{ "type": "URL", "indicator": "https://webmail-only.it.dhosting.pl", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://webmail-only.it.dhosting.pl", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3995504887, "indicator": "https://webmail-only.it.dhosting.pl", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "68422544a89f9653e4cc441b", "name": "Consulting Service Sp. z o. o.", "description": "Zarejestruj stron\u0119 internetow\u0105\nhttp://consultingservice.pl/", "modified": "2025-10-01T00:01:22.860000", "created": "2025-06-05T23:16:20.070000", "tags": [ "domeny", "nask", "eurid", "dodatkowo", "nask czyli", "jeli", "twoja domena", "w przypadku", "zgoszenie", "podaj takie", "ciebie", "registrar", "whois database", "whois", "a mx", "ip ip", "pierwszy", "analiza wynikw", "lokalizacja asn", "etykieta", "usugi", "mevspace sp" ], "references": [ "http://consultingservice.pl/", "https://consultingservice.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ciebie", "display_name": "Ciebie", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 302, "domain": 77, "email": 2, "hostname": 435, "FileHash-SHA256": 3, "FileHash-MD5": 2 }, "indicator_count": 821, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "242 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68518a846f4b324a27032c80", "name": "4833228eb74f8e1b5496dd5c4beb7cd0.viruscrime_mirai", "description": "A full set of rules for detecting Mirai botnet malware has been published on the website of Nextron Systems, which developed the software for the Google Chrome operating system and is now being used by Google.", "modified": "2025-09-01T08:05:14.933000", "created": "2025-06-17T15:32:20.611000", "tags": [ "sha1", "sha256", "telfhash", "roth", "nextron", "detects mirai", "detection rule", "license", "yara rule", "set author", "roth date", "identifier", "mirai", "malware", "detects", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "security", "win32", "vhash", "ssdeep", "license v2", "fd fd", "ff ff", "c1 e2", "f0 c1", "c1 c8", "b6 ff", "c3 eb", "ff c7", "cobalt" ], "references": [ "0a85f83a63499998342edd58a377665e48667b29d7f3724296c1de6bd196e37a", "195.88.50.1 Possible recent Mirai infection" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 48, "FileHash-SHA1": 47, "FileHash-SHA256": 233, "YARA": 107, "URL": 246, "hostname": 94, "domain": 19, "CVE": 2 }, "indicator_count": 796, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "272 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6848c105e22453c2bec2258d", "name": "Ogrodnictwo - Baza Firm 2024.xls adorno.pl", "description": "Researchers at the University of California at Berkeley, in the United States, have published their findings on the subject of a security vulnerability in Microsoft's PowerShell operating system, also known as \"Chocolatey\".", "modified": "2025-07-28T08:00:49.288000", "created": "2025-06-10T23:34:29.281000", "tags": [ "vhash", "ssdeep", "inquest labs", "microsoft excel", "d0 cf", "e0 a1", "hiddenss", "statess", "hidden", "nocase", "sha256", "externalnet", "homenet", "mtu denial", "5762", "needed", "df bit", "reply", "policies", "insecure level", "registry type", "powershell", "powershell id", "script block", "logging", "windows", "getfreespace", "imageendswith", "example", "imagestartswith", "files", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "cache entry", "gzip chrome", "user", "woff chrome", "javascript c", "doscom c", "text c", "bmp c", "text chrome" ], "references": [ "MD5 da63ff099674eab612f7101116bddaa5", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 12, "FileHash-SHA256": 51, "URL": 239, "YARA": 1, "domain": 35, "hostname": 22, "CVE": 1 }, "indicator_count": 375, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "307 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68518522589e9ae890de427e", "name": "PIT 2024/2025 Online | Rozliczenie PIT w Chmurze za 2024 rok - PIT Projekt", "description": "As part of a series of updates on social media, we take a look at some of the most well-known examples of \"pit projekt\" - or \"pitprojkt\".", "modified": "2025-07-17T15:02:49.497000", "created": "2025-06-17T15:09:22.940000", "tags": [ "regexp", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "error", "block", "click", "body", "present mar", "present apr", "present