{ "type": "URL", "indicator": "https://www.ssd-dns.pl", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.ssd-dns.pl", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3951345840, "indicator": "https://www.ssd-dns.pl", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "66ce8795f74ccdc8a4ad972f", "name": "Home | Sanselo | Realizare site web \u0219i aplica\u021bii de mobil", "description": "Aplica\u021bii mobile, \u00c2\u00a31bn, \u00e2\u201a\u00ac1.5bn \u00e2\u20ac\u00b5\u00a6 \u00c3\u20ac\u201c \u00f4l iau i'r iddo.", "modified": "2025-05-14T21:14:50.899000", "created": "2024-08-28T02:12:37.280000", "tags": [ "sanselo", "i aplicaii", "home", "realizare site", "servicii web", "mobile app", "contact blog", "selecteaz", "pagin", "future", "adres url", "ipv4", "ccro asnas39668", "intersat srl", "rola", "url http", "odcisk palca" ], "references": [ "https://sanselo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11, "URL": 1533, "domain": 150, "email": 2, "hostname": 471, "FileHash-MD5": 236, "FileHash-SHA1": 141, "FileHash-SHA256": 979, "SSLCertFingerprint": 4 }, "indicator_count": 3527, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d147ac5afafb76f652ccfb", "name": "cyberfolks.pl / Hosting/ 185.208.164.121 / VPS / 94.152.11.60 / 193.218.154.51", "description": "The full text of the text-free version of Microsoft's Chrome browser can be viewed here:. \u00c2\u00a31.5m.. (\u20ac2.4m) \u20ac", "modified": "2024-12-16T22:19:24.841000", "created": "2024-08-30T04:16:44.939000", "tags": [ "vhash", "ssdeep", "digicert", "g2 firmy", "digicert g3", "entrust gwny", "gwny", "microsoft ecc", "microsoft azure", "ecc tls", "rsa tls", "microsoft rsa", "aoc ca", "digicert tls", "azure rsa", "eoc ca", "digicert cloud", "azure tls", "azure ecc", "xargs", "jeli", "azure", "authority", "java", "ms windows", "dziennik zdarze", "vista", "pe32", "intel", "defender", "systemy", "plik", "tekst ascii", "dane archiwalne", "ptime", "danie", "msie", "windows nt", "okrndata", "jzyk", "cieka", "sha1", "sha256", "imphasz", "pejzasz", "windows", "eurostile", "disk1", "augustin", "butterfield", "cook", "drummer", "erickson", "fjsv", "flynn", "gorman", "easy", "rada", "xanadu", "config", "reboot", "screen", "trash", "wersja pliku", "v2 dokument", "aaaa", "cname", "aaaaa", "whasz", "dostawa", "cache entry", "wav chrome", "gzip chrome", "text chrome", "woff chrome", "cab c", "lnk c", "doc c", "doc chrome", "ttf chrome" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6307, "hostname": 7851, "domain": 1282, "FileHash-MD5": 221, "FileHash-SHA256": 1346, "IPv4": 1437, "IPv6": 8, "FileHash-SHA1": 192, "email": 3, "CIDR": 8, "CVE": 2 }, "indicator_count": 18657, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66caffd62b03fba176499249", "name": "192.168.122.26 RFC 1918 - Address Allocation for Private Internets", "description": "https://static.ietf.org/dt/12.22.0/ietf/js/select2.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/document_timeline.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/d3.js\n27d3ed3ed0003ed00042d43d00041df04c41293ba84f6efe3a613b22f983e6\nhttps://static.ietf.org/dt/12.22.0/ietf/js/ietf.js\nhttps://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "modified": "2024-11-29T19:44:18.974000", "created": "2024-08-25T09:56:38.383000", "tags": [ "internet", "practice", "rekhter", "february", "best current", "page", "ip connectivity", "ip address", "allocation", "tcpip", "formats", "regexp", "string", "function", "boolean", "null", "notification", "number", "object", "dtbt", "chatlog", "status", "vhash", "ssdeep", "sha256", "authentihash", "imphash", "rich pe", "coolnovo", "olet", "encrypt", "cnr3", "oszyfrujmy", "cne1", "cnr11", "cnr10", "cne5", "cloudflare", "cne6", "bn