{ "type": "Domain", "indicator": "support-fb.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/support-fb.com", "alexa": "http://www.alexa.com/siteinfo/support-fb.com", "indicator": "support-fb.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2290010779, "indicator": "support-fb.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "66e9c8e63a72c7cb531a58ba", "name": "08.09.24 URLscanio 2 weeks.csv", "description": "", "modified": "2025-10-25T02:09:23.619000", "created": "2024-09-17T18:22:30.731000", "tags": [], "references": [ "https://x.com/NorrisN60014/status/1836092481978486802", "https://x.com/NorrisN60014/status/1836092481978486802", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 6, "URL": 1074, "domain": 1530, "email": 2, "hostname": 2849 }, "indicator_count": 5464, "is_author": false, "is_subscribing": null, "subscriber_count": 181, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774768587a0dd8c99603273", "name": "JA3 c0dc7647257f04c70118ed416f181827 Valid From 2019-08-24 16:43:06 Valid To 2049-08-24 16:43:06", "description": "Certificate Attributes\nValid From 2019-08-24 16:43:06 Valid To 2049-08-24 16:43:06\nSerial Number 16a250fafea9a6ffac60f09244415fe2194df377 Thumbprint cd0298d2987d51eea8e1c7feaeed4f8f7ad62033\nJA3 c0dc7647257f04c70118ed416f181827 SHA-256 11a75567b5d2d03e200e7473c72b1f698e4a268d38f7653d09515e83f1c52712", "modified": "2025-05-14T21:15:16.467000", "created": "2024-12-31T22:56:05.043000", "tags": [ "valid from", "number", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 1813, "URL": 233, "hostname": 213, "domain": 398 }, "indicator_count": 2695, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "341 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f235b9a7a94a6a61acd651", "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan", "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.", "modified": "2025-03-07T08:38:08.584000", "created": "2024-09-24T03:44:57.902000", "tags": [ "geoip", "public url", "as16509", "amazon02", "as20940", "akamaiasn1", "as8075", "as15169", "google", "akamaias", "facebook", "telecom", "twitter", "media", "win64", "level3", "mini", "ukraine", "proton", "ghost", "win32", "cuba", "mexico", "indonesia", "seznam", "as3359", "as852" ], "references": [ "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://n0paste.eu/UH6n5pD/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Anguilla", "Poland", "Aruba", "Australia", "Barbados", "Costa Rica", "Guatemala", "Philippines", "Panama", "Sint Maarten (Dutch part)", "Saint Martin (French part)", "Cayman Islands", "Cura\u00e7ao", "Mexico", "Saint Vincent and the Grenadines", "Saint Kitts and Nevis", "Tanzania, United Republic of", "Netherlands", "Ukraine", "Trinidad and Tobago", "Japan", "Bahamas", "United Kingdom of Great Britain and Northern Ireland", "Georgia" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "CIDR": 1186, "CVE": 4, "FileHash-MD5": 29, "FileHash-SHA1": 3, "URL": 25493, "domain": 5396, "email": 10, "hostname": 10770 }, "indicator_count": 42892, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6696f4f69476edc8e4273991", "name": "Logs - iOS SE2, SE3 & iOS 15 Pro Max & iPadOS Air 4 & Apple Macbook Air (A1466 - test device)", "description": "The following is a partial set of logs & leftovers from the Apple Family of Devices", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-16T22:32:21.627000", "tags": [ "please", "javascript", "entity", "rogers", "repstefanik", "myrakez", "polizeiberlin", "kaishhhhhh", "emilemando22", "uwmlife", "secblinken", "thomaskralow", "miaxdx" ], "references": [ "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/summary", "https://www.virustotal.com/graph/embed/gaa065e3cc130494ea44b292fa15ad0b3bda2259393974adf8fed22bbdbfcecf5?theme=dark", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/iocs", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/graph", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/iocs", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/graph", "https://www.virustotal.com/graph/embed/ga0f29bb3fd4a4235b62a2031e5fbc57ca39fc314565d43f28cbc0d096cc7d19a?theme=dark", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/iocs", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/graph", "https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/summary", "https://www.virustotal.com/graph/embed/g1f620b321385470f9e0172dc878e371620e6bb704edc421ca6ef9b709db0fb59?theme=dark", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Panama", "Guatemala", "Costa