{ "type": "Domain", "indicator": "quic.cloud", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/quic.cloud", "alexa": "http://www.alexa.com/siteinfo/quic.cloud", "indicator": "quic.cloud", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3351119331, "indicator": "quic.cloud", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "67e1aa875e6c907d7e1b5fa0", "name": "hxxps://tech4service.ca - 03.24.25", "description": "YEG tech/hardware vendor", "modified": "2025-04-23T18:02:31.021000", "created": "2025-03-24T18:55:03.147000", "tags": [ "please", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "community", "results", "switch", "inquest labs", "resources api", "notes supported", "cve list", "drop your", "file", "service", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "prefetch8 ansi", "ansi", "show process", "hash seen", "pcap processing", "pcap", "date", "ck id", "command decode", "mitre att", "win64", "suspicious", "hybrid", "comspec", "close", "click", "hosts", "general", "path", "model", "encrypt", "upgrade", "strings", "contact" ], "references": [ "https://www.virustotal.com/gui/url/d3fcc8b4575e8e04b8c80b171089c26f3d117ac9b11e971dc4fd0345f00b4414", "https://pulsedive.com/indicator/?iid=68410521", "https://metadefender.com/results/url/aHR0cHM6Ly90ZWNoNHNlcnZpY2UuY2E=", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/overview", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/geolocation", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/ioc", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807/67e1a708525a509d1805065a", "", "https://pulsedive.com/indicator/?iid=68410679" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 21, "FileHash-SHA1": 20, "FileHash-SHA256": 20, "domain": 29, "email": 7, "hostname": 37, "SSLCertFingerprint": 20 }, "indicator_count": 343, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "405 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67003f03a306bf1058cdf97a", "name": "Stored XSS Vulnerability Discovered in LiteSpeed Cache Plugin", "description": "A high-severity stored cross-site scripting (XSS) vulnerability (CVE-2024-47374) has been discovered in the LiteSpeed Cache plugin for WordPress, affecting versions up to 6.5.0.2. This flaw allows attackers to inject malicious JavaScript and potentially hijack user sessions or take over entire sites, especially if an administrator account is compromised. The vulnerability was patched in version 6.5.1, and users are advised to update immediately to protect their sites.", "modified": "2024-10-04T19:16:19.402000", "created": "2024-10-04T19:16:19.402000", "tags": [ "litespeed cache", "september", "taiyou", "wordpress", "patchstack", "ccss", "http header", "vary", "group", "vary group" ], "references": [ "https://patchstack.com/articles/unauthenticated-stored-xss-vulnerability-in-litespeed-cache-plugin-affecting-6-million-sites/" ], "public": 1, "adversary": "Vary", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 1 }, "indicator_count": 2, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "606 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/url/d3fcc8b4575e8e04b8c80b171089c26f3d117ac9b11e971dc4fd0345f00b4414", "", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807", "https://metadefender.com/results/url/aHR0cHM6Ly90ZWNoNHNlcnZpY2UuY2E=", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/ioc", "https://pulsedive.com/indicator/?iid=68410521", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807/67e1a708525a509d1805065a", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/overview", "https://pulsedive.com/indicator/?iid=68410679", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/geolocation", "https://patchstack.com/articles/unauthenticated-stored-xss-vulnerability-in-litespeed-cache-plugin-affecting-6-million-sites/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Vary" ], "malware_families": [], "industries": [ "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "67e1aa875e6c907d7e1b5fa0", "name": "hxxps://tech4service.ca - 03.24.25", "description": "YEG tech/hardware vendor", "modified": "2025-04-23T18:02:31.021000", "created": "2025-03-24T18:55:03.147000", "tags": [ "please", "javascript", "threat intelligence", "feed", "ioc", "change theme", "contact us", "intelligence", "threats api", "analyze api", "overview", "threats explore", "rate limits", "stixtaxii", "bulk export", "community", "results", "switch", "inquest labs", "resources api", "notes supported", "cve list", "drop your", "file", "service", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "virus", "ransomware", "static", "indicator of compromise", "extraction", "emulation", "platform", "prefetch8 ansi", "ansi", "show process", "hash seen", "pcap processing", "pcap", "date", "ck id", "command decode", "mitre att", "win64", "suspicious", "hybrid", "comspec", "close", "click", "hosts", "general", "path", "model", "encrypt", "upgrade", "strings", "contact" ], "references": [ "https://www.virustotal.com/gui/url/d3fcc8b4575e8e04b8c80b171089c26f3d117ac9b11e971dc4fd0345f00b4414", "https://pulsedive.com/indicator/?iid=68410521", "https://metadefender.com/results/url/aHR0cHM6Ly90ZWNoNHNlcnZpY2UuY2E=", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/overview", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/geolocation", "https://www.filescan.io/uploads/67e1a7ffc26eb3fd74f584c0/reports/28bf2c8b-9ebd-4f47-8428-135838c23c2f/ioc", "https://hybrid-analysis.com/sample/4ac0486c18ef662f2ba44e75cc13830d7e3d6a8ec20040a78e7818a6484bf807/67e1a708525a509d1805065a", "", "https://pulsedive.com/indicator/?iid=68410679" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 189, "FileHash-MD5": 21, "FileHash-SHA1": 20, "FileHash-SHA256": 20, "domain": 29, "email": 7, "hostname": 37, "SSLCertFingerprint": 20 }, "indicator_count": 343, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "405 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67003f03a306bf1058cdf97a", "name": "Stored XSS Vulnerability Discovered in LiteSpeed Cache Plugin", "description": "A high-severity stored cross-site scripting (XSS) vulnerability (CVE-2024-47374) has been discovered in the LiteSpeed Cache plugin for WordPress, affecting versions up to 6.5.0.2. This flaw allows attackers to inject malicious JavaScript and potentially hijack user sessions or take over entire sites, especially if an administrator account is compromised. The vulnerability was patched in version 6.5.1, and users are advised to update immediately to protect their sites.", "modified": "2024-10-04T19:16:19.402000", "created": "2024-10-04T19:16:19.402000", "tags": [ "litespeed cache", "september", "taiyou", "wordpress", "patchstack", "ccss", "http header", "vary", "group", "vary group" ], "references": [ "https://patchstack.com/articles/unauthenticated-stored-xss-vulnerability-in-litespeed-cache-plugin-affecting-6-million-sites/" ], "public": 1, "adversary": "Vary", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 1 }, "indicator_count": 2, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "606 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "quic.cloud", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "quic.cloud", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780449613.9602664 }