english", "rticon english", "vs2010 sp1", "vs2010", "contained", "english us", "compiler", "utc first", "submission", "symantec time", "date", "class" ], "references": [ "https://datatracker.ietf.org/doc/rfc1918/", "http://datatracker.ietf.org/doc/rfc1918/", "https://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "https://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "email": 18, "hostname": 1714, "URL": 261, "FileHash-MD5": 113, "FileHash-SHA1": 103, "FileHash-SHA256": 565 }, "indicator_count": 2819, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb1a82b938d97fca42577b", "name": "http://sni.cloudflaressl.com/ SSL dla sni.com and Cloudflaressl.cloudflAressL.org", "description": "urz\u0105dzenie5695310-7a1dc9c7-local.wd2go.com\nurz\u0105dzenie4491421-0ffc7b50-local.wd2go.com", "modified": "2024-11-29T19:44:16.599000", "created": "2024-08-25T11:50:26.438000", "tags": [ "cloudflare", "read", "report", "zero trust", "contact", "sign", "view", "discover", "gartner magic", "quadrant", "protect", "enterprise", "fortune", "ssl certificate" ], "references": [ "http://sni.cloudflaressl.com/" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8863, "hostname": 2526, "domain": 3054, "FileHash-SHA256": 703, "FileHash-SHA1": 16, "IPv4": 227, "FileHash-MD5": 10, "IPv6": 8, "CVE": 2 }, "indicator_count": 15409, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb5560913a9cb8d451a1cd", "name": "Log In | Criminal IP", "description": "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180\nIf you want to know what is going on in your browser, spare a thought for the three-year-old, who has been caught up in the latest version of the \"rum\" search engine.", "modified": "2024-11-29T19:44:16.076000", "created": "2024-08-25T16:01:36.377000", "tags": [ "typeof require", "typeof module", "typeof define", "error", "modulenotfound", "string", "date", "function", "doublequote", "null", "regexp", "iframe", "script", "style", "embed", "keygen", "meta", "typeof t", "typeerror", "typeof window", "uint8array", "ithis", "typeof", "invalid uuid", "othis", "typeof symbol", "generator", "array", "pfunction", "rfunction", "ttfb", "typeof crypto", "typeof mscrypto", "typeof e", "typeof r", "whasz", "ip lookup", "port check", "vulnerability scanner", "attack surface", "cyber threat intelligence", "cti", "asm", "domain", "exploit", "phishing", "criminal ip", "apis", "criminal", "search engine", "strong", "login", "ai spera", "ip search", "engine products", "about contact", "twitter", "contact", "sha1" ], "references": [ "https://cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js", "https://apis.google.com/js/platform.js", "https://static.ads-twitter.com/uwt.js", "https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015/", "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 118, "URL": 242, "FileHash-MD5": 773, "FileHash-SHA1": 752, "FileHash-SHA256": 3277, "domain": 24, "email": 11 }, "indicator_count": 5197, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "553 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015/", "https://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "http://sni.cloudflaressl.com/", "https://cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js", "https://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js", "https://datatracker.ietf.org/doc/rfc1918/", "https://apis.google.com/js/platform.js", "https://sanselo.com/", "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180", "http://datatracker.ietf.org/doc/rfc1918/", "https://static.ads-twitter.com/uwt.