{ "type": "URL", "indicator": "https://cdn.cj2550.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cdn.cj2550.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4069245631, "indicator": "https://cdn.cj2550.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "684b932fcbcc577471a28c8a", "name": "Imaging Center Malware, Virus other manipulations", "description": "IMO Serious! Virus, Trojans, potential cams? PHI , PII access. Super concerning potential manipulation , imaging, reports., records, billing\nis manipulated.\nMore research necessary.\nTrue potential for manipulation \nof x-ray , ct scan dosing.\nExcessive Adult content:\ncdn1-thumbs.pornhost.com | \ncdn28.eporncam.com | \t\ncdn35.thotporn.tv | \ncdnst7.pornburst.xxx | \nmcdns.vrporn.com |\nURL\nhttps://c845a1577e.mjedge.net/contents/videos_screenshots/3979000/3979719/preview.jpg&tbnid=rLNgRtn9SIlcgM&vet=10CAwQ1JoKKARqFwoTCIjlsv7v0Y0DFQAAAAAdAAAAABAH..i&imgrefurl=https:/it.vikiporn.com/videos/3979719/horror-porn-the-dark-side-of-the-woods/&docid=tVU1jbsRquWQLM&w=1920&h=1080&itg=1&q=horror porn&ved=0CAwQ1JoKKARqFwoTCIjlsv7v0Y0DFQAAAAAdAAAAABAH |\nhttps://cdn1-thumbs.pornhost.com/0/2/0235809321/001_150_112.jpg | \n\u2022 Den:Variant.Application.Bundler.Ludus.1\n\u2022 PUABundler:Win32/YandexBundled\n\u2022 Adware.Win32.DownWare.cl\n\u2022 pua:Win32/Catalina\n\u2022W32.AIDetectMalware\n* Why is my OTX account blocked from features", "modified": "2025-07-13T02:05:19.612000", "created": "2025-06-13T02:55:42.562000", "tags": [ "united", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn60068", "cdn77 datacamp", "limited", "browsing", "reverse dns", "protocol h2", "security tls", "general full", "url https", "resource", "hash", "software", "dalles", "june", "de indicators", "domains", "hashes", "verified", "ecdsa", "linux x8664", "khtml", "gecko", "aes256gcm", "veryhigh", "patch", "accept", "encrypt", "cookie", "sticky", "aaaa", "cname", "ttl value", "algorithm", "key identifier", "v3 serial", "number", "cus olet", "encrypt cne5", "validity", "subject public", "key info", "key algorithm", "record type", "thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 836, "hostname": 1001, "domain": 193, "URL": 3007, "FileHash-MD5": 83, "FileHash-SHA1": 42, "CIDR": 5 }, "indicator_count": 5167, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682bef60c4841f09773d1c7f", "name": "Expanded: Close proximity RMS module attack. Critical infrastructure affected. Medical, Business, Legal., Religious institutions", "description": "Close proximity hacking tool used following stalking event. Connecting to device attacks other devices and critical systems.\nPegasusLoader expanded. \nCritical Issues \niOS is now an unidentifiable device.\nDuckDuckGo Search engine\nhas emoji arrows \nIOS default Google search engine has overlay and continuous flooding of bad traffic. Severe DNS issue. Botnet involvement, height priority messages intercepted. \nExcessive abuse of Mitre T1480 Execution Gaurdrails .Geopfencing. Targets attacked by illegal PegasusLoader.exe cannot use iOS devices as designed paid the same price as everyone. \n\nI can\u2019t explain how iCloud only backs up to unknown devices. Users have zero control of any technology devices or content.\nThreat actors have remotely rebuilt device infrastructure / architecture.\n-Team 8", "modified": "2025-06-19T02:03:50.197000", "created": "2025-05-20T02:56:31.741000", "tags": [ "win32 exe", "file type", "name file", "text state", "text", "text geoip6", "csv geoip", "get https", "dns resolutions", "number", "cnwe1 ogoogle", "trust", "cus subject", "response" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 176, "FileHash-SHA256": 3815, "URL": 2239, "domain": 850, "hostname": 906 }, "indicator_count": 8057, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682a2c48e7d1c9ad710c4d56", "name": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D", "description": "https://ti.qianxin.com/v2/search?type=url&value=http%3A%2F%2Focsp.digicert.com%2FMFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%252Fh0Ztl%252Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%252F6%252BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%253D", "modified": "2025-06-17T18:00:33.396000", "created": "2025-05-18T18:51:52.676000", "tags": [ "typ pliku", "plik", "sqlite", "json", "ascii", "windows", "foxpro fpt", "cza typ", "152 x", "utf8", "bezpieczestwo", "singapur", "joseusa", "kalifornia", "los angeles", "fuzhou", "chinypekin", "adres ip", "lokalizacja ip", "czas", "bv dht", "zapisy", "cname", "mx a", "aaaaa", "nazwa rekordu", "mx ns", "soa srv", "inny pierwszy", "analiza wynikw", "akamaias dht", "akamaias cdn", "krajowe centrum", "dht idc", "danych", "bruteforcer", "jork", "comcast7922", "menem", "phishing", "amerykautahlehi", "center", "lake city", "zaangauj", "digicert", "wysoki poziom", "inc digicert", "duplo", "sha2 bezpieczny", "globalny ca" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 2, "FileHash-SHA256": 573, "domain": 344, "hostname": 1230, "URL": 4845, "SSLCertFingerprint": 21 }, "indicator_count": 7018, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "306 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 20675 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cj2550.com", "whois": "http://whois.domaintools.com/cj2550.com", "domain": "cj2550.com", "hostname": "cdn.cj2550.