{ "type": "URL", "indicator": "https://std.sc.amc.devk.de", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://std.sc.amc.devk.de", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3429279683, "indicator": "https://std.sc.amc.devk.de", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "799 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62c231f263ca042121a81827", "name": "oracle is shocking", "description": "", "modified": "2022-08-03T00:05:10.569000", "created": "2022-07-04T00:18:58.267000", "tags": [ "span", "section", "button", "tbody", "script", "path", "java", "archive", "download", "cc02v0", "meta", "installer", "date", "iframe", "contact", "form", "service", "critical", "close", "alpha", "false", "click", "main", "energy", "life", "media", "write", "back", "widget", "tools", "protect", "april", "python", "ukraine", "indonesia", "middle", "facebook", "twitter" ], "references": [ "oracle com downl # java.pdf", "www.oracle.com - urlscan.io.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 956, "FileHash-SHA256": 237, "hostname": 197, "domain": 59, "FileHash-MD5": 2 }, "indicator_count": 1451, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6294eb02fc943581d0bf4ef1", "name": "www.apple.com:airtag:?cid=CDM-USA-DM-P0021742-498177%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T16:04:18.749000", "tags": [], "references": [ "www.apple.com:airtag:?cid=CDM-USA-DM-P0021742-498177%22, %22request%22:.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 489, "hostname": 80, "domain": 38, "FileHash-SHA256": 518, "CIDR": 2, "FileHash-MD5": 5 }, "indicator_count": 1132, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62951232023c3cdc0a0f7a1c", "name": "support.apple.com:de-de:HT204247%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T18:51:30.784000", "tags": [], "references": [ "support.apple.com:de-de:HT204247%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 423, "hostname": 188, "domain": 33, "FileHash-SHA256": 278, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 929, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261cdbea0bb54792ef9ac53", "name": "1and1.com - malware hosting and creation", "description": "Promise.com, or Promise.js, is a new type of word, and here is the full text of its first-ever translation:-a-word, a-d.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T21:33:50.899000", "tags": [ "noclickid", "error", "aborted", "xmlhttprequest", "typeof e", "cx bus", "genesys telecom", "labs", "promise", "lnull", "typeof t", "date", "typeof", "typeof define", "installtrigger", "weakset", "sfunction", "uk tv", "regexp", "custom code", "typeerror", "sufeffxa0", "typeof symbol", "azaz09", "library loaded", "page top", "path", "query string", "customevent", "afunction", "string", "pfunction", "mfunction", "dfunction", "march", "typeof o", "null", "stackframe", "object", "function", "array", "definition", "rhino", "factory", "isnumber", "plugin", "chrome pdf", "rejected", "target", "event", "started", "engaged", "trident", "internal", "parseint", "growheight", "cdata", "this", "system", "named", "invalid hex3", "invalid hex6", "uinguserid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "copyright", "closure library", "window", "value", "image", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "please", "april", "august", "close", "february", "june", "form", "klik", "click", "next", "blank", "este", "rserver", "mais", "void", "number", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw10804098076", "code", "qe", "aw428360528", "aw10816288188", "aw10814683072" ], "references": [ "xfe-URL-Ionos.de-stix2-2.1-export.json", "xfe-URL-1and1.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://js-na1.hs-scripts.com/8230984.js", "https://js.hsleadflows.net/leadflows.js", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://amplify.outbrain.com/cp/obtp.js", "https://uir.uimserv.net/sid/", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "UK TV", "display_name": "UK TV", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3592, "FileHash-SHA256": 402, "hostname": 1610, "domain": 553, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 6159, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c", "support.apple.com:de-de:HT204247%22,.pdf", "xfe-URL-1and1.