{ "type": "URL", "indicator": "https://iptv.hjxup.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://iptv.hjxup.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3634768951, "indicator": "https://iptv.hjxup.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69f307a09667829e1b243083", "name": "Credit Arek-BTC [8blxx.exe Trojan zdalnego dost\u0119pu exe id = \"42c1af80-cff3-505f-a3cb-35b7e345] Clone", "description": "", "modified": "2026-04-30T07:56:08.896000", "created": "2026-04-30T07:41:20.607000", "tags": [ "upx dump", "security", "license v2", "c4 f0", "c4 ec", "ec a5", "c2 c3", "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "win32", "kevin breen", "kevin", "remote access", "trojan", "metainf", "version", "versions", "settings", "mysettings", "keylogger", "sifre", "bandook rat", "remoteshell", "udpflood", "darkrat", "avenger", "greame", "keylog", "codekey", "ping", "activator", "nanocore", "keepalive", "miner", "inject", "attack", "killer", "predator pain", "unknown", "qrat", "shadowtech", "install", "virusrat", "aar", "alienvault labs", "cwsandbox", "felix bilstein", "cc bysa", "disclaimer", "disassembly", "malpedia", "number", "b801000000", "eb34", "eb0e", "test", "helper objects", "cache", "detailsendswith", "autorun keys", "modification id", "asep", "victor sergeev", "tim shelton", "empty", "homenet", "externalnet", "wang2", "imageendswith", "example", "imagestartswith", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "providers", "safe", "stream", "python", "folder file", "write id", "windows startup", "cyb3rward0g", "open threat", "research", "samplepath", "user", "userprofile", "matches rule", "snort", "rule set", "github", "text c", "file execution", "malware", "shell", "peexe c", "text", "text sha256", "registry", "xml c", "text xx", "appdatalocaldbg", "registry id", "run once", "singh", "details" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AAR", "display_name": "AAR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "676a09a5aa214e111c6789de", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 50, "FileHash-MD5": 33, "FileHash-SHA1": 7, "FileHash-SHA256": 367, "domain": 44, "URL": 373, "hostname": 171, "IPv4": 11 }, "indicator_count": 1056, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "33 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "676a09a5aa214e111c6789de", "name": "8blxx.exe Trojan zdalnego dost\u0119pu exe id = \"42c1af80-cff3-505f-a3cb-35b7e34575e1\"", "description": "regu\u0142a RAT_AAR { meta: author = \"Kevin Breen \" date = \"01.04.2014\" description = \"Wykryto z\u0142o\u015bliwe oprogramowanie AAR RAT\" reference = \" http://malwareconfig.com/stats /AAR\" malware maltype = \"Trojan zdalnego dost\u0119pu\" filetype = \"exe\" id = \"42c1af80-cff3-505f-a3cb-35b7e34575e1\" strings: $a = \"Hashtable\" $b = \"get_IsDisposed\" $c = \"TripleDES\" $d = \"testmemory.", "modified": "2025-01-08T01:47:51.399000", "created": "2024-12-24T01:08:53.412000", "tags": [ "upx dump", "security", "license v2", "c4 f0", "c4 ec", "ec a5", "c2 c3", "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "win32", "kevin breen", "kevin", "remote access", "trojan", "metainf", "version", "versions", "settings", "mysettings", "keylogger", "sifre", "bandook rat", "remoteshell", "udpflood", "darkrat", "avenger", "greame", "keylog", "codekey", "ping", "activator", "nanocore", "keepalive", "miner", "inject", "attack", "killer", "predator pain", "unknown", "qrat", "shadowtech", "install", "virusrat", "aar", "alienvault labs", "cwsandbox", "felix bilstein", "cc bysa", "disclaimer", "disassembly", "malpedia", "number", "b801000000", "eb34", "eb0e", "test", "helper objects", "cache", "detailsendswith", "autorun keys", "modification id", "asep", "victor sergeev", "tim shelton", "empty", "homenet", "externalnet", "wang2", "imageendswith", "example", "imagestartswith", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "providers", "safe", "stream", "python", "folder file", "write id", "windows startup", "cyb3rward0g", "open threat", "research", "samplepath", "user", "userprofile", "matches rule", "snort", "rule set", "github", "text c", "file execution", "malware", "shell", "peexe c", "text", "text sha256", "registry", "xml c", "text xx", "appdatalocaldbg", "registry id", "run once", "singh", "details" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AAR", "display_name": "AAR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 50, "FileHash-MD5": 16, "FileHash-SHA1": 7, "FileHash-SHA256": 367, "domain": 44, "URL": 373, "hostname": 171, "IPv4": 11 }, "indicator_count": 1039, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f16ce668c75c5ec1148e7b", "name": "http://vinyldevicepop.com", "description": "The Falcon Sandbox malware analysis service is available to download, view and download all the data on the Falcon website, including the full report on how to identify and identify the malware and tactics behind the attack.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:27:18.058000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "suspicious", "hybrid", "close", "click", "ransomware", "february", "general", "strings" ], "references": [ "https://hybrid-analysis.com/sample/a575cf06662eb0972d9d0e5286382ca909ac3d4db893153ac13242e626304b1f/63f0cc25c94909360712d453" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 98, "hostname": 38, "domain": 10, "FileHash-SHA256": 62, "FileHash-MD5": 50, "FileHash-SHA1": 49 }, "indicator_count": 307, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1169 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/a575cf06662eb0972d9d0e5286382ca909ac3d4db893153ac13242e626304b1f/63f0cc25c94909360712d453" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Aar" ], "industries": [], "unique_indicators": 1337 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/hjxup.com", "whois": "http://whois.domaintools.com/hjxup.com", "domain": "hjxup.com", "hostname": "iptv.hjxup.