{ "type": "URL", "indicator": "https://email.selectcarleasing.co.uk", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://email.selectcarleasing.co.uk", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3893185648, "indicator": "https://email.selectcarleasing.co.uk", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6681f6f2cd37f508d362c2db", "name": "PegaSystems | Apple iOS iPad | Malicious | Tracking", "description": "", "modified": "2024-07-01T00:23:14.084000", "created": "2024-07-01T00:23:14.084000", "tags": [ "united", "passive dns", "as14449", "moved", "urls", "authority", "body", "object", "certificate", "scan endpoints", "unknown", "date", "as11377", "as16552 tiggee", "as174 cogent", "ireland unknown", "cname", "as11404 wave", "all scoreblue", "pulse pulses", "entries", "ipv4", "pulse submit", "url analysis", "dynamicloader", "port", "destination", "high", "medium", "windows", "cmd c", "default", "document file", "v2 document", "write", "copy", "name verdict", "falcon sandbox", "sha1", "sha256", "misc attack", "mitre att", "et tor", "known tor", "relayrouter", "exit", "node traffic", "ascii text", "hybrid", "starfield", "click", "strings", "core", "contact", "as396982 google", "historical ssl", "referrer", "co20230203", "malware", "discord", "credential", "lunar client", "trendmicro av", "neural netw", "upscayl", "steam game", "server", "domain status", "registrar abuse", "google", "community", "record type", "ttl value", "data", "v3 serial", "number" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": "664fceb9e0acfc0baee851c2", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 75, "URL": 3584, "domain": 836, "hostname": 1749, "FileHash-SHA256": 726, "FileHash-MD5": 88, "SSLCertFingerprint": 9, "email": 1 }, "indicator_count": 7068, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "657 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "664fceb9e0acfc0baee851c2", "name": "PegaSystems | Apple iOS iPad | Malicious | Tracking", "description": "Tags, findings of this report is auto generated by Level Blue OTX.AlienVault.\nPer my research: \nMalicious Score: 10/10\nAlerts: Alerts\nransomware_file_modifications, script_created_process, stealth_network, infostealer_cookies, suspicious_command_tools,\ndynamic_function_loading, reads_self,\nstealth_window, cmdline_http_link, uses_windows_utilities, antidebug_setunhandledexceptionfilter, cmdline_terminate, stealth_timeout,\n\nAffected Device: Apples iOS Ipad, Update 17.5.1\npegasystems.voicestorm.com -Cisco Umbrella {permanently moved as of 5.23.2024} found in Apple link - http://apps.apple.com/app/, nsis, downloaders,injection, data local, remotewd devices, tracking,", "modified": "2024-06-22T23:05:37.577000", "created": "2024-05-23T23:18:17.563000", "tags": [ "united", "passive dns", "as14449", "moved", "urls", "authority", "body", "object", "certificate", "scan endpoints", "unknown", "date", "as11377", "as16552 tiggee", "as174 cogent", "ireland unknown", "cname", "as11404 wave", "all scoreblue", "pulse pulses", "entries", "ipv4", "pulse submit", "url analysis", "dynamicloader", "port", "destination", "high", "medium", "windows", "cmd c", "default", "document file", "v2 document", "write", "copy", "name verdict", "falcon sandbox", "sha1", "sha256", "misc attack", "mitre att", "et tor", "known tor", "relayrouter", "exit", "node traffic", "ascii text", "hybrid", "starfield", "click", "strings", "core", "contact", "as396982 google", "historical ssl", "referrer", "co20230203", "malware", "discord", "credential", "lunar client", "trendmicro av", "neural netw", "upscayl", "steam game", "server", "domain status", "registrar abuse", "google", "community", "record type", "ttl value", "data", "v3 serial", "number" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 75, "URL": 3584, "domain": 836, "hostname": 1749, "FileHash-SHA256": 726, "FileHash-MD5": 88, "SSLCertFingerprint": 9, "email": 1 }, "indicator_count": 7068, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "665 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 7153 