{ "type": "URL", "indicator": "https://sport.mobile2ads.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://sport.mobile2ads.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3634005725, "indicator": "https://sport.mobile2ads.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "64d64caffcea67ddfaacc5ed", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:55.215000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 199, "domain": 69, "hostname": 42, "FileHash-SHA256": 41, "email": 1 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64cb0a37dd23cd1ca2da1", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:56.508000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "domain": 20, "hostname": 21, "FileHash-SHA256": 41 }, "indicator_count": 162, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ee2f3a175c194201f2a350", "name": "its all about IPTV control of you and your tv havana eat your heart out", "description": "\u00c2\u00a31.5m worth of content on the site.\nFound potential IP address in binary/memory\ndetails\nPotential IP \"10.34.0.42\" found in string \"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\"\nPotential IP \"10.34.0.42\" found in string \"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE\"", "modified": "2023-03-18T12:02:10.895000", "created": "2023-02-16T13:27:22.635000", "tags": [ "live sport tv listing guide", "gregor jutrisa", "sports", "entertainment", "ios apps", "app", "appstore", "app store", "iphone", "ipad", "ipod touch", "itouch", "itunes", "sport tv", "ziggo sport", "fox sports", "sky sport", "golf channel", "eurosport", "sport", "football", "baseball", "golf", "calendar", "vxstream", "localappdata", "unicode", "hash seen", "runtime process", "entropy", "type data", "peter selinger", "tbody", "span", "tfoot", "thead", "button", "multiple", "type", "href", "fontawesome", "gradienttype0", "false", "alpha", "https://img2.sport-tv-guide.live/images/favicon/apple-touch-icon", "3.0.0.0", "10.34.0.42" ], "references": [ "https://sport-tv-guide.live/cache/styles.min.css", "https://img2.sport-tv-guide.live/images/favicon/site.webmanifest", "https://img2.sport-tv-guide.live/images/favicon/safari-pinned-tab.svg", "https://img2.sport-tv-guide.live/images/favicon/apple-touch-icon.png", "https://hybrid-analysis.com/sample/d7b60960a563566fc4cd0bbcaf24572243c650f00b2c33cd64c4ae332256d39b/63ee1e3f52707c4ed037bf26", "https://play.google.com/store/apps/details?id=sport.mobile2ads.com", "sport.mobile2ads.com", "https://hybrid-analysis.com/sample/3acc839f401ca63b99c8364e297b4f65d26e2b48f5c623dd153c8d92e1ad5ed1/63ee2381ea009a65456be633", "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TEL:Win32/Qjwmonkey.A", "display_name": "TEL:Win32/Qjwmonkey.A", "target": "/malware/TEL:Win32/Qjwmonkey.A" }, { "id": "PWS:Win32/VB.CU", "display_name": "PWS:Win32/VB.CU", "target": "/malware/PWS:Win32/VB.CU" }, { "id": "Win32:VB-AJKP\\ [Trj]", "display_name": "Win32:VB-AJKP\\ [Trj]", "target": null }, { "id": "Win.Malware.Swisyn-7610494-0", "display_name": "Win.Malware.Swisyn-7610494-0", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 141, "hostname": 29, "URL": 151, "domain": 45, "FileHash-MD5": 91, "FileHash-SHA1": 90 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://img2.sport-tv-guide.live/images/favicon/site.webmanifest", "https://hybrid-analysis.com/sample/3acc839f401ca63b99c8364e297b4f65d26e2b48f5c623dd153c8d92e1ad5ed1/63ee2381ea009a65456be633", "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8", "https://hybrid-analysis.com/sample/d7b60960a563566fc4cd0bbcaf24572243c650f00b2c33cd64c4ae332256d39b/63ee1e3f52707c4ed037bf26", "https://img2.sport-tv-guide.live/images/favicon/apple-touch-icon.png", "https://sport-tv-guide.live/cache/styles.min.css", "https://play.google.com/store/apps/details?id=sport.mobile2ads.com", "sport.mobile2ads.com", "https://img2.sport-tv-guide.live/images/favicon/safari-pinned-tab.svg" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Pws:win32/vb.cu", "Win.malware.swisyn-7610494-0", "Win32:vb-ajkp\\ [trj]", "Tel:win32/qjwmonkey.a", "Zombie brick" ], "industries": [], "unique_indicators": 772 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/mobile2ads.com", "whois": "http://whois.domaintools.com/mobile2ads.com", "domain": "mobile2ads.com", "hostname": "sport.mobile2ads.