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69f307a09667829e1b243083", "name": "Credit Arek-BTC [8blxx.exe Trojan zdalnego dost\u0119pu exe id = \"42c1af80-cff3-505f-a3cb-35b7e345] Clone", "description": "", "modified": "2026-04-30T07:56:08.896000", "created": "2026-04-30T07:41:20.607000", "tags": [ "upx dump", "security", "license v2", "c4 f0", "c4 ec", "ec a5", "c2 c3", "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "win32", "kevin breen", "kevin", "remote access", "trojan", "metainf", "version", "versions", "settings", "mysettings", "keylogger", "sifre", "bandook rat", "remoteshell", "udpflood", "darkrat", "avenger", "greame", "keylog", "codekey", "ping", "activator", "nanocore", "keepalive", "miner", "inject", "attack", "killer", "predator pain", "unknown", "qrat", "shadowtech", "install", "virusrat", "aar", "alienvault labs", "cwsandbox", "felix bilstein", "cc bysa", "disclaimer", "disassembly", "malpedia", "number", "b801000000", "eb34", "eb0e", "test", "helper objects", "cache", "detailsendswith", "autorun keys", "modification id", "asep", "victor sergeev", "tim shelton", "empty", "homenet", "externalnet", "wang2", "imageendswith", "example", "imagestartswith", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "providers", "safe", "stream", "python", "folder file", "write id", "windows startup", "cyb3rward0g", "open threat", "research", "samplepath", "user", "userprofile", "matches rule", "snort", "rule set", "github", "text c", "file execution", "malware", "shell", "peexe c", "text", "text sha256", "registry", "xml c", "text xx", "appdatalocaldbg", "registry id", "run once", "singh", "details" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AAR", "display_name": "AAR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "676a09a5aa214e111c6789de", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 50, "FileHash-MD5": 33, "FileHash-SHA1": 7, "FileHash-SHA256": 367, "domain": 44, "URL": 373, "hostname": 171, "IPv4": 11 }, "indicator_count": 1056, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "33 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "676a09a5aa214e111c6789de", "name": "8blxx.exe Trojan zdalnego dost\u0119pu exe id = \"42c1af80-cff3-505f-a3cb-35b7e34575e1\"", "description": "regu\u0142a RAT_AAR { meta: author = \"Kevin Breen \" date = \"01.04.2014\" description = \"Wykryto z\u0142o\u015bliwe oprogramowanie AAR RAT\" reference = \" http://malwareconfig.com/stats /AAR\" malware maltype = \"Trojan zdalnego dost\u0119pu\" filetype = \"exe\" id = \"42c1af80-cff3-505f-a3cb-35b7e34575e1\" strings: $a = \"Hashtable\" $b = \"get_IsDisposed\" $c = \"TripleDES\" $d = \"testmemory.", "modified": "2025-01-08T01:47:51.399000", "created": "2024-12-24T01:08:53.412000", "tags": [ "upx dump", "security", "license v2", "c4 f0", "c4 ec", "ec a5", "c2 c3", "detects", "roth", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "win32", "kevin breen", "kevin", "remote access", "trojan", "metainf", "version", "versions", "settings", "mysettings", "keylogger", "sifre", "bandook rat", "remoteshell", "udpflood", "darkrat", "avenger", "greame", "keylog", "codekey", "ping", "activator", "nanocore", "keepalive", "miner", "inject", "attack", "killer", "predator pain", "unknown", "qrat", "shadowtech", "install", "virusrat", "aar", "alienvault labs", "cwsandbox", "felix bilstein", "cc bysa", "disclaimer", "disassembly", "malpedia", "number", "b801000000", "eb34", "eb0e", "test", "helper objects", "cache", "detailsendswith", "autorun keys", "modification id", "asep", "victor sergeev", "tim shelton", "empty", "homenet", "externalnet", "wang2", "imageendswith", "example", "imagestartswith", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "providers", "safe", "stream", "python", "folder file", "write id", "windows startup", "cyb3rward0g", "open threat", "research", "samplepath", "user", "userprofile", "matches rule", "snort", "rule set", "github", "text c", "file execution", "malware", "shell", "peexe c", "text", "text sha256", "registry", "xml c", "text xx", "appdatalocaldbg", "registry id", "run once", "singh", "details" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "AAR", "display_name": "AAR", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "YARA": 50, "FileHash-MD5": 16, "FileHash-SHA1": 7, "FileHash-SHA256": 367, "domain": 44, "URL": 373, "hostname": 171, "IPv4": 11 }, "indicator_count": 1039, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63f16ce668c75c5ec1148e7b", "name": "http://vinyldevicepop.com", "description": "The Falcon Sandbox malware analysis service is available to download, view and download all the data on the Falcon website, including the full report on how to identify and identify the malware and tactics behind the attack.", "modified": "2023-03-21T00:02:57.765000", "created": "2023-02-19T00:27:18.058000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "localappdata", "unicode", "hash seen", "size", "runtime process", "sha256", "sha1", "temp", "entropy", "suspicious", "hybrid", "close", "click", "ransomware", "february", "general", "strings" ], "references": [ "https://hybrid-analysis.com/sample/a575cf06662eb0972d9d0e5286382ca909ac3d4db893153ac13242e626304b1f/63f0cc25c94909360712d453" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 98, "hostname": 38, "domain": 10, "FileHash-SHA256": 62, "FileHash-MD5": 50, "FileHash-SHA1": 49 }, "indicator_count": 307, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1169 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://iptv.hjxup.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://iptv.hjxup.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780422494.9621649 }