{ "type": "URL", "indicator": "https://sprl.in/OnlineBDOVerification", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://sprl.in/OnlineBDOVerification", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3745494789, "indicator": "https://sprl.in/OnlineBDOVerification", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "653f12d6276e255c7d06acc0", "name": "EWA Phishing & Exploit in short link survey redirect", "description": "", "modified": "2023-10-30T02:20:06.113000", "created": "2023-10-30T02:20:06.113000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": "65133deee8ee099ab75a49aa", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "944 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65133deee8ee099ab75a49aa", "name": "EWA Phishing & Exploit in short link survey redirect", "description": "", "modified": "2023-09-26T20:24:14.268000", "created": "2023-09-26T20:24:14.268000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": "64eae78aa781e6f8be552647", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "978 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eae78aa781e6f8be552647", "name": "EWA Phishing & Exploit in short link survey redirect.", "description": "Malicious redirect for hospital visit survey. \nShort link: https://sprl.in/HRJqy0eX \u2192exploit_source\t\t\t\nredirects to: https://www.ewatpa.com/cashless-claim-feedback/N5PZHDSGiMevZASQdsrtLg", "modified": "2023-09-26T05:00:14.694000", "created": "2023-08-27T06:04:58.559000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "978 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 291 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/sprl.in", "whois": "http://whois.domaintools.com/sprl.in", "domain": "sprl.in", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "653f12d6276e255c7d06acc0", "name": "EWA Phishing & Exploit in short link survey redirect", "description": "", "modified": "2023-10-30T02:20:06.113000", "created": "2023-10-30T02:20:06.113000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": "65133deee8ee099ab75a49aa", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "944 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65133deee8ee099ab75a49aa", "name": "EWA Phishing & Exploit in short link survey redirect", "description": "", "modified": "2023-09-26T20:24:14.268000", "created": "2023-09-26T20:24:14.268000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": "64eae78aa781e6f8be552647", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "978 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eae78aa781e6f8be552647", "name": "EWA Phishing & Exploit in short link survey redirect.", "description": "Malicious redirect for hospital visit survey. \nShort link: https://sprl.in/HRJqy0eX \u2192exploit_source\t\t\t\nredirects to: https://www.ewatpa.com/cashless-claim-feedback/N5PZHDSGiMevZASQdsrtLg", "modified": "2023-09-26T05:00:14.694000", "created": "2023-08-27T06:04:58.559000", "tags": [ "external system", "windir", "ck id", "show technique", "mitre att", "ck matrix", "hashtablemutex", "sample", "antivirus", "api call", "general", "pattern match", "done adding", "catalog file", "temp", "network related", "https webserver", "flag", "united", "server", "date", "india india", "localappdata", "source", "binary file", "click", "input", "pcap", "files clean1", "size", "type data", "av scan", "result", "copy md5", "sha1", "copy sha1", "runtime process", "sha256", "copy sha256", "asn13335", "cloudflarenet", "india", "asn16509", "amazon02", "frankfurt", "main", "germany", "asn15169", "value", "august", "variables", "zone function", "fontawesome", "editbox", "button function", "pushbutton", "textfield", "passwordfield", "domains", "hashes" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 137, "domain": 64, "hostname": 34, "FileHash-SHA256": 31, "FileHash-MD5": 9, "FileHash-SHA1": 7 }, "indicator_count": 282, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "978 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://sprl.in/OnlineBDOVerification", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://sprl.in/OnlineBDOVerification", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780264784.2272427 }