{ "type": "URL", "indicator": "https://media.stsaffiliates.com/tracking.php", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://media.stsaffiliates.com/tracking.php", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3868502214, "indicator": "https://media.stsaffiliates.com/tracking.php", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "679f4d97f1fc798ded39ae8e", "name": "allegro.pl allegro.pl/uzytkownik/adam_f./sklep", "description": "15776378774017114814715016531986154708 Numer seryjny (szesnastkowy) 0BDE6B870D700F90BB91792A61C904D4 Haszysz 0: 8d6e213de410e14bbe35f869ce1b3043 1: add018209e76cbe53f4a40af923f242f7ca2631c 2: fa7fb1547daae8b351847119c8d03f9d930c8fa3da293f28e7e612f2afd424de 3: 15c0e531da0d56e66b54b60f87b1035c3a3a4655acb0eb30cab9525bd5wyko\u0144czony447d0ee73c0761ed030c6d739fafc901 4: f63e344afe37a22cbb36568e303f351fa5413e0b0607a22b86cb7d2fd0fff7b1 c49738f61cc9a3f1a8235a05f2e06658a66461cbc2c32ce0cfa4dfa23a5c2fc2 Klucz profesor -----POCZ\u0104TEK KLUCZA PUBLICZNEGO----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSwExlfjSkGQDRTVagu3 pShhQDFjJR+FMHULzRMLsLlqWM+XlizK15ylIkOsYsjZreFj0eYTusPs/l1NOOhb Ie65lL9AVL7/P4Bn9Mghxe0pcmc2LVEOP3mgoajnSS0Caol57G9vnsYCOq5yc3qH jcc4iNK3GGBte20G+7IK+avnZvK1x7YIdubvg/8aVkzXYtvU4dg5v9WARb97z5WI NyIUic7vWdQNoTEQCAA0O2NHgHK6/ZXQ+uQ0xjOd07I0SpkpOnXBQyPb+pkcPew3 mVR+zEZg53lMgwW/TsVsej709cxbxmPIG96YNPzmlAIh88Ny1q/JtpfCYbI9dOEY kQIDAQAB -----KONIEC KLUCZA PUBLICZNEGO----- PEM #start /C=PL/ST=Wielkopolskie/", "modified": "2025-08-30T06:02:43.372000", "created": "2025-02-02T10:48:55.847000", "tags": [ "certyfikatu", "numer seryjny", "g2 tls", "rsa sha256", "klucz publiczny", "digicert inc", "digicert global", "wane", "wano", "ca1 wydano" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 59, "FileHash-SHA1": 57, "FileHash-SHA256": 1345, "domain": 293, "hostname": 875, "URL": 2068, "CVE": 2, "IPv4": 3 }, "indicator_count": 4702, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6854c53952755b89264f0078", "name": "show_user_auctions.php", "description": "Grupa Allegro sp.pl wedi cyhoeddi cyffredinol yng Nghasnewydd, Cymru, ondod nhw'n naw.", "modified": "2025-07-20T01:03:27.759000", "created": "2025-06-20T02:19:37.856000", "tags": [ "allegro sp", "sha256 ssl", "digicert sha2", "trojan", "krajowe centrum", "danych", "beijing gu", "chinypekin", "facebook", "google dht", "budynek netease", "ke yun", "dht idc", "vhash", "ssdeep" ], "references": [ "www.allegro.pl->http://www.allegro.pl/show_user_auctions.php?uid=265889" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "SSLCertFingerprint": 4, "URL": 1624, "FileHash-MD5": 19, "FileHash-SHA1": 3, "FileHash-SHA256": 390, "domain": 349, "hostname": 670 }, "indicator_count": 3059, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "www.allegro.pl->http://www.allegro.pl/show_user_auctions.php?uid=265889" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 35628 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/stsaffiliates.com", "whois": "http://whois.domaintools.com/stsaffiliates.com", "domain": "stsaffiliates.com", "hostname": "media.stsaffiliates.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "679f4d97f1fc798ded39ae8e", "name": "allegro.pl allegro.pl/uzytkownik/adam_f./sklep", "description": "15776378774017114814715016531986154708 Numer seryjny (szesnastkowy) 0BDE6B870D700F90BB91792A61C904D4 Haszysz 0: 8d6e213de410e14bbe35f869ce1b3043 1: add018209e76cbe53f4a40af923f242f7ca2631c 2: fa7fb1547daae8b351847119c8d03f9d930c8fa3da293f28e7e612f2afd424de 3: 15c0e531da0d56e66b54b60f87b1035c3a3a4655acb0eb30cab9525bd5wyko\u0144czony447d0ee73c0761ed030c6d739fafc901 4: f63e344afe37a22cbb36568e303f351fa5413e0b0607a22b86cb7d2fd0fff7b1 c49738f61cc9a3f1a8235a05f2e06658a66461cbc2c32ce0cfa4dfa23a5c2fc2 Klucz profesor -----POCZ\u0104TEK KLUCZA PUBLICZNEGO----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSwExlfjSkGQDRTVagu3 pShhQDFjJR+FMHULzRMLsLlqWM+XlizK15ylIkOsYsjZreFj0eYTusPs/l1NOOhb Ie65lL9AVL7/P4Bn9Mghxe0pcmc2LVEOP3mgoajnSS0Caol57G9vnsYCOq5yc3qH jcc4iNK3GGBte20G+7IK+avnZvK1x7YIdubvg/8aVkzXYtvU4dg5v9WARb97z5WI NyIUic7vWdQNoTEQCAA0O2NHgHK6/ZXQ+uQ0xjOd07I0SpkpOnXBQyPb+pkcPew3 mVR+zEZg53lMgwW/TsVsej709cxbxmPIG96YNPzmlAIh88Ny1q/JtpfCYbI9dOEY kQIDAQAB -----KONIEC KLUCZA PUBLICZNEGO----- PEM #start /C=PL/ST=Wielkopolskie/", "modified": "2025-08-30T06:02:43.372000", "created": "2025-02-02T10:48:55.847000", "tags": [ "certyfikatu", "numer seryjny", "g2 tls", "rsa sha256", "klucz publiczny", "digicert inc", "digicert global", "wane", "wano", "ca1 wydano" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 59, "FileHash-SHA1": 57, "FileHash-SHA256": 1345, "domain": 293, "hostname": 875, "URL": 2068, "CVE": 2, "IPv4": 3 }, "indicator_count": 4702, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "232 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6854c53952755b89264f0078", "name": "show_user_auctions.php", "description": "Grupa Allegro sp.pl wedi cyhoeddi cyffredinol yng Nghasnewydd, Cymru, ondod nhw'n naw.", "modified": "2025-07-20T01:03:27.759000", "created": "2025-06-20T02:19:37.856000", "tags": [ "allegro sp", "sha256 ssl", "digicert sha2", "trojan", "krajowe centrum", "danych", "beijing gu", "chinypekin", "facebook", "google dht", "budynek netease", "ke yun", "dht idc", "vhash", "ssdeep" ], "references": [ "www.allegro.pl->http://www.allegro.pl/show_user_auctions.php?uid=265889" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "SSLCertFingerprint": 4, "URL": 1624, "FileHash-MD5": 19, "FileHash-SHA1": 3, "FileHash-SHA256": 390, "domain": 349, "hostname": 670 }, "indicator_count": 3059, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://media.stsaffiliates.com/tracking.php", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://media.stsaffiliates.com/tracking.php", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776627996.7280421 }