Rica", "Mexico", "Aruba" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 32, "FileHash-SHA256": 2179, "URL": 1365, "domain": 397, "hostname": 419 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669ad504a491593b3092d20c", "name": "Apple Stuff Combined", "description": "Description: IOCs derived from downed Apple Fleet logs\nCommon IOCs from Apple-Related Products - extracted from Apple Logs/Reports", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-19T21:05:08.808000", "tags": [ "contains-zip", "contains-apk", "upx", "pecompact", "contains-elf", "attachment", "as-protect", "contains-pe", "aspack", "telock", "downloads-zip", "nsis", "downloads-pe", "base64-embedded", "bobsoft", "opendir" ], "references": [ "https://viz.greynoise.io/analysis/c8416853-215d-48d0-9420-b6f43cdb1aaf", "https://www.virustotal.com/graph/embed/g266c7267d27a42b494f80bfa327d9a47a182ff352a4843c69c655a09e131dd49?theme=dark", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/iocs", "https://viz.greynoise.io/analysis/0746f250-b49a-4017-9e80-b0c9ce1993d6", "cve-2015-2414, 2016-0101, 2006-3869, 2004-0790, 2004-0566, 2005-0068, 2009-1122, 2017-17215, 2017-11882, 2017-0199, 2002-0013, 2016-2569, 2014-8361, 1999-0016, 2008-2257, 2009-1535, 2022-30190, 2008-2938, 2014-6345, 2002-0012", "https://www.filescan.io/uploads/669fffb84c5c17942a7c1d3f/reports/c881cbc5-750f-4b35-a43d-084844d036e6/overview", "https://www.filescan.io/uploads/66a001cb3ba51bb345a32569/reports/34b4aa58-68cb-4045-8653-ccfd3a1fb3dd/overview", "https://urlscan.io/user/submit/", "https://viz.greynoise.io/analysis/cb9811dd-809d-4a25-bb28-512d2c2b3393", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/summary", "07.19.24: IPs, Greynoise: https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://viz.greynoise.io/analysis/3fbd45fa-08a2-423a-98b9-e6b37ea05e8a" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Telecommunications", "Government", "Healthcare", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10067, "FileHash-SHA256": 6080, "hostname": 1957, "domain": 1445, "CVE": 20 }, "indicator_count": 19569, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66540f16406788219bb4acab", "name": "iPadOS - iPad Air 4", "description": "Logs, Privacy Reports from a compromised iPad air 4 (Lockdown Mode & Hardware Key) - 3 different Apple IDs", "modified": "2024-08-06T16:02:05.410000", "created": "2024-05-27T04:41:58.185000", "tags": [ "please", "javascript", "Apple", "iPadOS" ], "references": [ "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/iocs", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/graph", "https://viz.greynoise.io/analysis/91e32f0c-55b1-4b61-bf38-deee3033f6cc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 20, "FileHash-SHA1": 80, "FileHash-SHA256": 1185, "URL": 190, "hostname": 121, "domain": 255 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "622 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bca8fcbe62297d71b47c33", "name": "Ragnar Locker", "description": "\u2022 FBI Flash CU-000163-MW: RagnarLocker Ransomware Indicators of Compromise\n\u2022 Found in https://www.Esurance.com\n 108.26.193.165\nAS 701 (UUNET)\n\u2022108.26.193.165 Postal Code: 02465 Reverse Domain Lookup: pool-108-26-193-165.bstnma.fios.verizon.net \n| Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encryption algorithm, and demands that victims pay a ransom to recover their data. The Ragnar Locker group is known to employ a double extortion tactic.", "modified": "2024-03-03T08:00:03.432000", "created": "2024-02-02T08:34:04.425000", "tags": [ "referrer", "contacted", "whois record", "ssl certificate", "whois whois", "contacted urls", "execution", "historical ssl", "red team", "gang breached", "agent tesla", "redline stealer", "metro", "android", "urls url", "files", "kgs0", "kls0", "orgtechhandle", "orgtechref", "orgabusehandle", "orgdnshandle", "orgdnsref", "whois lookup", "netrange", "nethandle", "net108", "net1080000", "communicating", "urls http", "ransomware gang", "breached", "team", "first", "utc submissions", "submitters", "gandi sas", "psiusa", "domain robot", "porkbun llc", "keysystems