feb", "present jan", "present sep", "present aug", "present jul", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego", "sha1", "sha256", "telfhash" ], "references": [ "https://www.pitprojekt.pl/wp-includes/js/jquery/jquery.min.js?ver=3.7.1", "nitro-min-f43b551b749a36845288913120943cc6.jquery.min.js", "https://www.pitprojekt.pl/wp-content/plugins/dp-portfolio-posts-pro-1/js/ajax-get-post.js?ver=1.0.2", "http://www.pitprojekt.pl/files/772/119/PitProjekt2012Setup.exe", "http://pitprojekt.pl", "http://pit projekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 13, "FileHash-MD5": 176, "FileHash-SHA1": 176, "FileHash-SHA256": 1557, "URL": 1228, "domain": 154, "hostname": 461, "email": 1 }, "indicator_count": 3766, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "685094452f1739c5a766cce2", "name": "Ogrodnictwo - Baza Firm 2024.xls", "description": "https://www.virustotal.com/gui/file/5efeb26d7ace64c8011cf6fc7ab00343c27de26dca1402aa6d6a4492a0afa6a1/behavior", "modified": "2025-07-16T20:00:18.627000", "created": "2025-06-16T22:01:41.450000", "tags": [ "externalnet", "homenet", "reply", "ssdeep", "block", "click", "body", "exchange online", "ipv6", "destinationport", "microsoft", "common", "office online", "excel", "nextron", "connection", "ip id", "vhash" ], "references": [ "Office Application Initiated Network Connection To Non-Local IP" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 103, "CIDR": 36, "CVE": 1, "URL": 156, "domain": 19, "hostname": 60 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6850d3254c6c13f93ba6bad7", "name": "premium.pl - mi\u0119dzynarodowa gie\u0142da domen", "description": "The full text of the full report from the European Commission on Wednesday has been released, and it is expected to be published on Thursday, 1 July.. and will be posted on Facebook, Twitter and Instagram.", "modified": "2025-06-17T15:03:15.521000", "created": "2025-06-17T02:29:57.301000", "tags": [ "domeny", "domena", "aukcje domen", "gie\u0142da domen", "panel domen", "domeny na sprzeda\u017c", "domeny premium", "tanie domeny", "kontakt", "wymagane", "vhash", "ssdeep" ], "references": [ "https://parking.premium.pl/park/contact/?domain=local.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "FileHash-MD5": 3, "FileHash-SHA1": 2, "FileHash-SHA256": 151, "hostname": 45, "URL": 3 }, "indicator_count": 205, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6850a03885a3bbbc223103cb", "name": "Page Redirection https://www.mbank.com.pl/", "description": "Sprawd\u017a informacje o bezpiecze\u0144stwie ca\u0142odobowe wsparcie 24 godziny na dobry pocz\u0105tek.", "modified": "2025-06-17T15:03:13.322000", "created": "2025-06-16T22:52:40.172000", "tags": [ "mbank", "kredyty", "lokaty", "konta bankowe", "karty", "ubezpieczenia online", "us\u0142ug", "e-urz\u0105d", "inwestycje i oszcz\u0119dno\u015bci", "strong", "odtwrz film", "konto", "przeczytaj", "jestemy", "twojej", "zapraszamy", "zamwienia", "otwrz", "pamitaj", "android", "wiemy", "vhash", "ssdeep" ], "references": [ "https://www.mbank.com.pl/", "http://www.mbank.com.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wiemy", "display_name": "Wiemy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 42, "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 21, "URL": 70, "domain": 20 }, "indicator_count": 172, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.mbank.com.pl/", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "http://pit projekt.pl", "http://pitprojekt.pl", "0a85f83a63499998342edd58a377665e48667b29d7f3724296c1de6bd196e37a", "https://www.pitprojekt.pl/wp-content/plugins/dp-portfolio-posts-pro-1/js/ajax-get-post.js?ver=1.0.2", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf", "http://www.mbank.com.pl/", "http://consultingservice.pl/", "195.88.50.1 Possible recent Mirai infection", "https://consultingservice.pl/", "Office Application Initiated Network Connection To Non-Local IP", "http://www.pitprojekt.pl/files/772/119/PitProjekt2012Setup.exe", "https://parking.premium.pl/park/contact/?domain=local.pl", "MD5 da63ff099674eab612f7101116bddaa5", "https://www.pitprojekt.pl/wp-includes/js/jquery/jquery.min.js?ver=3.7.1", "nitro-min-f43b551b749a36845288913120943cc6.jquery.min.