{ "type": "URL", "indicator": "https://www.didriks.com/all-brands", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.didriks.com/all-brands", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4113812787, "indicator": "https://www.didriks.com/all-brands", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "689ae28d66814f3c2cbf1791", "name": "Botnet Sinkhole | Potential WannaCry DNS Lookup", "description": "*iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Botnet Sinkhole | Potential WannaCry DNSLookup. Targeting , Project Content Reputation. Backdoor:Win32/Fynloski \u2022\nWas [Win.Trojan.DarkKomet-1] now- [Worm:Win32/Mofksys.R!MTB] \u2022\nPotential WannaCry DNS lookup\nIllegal Content 20 + teen p0r\u0146 content sites for reputation abuse and or framing.\n| highjacked? URL\nhttps://archive.org/web/petabox.php |\n| cdn1.onlyteenporn.com |\n| http://onlyteenporn.com/go.php.php?link=top |\n| http://onlyteenporn.com/go.php?link= |\n\n#botnet #sinkhole #worm #trojan #injection #socialengineering #wannacry #dns #teen_porn #content_reputation #dumpsite #petabox #webarchive #photography", "modified": "2025-09-11T05:01:39.966000", "created": "2025-08-12T06:43:25.992000", "tags": [ "show process", "united", "command decode", "mitre att", "suricata ipv4", "ck id", "show technique", "ck matrix", "programfiles", "sha1", "date", "comspec", "class", "august", "hybrid", "general", "path", "model", "click", "strings", "meta", "body", "present jun", "present aug", "present may", "present apr", "present feb", "creation date", "worm", "search", "present jul", "error", "msil", "passive dns", "urls", "url add", "pulse pulses", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "unknown ns", "ip address", "name servers", "status", "showing", "found title", "open ports", "backdoor", "hacktool", "entries", "next associated", "ipv4", "trojan", "domain", "authority", "record value", "script script", "cname", "script urls", "learn", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "ssl certificate", "execution att", "present mar", "mtb sep", "ransom", "win32", "gmt contenttype", "ipv4 add", "files", "location united", "development att", "extra data", "extraction", "please", "sc data", "type", "failed", "extr data", "ox sunnort", "include review", "exclude data", "sugges", "process32nextw", "observed dns", "query", "read c", "medium", "dns lookup", "msdos", "wannacry dns", "lookup", "wannacry", "delphi", "malware", "copy", "service", "explorer", "write", "darkcomet", "ping", "tools", "capture", "next" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 145, "FileHash-SHA1": 138, "FileHash-SHA256": 398, "SSLCertFingerprint": 12, "URL": 876, "domain": 136, "hostname": 216, "email": 3, "CVE": 1 }, "indicator_count": 1925, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "220 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68923ea4efbf58b7ba48acec", "name": "Hosted App", "description": "", "modified": "2025-09-04T16:03:17.037000", "created": "2025-08-05T17:25:56.454000", "tags": [ "issuer wr3", "log id", "gmtn", "abn timestamp", "ad180b80", "full name", "extensionsstr", "web server", "ca issuers", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "mitre att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "show technique", "date", "format", "august", "hybrid", "local", "path", "click", "strings", "flag", "usa windows", "hwp support", "march", "december", "united", "markmonitor", "overview dns", "requests domain", "country", "contacted hosts", "ip address", "process details", "t1179 hooking", "access windows", "installs", "control att", "found", "development att", "name server", "show process", "programfiles", "command decode", "suricata ipv4", "ck matrix", "comspec", "model", "general", "dynamicloader", "unknown", "as16509", "whitelisted", "medium", "write c", "as15169", "search", "high", "write", "android", "malware", "copy", "next", "formbook cnc", "checkin", "entries", "passive dns", "next associated", "site", "neue", "ipv4", "pulse pulses", "exploit", "trojan", "virtool", "body", "refer", "present dec", "epub", "present jan", "present nov", "present oct", "showing", "urls show", "win32", "win64", "date checked", "url hostname", "server response", "google safe", "prefetch8", "localappdata", "prefetch1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3409, "hostname": 4127, "URL": 8408, "SSLCertFingerprint": 9, "FileHash-SHA256": 1175, "FileHash-MD5": 144, "FileHash-SHA1": 134, "CVE": 2 }, "indicator_count": 17408, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 19221 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/didriks.com", "whois": "http://whois.domaintools.com/didriks.com", "domain": "didriks.com", "hostname": "www.didriks.