gmbh", "csc corporate", "domains", "domain name", "network pty", "tucows", "com laude", "dynadot inc" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8354, "FileHash-MD5": 104, "FileHash-SHA1": 81, "FileHash-SHA256": 2711, "CIDR": 5, "CVE": 6, "domain": 1489, "hostname": 3058, "email": 5 }, "indicator_count": 15813, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "778 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653d41d95fceb536fa8b3bae", "name": "https://www.npmjs.com/", "description": "Github critical bounty", "modified": "2023-11-27T19:03:33.482000", "created": "2023-10-28T17:16:09.274000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 902, "domain": 448, "hostname": 378, "FileHash-SHA256": 6821, "FileHash-MD5": 1308, "FileHash-SHA1": 1270, "CVE": 2, "email": 4 }, "indicator_count": 11133, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "875 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/graph", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/graph", "https://www.virustotal.com/graph/embed/g1f620b321385470f9e0172dc878e371620e6bb704edc421ca6ef9b709db0fb59?theme=dark", "07.19.24: IPs, Greynoise: https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/iocs", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e", "https://viz.greynoise.io/analysis/3fbd45fa-08a2-423a-98b9-e6b37ea05e8a", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/graph", "https://www.filescan.io/uploads/669fffb84c5c17942a7c1d3f/reports/c881cbc5-750f-4b35-a43d-084844d036e6/overview", "https://www.filescan.io/uploads/66a001cb3ba51bb345a32569/reports/34b4aa58-68cb-4045-8653-ccfd3a1fb3dd/overview", "https://viz.greynoise.io/analysis/0746f250-b49a-4017-9e80-b0c9ce1993d6", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/summary", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/iocs", "https://x.com/NorrisN60014/status/1836092481978486802", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/iocs", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn", "https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://urlscan.io/user/submit/", "https://www.virustotal.com/graph/embed/g266c7267d27a42b494f80bfa327d9a47a182ff352a4843c69c655a09e131dd49?theme=dark", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/iocs", "https://n0paste.eu/UH6n5pD/", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://viz.greynoise.io/analysis/c8416853-215d-48d0-9420-b6f43cdb1aaf", "https://www.virustotal.com/graph/embed/ga0f29bb3fd4a4235b62a2031e5fbc57ca39fc314565d43f28cbc0d096cc7d19a?theme=dark", "https://viz.greynoise.io/analysis/cb9811dd-809d-4a25-bb28-512d2c2b3393", "https://viz.greynoise.io/analysis/91e32f0c-55b1-4b61-bf38-deee3033f6cc", "cve-2015-2414, 2016-0101, 2006-3869, 2004-0790, 2004-0566, 2005-0068, 2009-1122, 2017-17215, 2017-11882, 2017-0199, 2002-0013, 2016-2569, 2014-8361, 1999-0016, 2008-2257, 2009-1535, 2022-30190, 2008-2938, 2014-6345, 2002-0012", "https://www.virustotal.com/graph/embed/gaa065e3cc130494ea44b292fa15ad0b3bda2259393974adf8fed22bbdbfcecf5?theme=dark", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/summary", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "66e9c8e63a72c7cb531a58ba", "name": "08.09.24 URLscanio 2 weeks.csv", "description": "", "modified": "2025-10-25T02:09:23.619000", "created": "2024-09-17T18:22:30.731000", "tags": [], "references": [ "https://x.com/NorrisN60014/status/1836092481978486802", "https://x.com/NorrisN60014/status/1836092481978486802", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 6, "URL": 1074, "domain": 1530, "email": 2, "hostname": 2849 }, "indicator_count": 5464, "is_author": false, "is_subscribing": null, "subscriber_count": 181, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6774768587a0dd8c99603273", "name": "JA3 c0dc7647257f04c70118ed416f181827 Valid From 2019-08-24 16:43:06 Valid To 2049-08-24 16:43:06", "description": "Certificate Attributes\nValid From 2019-08-24 16:43:06 Valid To 2049-08-24 16:43:06\nSerial Number 16a250fafea9a6ffac60f09244415fe2194df377 Thumbprint cd0298d2987d51eea8e1c7feaeed4f8f7ad62033\nJA3 c0dc7647257f04c70118ed416f181827 SHA-256 11a75567b5d2d03e200e7473c72b1f698e4a268d38f7653d09515e83f1c52712", "modified": "2025-05-14T21:15:16.467000", "created": "2024-12-31T22:56:05.043000", "tags": [ "valid from", "number", "sha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 