{ "type": "URL", "indicator": "https://newvistatelecom.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://newvistatelecom.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3468869272, "indicator": "https://newvistatelecom.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "657095a7912f63c2e41cda22", "name": "trifega.com - your welcome - my god two years ago i left specific details with sussex and surrey cybercrime team -", "description": "", "modified": "2023-12-06T15:39:18.737000", "created": "2023-12-06T15:39:18.737000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 745, "FileHash-SHA256": 1097, "FileHash-MD5": 6, "FileHash-SHA1": 6, "URL": 2764, "hostname": 1468 }, "indicator_count": 6086, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63a8fc8d21e342461e0c53e5", "name": "trifega.com - your welcome - my god two years ago i left specific details with sussex and surrey cybercrime team -", "description": "2016 getsetpet.co.uk\ncentraserve.com /ltd purchased above domain after stealing frm my 1and1hosting acc transfering to google abusing it until july 2018 when it expired from my registration. Immediately purchased by Sebastian Clark director of centraserve ltd in essex uk. After this discovery it was moved to Trifega Ltd in the lsle of Whight for sale for \u00a3350 on trifega.com", "modified": "2023-01-25T01:02:11.128000", "created": "2022-12-26T01:44:45.883000", "tags": [ "https://www.virustotal.com/gui/collection/54321340057709266cb812" ], "references": [ "https://www.virustotal.com/graph/g87dbd51d317a43c59906ba09ca34598223bb3f1be82a45b48f8d4dd88bf28d92", "https://www.virustotal.com/gui/collection/54321340057709266cb812de770a121defeb7c8bb2fdf96fbdaab06213029c96" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2764, "hostname": 1468, "FileHash-SHA256": 1097, "domain": 745, "FileHash-MD5": 6, "FileHash-SHA1": 6 }, "indicator_count": 6086, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1223 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "629f32000e99da994ecb5f62", "name": "80880.bodis - passive DNS = CNAME bug cookie priv escalation 450 records = n. sh", "description": "ioc's from all passive dns records potentially using CNAME record cookie priv escalation bug to abuse and break analytics with user agent.\nmass of 404 connection errors invoked to hijack/redir traffic to top level immitation sites running on massive nubotnet", "modified": "2022-07-07T00:01:42.558000", "created": "2022-06-07T11:09:52.102000", "tags": [ "n. sh", "CNAME cookie priv escalation", "CVE-2021-22941", "ww1", "neural", "nubotnet" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 370, "hostname": 1775, "URL": 2331, "domain": 453 }, "indicator_count": 4929, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1425 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/g87dbd51d317a43c59906ba09ca34598223bb3f1be82a45b48f8d4dd88bf28d92", "https://www.virustotal.com/gui/collection/54321340057709266cb812de770a121defeb7c8bb2fdf96fbdaab06213029c96" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 10601 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/newvistatelecom.com", "whois": "http://whois.domaintools.com/newvistatelecom.com", "domain": "newvistatelecom.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "657095a7912f63c2e41cda22", "name": "trifega.com - your welcome - my god two years ago i left specific details with sussex and surrey cybercrime team -", "description": "", "modified": "2023-12-06T15:39:18.737000", "created": "2023-12-06T15:39:18.737000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 745, "FileHash-SHA256": 1097, "FileHash-MD5": 6, "FileHash-SHA1": 6, "URL": 2764, "hostname": 1468 }, "indicator_count": 6086, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63a8fc8d21e342461e0c53e5", "name": "trifega.com - your welcome - my god two years ago i left specific details with sussex and surrey cybercrime team -", "description": "2016 getsetpet.co.uk\ncentraserve.com /ltd purchased above domain after stealing frm my 1and1hosting acc transfering to google abusing it until july 2018 when it expired from my registration. Immediately purchased by Sebastian Clark director of centraserve ltd in essex uk. After this discovery it was moved to Trifega Ltd in the lsle of Whight for sale for \u00a3350 on trifega.com", "modified": "2023-01-25T01:02:11.128000", "created": "2022-12-26T01:44:45.883000", "tags": [ "https://www.virustotal.com/gui/collection/54321340057709266cb812" ], "references": [ "https://www.virustotal.com/graph/g87dbd51d317a43c59906ba09ca34598223bb3f1be82a45b48f8d4dd88bf28d92", "https://www.virustotal.com/gui/collection/54321340057709266cb812de770a121defeb7c8bb2fdf96fbdaab06213029c96" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2764, "hostname": 1468, "FileHash-SHA256": 1097, "domain": 745, "FileHash-MD5": 6, "FileHash-SHA1": 6 }, "indicator_count": 6086, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1223 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "629f32000e99da994ecb5f62", "name": "80880.bodis - passive DNS = CNAME bug cookie priv escalation 450 records = n. sh", "description": "ioc's from all passive dns records potentially using CNAME record cookie priv escalation bug to abuse and break analytics with user agent.\nmass of 404 connection errors invoked to hijack/redir traffic to top level immitation sites running on massive nubotnet", "modified": "2022-07-07T00:01:42.558000", "created": "2022-06-07T11:09:52.102000", "tags": [ "n. sh", "CNAME cookie priv escalation", "CVE-2021-22941", "ww1", "neural", "nubotnet" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 370, "hostname": 1775, "URL": 2331, "domain": 453 }, "indicator_count": 4929, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1425 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://newvistatelecom.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://newvistatelecom.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780344680.8982973 }