{
  "type": "Domain",
  "indicator": "rowdstrikefix.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/rowdstrikefix.com",
    "alexa": "http://www.alexa.com/siteinfo/rowdstrikefix.com",
    "indicator": "rowdstrikefix.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 3925132060,
      "indicator": "rowdstrikefix.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "669c23f11215e548fbd4c4ec",
          "name": "Phishing and Malware URLs Exploiting Recent CrowdStrike Incident",
          "description": "Here is the full text of the HijackLoader, which has been used by hackers to launch the attack on the UK's largest online market, Crowdstrike, in the wake of last week's attack.",
          "modified": "2024-08-19T18:04:49.704000",
          "created": "2024-07-20T20:54:09.129000",
          "tags": [
            "domain",
            "sha256",
            "domain na",
            "et ja3",
            "hash",
            "tls connection",
            "threats open",
            "suricata",
            "snort alert",
            "rule",
            "remcos",
            "trojan"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Crowdstrike"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 32,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Superpro",
            "id": "61676",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 6,
            "FileHash-SHA1": 6,
            "FileHash-SHA256": 13,
            "domain": 12
          },
          "indicator_count": 37,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 217,
          "modified_text": "649 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Crowdstrike"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "669c23f11215e548fbd4c4ec",
      "name": "Phishing and Malware URLs Exploiting Recent CrowdStrike Incident",
      "description": "Here is the full text of the HijackLoader, which has been used by hackers to launch the attack on the UK's largest online market, Crowdstrike, in the wake of last week's attack.",
      "modified": "2024-08-19T18:04:49.704000",
      "created": "2024-07-20T20:54:09.129000",
      "tags": [
        "domain",
        "sha256",
        "domain na",
        "et ja3",
        "hash",
        "tls connection",
        "threats open",
        "suricata",
        "snort alert",
        "rule",
        "remcos",
        "trojan"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Crowdstrike"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 32,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Superpro",
        "id": "61676",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 6,
        "FileHash-SHA1": 6,
        "FileHash-SHA256": 13,
        "domain": 12
      },
      "indicator_count": 37,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 217,
      "modified_text": "649 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "rowdstrikefix.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "rowdstrikefix.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780236253.4560807
}