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Wiemy", "Ciebie" ], "industries": [], "unique_indicators": 6236 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/dhosting.pl", "whois": "http://whois.domaintools.com/dhosting.pl", "domain": "dhosting.pl", "hostname": "webmail-only.it.dhosting.pl" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "68422544a89f9653e4cc441b", "name": "Consulting Service Sp. z o. o.", "description": "Zarejestruj stron\u0119 internetow\u0105\nhttp://consultingservice.pl/", "modified": "2025-10-01T00:01:22.860000", "created": "2025-06-05T23:16:20.070000", "tags": [ "domeny", "nask", "eurid", "dodatkowo", "nask czyli", "jeli", "twoja domena", "w przypadku", "zgoszenie", "podaj takie", "ciebie", "registrar", "whois database", "whois", "a mx", "ip ip", "pierwszy", "analiza wynikw", "lokalizacja asn", "etykieta", "usugi", "mevspace sp" ], "references": [ "http://consultingservice.pl/", "https://consultingservice.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Ciebie", "display_name": "Ciebie", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 302, "domain": 77, "email": 2, "hostname": 435, "FileHash-SHA256": 3, "FileHash-MD5": 2 }, "indicator_count": 821, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "242 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68518a846f4b324a27032c80", "name": "4833228eb74f8e1b5496dd5c4beb7cd0.viruscrime_mirai", "description": "A full set of rules for detecting Mirai botnet malware has been published on the website of Nextron Systems, which developed the software for the Google Chrome operating system and is now being used by Google.", "modified": "2025-09-01T08:05:14.933000", "created": "2025-06-17T15:32:20.611000", "tags": [ "sha1", "sha256", "telfhash", "roth", "nextron", "detects mirai", "detection rule", "license", "yara rule", "set author", "roth date", "identifier", "mirai", "malware", "detects", "program", "files", "xored keyword", "xor key", "sentinel labs", "filter", "norton", "security", "win32", "vhash", "ssdeep", "license v2", "fd fd", "ff ff", "c1 e2", "f0 c1", "c1 c8", "b6 ff", "c3 eb", "ff c7", "cobalt" ], "references": [ "0a85f83a63499998342edd58a377665e48667b29d7f3724296c1de6bd196e37a", "195.88.50.1 Possible recent Mirai infection" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 48, "FileHash-SHA1": 47, "FileHash-SHA256": 233, "YARA": 107, "URL": 246, "hostname": 94, "domain": 19, "CVE": 2 }, "indicator_count": 796, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "272 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6848c105e22453c2bec2258d", "name": "Ogrodnictwo - Baza Firm 2024.xls adorno.pl", "description": "Researchers at the University of California at Berkeley, in the United States, have published their findings on the subject of a security vulnerability in Microsoft's PowerShell operating system, also known as \"Chocolatey\".", "modified": "2025-07-28T08:00:49.288000", "created": "2025-06-10T23:34:29.281000", "tags": [ "vhash", "ssdeep", "inquest labs", "microsoft excel", "d0 cf", "e0 a1", "hiddenss", "statess", "hidden", "nocase", "sha256", "externalnet", "homenet", "mtu denial", "5762", "needed", "df bit", "reply", "policies", "insecure level", "registry type", "powershell", "powershell id", "script block", "logging", "windows", "getfreespace", "imageendswith", "example", "imagestartswith", "files", "sandbox author", "securityuserid", "windows upgrade", "k netsvcs", "defender", "update", "cache entry", "gzip chrome", "user", "woff chrome", "javascript c", "doscom c", "text c", "bmp c", "text chrome" ], "references": [ "MD5 da63ff099674eab612f7101116bddaa5", "https://virustotalcloud.firebaseapp.com/__/auth/handler?state=AMbdmDmB7R-mobcjqlNn5Tk3TSMlTTChMo-X0Gu7sho4DBhHzFXXT13BnjoMIZ2BiUB9IwoPL5YHSk3Ad2Hjsn7dL9LVBA89o2Xy4CjQj6siPR5s_G-pxcVnajQCDVEG7aXwBPaq8QmoPG5sRErBd_3iX0RDSzNL0_AU9_ldsWsakbA0LOLkIluupkaXhS72NREPpemuXBzy0pI7pvWidxXFtfFklcG_-fzn8KLDIO4BVRcktGFwWvQ2Oa46KE8oqkAynQoBDw-ssMd-fZwwNdPME_GWE9q4dvXE8cHt7rUcfStwp9XZ7_Jd82zJHsp-cFPguYZx-a0NGA&code=4%2F0AUJR-x6e6ebOwSRIdn1ETUESvDBcpCwDMA12A8aZtVcAffxzGkWb2YWoSX-_VtzNaYcw6w&scope=email+profile+https%3A%2F%2F", "d37481f608bdf78117b2f8819bcfd6744c3934b5c08c2ec8b8cbd36030a6fbd3 g_Faktury__FAKTURA_Bruttoppn.