1813, "URL": 233, "hostname": 213, "domain": 398 }, "indicator_count": 2695, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "341 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f235b9a7a94a6a61acd651", "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan", "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.", "modified": "2025-03-07T08:38:08.584000", "created": "2024-09-24T03:44:57.902000", "tags": [ "geoip", "public url", "as16509", "amazon02", "as20940", "akamaiasn1", "as8075", "as15169", "google", "akamaias", "facebook", "telecom", "twitter", "media", "win64", "level3", "mini", "ukraine", "proton", "ghost", "win32", "cuba", "mexico", "indonesia", "seznam", "as3359", "as852" ], "references": [ "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://n0paste.eu/UH6n5pD/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Anguilla", "Poland", "Aruba", "Australia", "Barbados", "Costa Rica", "Guatemala", "Philippines", "Panama", "Sint Maarten (Dutch part)", "Saint Martin (French part)", "Cayman Islands", "Cura\u00e7ao", "Mexico", "Saint Vincent and the Grenadines", "Saint Kitts and Nevis", "Tanzania, United Republic of", "Netherlands", "Ukraine", "Trinidad and Tobago", "Japan", "Bahamas", "United Kingdom of Great Britain and Northern Ireland", "Georgia" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "CIDR": 1186, "CVE": 4, "FileHash-MD5": 29, "FileHash-SHA1": 3, "URL": 25493, "domain": 5396, "email": 10, "hostname": 10770 }, "indicator_count": 42892, "is_author": false, "is_subscribing": null, "subscriber_count": 147, "modified_text": "409 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6696f4f69476edc8e4273991", "name": "Logs - iOS SE2, SE3 & iOS 15 Pro Max & iPadOS Air 4 & Apple Macbook Air (A1466 - test device)", "description": "The following is a partial set of logs & leftovers from the Apple Family of Devices", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-16T22:32:21.627000", "tags": [ "please", "javascript", "entity", "rogers", "repstefanik", "myrakez", "polizeiberlin", "kaishhhhhh", "emilemando22", "uwmlife", "secblinken", "thomaskralow", "miaxdx" ], "references": [ "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/summary", "https://www.virustotal.com/graph/embed/gaa065e3cc130494ea44b292fa15ad0b3bda2259393974adf8fed22bbdbfcecf5?theme=dark", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/iocs", "https://www.virustotal.com/gui/collection/8f896c9d4bbc5f488d41616e169d253f9caa43644a13a94a5f42df5e2cf9cc75/graph", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/iocs", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/graph", "https://www.virustotal.com/graph/embed/ga0f29bb3fd4a4235b62a2031e5fbc57ca39fc314565d43f28cbc0d096cc7d19a?theme=dark", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/iocs", "https://www.virustotal.com/gui/collection/eb8b56887a4e8962925ce3e96050303382deb55d5e602caa1cfbb81b6297ba2e/graph", "https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/summary", "https://www.virustotal.com/graph/embed/g1f620b321385470f9e0172dc878e371620e6bb704edc421ca6ef9b709db0fb59?theme=dark", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Panama", "Guatemala", "Costa Rica", "Mexico", "Aruba" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 32, "FileHash-SHA256": 2179, "URL": 1365, "domain": 397, "hostname": 419 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669ad504a491593b3092d20c", "name": "Apple Stuff Combined", "description": "Description: IOCs derived from downed Apple Fleet logs\nCommon IOCs from Apple-Related Products - extracted from Apple Logs/Reports", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-19T21:05:08.808000", "tags": [ "contains-zip", "contains-apk", "upx", "pecompact", "contains-elf", "attachment", "as-protect", "contains-pe", "aspack", "telock", "downloads-zip", "nsis", "downloads-pe", "base64-embedded", "bobsoft", "opendir" ], "references": [ "https://viz.greynoise.io/analysis/c8416853-215d-48d0-9420-b6f43cdb1aaf", "https://www.virustotal.com/graph/embed/g266c7267d27a42b494f80bfa327d9a47a182ff352a4843c69c655a09e131dd49?theme=dark", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/iocs", "https://viz.greynoise.io/analysis/0746f250-b49a-4017-9e80-b0c9ce1993d6", "cve-2015-2414, 2016-0101, 2006-3869, 2004-0790, 2004-0566, 