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "TrojanDownloader:Win32/Nemucod" ], "malware_families": [], "industries": [], "unique_indicators": 55448 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ssd-dns.pl", "whois": "http://whois.domaintools.com/ssd-dns.pl", "domain": "ssd-dns.pl", "hostname": "www.ssd-dns.pl" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "66ce8795f74ccdc8a4ad972f", "name": "Home | Sanselo | Realizare site web \u0219i aplica\u021bii de mobil", "description": "Aplica\u021bii mobile, \u00c2\u00a31bn, \u00e2\u201a\u00ac1.5bn \u00e2\u20ac\u00b5\u00a6 \u00c3\u20ac\u201c \u00f4l iau i'r iddo.", "modified": "2025-05-14T21:14:50.899000", "created": "2024-08-28T02:12:37.280000", "tags": [ "sanselo", "i aplicaii", "home", "realizare site", "servicii web", "mobile app", "contact blog", "selecteaz", "pagin", "future", "adres url", "ipv4", "ccro asnas39668", "intersat srl", "rola", "url http", "odcisk palca" ], "references": [ "https://sanselo.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 11, "URL": 1533, "domain": 150, "email": 2, "hostname": 471, "FileHash-MD5": 236, "FileHash-SHA1": 141, "FileHash-SHA256": 979, "SSLCertFingerprint": 4 }, "indicator_count": 3527, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d147ac5afafb76f652ccfb", "name": "cyberfolks.pl / Hosting/ 185.208.164.121 / VPS / 94.152.11.60 / 193.218.154.51", "description": "The full text of the text-free version of Microsoft's Chrome browser can be viewed here:. \u00c2\u00a31.5m.. (\u20ac2.4m) \u20ac", "modified": "2024-12-16T22:19:24.841000", "created": "2024-08-30T04:16:44.939000", "tags": [ "vhash", "ssdeep", "digicert", "g2 firmy", "digicert g3", "entrust gwny", "gwny", "microsoft ecc", "microsoft azure", "ecc tls", "rsa tls", "microsoft rsa", "aoc ca", "digicert tls", "azure rsa", "eoc ca", "digicert cloud", "azure tls", "azure ecc", "xargs", "jeli", "azure", "authority", "java", "ms windows", "dziennik zdarze", "vista", "pe32", "intel", "defender", "systemy", "plik", "tekst ascii", "dane archiwalne", "ptime", "danie", "msie", "windows nt", "okrndata", "jzyk", "cieka", "sha1", "sha256", "imphasz", "pejzasz", "windows", "eurostile", "disk1", "augustin", "butterfield", "cook", "drummer", "erickson", "fjsv", "flynn", "gorman", "easy", "rada", "xanadu", "config", "reboot", "screen", "trash", "wersja pliku", "v2 dokument", "aaaa", "cname", "aaaaa", "whasz", "dostawa", "cache entry", "wav chrome", "gzip chrome", "text chrome", "woff chrome", "cab c", "lnk c", "doc c", "doc chrome", "ttf chrome" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6307, "hostname": 7851, "domain": 1282, "FileHash-MD5": 221, "FileHash-SHA256": 1346, "IPv4": 1437, "IPv6": 8, "FileHash-SHA1": 192, "email": 3, "CIDR": 8, "CVE": 2 }, "indicator_count": 18657, "is_author": false, "is_subscribing": null, "subscriber_count": 125, "modified_text": "489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66caffd62b03fba176499249", "name": "192.168.122.26 RFC 1918 - Address Allocation for Private Internets", "description": "https://static.ietf.org/dt/12.22.0/ietf/js/select2.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/document_timeline.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/d3.js\n27d3ed3ed0003ed00042d43d00041df04c41293ba84f6efe3a613b22f983e6\nhttps://static.ietf.org/dt/12.22.0/ietf/js/ietf.js\nhttps://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js\nhttps://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "modified": "2024-11-29T19:44:18.974000", "created": "2024-08-25T09:56:38.383000", "tags": [ "internet", "practice", "rekhter", "february", "best current", "page", "ip connectivity", "ip address", "allocation", "tcpip", "formats", "regexp", "string", "function", "boolean", "null", "notification", "number", "object", "dtbt", "chatlog", "status", "vhash", "ssdeep", "sha256", "authentihash", "imphash", "rich