{ "type": "URL", "indicator": "https://i.config.data", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://i.config.data", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3668630443, "indicator": "https://i.config.data", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6842489989d6db4d41fd8322", "name": "Vulnerable Driver Load", "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.", "modified": "2025-07-06T01:00:17.231000", "created": "2025-06-06T01:47:05.317000", "tags": [ "malicious", "vulnerable", "living", "land drivers", "premium", "windows", "feel", "strong", "json", "sysmon", "subdomains", "whasz", "html internet", "magia dokument", "html", "ascii", "z bardzo", "triid plik", "magika html", "rozmiar", "zgoszenie", "error", "100255", "255100", "number", "e100", "100i100n", "65535255", "25565535", "mmm d", "typeof window", "null", "bubble", "radar", "false", "click", "isitem", "dark", "copy", "shell", "panelbox", "document", "code", "body", "light", "mark", "date", "scroll", "target", "blank", "back", "main", "lowfi" ], "references": [ "https://loldrivers.io/", "https://www.loldrivers.io/js/chart.min.js", "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js", "https://www.loldrivers.io/favicons/browserconfig.xml" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1885, "FileHash-SHA1": 1367, "FileHash-SHA256": 1615, "hostname": 214, "domain": 52, "URL": 468, "CVE": 2 }, "indicator_count": 5603, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6443fc0a12315ea70966d1fa", "name": "smarthost.maedler.de v2 all", "description": "", "modified": "2023-04-22T15:24:10.853000", "created": "2023-04-22T15:23:54.659000", "tags": [ "memoryfile scan", "runtime data", "ck id", "windir", "mitre att", "ck matrix", "y ansi", "x ansi", "double", "suspicious", "path", "sicil", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 130, "hostname": 64, "domain": 22, "IPv4": 1, "FileHash-SHA256": 3, "FileHash-MD5": 2, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1137 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.loldrivers.io/js/chart.min.js", "https://loldrivers.io/", "https://www.loldrivers.io/favicons/browserconfig.xml", "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b", "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 5825 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/config.data", "whois": "http://whois.domaintools.com/config.data", "domain": "config.data", "hostname": "i.config.data" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6842489989d6db4d41fd8322", "name": "Vulnerable Driver Load", "description": "Here is the full list of malicious Windows drivers, which can be blocked with the help of a special tool, or a built-in system, if you want to know what to do with it.", "modified": "2025-07-06T01:00:17.231000", "created": "2025-06-06T01:47:05.317000", "tags": [ "malicious", "vulnerable", "living", "land drivers", "premium", "windows", "feel", "strong", "json", "sysmon", "subdomains", "whasz", "html internet", "magia dokument", "html", "ascii", "z bardzo", "triid plik", "magika html", "rozmiar", "zgoszenie", "error", "100255", "255100", "number", "e100", "100i100n", "65535255", "25565535", "mmm d", "typeof window", "null", "bubble", "radar", "false", "click", "isitem", "dark", "copy", "shell", "panelbox", "document", "code", "body", "light", "mark", "date", "scroll", "target", "blank", "back", "main", "lowfi" ], "references": [ "https://loldrivers.io/", "https://www.loldrivers.io/js/chart.min.js", "https://www.loldrivers.io/js/bundle.7cd1a644ff4540d19bfa43f193df74afce746a0213920f45d73bf720542f682d81b6ad0320242744d332512cfb63eac5790fab1a240d6e6c8cb89f25fcacfbd7.js", "https://www.loldrivers.io/favicons/browserconfig.xml" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1885, "FileHash-SHA1": 1367, "FileHash-SHA256": 1615, "hostname": 214, "domain": 52, "URL": 468, "CVE": 2 }, "indicator_count": 5603, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6443fc0a12315ea70966d1fa", "name": "smarthost.maedler.de v2 all", "description": "", "modified": "2023-04-22T15:24:10.853000", "created": "2023-04-22T15:23:54.659000", "tags": [ "memoryfile scan", "runtime data", "ck id", "windir", "mitre att", "ck matrix", "y ansi", "x ansi", "double", "suspicious", "path", "sicil", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 130, "hostname": 64, "domain": 22, "IPv4": 1, "FileHash-SHA256": 3, "FileHash-MD5": 2, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1137 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://i.config.data", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://i.config.data", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780430896.9999516 }