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/selectcarleasing.co.uk", "whois": "http://whois.domaintools.com/selectcarleasing.co.uk", "domain": "selectcarleasing.co.uk", "hostname": "email.selectcarleasing.co.uk" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6681f6f2cd37f508d362c2db", "name": "PegaSystems | Apple iOS iPad | Malicious | Tracking", "description": "", "modified": "2024-07-01T00:23:14.084000", "created": "2024-07-01T00:23:14.084000", "tags": [ "united", "passive dns", "as14449", "moved", "urls", "authority", "body", "object", "certificate", "scan endpoints", "unknown", "date", "as11377", "as16552 tiggee", "as174 cogent", "ireland unknown", "cname", "as11404 wave", "all scoreblue", "pulse pulses", "entries", "ipv4", "pulse submit", "url analysis", "dynamicloader", "port", "destination", "high", "medium", "windows", "cmd c", "default", "document file", "v2 document", "write", "copy", "name verdict", "falcon sandbox", "sha1", "sha256", "misc attack", "mitre att", "et tor", "known tor", "relayrouter", "exit", "node traffic", "ascii text", "hybrid", "starfield", "click", "strings", "core", "contact", "as396982 google", "historical ssl", "referrer", "co20230203", "malware", "discord", "credential", "lunar client", "trendmicro av", "neural netw", "upscayl", "steam game", "server", "domain status", "registrar abuse", "google", "community", "record type", "ttl value", "data", "v3 serial", "number" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": "664fceb9e0acfc0baee851c2", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 75, "URL": 3584, "domain": 836, "hostname": 1749, "FileHash-SHA256": 726, "FileHash-MD5": 88, "SSLCertFingerprint": 9, "email": 1 }, "indicator_count": 7068, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "657 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "664fceb9e0acfc0baee851c2", "name": "PegaSystems | Apple iOS iPad | Malicious | Tracking", "description": "Tags, findings of this report is auto generated by Level Blue OTX.AlienVault.\nPer my research: \nMalicious Score: 10/10\nAlerts: Alerts\nransomware_file_modifications, script_created_process, stealth_network, infostealer_cookies, suspicious_command_tools,\ndynamic_function_loading, reads_self,\nstealth_window, cmdline_http_link, uses_windows_utilities, antidebug_setunhandledexceptionfilter, cmdline_terminate, stealth_timeout,\n\nAffected Device: Apples iOS Ipad, Update 17.5.1\npegasystems.voicestorm.com -Cisco Umbrella {permanently moved as of 5.23.2024} found in Apple link - http://apps.apple.com/app/, nsis, downloaders,injection, data local, remotewd devices, tracking,", "modified": "2024-06-22T23:05:37.577000", "created": "2024-05-23T23:18:17.563000", "tags": [ "united", "passive dns", "as14449", "moved", "urls", "authority", "body", "object", "certificate", "scan endpoints", "unknown", "date", "as11377", "as16552 tiggee", "as174 cogent", "ireland unknown", "cname", "as11404 wave", "all scoreblue", "pulse pulses", "entries", "ipv4", "pulse submit", "url analysis", "dynamicloader", "port", "destination", "high", "medium", "windows", "cmd c", "default", "document file", "v2 document", "write", "copy", "name verdict", "falcon sandbox", "sha1", "sha256", "misc attack", "mitre att", "et tor", "known tor", "relayrouter", "exit", "node traffic", "ascii text", "hybrid", "starfield", "click", "strings", "core", "contact", "as396982 google", "historical ssl", "referrer", "co20230203", "malware", "discord", "credential", "lunar client", "trendmicro av", "neural netw", "upscayl", "steam game", "server", "domain status", "registrar abuse", "google", "community", "record type", "ttl value", "data", "v3 serial", "number" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 75, "URL": 3584, "domain": 836, "hostname": 1749, "FileHash-SHA256": 726, "FileHash-MD5": 88, "SSLCertFingerprint": 9, "email": 1 }, "indicator_count": 7068, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "665 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://email.selectcarleasing.co.uk", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://email.selectcarleasing.co.uk", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776622697.7807796 }