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "689ae28d66814f3c2cbf1791", "name": "Botnet Sinkhole | Potential WannaCry DNS Lookup", "description": "*iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Botnet Sinkhole | Potential WannaCry DNSLookup. Targeting , Project Content Reputation. Backdoor:Win32/Fynloski \u2022\nWas [Win.Trojan.DarkKomet-1] now- [Worm:Win32/Mofksys.R!MTB] \u2022\nPotential WannaCry DNS lookup\nIllegal Content 20 + teen p0r\u0146 content sites for reputation abuse and or framing.\n| highjacked? URL\nhttps://archive.org/web/petabox.php |\n| cdn1.onlyteenporn.com |\n| http://onlyteenporn.com/go.php.php?link=top |\n| http://onlyteenporn.com/go.php?link= |\n\n#botnet #sinkhole #worm #trojan #injection #socialengineering #wannacry #dns #teen_porn #content_reputation #dumpsite #petabox #webarchive #photography", "modified": "2025-09-11T05:01:39.966000", "created": "2025-08-12T06:43:25.992000", "tags": [ "show process", "united", "command decode", "mitre att", "suricata ipv4", "ck id", "show technique", "ck matrix", "programfiles", "sha1", "date", "comspec", "class", "august", "hybrid", "general", "path", "model", "click", "strings", "meta", "body", "present jun", "present aug", "present may", "present apr", "present feb", "creation date", "worm", "search", "present jul", "error", "msil", "passive dns", "urls", "url add", "pulse pulses", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "unknown ns", "ip address", "name servers", "status", "showing", "found title", "open ports", "backdoor", "hacktool", "entries", "next associated", "ipv4", "trojan", "domain", "authority", "record value", "script script", "cname", "script urls", "learn", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "ssl certificate", "execution att", "present mar", "mtb sep", "ransom", "win32", "gmt contenttype", "ipv4 add", "files", "location united", "development att", "extra data", "extraction", "please", "sc data", "type", "failed", "extr data", "ox sunnort", "include review", "exclude data", "sugges", "process32nextw", "observed dns", "query", "read c", "medium", "dns lookup", "msdos", "wannacry dns", "lookup", "wannacry", "delphi", "malware", "copy", "service", "explorer", "write", "darkcomet", "ping", "tools", "capture", "next" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 145, "FileHash-SHA1": 138, "FileHash-SHA256": 398, "SSLCertFingerprint": 12, "URL": 876, "domain": 136, "hostname": 216, "email": 3, "CVE": 1 }, "indicator_count": 1925, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "220 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68923ea4efbf58b7ba48acec", "name": "Hosted App", "description": "", "modified": "2025-09-04T16:03:17.037000", "created": "2025-08-05T17:25:56.454000", "tags": [ "issuer wr3", "log id", "gmtn", "abn timestamp", "ad180b80", "full name", "extensionsstr", "web server", "ca issuers", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "mitre att", "sha1", "copy md5", "copy sha1", "copy sha256", "sha256", "ascii text", "pattern match", "show technique", "date", "format", "august", "hybrid", "local", "path", "click", "strings", "flag", "usa windows", "hwp support", "march", "december", "united", "markmonitor", "overview dns", "requests domain", "country", "contacted hosts", "ip address", "process details", "t1179 hooking", "access windows", "installs", "control att", "found", "development att", "name server", "show process", "programfiles", "command decode", "suricata ipv4", "ck matrix", "comspec", "model", "general", "dynamicloader", "unknown", "as16509", "whitelisted", "medium", "write c", "as15169", "search", "high", "write", "android", "malware", "copy", "next", "formbook cnc", "checkin", "entries", "passive dns", "next associated", "site", "neue", "ipv4", "pulse pulses", "exploit", "trojan", "virtool", "body", "refer", "present dec", "epub", "present jan", "present nov", "present oct", "showing", "urls show", "win32", "win64", "date checked", "url hostname", "server response", "google safe", "prefetch8", "localappdata", "prefetch1" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3409, "hostname": 4127, "URL": 8408, "SSLCertFingerprint": 9, "FileHash-SHA256": 1175, "FileHash-MD5": 144, "FileHash-SHA1": 134, "CVE": 2 }, "indicator_count": 17408, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.didriks.com/all-brands", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.didriks.com/all-brands", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642455.3884797 }