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "64d64caffcea67ddfaacc5ed", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:55.215000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 199, "domain": 69, "hostname": 42, "FileHash-SHA256": 41, "email": 1 }, "indicator_count": 352, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d64cb0a37dd23cd1ca2da1", "name": "imac.co.nz Malicious", "description": "iPhone attack. Bad actors utilizing regulations and escalation privileges gain immediate access upon setup. Cell service set up at a carrier but shows as another carrier. Many BBH pretending this is their experience. Actual target unable to access any Apple support by phone. Submit online. Apple ID disabled by either Apple or BotMaster, labeled malicious ID. Live representatives at Apple or Cell carrier difficult to the point of legal investigation. \nApple confiscated a single phone from target. No refund. Engineers needed phone to review and obviously cover up evidence. Target loss control of phone and was verbally commanded to enter ' confirm ' erasing access to issues.\n(I didn't write any of this: A full analysis of the latest cyber-attack on the Apple website, which targets people who have signed up to be targeted by hackers, has been published by the security firm OctoSeek.)", "modified": "2023-09-10T00:02:53.567000", "created": "2023-08-11T14:58:56.508000", "tags": [ "months ago", "created", "white", "email", "ipv4", "author avatar", "modified", "domain", "scan endpoints", "all search", "zombie brick" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Zombie Brick", "display_name": "Zombie Brick", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 80, "domain": 20, "hostname": 21, "FileHash-SHA256": 41 }, "indicator_count": 162, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ee2f3a175c194201f2a350", "name": "its all about IPTV control of you and your tv havana eat your heart out", "description": "\u00c2\u00a31.5m worth of content on the site.\nFound potential IP address in binary/memory\ndetails\nPotential IP \"10.34.0.42\" found in string \"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Indexed Rules\\35\\10.34.0.42\"\nPotential IP \"10.34.0.42\" found in string \"%LOCALAPPDATA%\\Microsoft\\Edge\\User Data\\Subresource Filter\\Unindexed Rules\\10.34.0.42\\LICENSE\"", "modified": "2023-03-18T12:02:10.895000", "created": "2023-02-16T13:27:22.635000", "tags": [ "live sport tv listing guide", "gregor jutrisa", "sports", "entertainment", "ios apps", "app", "appstore", "app store", "iphone", "ipad", "ipod touch", "itouch", "itunes", "sport tv", "ziggo sport", "fox sports", "sky sport", "golf channel", "eurosport", "sport", "football", "baseball", "golf", "calendar", "vxstream", "localappdata", "unicode", "hash seen", "runtime process", "entropy", "type data", "peter selinger", "tbody", "span", "tfoot", "thead", "button", "multiple", "type", "href", "fontawesome", "gradienttype0", "false", "alpha", "https://img2.sport-tv-guide.live/images/favicon/apple-touch-icon", "3.0.0.0", "10.34.0.42" ], "references": [ "https://sport-tv-guide.live/cache/styles.min.css", "https://img2.sport-tv-guide.live/images/favicon/site.webmanifest", "https://img2.sport-tv-guide.live/images/favicon/safari-pinned-tab.svg", "https://img2.sport-tv-guide.live/images/favicon/apple-touch-icon.png", "https://hybrid-analysis.com/sample/d7b60960a563566fc4cd0bbcaf24572243c650f00b2c33cd64c4ae332256d39b/63ee1e3f52707c4ed037bf26", "https://play.google.com/store/apps/details?id=sport.mobile2ads.com", "sport.mobile2ads.com", "https://hybrid-analysis.com/sample/3acc839f401ca63b99c8364e297b4f65d26e2b48f5c623dd153c8d92e1ad5ed1/63ee2381ea009a65456be633", "https://itunes.apple.com/us/app/live-sport-tv-listing-guide/id1182257083?ls=1&mt=8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TEL:Win32/Qjwmonkey.A", "display_name": "TEL:Win32/Qjwmonkey.A", "target": "/malware/TEL:Win32/Qjwmonkey.A" }, { "id": "PWS:Win32/VB.CU", "display_name": "PWS:Win32/VB.CU", "target": "/malware/PWS:Win32/VB.CU" }, { "id": "Win32:VB-AJKP\\ [Trj]", "display_name": "Win32:VB-AJKP\\ [Trj]", "target": null }, { "id": "Win.Malware.Swisyn-7610494-0", "display_name": "Win.Malware.Swisyn-7610494-0", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 141, "hostname": 29, "URL": 151, "domain": 45, "FileHash-MD5": 91, "FileHash-SHA1": 90 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://sport.mobile2ads.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://sport.mobile2ads.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776700655.0682573 }