2005-0068, 2009-1122, 2017-17215, 2017-11882, 2017-0199, 2002-0013, 2016-2569, 2014-8361, 1999-0016, 2008-2257, 2009-1535, 2022-30190, 2008-2938, 2014-6345, 2002-0012", "https://www.filescan.io/uploads/669fffb84c5c17942a7c1d3f/reports/c881cbc5-750f-4b35-a43d-084844d036e6/overview", "https://www.filescan.io/uploads/66a001cb3ba51bb345a32569/reports/34b4aa58-68cb-4045-8653-ccfd3a1fb3dd/overview", "https://urlscan.io/user/submit/", "https://viz.greynoise.io/analysis/cb9811dd-809d-4a25-bb28-512d2c2b3393", "https://www.virustotal.com/gui/collection/3955f19b42e4ed4d4af0bb416ee463d8a6190cdcc4b1de29a0bf795d2dc18a97/summary", "07.19.24: IPs, Greynoise: https://viz.greynoise.io/analysis/ba31ba2b-4967-4d39-ac24-143d9c66136b", "https://viz.greynoise.io/analysis/3fbd45fa-08a2-423a-98b9-e6b37ea05e8a" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Telecommunications", "Government", "Healthcare", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 10067, "FileHash-SHA256": 6080, "hostname": 1957, "domain": 1445, "CVE": 20 }, "indicator_count": 19569, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66540f16406788219bb4acab", "name": "iPadOS - iPad Air 4", "description": "Logs, Privacy Reports from a compromised iPad air 4 (Lockdown Mode & Hardware Key) - 3 different Apple IDs", "modified": "2024-08-06T16:02:05.410000", "created": "2024-05-27T04:41:58.185000", "tags": [ "please", "javascript", "Apple", "iPadOS" ], "references": [ "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/iocs", "https://www.virustotal.com/gui/collection/a19bfa2ad298cf90f570d7cdf51d20aa0623af71636f4811d44a782f780d85d9/graph", "https://viz.greynoise.io/analysis/91e32f0c-55b1-4b61-bf38-deee3033f6cc" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Telecommunications", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 20, "FileHash-SHA1": 80, "FileHash-SHA256": 1185, "URL": 190, "hostname": 121, "domain": 255 }, "indicator_count": 1851, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "622 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bca8fcbe62297d71b47c33", "name": "Ragnar Locker", "description": "\u2022 FBI Flash CU-000163-MW: RagnarLocker Ransomware Indicators of Compromise\n\u2022 Found in https://www.Esurance.com\n 108.26.193.165\nAS 701 (UUNET)\n\u2022108.26.193.165 Postal Code: 02465 Reverse Domain Lookup: pool-108-26-193-165.bstnma.fios.verizon.net \n| Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encryption algorithm, and demands that victims pay a ransom to recover their data. The Ragnar Locker group is known to employ a double extortion tactic.", "modified": "2024-03-03T08:00:03.432000", "created": "2024-02-02T08:34:04.425000", "tags": [ "referrer", "contacted", "whois record", "ssl certificate", "whois whois", "contacted urls", "execution", "historical ssl", "red team", "gang breached", "agent tesla", "redline stealer", "metro", "android", "urls url", "files", "kgs0", "kls0", "orgtechhandle", "orgtechref", "orgabusehandle", "orgdnshandle", "orgdnsref", "whois lookup", "netrange", "nethandle", "net108", "net1080000", "communicating", "urls http", "ransomware gang", "breached", "team", "first", "utc submissions", "submitters", "gandi sas", "psiusa", "domain robot", "porkbun llc", "keysystems gmbh", "csc corporate", "domains", "domain name", "network pty", "tucows", "com laude", "dynadot inc" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8354, "FileHash-MD5": 104, "FileHash-SHA1": 81, "FileHash-SHA256": 2711, "CIDR": 5, "CVE": 6, "domain": 1489, "hostname": 3058, "email": 5 }, "indicator_count": 15813, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "778 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653d41d95fceb536fa8b3bae", "name": "https://www.npmjs.com/", "description": "Github critical bounty", "modified": "2023-11-27T19:03:33.482000", "created": "2023-10-28T17:16:09.274000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 902, "domain": 448, "hostname": 378, "FileHash-SHA256": 6821, "FileHash-MD5": 1308, "FileHash-SHA1": 1270, "CVE": 2, "email": 4 }, "indicator_count": 11133, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "875 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "support-fb.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "support-fb.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776723341.4335957 }