pe", "coolnovo", "olet", "encrypt", "cnr3", "oszyfrujmy", "cne1", "cnr11", "cnr10", "cne5", "cloudflare", "cne6", "bn english", "rticon english", "vs2010 sp1", "vs2010", "contained", "english us", "compiler", "utc first", "submission", "symantec time", "date", "class" ], "references": [ "https://datatracker.ietf.org/doc/rfc1918/", "http://datatracker.ietf.org/doc/rfc1918/", "https://static.ietf.org/dt/12.22.0/ietf/js/theme.js", "https://static.ietf.org/dt/12.22.0/assets/embedded-8b6f56ff.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 45, "email": 18, "hostname": 1714, "URL": 261, "FileHash-MD5": 113, "FileHash-SHA1": 103, "FileHash-SHA256": 565 }, "indicator_count": 2819, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb1a82b938d97fca42577b", "name": "http://sni.cloudflaressl.com/ SSL dla sni.com and Cloudflaressl.cloudflAressL.org", "description": "urz\u0105dzenie5695310-7a1dc9c7-local.wd2go.com\nurz\u0105dzenie4491421-0ffc7b50-local.wd2go.com", "modified": "2024-11-29T19:44:16.599000", "created": "2024-08-25T11:50:26.438000", "tags": [ "cloudflare", "read", "report", "zero trust", "contact", "sign", "view", "discover", "gartner magic", "quadrant", "protect", "enterprise", "fortune", "ssl certificate" ], "references": [ "http://sni.cloudflaressl.com/" ], "public": 1, "adversary": "TrojanDownloader:Win32/Nemucod", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8863, "hostname": 2526, "domain": 3054, "FileHash-SHA256": 703, "FileHash-SHA1": 16, "IPv4": 227, "FileHash-MD5": 10, "IPv6": 8, "CVE": 2 }, "indicator_count": 15409, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66cb5560913a9cb8d451a1cd", "name": "Log In | Criminal IP", "description": "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180\nIf you want to know what is going on in your browser, spare a thought for the three-year-old, who has been caught up in the latest version of the \"rum\" search engine.", "modified": "2024-11-29T19:44:16.076000", "created": "2024-08-25T16:01:36.377000", "tags": [ "typeof require", "typeof module", "typeof define", "error", "modulenotfound", "string", "date", "function", "doublequote", "null", "regexp", "iframe", "script", "style", "embed", "keygen", "meta", "typeof t", "typeerror", "typeof window", "uint8array", "ithis", "typeof", "invalid uuid", "othis", "typeof symbol", "generator", "array", "pfunction", "rfunction", "ttfb", "typeof crypto", "typeof mscrypto", "typeof e", "typeof r", "whasz", "ip lookup", "port check", "vulnerability scanner", "attack surface", "cyber threat intelligence", "cti", "asm", "domain", "exploit", "phishing", "criminal ip", "apis", "criminal", "search engine", "strong", "login", "ai spera", "ip search", "engine products", "about contact", "twitter", "contact", "sha1" ], "references": [ "https://cdnjs.cloudflare.com/ajax/libs/parallax/3.1.0/parallax.min.js", "https://apis.google.com/js/platform.js", "https://static.ads-twitter.com/uwt.js", "https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015/", "https://www.criminalip.io/intelligence/maps?query=cve_id%3Acve-1999-0016&lat=57.996911700633525&lng=20.307597029382432&latmax=85&latmin=-85&lngmax=180&lngmin=-180" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 118, "URL": 242, "FileHash-MD5": 773, "FileHash-SHA1": 752, "FileHash-SHA256": 3277, "domain": 24, "email": 11 }, "indicator_count": 5197, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "553 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.ssd-dns.pl", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.ssd-dns.pl", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776643467.6548214 }