{ "type": "Domain", "indicator": "sport-program.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/sport-program.com", "alexa": "http://www.alexa.com/siteinfo/sport-program.com", "indicator": "sport-program.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3718756280, "indicator": "sport-program.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "5fa1ee5c64dc0e2060647954", "name": "Malware - Malware Domain Feed V2 - November 03 2020", "description": "Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-31T01:17:54.397000", "created": "2020-11-03T23:57:16.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 130981, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45551, "domain": 66446 }, "indicator_count": 111997, "is_author": false, "is_subscribing": null, "subscriber_count": 971, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b5461ad2cb2f9e8d342d", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:06.188000", "created": "2024-02-06T22:40:06.188000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b543bc2adfd3eca5ff2b", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:03.501000", "created": "2024-02-06T22:40:03.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b5405e6e9e23324e6d8e", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:00.906000", "created": "2024-02-06T22:40:00.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64bfd25008236bd6f079e1f6", "name": "ACTIVIDAD MALICIOSA | Relacionada con Cobalt Strike 25-07-2023", "description": "Cobalt Strike es una herramienta usada para detectar vulnerabilidades de acceso al sistema. La herramienta en s\u00ed se usa normalmente para pruebas de software y para encontrar varios errores y fallos de seguridad. Sin embargo, el problema viene cuando los ciberdelincuentes se aprovechan de tales herramientas y Cobalt Strike no es una excepci\u00f3n Seg\u00fan la investigaci\u00f3n, esas personas env\u00edan cientos de miles de correos basura con adjuntos maliciosos Microsoft Word dise\u00f1ados para inyectar Cobalt Strike en el sistema.", "modified": "2023-08-24T13:04:55.815000", "created": "2023-07-25T13:46:56.393000", "tags": [ "cobalt strike", "cobaltstrike", "tencen", "alibab", "hwcsnet huawei", "cloud service", "limite", "kaopuhk kaopu", "cloud hk", "multaasn1 drbra", "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003" ], "references": [ "https://www.pcrisk.es/guias-de-desinfeccion/9042-cobalt-strike-malware", "https://bazaar.abuse.ch/browse.php?search=signature%3ACobalt+Strike", "https://threatfox.abuse.ch/browse/malware/win.cobalt_strike/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 227, "domain": 7, "hostname": 22 }, "indicator_count": 256, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1012 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c3a1297bbfb4b85cbde920", "name": "Threatview.io Domain Blocklist", "description": "Malicious Domains identified for phishing/ serving malware/ command and control", "modified": "2023-07-28T11:06:17.802000", "created": "2023-07-28T11:06:17.802000", "tags": [], "references": [ "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 245, "hostname": 21 }, "indicator_count": 266, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1039 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://threatfox.abuse.ch/browse/malware/win.cobalt_strike/", "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt", "https://www.pcrisk.es/guias-de-desinfeccion/9042-cobalt-strike-malware", "https://bazaar.abuse.ch/browse.php?search=signature%3ACobalt+Strike" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Cobalt strike - s0154" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "5fa1ee5c64dc0e2060647954", "name": "Malware - Malware Domain Feed V2 - November 03 2020", "description": "Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-05-31T01:17:54.397000", "created": "2020-11-03T23:57:16.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 130981, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45551, "domain": 66446 }, "indicator_count": 111997, "is_author": false, "is_subscribing": null, "subscriber_count": 971, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b5461ad2cb2f9e8d342d", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:06.188000", "created": "2024-02-06T22:40:06.188000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b543bc2adfd3eca5ff2b", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:03.501000", "created": "2024-02-06T22:40:03.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c2b5405e6e9e23324e6d8e", "name": "Malware - Malware Domain Feed V2 - 11.93.2020 [Pulse by otxrobottwo_testing]", "description": "", "modified": "2024-02-06T22:40:00.906000", "created": "2024-02-06T22:40:00.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "5fa1ee5c64dc0e2060647954", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 45530, "domain": 66406 }, "indicator_count": 111936, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "845 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64bfd25008236bd6f079e1f6", "name": "ACTIVIDAD MALICIOSA | Relacionada con Cobalt Strike 25-07-2023", "description": "Cobalt Strike es una herramienta usada para detectar vulnerabilidades de acceso al sistema. La herramienta en s\u00ed se usa normalmente para pruebas de software y para encontrar varios errores y fallos de seguridad. Sin embargo, el problema viene cuando los ciberdelincuentes se aprovechan de tales herramientas y Cobalt Strike no es una excepci\u00f3n Seg\u00fan la investigaci\u00f3n, esas personas env\u00edan cientos de miles de correos basura con adjuntos maliciosos Microsoft Word dise\u00f1ados para inyectar Cobalt Strike en el sistema.", "modified": "2023-08-24T13:04:55.815000", "created": "2023-07-25T13:46:56.393000", "tags": [ "cobalt strike", "cobaltstrike", "tencen", "alibab", "hwcsnet huawei", "cloud service", "limite", "kaopuhk kaopu", "cloud hk", "multaasn1 drbra", "discovery", "ta0005", "ta0003", "ta0009", "ta0004", "ta0007", "ta0008", "ta0001", "t1001", "t1003" ], "references": [ "https://www.pcrisk.es/guias-de-desinfeccion/9042-cobalt-strike-malware", "https://bazaar.abuse.ch/browse.php?search=signature%3ACobalt+Strike", "https://threatfox.abuse.ch/browse/malware/win.cobalt_strike/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike - S0154", "display_name": "Cobalt Strike - S0154", "target": null } ], "attack_ids": [ { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1029", "name": "Scheduled Transfer", "display_name": "T1029 - Scheduled Transfer" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 227, "domain": 7, "hostname": 22 }, "indicator_count": 256, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "1012 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64c3a1297bbfb4b85cbde920", "name": "Threatview.io Domain Blocklist", "description": "Malicious Domains identified for phishing/ serving malware/ command and control", "modified": "2023-07-28T11:06:17.802000", "created": "2023-07-28T11:06:17.802000", "tags": [], "references": [ "https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "hitman", "id": "195", "avatar_url": "/otxapi/users/avatar_image/media/avatars/hitman/resized/80/MtDewBot.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 245, "hostname": 21 }, "indicator_count": 266, "is_author": false, "is_subscribing": null, "subscriber_count": 183, "modified_text": "1039 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "sport-program.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "sport-program.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780326192.1892877 }