{ "type": "URL", "indicator": "https://igromozg.comrot.spotsniper.ru", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://igromozg.comrot.spotsniper.ru", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3633834728, "indicator": "https://igromozg.comrot.spotsniper.ru", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "688acbb15266413d3a4d828b", "name": "\u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a - Malware packed | Botnet |Porn dumping affects Communities", "description": "\u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a - Malware packed | Botnet | Porn dumping affects Communities | Packed. Russian linked YouTube channels that may none US or Canada, (unclear) Asian pornography dumping. Remotes phones. Spyware\n*can\u2019t annotate #denver #mitm #advesaries #trojans #unix #linux #torrentinf #dumps #twiitter #listeners #spy ||\t\t\t\t\t\t\n2010382\tFake AV GET\t\t\t\t\t\n2013149\tRogueAntiSpyware.AntiVirusPro Checkin\t\t\t\t\n2013178\tLong Fake wget 3.0 User-Agent", "modified": "2025-08-30T01:00:25.227000", "created": "2025-07-31T01:49:37.048000", "tags": [ "date", "domain add", "pulse pulses", "passive dns", "urls", "files", "ip address", "location russia", "asn as9110", "whois registrar", "present aug", "entries", "present oct", "russia showing", "next associated", "urls show", "date checked", "url hostname", "server response", "google safe", "win32", "united", "virus", "associated urls", "show", "copyright", "levelblue", "address google", "safe browsing", "error mar", "resources whois", "virustotal", "url add", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "hash avast", "avg clamav", "msdefender feb", "exploit", "error jun", "xml rel", "a domains", "russia unknown", "body doctype", "xmlns http", "archive href", "href", "atom", "encrypt", "results may", "expiration date", "name servers", "value emails", "name personal", "city personal", "creation date", "dnssec", "domain name", "domain names", "present jul", "russia", "aaaa", "search", "moved", "bad request", "body", "port", "tlsv1", "destination", "otrustasia", "cntrustasia rsa", "dv tls", "ca g2", "unknown", "copy", "write", "pecompact", "february", "packer", "delphi", "next", "hostname add", "pulse submit", "url analysis", "domain", "files ip", "address", "read c", "cntrustasia tls", "rsa ca", "oglobalsign", "showing", "medium", "memcommit", "packing t1045", "t1045", "high", "icmp traffic", "registry", "t1055", "persistence", "execution", "code", "number", "sample analysis", "hide samples", "date hash", "next yara", "detections name", "embeddedwb", "windows", "shellexecuteexw", "msie", "windows nt", "service", "malware", "avast avg", "pulse", "related nids", "files location", "flag united", "present may", "results aug", "response ip", "title", "ipv4", "federation flag", "moscow", "germany as24940", "delete", "present mar", "results jul", "present jun", "united kingdom", "unknown a", "trojan", "trojandropper", "virtool", "sality", "junkpoly", "worm", "gmt server", "ipv4 add", "location united", "america flag", "present dec", "unknown ns", "results oct", "displayname", "asn as16509", "less whois", "registrar", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "development att", "ssl certificate", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "ascii text", "size", "pattern match", "mitre att", "hybrid", "general", "local", "path", "click", "strings", "telegram", "android", "regsetvalueexa", "regdword", "jfif", "writeconsolew", "hash", "tools", "hostile" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4063, "hostname": 1097, "domain": 596, "FileHash-MD5": 671, "FileHash-SHA1": 641, "FileHash-SHA256": 1982, "email": 3, "SSLCertFingerprint": 17, "CVE": 1 }, "indicator_count": 9071, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed8e8bf910895c13bb1d9b", "name": "etg.js whitelisted", "description": "The Falcon Sandbox malware analysis service is available to download, view, download and use on the Falcon website. and on our desktop and mobile apps, as well as in the browser and app.", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T02:01:47.650000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "falcon sandbox", "unknown files", "collection", "part", "please note", "data protection", "policy", "request report", "golden visa", "ransomware", "rats", "test", "august", "click", "close", "a9es", "idn0", "sendimage1", "refts0" ], "references": [ "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "whitelist", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 673, "hostname": 175, "domain": 22, "FileHash-SHA256": 160, "FileHash-MD5": 24, "FileHash-SHA1": 1 }, "indicator_count": 1055, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "whitelist", "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 10259 