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://amplify.outbrain.com/cp/obtp.js", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "https://js.hsleadflows.net/leadflows.js", "www.apple.com:airtag:?cid=CDM-USA-DM-P0021742-498177%22, %22request%22:.pdf", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://uir.uimserv.net/sid/", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "www.oracle.com - urlscan.io.pdf", "https://js-na1.hs-scripts.com/8230984.js", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "xfe-URL-Ionos.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72", "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "oracle com downl # java.pdf", "https://snap.licdn.com/li.lms-analytics/insight.min.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Roshtyak", "Worm:win32/benjamin", "Srpanj", "Rabu", "Anda", "Outubro", "Uk tv", "Trackingclient", "Tente", "Vui", "Qe", "Lokibot", "Vasaris", "Raspberry robin", "Ghost rat" ], "industries": [], "unique_indicators": 25678 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/devk.de", "whois": "http://whois.domaintools.com/devk.de", "domain": "devk.de", "hostname": "std.sc.amc.devk.de" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "65a0194269f81650babf9b6c", "name": "Raspberry Robin | Hijacker | link: voyour-cams.xww.de | Monitoring", "description": "Raspberry Robin aka Worm.RaspberyRobin started out as an annoying, yet relatively low-profile threat that was often installed via USB drive.\nTo be able to act as a backdoor, malware needs to be active or you need to be able to trigger it remotely. Raspberry Robin gains persistence by adding itself to the RunOnce key in the CurrentUser registry hive of the user who executed the initial malware.\n\nBy using command-and-control (C2) servers hosted on Tor nodes the Raspberry Robin implant can be used to distribute other malware.", "modified": "2024-02-10T15:03:45.065000", "created": "2024-01-11T16:37:22.751000", "tags": [ "ssl certificate", "whois record", "contacted", "threat roundup", "historical ssl", "december", "october", "august", "referrer", "execution", "raspberry robin", "ghost rat", "service", "dtrack", "download", "malware", "hijacker", "monitoring", "installer", "masquerading", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "headers", "nginx", "parked domain", "parking crew", "malware hosting", "dga parking", "msie", "cmd", "worm", "dga malvertizing" ], "references": [ "voyour-cams.xww.de", "https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples", "https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "LokiBot", "display_name": "LokiBot", "target": null }, { "id": "Ghost RAT", "display_name": "Ghost RAT", "target": null }, { "id": "Worm:Win32/Benjamin", "display_name": "Worm:Win32/Benjamin", "target": "/malware/Worm:Win32/Benjamin" }, { "id": "Raspberry Robin", "display_name": "Raspberry Robin", "target": null }, { "id": "Roshtyak", "display_name": "Roshtyak", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1052.001", "name": "Exfiltration over USB", "display_name": "T1052.001 - Exfiltration over USB" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1038", "name": "DLL Search Order Hijacking", "display_name": "T1038 - DLL Search Order Hijacking" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 81, "FileHash-SHA1": 83, "FileHash-SHA256": 3484, "URL": 7778, "domain": 2468, "hostname": 2348, "email": 2, "CVE": 1 }, "indicator_count": 16245, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "799 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62c231f263ca042121a81827", "name": "oracle is shocking", "description": "", "modified": "2022-08-03T00:05:10.569000", "created": "2022-07-04T00:18:58.267000", "tags": [ "span", "section", "button", "tbody", "script", "path", "java", "archive", "download", "cc02v0", "meta", "installer", "date", "iframe", "contact", "form", "service", "critical", "close", "alpha", "false", "click", "main", "energy", "life", "media", "write", "back", "widget", "tools", "protect", "april", "python", "ukraine", "indonesia", "middle", "facebook", "twitter" ], "references": [ "oracle com downl # java.pdf", "www.oracle.com - urlscan.io.