", "description": "", "modified": "2026-05-31T05:26:42.780000", "created": "2026-05-29T15:05:20.198000", "tags": [ "united", "search", "entries", "unknown ns", "ip address", "creation date", "record value", "date", "showing", "moved", "body", "encrypt", "lowfi", "trojanspy", "checkin", "passive dns", "trojan", "next associated", "cryp", "win32", "phishing", "virtool", "hstr", "backdoor", "ipv4", "pulse pulses", "associated urls", "show", "date checked", "url hostname", "server response", "google safe", "results feb", "header http2", "accept encoding", "gmt related", "domains show", "domain related", "response ip", "address google", "safe browsing", "entries http", "scans show", "title", "link", "present mar", "meta", "starfield", "dynamicloader", "qaeaav12", "medium", "high", "malware", "windows wget", "qbeipbdii", "write", "suspicious", "copy", "yara rule", "gravityrat", "detectvm", "x00 x00", "x00x00", "doviacmd", "rootjob", "getfiles", "updateserver", "ethernetid", "unknown", "yara detections", "filehash", "sha256 add", "av detections", "ids detections", "alerts", "analysis date", "file score", "oinetsim", "oudevelopment", "write c", "demo", "mtb sep", "trojandropper", "cookie", "path max", "age86400 set", "win32qqpass sep", "results aug", "script urls", "script domains", "a domains", "cache control", "cache status", "fury", "zenedge", "present jun", "present dec", "present jan", "present nov", "for privacy", "present may", "name servers", "no expiration", "filehashmd5", "filehashsha256", "filehashsha1", "iocs", "extract", "enter source", "url or", "text drag", "drop or", "domain", "expiration", "url http", "hostname", "email abuse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": "688f1ce317fc8b3f9d5d5f33", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 459, "FileHash-MD5": 553, "FileHash-SHA256": 1042, "URL": 1429, "hostname": 478, "domain": 521, "email": 3, "SSLCertFingerprint": 1, "JA3": 1 }, "indicator_count": 4487, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "688f1ce317fc8b3f9d5d5f33", "name": "Unknown - Established hacker group. Affects banking, financial and much more.", "description": "Crowdsourced. Identifies as a Dark Web gang stalking entity. Research suggests that this is a very organized, possibly quasi governmental entity with shadowy state figures that social engineer targets. Even though they have been considered scammers and they are grifters, they are very established, dangerous and a very large force with claims of military alignments which has not yet been fully confirmed.\n\nThis group is anything you want them to be, attorney, accountant, technician, nurse, uber driver.", "modified": "2025-09-02T08:02:34.108000", "created": "2025-08-03T08:25:07.135000", "tags": [ "united", "search", "entries", "unknown ns", "ip address", "creation date", "record value", "date", "showing", "moved", "body", "encrypt", "lowfi", "trojanspy", "checkin", "passive dns", "trojan", "next associated", "cryp", "win32", "phishing", "virtool", "hstr", "backdoor", "ipv4", "pulse pulses", "associated urls", "show", "date checked", "url hostname", "server response", "google safe", "results feb", "header http2", "accept encoding", "gmt related", "domains show", "domain related", "response ip", "address google", "safe browsing", "entries http", "scans show", "title", "link", "present mar", "meta", "starfield", "dynamicloader", "qaeaav12", "medium", "high", "malware", "windows wget", "qbeipbdii", "write", "suspicious", "copy", "yara rule", "gravityrat", "detectvm", "x00 x00", "x00x00", "doviacmd", "rootjob", "getfiles", "updateserver", "ethernetid", "unknown", "yara detections", "filehash", "sha256 add", "av detections", "ids detections", "alerts", "analysis date", "file score", "oinetsim", "oudevelopment", "write c", "demo", "mtb sep", "trojandropper", "cookie", "path max", "age86400 set", "win32qqpass sep", "results aug", "script urls", "script domains", "a domains", "cache control", "cache status", "fury", "zenedge", "present jun", "present dec", "present jan", "present nov", "for privacy", "present may", "name servers", "no expiration", "filehashmd5", "filehashsha256", "filehashsha1", "iocs", "extract", "enter source", "url or", "text drag", "drop or", "domain", "expiration", "url http", "hostname", "email abuse" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 459, "FileHash-MD5": 553, "FileHash-SHA256": 1042, "URL": 1426, "hostname": 476, "domain": 521, "email": 3, "SSLCertFingerprint": 1 }, "indicator_count": 4481, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "271 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68899ae621ead93f10b78da8", "name": "Hacking activities continue to affect multi block communities", "description": "Multi block complex (USA) continues to be affected by hacking and espionage activities. Every time I attempt to pulse a community, pulse is reset and malicious IoC\u2019s disappear. So here\u2019s another heap. #virtool #pws #crypter #ransom #tofsee #remote_activities #adversaries #berbew #hacking #denver_communities #infostealers", "modified": "2025-08-29T03:04:16.203000", "created": "2025-07-30T04:09:10.026000", "tags": [ "url https", "location united", "asn as16509", "et smtp", "message", "high", "et info", "domain", "yara detections", "contacted", "show", "icmp traffic", "irc server", "copy", "malware", "destination", "port", "united", "unknown", "united kingdom", "search", "entries", "write", "next", "google", "cloudflar", "amazon02", "akamaias", "microsoft", "ip address", "as autonomous", "system", "cdn77 dat", "googlecl", "cisco", "umbrella rank", "cisco umbrella", "rank", "date checked", "url hostname", "server response", "google safe", "results may", "present apr", "present may", "files show", "trojan", "error aug", "spain", "win32", "passive dns", "next associated", "meta name", "frame src", "ok set", "cookie", "gmt date", "encrypt", "gmt content", "type", "medium", "checks system", "total", "read", "upatre", "dynamicloader", "dynamic", "pcap", "reads", "pe section", "pe file", "mtb jul", "backdoor", "win32upatre jul", "mtb jun", "ipv4 add", "pulse pulses", "fakeav", "downloader", "trojandropper", "win32upatre jun", "urls", "script urls", "showing", "script domains", "meta", "certificate", "next http", "scans show", "hostname add", "pulse submit", "url analysis", "files", "files ip", "address", "hostname", "verdict", "date hash", "avast avg", "vps reverse", "america flag", "overview ip", "whois registrar", "url add", "http", "related nids", "files location", "flag united", "script general", "full url", "present jul", "aaaa", "present jun", "moved", "content length", "content type", "x powered", "date", "mtb may", "mtb sep", "b jan", "mtb jan", "mtb dec", "asn as13335", "creation date", "unknown aaaa", "results jul", "present feb", "present oct", "win32spigot jul", "alfper", "found", "error", "domain add", "enom", "urls show", "address domain", "ip related", "pulses none", "record value", "emails", "name david", "lex name", "city", "country ng", "asn as15169", "pulses", "tags", "all ipv4", "reverse dns", "ashburn", "unknown ns", "llc dba", "name servers", "present jan", "present dec", "service", "ransom", "new pulse", "existing pulse", "files domain", "files related", "body html", "lowfi", "worm", "virtool", "ch ua", "sec ch", "rsa tls", "issuing ca", "mtb apr", "yara rule", "hardwareid", "checks", "vmprotectsdk", "vmprotectstub", "avgetblockcc", "delphi", "vmprotect" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3262, "hostname": 3139, "FileHash-SHA256": 2614, "URL": 3078, "FileHash-MD5": 515, "FileHash-SHA1": 517, "email": 6, "CVE": 1 }, "indicator_count": 13132, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "275 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ccz.jdssp.com/390", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ccz.jdssp.com/390", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780255246.7614264 }