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 12, "FileHash-SHA256": 51, "URL": 239, "YARA": 1, "domain": 35, "hostname": 22, "CVE": 1 }, "indicator_count": 375, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "307 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68518522589e9ae890de427e", "name": "PIT 2024/2025 Online | Rozliczenie PIT w Chmurze za 2024 rok - PIT Projekt", "description": "As part of a series of updates on social media, we take a look at some of the most well-known examples of \"pit projekt\" - or \"pitprojkt\".", "modified": "2025-07-17T15:02:49.497000", "created": "2025-06-17T15:09:22.940000", "tags": [ "regexp", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "error", "block", "click", "body", "present mar", "present apr", "present feb", "present jan", "present sep", "present aug", "present jul", "pit projekt", "chcesz", "pity online", "program", "interesuje ci", "pity zapisane", "jeli", "oddajemy w", "twoje rce", "dziki jego", "sha1", "sha256", "telfhash" ], "references": [ "https://www.pitprojekt.pl/wp-includes/js/jquery/jquery.min.js?ver=3.7.1", "nitro-min-f43b551b749a36845288913120943cc6.jquery.min.js", "https://www.pitprojekt.pl/wp-content/plugins/dp-portfolio-posts-pro-1/js/ajax-get-post.js?ver=1.0.2", "http://www.pitprojekt.pl/files/772/119/PitProjekt2012Setup.exe", "http://pitprojekt.pl", "http://pit projekt.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 13, "FileHash-MD5": 176, "FileHash-SHA1": 176, "FileHash-SHA256": 1557, "URL": 1228, "domain": 154, "hostname": 461, "email": 1 }, "indicator_count": 3766, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "685094452f1739c5a766cce2", "name": "Ogrodnictwo - Baza Firm 2024.xls", "description": "https://www.virustotal.com/gui/file/5efeb26d7ace64c8011cf6fc7ab00343c27de26dca1402aa6d6a4492a0afa6a1/behavior", "modified": "2025-07-16T20:00:18.627000", "created": "2025-06-16T22:01:41.450000", "tags": [ "externalnet", "homenet", "reply", "ssdeep", "block", "click", "body", "exchange online", "ipv6", "destinationport", "microsoft", "common", "office online", "excel", "nextron", "connection", "ip id", "vhash" ], "references": [ "Office Application Initiated Network Connection To Non-Local IP" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 1, "FileHash-SHA256": 103, "CIDR": 36, "CVE": 1, "URL": 156, "domain": 19, "hostname": 60 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6850d3254c6c13f93ba6bad7", "name": "premium.pl - mi\u0119dzynarodowa gie\u0142da domen", "description": "The full text of the full report from the European Commission on Wednesday has been released, and it is expected to be published on Thursday, 1 July.. and will be posted on Facebook, Twitter and Instagram.", "modified": "2025-06-17T15:03:15.521000", "created": "2025-06-17T02:29:57.301000", "tags": [ "domeny", "domena", "aukcje domen", "gie\u0142da domen", "panel domen", "domeny na sprzeda\u017c", "domeny premium", "tanie domeny", "kontakt", "wymagane", "vhash", "ssdeep" ], "references": [ "https://parking.premium.pl/park/contact/?domain=local.pl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "FileHash-MD5": 3, "FileHash-SHA1": 2, "FileHash-SHA256": 151, "hostname": 45, "URL": 3 }, "indicator_count": 205, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6850a03885a3bbbc223103cb", "name": "Page Redirection https://www.mbank.com.pl/", "description": "Sprawd\u017a informacje o bezpiecze\u0144stwie ca\u0142odobowe wsparcie 24 godziny na dobry pocz\u0105tek.", "modified": "2025-06-17T15:03:13.322000", "created": "2025-06-16T22:52:40.172000", "tags": [ "mbank", "kredyty", "lokaty", "konta bankowe", "karty", "ubezpieczenia online", "us\u0142ug", "e-urz\u0105d", "inwestycje i oszcz\u0119dno\u015bci", "strong", "odtwrz film", "konto", "przeczytaj", "jestemy", "twojej", "zapraszamy", "zamwienia", "otwrz", "pamitaj", "android", "wiemy", "vhash", "ssdeep" ], "references": [ "https://www.mbank.com.pl/", "http://www.mbank.com.pl/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wiemy", "display_name": "Wiemy", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 42, "FileHash-MD5": 10, "FileHash-SHA1": 9, "FileHash-SHA256": 21, "URL": 70, "domain": 20 }, "indicator_count": 172, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://webmail-only.it.dhosting.pl", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://webmail-only.it.dhosting.pl", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780242846.217049 }