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "684b932fcbcc577471a28c8a", "name": "Imaging Center Malware, Virus other manipulations", "description": "IMO Serious! Virus, Trojans, potential cams? PHI , PII access. Super concerning potential manipulation , imaging, reports., records, billing\nis manipulated.\nMore research necessary.\nTrue potential for manipulation \nof x-ray , ct scan dosing.\nExcessive Adult content:\ncdn1-thumbs.pornhost.com | \ncdn28.eporncam.com | \t\ncdn35.thotporn.tv | \ncdnst7.pornburst.xxx | \nmcdns.vrporn.com |\nURL\nhttps://c845a1577e.mjedge.net/contents/videos_screenshots/3979000/3979719/preview.jpg&tbnid=rLNgRtn9SIlcgM&vet=10CAwQ1JoKKARqFwoTCIjlsv7v0Y0DFQAAAAAdAAAAABAH..i&imgrefurl=https:/it.vikiporn.com/videos/3979719/horror-porn-the-dark-side-of-the-woods/&docid=tVU1jbsRquWQLM&w=1920&h=1080&itg=1&q=horror porn&ved=0CAwQ1JoKKARqFwoTCIjlsv7v0Y0DFQAAAAAdAAAAABAH |\nhttps://cdn1-thumbs.pornhost.com/0/2/0235809321/001_150_112.jpg | \n\u2022 Den:Variant.Application.Bundler.Ludus.1\n\u2022 PUABundler:Win32/YandexBundled\n\u2022 Adware.Win32.DownWare.cl\n\u2022 pua:Win32/Catalina\n\u2022W32.AIDetectMalware\n* Why is my OTX account blocked from features", "modified": "2025-07-13T02:05:19.612000", "created": "2025-06-13T02:55:42.562000", "tags": [ "united", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn60068", "cdn77 datacamp", "limited", "browsing", "reverse dns", "protocol h2", "security tls", "general full", "url https", "resource", "hash", "software", "dalles", "june", "de indicators", "domains", "hashes", "verified", "ecdsa", "linux x8664", "khtml", "gecko", "aes256gcm", "veryhigh", "patch", "accept", "encrypt", "cookie", "sticky", "aaaa", "cname", "ttl value", "algorithm", "key identifier", "v3 serial", "number", "cus olet", "encrypt cne5", "validity", "subject public", "key info", "key algorithm", "record type", "thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 836, "hostname": 1001, "domain": 193, "URL": 3007, "FileHash-MD5": 83, "FileHash-SHA1": 42, "CIDR": 5 }, "indicator_count": 5167, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682bef60c4841f09773d1c7f", "name": "Expanded: Close proximity RMS module attack. Critical infrastructure affected. Medical, Business, Legal., Religious institutions", "description": "Close proximity hacking tool used following stalking event. Connecting to device attacks other devices and critical systems.\nPegasusLoader expanded. \nCritical Issues \niOS is now an unidentifiable device.\nDuckDuckGo Search engine\nhas emoji arrows \nIOS default Google search engine has overlay and continuous flooding of bad traffic. Severe DNS issue. Botnet involvement, height priority messages intercepted. \nExcessive abuse of Mitre T1480 Execution Gaurdrails .Geopfencing. Targets attacked by illegal PegasusLoader.exe cannot use iOS devices as designed paid the same price as everyone. \n\nI can\u2019t explain how iCloud only backs up to unknown devices. Users have zero control of any technology devices or content.\nThreat actors have remotely rebuilt device infrastructure / architecture.\n-Team 8", "modified": "2025-06-19T02:03:50.197000", "created": "2025-05-20T02:56:31.741000", "tags": [ "win32 exe", "file type", "name file", "text state", "text", "text geoip6", "csv geoip", "get https", "dns resolutions", "number", "cnwe1 ogoogle", "trust", "cus subject", "response" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 176, "FileHash-SHA256": 3815, "URL": 2239, "domain": 850, "hostname": 906 }, "indicator_count": 8057, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "305 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "682a2c48e7d1c9ad710c4d56", "name": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D", "description": "https://ti.qianxin.com/v2/search?type=url&value=http%3A%2F%2Focsp.digicert.com%2FMFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%252Fh0Ztl%252Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%252F6%252BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%253D", "modified": "2025-06-17T18:00:33.396000", "created": "2025-05-18T18:51:52.676000", "tags": [ "typ pliku", "plik", "sqlite", "json", "ascii", "windows", "foxpro fpt", "cza typ", "152 x", "utf8", "bezpieczestwo", "singapur", "joseusa", "kalifornia", "los angeles", "fuzhou", "chinypekin", "adres ip", "lokalizacja ip", "czas", "bv dht", "zapisy", "cname", "mx a", "aaaaa", "nazwa rekordu", "mx ns", "soa srv", "inny pierwszy", "analiza wynikw", "akamaias dht", "akamaias cdn", "krajowe centrum", "dht idc", "danych", "bruteforcer", "jork", "comcast7922", "menem", "phishing", "amerykautahlehi", "center", "lake city", "zaangauj", "digicert", "wysoki poziom", "inc digicert", "duplo", "sha2 bezpieczny", "globalny ca" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 2, "FileHash-SHA256": 573, "domain": 344, "hostname": 1230, "URL": 4845, "SSLCertFingerprint": 21 }, "indicator_count": 7018, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "306 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cdn.cj2550.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cdn.cj2550.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776696399.876822 }