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 956, "FileHash-SHA256": 237, "hostname": 197, "domain": 59, "FileHash-MD5": 2 }, "indicator_count": 1451, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6294eb02fc943581d0bf4ef1", "name": "www.apple.com:airtag:?cid=CDM-USA-DM-P0021742-498177%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T16:04:18.749000", "tags": [], "references": [ "www.apple.com:airtag:?cid=CDM-USA-DM-P0021742-498177%22, %22request%22:.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 489, "hostname": 80, "domain": 38, "FileHash-SHA256": 518, "CIDR": 2, "FileHash-MD5": 5 }, "indicator_count": 1132, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62951232023c3cdc0a0f7a1c", "name": "support.apple.com:de-de:HT204247%22", "description": "", "modified": "2022-06-29T00:00:46.963000", "created": "2022-05-30T18:51:30.784000", "tags": [], "references": [ "support.apple.com:de-de:HT204247%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 423, "hostname": 188, "domain": 33, "FileHash-SHA256": 278, "CIDR": 3, "FileHash-MD5": 4 }, "indicator_count": 929, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1390 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261cdbea0bb54792ef9ac53", "name": "1and1.com - malware hosting and creation", "description": "Promise.com, or Promise.js, is a new type of word, and here is the full text of its first-ever translation:-a-word, a-d.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T21:33:50.899000", "tags": [ "noclickid", "error", "aborted", "xmlhttprequest", "typeof e", "cx bus", "genesys telecom", "labs", "promise", "lnull", "typeof t", "date", "typeof", "typeof define", "installtrigger", "weakset", "sfunction", "uk tv", "regexp", "custom code", "typeerror", "sufeffxa0", "typeof symbol", "azaz09", "library loaded", "page top", "path", "query string", "customevent", "afunction", "string", "pfunction", "mfunction", "dfunction", "march", "typeof o", "null", "stackframe", "object", "function", "array", "definition", "rhino", "factory", "isnumber", "plugin", "chrome pdf", "rejected", "target", "event", "started", "engaged", "trident", "internal", "parseint", "growheight", "cdata", "this", "system", "named", "invalid hex3", "invalid hex6", "uinguserid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "copyright", "closure library", "window", "value", "image", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "please", "april", "august", "close", "february", "june", "form", "klik", "click", "next", "blank", "este", "rserver", "mais", "void", "number", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw10804098076", "code", "qe", "aw428360528", "aw10816288188", "aw10814683072" ], "references": [ "xfe-URL-Ionos.de-stix2-2.1-export.json", "xfe-URL-1and1.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-10814683072&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10816288188&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-476125975&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-428360528&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-10804098076&l=dataLayer&cx=c", "https://js-na1.hs-scripts.com/8230984.js", "https://js.hsleadflows.net/leadflows.js", "https://cdn.taboola.com/libtrc/unip/1123688/tfa.js", "https://pagead2.googlesyndication.com/pagead/js/r20220419/r20110914/elements/html/omrhp.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://amplify.outbrain.com/cp/obtp.js", "https://uir.uimserv.net/sid/", "https://apps.mypurecloud.de/journey/sdk/js/web/v1/ac.js", "https://www.ionos.com/modules/frontend-applications-common/script/components/stacktrace.js", "https://www.ionos.com/modules/hosting-common/script/privacy/bundle.js", "https://cdn.ionos.com/nk/9c2134ba72b4/6c2bd2fdffdc/launch-67fb473cc73f.min.js", "https://cdn.ionos.de/nk/9c2134ba72b4/6c2bd2fdffdc/0ced1406e60f/RC5068cb5aadbc4ec1a9aa72b8a74193e0-source.min.js", "https://unpkg.com/web-vitals@1.0.1/dist/web-vitals.umd.js", "https://apps.mypurecloud.de/widgets/9.0/cxbus.min.js", "https://tr.outbrain.com/cachedClickId?marketerId=001649abe8bf7b4d6841e1cae4cb770f72" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "UK TV", "display_name": "UK TV", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3592, "FileHash-SHA256": 402, "hostname": 1610, "domain": 553, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 6159, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://std.sc.amc.devk.de", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://std.sc.amc.devk.de", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776639193.148128 }