{ "type": "URL", "indicator": "https://redir.janssenmedicalcloud.se", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://redir.janssenmedicalcloud.se", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3382563458, "indicator": "https://redir.janssenmedicalcloud.se", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "657095eda27e3f05cd61b6ce", "name": "9;v1.opengraph.11ty.dev - Fuked Farm - Now where did I put that needle in that haystack? or is the haystack the f...ing needle", "description": "", "modified": "2023-12-06T15:40:29.765000", "created": "2023-12-06T15:40:29.765000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2182, "FileHash-SHA256": 438, "hostname": 6002, "URL": 14454, "FileHash-MD5": 27, "FileHash-SHA1": 23 }, "indicator_count": 23126, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63b8db30e94cd692710758e3", "name": "9;v1.opengraph.11ty.dev - Fuked Farm - Now where did I put that needle in that haystack? or is the haystack the f...ing needle", "description": "", "modified": "2023-01-07T02:55:08.704000", "created": "2023-01-07T02:38:40.067000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "pattern match", "site", "localappdata", "indicator", "msedge", "programfiles", "ck id", "path", "suspicious", "hybrid", "close", "click", "ransomware", "general", "local", "factory", "strings", "malicious", "github", "build software", "github fb" ], "references": [ "https://hybrid-analysis.com/sample/c4d970dc246c99371f246d342b15000e7bd3e59b3137293b43521b9fd9feff72/63b573f01bdd5b518e665082", "A look at some of the key words and phrases used to describe GitHub, the open-source software development platform, as well as its official website, in the third of a series of articles." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14454, "hostname": 6002, "domain": 2182, "FileHash-SHA256": 438, "FileHash-MD5": 27, "FileHash-SHA1": 23 }, "indicator_count": 23126, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627e43f468fe7866d5be9163", "name": "DNS, Dynamic DNS, VPN, VPS and Web Hosting Provider - ChangeIP", "description": "", "modified": "2022-06-12T00:06:23.557000", "created": "2022-05-13T11:41:40.229000", "tags": [ "dynamic dns", "get started", "hosting", "ssd vps", "dns hosting", "join", "web hosting", "ssd web", "hosting ssd", "free dynamic", "bitcoin" ], "references": [ "https://urlscan.io/responses/e5dad34de05bb219256de13e3f5d59bc5f71b8dee69620b158b43dfaf666d851/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 264, "URL": 608, "domain": 63, "FileHash-SHA256": 239 }, "indicator_count": 1174, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1452 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6215116a0f4102b4d18bde36", "name": "SpectrumHealth.com", "description": "", "modified": "2022-03-24T00:00:00.271000", "created": "2022-02-22T16:38:02.799000", "tags": [ "server", "registrar abuse", "date", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "registrar", "subdomains", "detections type", "name", "ms excel", "text", "lookups", "algorithm", "key identifier", "x509v3 subject", "rank value", "ingestion time", "statvoo", "utc alexa", "utc cisco", "umbrella", "data", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "utc quantcast", "dns records", "record type", "ttl value" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 296, "URL": 626, "domain": 107, "email": 1, "FileHash-SHA256": 221, "FileHash-MD5": 1, "FileHash-SHA1": 14 }, "indicator_count": 1266, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/c4d970dc246c99371f246d342b15000e7bd3e59b3137293b43521b9fd9feff72/63b573f01bdd5b518e665082", "https://urlscan.io/responses/e5dad34de05bb219256de13e3f5d59bc5f71b8dee69620b158b43dfaf666d851/", "A look at some of the key words and phrases used to describe GitHub, the open-source software development platform, as well as its official website, in the third of a series of articles." ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 25297 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/janssenmedicalcloud.se", "whois": "http://whois.domaintools.com/janssenmedicalcloud.se", "domain": "janssenmedicalcloud.se", "hostname": "redir.janssenmedicalcloud.se" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "657095eda27e3f05cd61b6ce", "name": "9;v1.opengraph.11ty.dev - Fuked Farm - Now where did I put that needle in that haystack? or is the haystack the f...ing needle", "description": "", "modified": "2023-12-06T15:40:29.765000", "created": "2023-12-06T15:40:29.765000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2182, "FileHash-SHA256": 438, "hostname": 6002, "URL": 14454, "FileHash-MD5": 27, "FileHash-SHA1": 23 }, "indicator_count": 23126, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63b8db30e94cd692710758e3", "name": "9;v1.opengraph.11ty.dev - Fuked Farm - Now where did I put that needle in that haystack? or is the haystack the f...ing needle", "description": "", "modified": "2023-01-07T02:55:08.704000", "created": "2023-01-07T02:38:40.067000", "tags": [ "trojan", "apt", "ansi", "dropped file", "runtime data", "pattern match", "site", "localappdata", "indicator", "msedge", "programfiles", "ck id", "path", "suspicious", "hybrid", "close", "click", "ransomware", "general", "local", "factory", "strings", "malicious", "github", "build software", "github fb" ], "references": [ "https://hybrid-analysis.com/sample/c4d970dc246c99371f246d342b15000e7bd3e59b3137293b43521b9fd9feff72/63b573f01bdd5b518e665082", "A look at some of the key words and phrases used to describe GitHub, the open-source software development platform, as well as its official website, in the third of a series of articles." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 14454, "hostname": 6002, "domain": 2182, "FileHash-SHA256": 438, "FileHash-MD5": 27, "FileHash-SHA1": 23 }, "indicator_count": 23126, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1243 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627e43f468fe7866d5be9163", "name": "DNS, Dynamic DNS, VPN, VPS and Web Hosting Provider - ChangeIP", "description": "", "modified": "2022-06-12T00:06:23.557000", "created": "2022-05-13T11:41:40.229000", "tags": [ "dynamic dns", "get started", "hosting", "ssd vps", "dns hosting", "join", "web hosting", "ssd web", "hosting ssd", "free dynamic", "bitcoin" ], "references": [ "https://urlscan.io/responses/e5dad34de05bb219256de13e3f5d59bc5f71b8dee69620b158b43dfaf666d851/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 264, "URL": 608, "domain": 63, "FileHash-SHA256": 239 }, "indicator_count": 1174, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1452 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6215116a0f4102b4d18bde36", "name": "SpectrumHealth.com", "description": "", "modified": "2022-03-24T00:00:00.271000", "created": "2022-02-22T16:38:02.799000", "tags": [ "server", "registrar abuse", "date", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "registrar", "subdomains", "detections type", "name", "ms excel", "text", "lookups", "algorithm", "key identifier", "x509v3 subject", "rank value", "ingestion time", "statvoo", "utc alexa", "utc cisco", "umbrella", "data", "v3 serial", "number", "issuer", "cus cnr3", "olet", "subject public", "utc quantcast", "dns records", "record type", "ttl value" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 296, "URL": 626, "domain": 107, "email": 1, "FileHash-SHA256": 221, "FileHash-MD5": 1, "FileHash-SHA1": 14 }, "indicator_count": 1266, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1532 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://redir.janssenmedicalcloud.se", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://redir.janssenmedicalcloud.se", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780508183.4890058 }