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/spotsniper.ru", "whois": "http://whois.domaintools.com/spotsniper.ru", "domain": "spotsniper.ru", "hostname": "igromozg.comrot.spotsniper.ru" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "688acbb15266413d3a4d828b", "name": "\u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a - Malware packed | Botnet |Porn dumping affects Communities", "description": "\u4e5d\u79c0\u76f4\u64ad-\u9ad8\u54c1\u8d28\u7f8e\u5973\u5728\u7ebf\u89c6\u9891\u4e92\u52a8\u793e\u533a - Malware packed | Botnet | Porn dumping affects Communities | Packed. Russian linked YouTube channels that may none US or Canada, (unclear) Asian pornography dumping. Remotes phones. Spyware\n*can\u2019t annotate #denver #mitm #advesaries #trojans #unix #linux #torrentinf #dumps #twiitter #listeners #spy ||\t\t\t\t\t\t\n2010382\tFake AV GET\t\t\t\t\t\n2013149\tRogueAntiSpyware.AntiVirusPro Checkin\t\t\t\t\n2013178\tLong Fake wget 3.0 User-Agent", "modified": "2025-08-30T01:00:25.227000", "created": "2025-07-31T01:49:37.048000", "tags": [ "date", "domain add", "pulse pulses", "passive dns", "urls", "files", "ip address", "location russia", "asn as9110", "whois registrar", "present aug", "entries", "present oct", "russia showing", "next associated", "urls show", "date checked", "url hostname", "server response", "google safe", "win32", "united", "virus", "associated urls", "show", "copyright", "levelblue", "address google", "safe browsing", "error mar", "resources whois", "virustotal", "url add", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "hash avast", "avg clamav", "msdefender feb", "exploit", "error jun", "xml rel", "a domains", "russia unknown", "body doctype", "xmlns http", "archive href", "href", "atom", "encrypt", "results may", "expiration date", "name servers", "value emails", "name personal", "city personal", "creation date", "dnssec", "domain name", "domain names", "present jul", "russia", "aaaa", "search", "moved", "bad request", "body", "port", "tlsv1", "destination", "otrustasia", "cntrustasia rsa", "dv tls", "ca g2", "unknown", "copy", "write", "pecompact", "february", "packer", "delphi", "next", "hostname add", "pulse submit", "url analysis", "domain", "files ip", "address", "read c", "cntrustasia tls", "rsa ca", "oglobalsign", "showing", "medium", "memcommit", "packing t1045", "t1045", "high", "icmp traffic", "registry", "t1055", "persistence", "execution", "code", "number", "sample analysis", "hide samples", "date hash", "next yara", "detections name", "embeddedwb", "windows", "shellexecuteexw", "msie", "windows nt", "service", "malware", "avast avg", "pulse", "related nids", "files location", "flag united", "present may", "results aug", "response ip", "title", "ipv4", "federation flag", "moscow", "germany as24940", "delete", "present mar", "results jul", "present jun", "united kingdom", "unknown a", "trojan", "trojandropper", "virtool", "sality", "junkpoly", "worm", "gmt server", "ipv4 add", "location united", "america flag", "present dec", "unknown ns", "results oct", "displayname", "asn as16509", "less whois", "registrar", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "development att", "ssl certificate", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "ascii text", "size", "pattern match", "mitre att", "hybrid", "general", "local", "path", "click", "strings", "telegram", "android", "regsetvalueexa", "regdword", "jfif", "writeconsolew", "hash", "tools", "hostile" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4063, "hostname": 1097, "domain": 596, "FileHash-MD5": 671, "FileHash-SHA1": 641, "FileHash-SHA256": 1982, "email": 3, "SSLCertFingerprint": 17, "CVE": 1 }, "indicator_count": 9071, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed8e8bf910895c13bb1d9b", "name": "etg.js whitelisted", "description": "The Falcon Sandbox malware analysis service is available to download, view, download and use on the Falcon website. and on our desktop and mobile apps, as well as in the browser and app.", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T02:01:47.650000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "falcon sandbox", "unknown files", "collection", "part", "please note", "data protection", "policy", "request report", "golden visa", "ransomware", "rats", "test", "august", "click", "close", "a9es", "idn0", "sendimage1", "refts0" ], "references": [ "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "whitelist", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 673, "hostname": 175, "domain": 22, "FileHash-SHA256": 160, "FileHash-MD5": 24, "FileHash-SHA1": 1 }, "indicator_count": 1055, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://igromozg.comrot.spotsniper.ru", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://igromozg.comrot.spotsniper.ru", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780223316.8060677 }