{ "type": "URL", "indicator": "https://storefix-fr.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://storefix-fr.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4059382972, "indicator": "https://storefix-fr.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "687f6609ea4d353d4b5f8ce5", "name": "Proton66 Campaign Exposes Global Sectors via Mass Scanning and Fresh CVE Exploits", "description": "", "modified": "2025-08-21T10:05:01.053000", "created": "2025-07-22T10:20:57.883000", "tags": [], "references": [ "Cyber Threat Advisory - Update 2 Proton66 Campaign Exposes Global Sectors via Mass Scanning and Fresh CVE Exploits.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "domain": 61, "hostname": 6, "FileHash-SHA256": 28, "URL": 61 }, "indicator_count": 161, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68075360a020c6b0f4bf3a56", "name": "Hackers Exploit Russian Bulletproof Host Proton66 for Global Cyberattacks", "description": "Cybersecurity researchers have uncovered a surge in mass scanning, credential brute-forcing, and exploitation attempts originating from IP addresses associated with the Russian bulletproof hosting service provider Proton66. Since January 8, 2025, these attacks have targeted organizations worldwide, deploying various malware families, including GootLoader and SpyNote. The malicious activity involves exploiting critical vulnerabilities in widely used systems, posing a significant threat to global cybersecurity.", "modified": "2025-05-22T08:02:33.885000", "created": "2025-04-22T08:29:20.493000", "tags": [ "software vulnerability", "cyber attacks", "data breach", "ransomware malware", "proton66", "prospero", "kaspersky", "strelastealer", "russian", "gootloader", "spynote", "superblack", "xworm", "weaxor", "mallox" ], "references": [ "https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html" ], "public": 1, "adversary": "Prospero", "targeted_countries": [], "malware_families": [ { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "StrelaStealer", "display_name": "StrelaStealer", "target": null }, { "id": "WeaXor", "display_name": "WeaXor", "target": null } ], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "CVE": 5, "domain": 50, "URL": 42, "FileHash-SHA256": 6, "hostname": 2 }, "indicator_count": 107, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "377 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html", "Cyber Threat Advisory - Update 2 Proton66 Campaign Exposes Global Sectors via Mass Scanning and Fresh CVE Exploits.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Prospero" ], "malware_families": [ "Strelastealer", "Weaxor", "Xworm" ], "industries": [], "unique_indicators": 177 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/storefix-fr.com", "whois": "http://whois.domaintools.com/storefix-fr.com", "domain": "storefix-fr.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "687f6609ea4d353d4b5f8ce5", "name": "Proton66 Campaign Exposes Global Sectors via Mass Scanning and Fresh CVE Exploits", "description": "", "modified": "2025-08-21T10:05:01.053000", "created": "2025-07-22T10:20:57.883000", "tags": [], "references": [ "Cyber Threat Advisory - Update 2 Proton66 Campaign Exposes Global Sectors via Mass Scanning and Fresh CVE Exploits.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 5, "domain": 61, "hostname": 6, "FileHash-SHA256": 28, "URL": 61 }, "indicator_count": 161, "is_author": false, "is_subscribing": null, "subscriber_count": 85, "modified_text": "286 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68075360a020c6b0f4bf3a56", "name": "Hackers Exploit Russian Bulletproof Host Proton66 for Global Cyberattacks", "description": "Cybersecurity researchers have uncovered a surge in mass scanning, credential brute-forcing, and exploitation attempts originating from IP addresses associated with the Russian bulletproof hosting service provider Proton66. Since January 8, 2025, these attacks have targeted organizations worldwide, deploying various malware families, including GootLoader and SpyNote. The malicious activity involves exploiting critical vulnerabilities in widely used systems, posing a significant threat to global cybersecurity.", "modified": "2025-05-22T08:02:33.885000", "created": "2025-04-22T08:29:20.493000", "tags": [ "software vulnerability", "cyber attacks", "data breach", "ransomware malware", "proton66", "prospero", "kaspersky", "strelastealer", "russian", "gootloader", "spynote", "superblack", "xworm", "weaxor", "mallox" ], "references": [ "https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html" ], "public": 1, "adversary": "Prospero", "targeted_countries": [], "malware_families": [ { "id": "XWorm", "display_name": "XWorm", "target": null }, { "id": "StrelaStealer", "display_name": "StrelaStealer", "target": null }, { "id": "WeaXor", "display_name": "WeaXor", "target": null } ], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "CVE": 5, "domain": 50, "URL": 42, "FileHash-SHA256": 6, "hostname": 2 }, "indicator_count": 107, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "377 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://storefix-fr.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://storefix-fr.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780522144.9660854 }