{ "type": "Domain", "indicator": "wouldsplay.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/wouldsplay.com", "alexa": "http://www.alexa.com/siteinfo/wouldsplay.com", "indicator": "wouldsplay.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3926744270, "indicator": "wouldsplay.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "688ae705371a43d76d8f6e69", "name": "Trojan:Win32/Comisproc", "description": "Trojan:Win32/Comisproc!gmb\n[https://www.smsrl.it/en/foundry-toolings/prototypes/sand-casting/]\nFrom previous Hostile Denver community\u2019s pulse \u2018Vashti\u2019 public.Hi!\nI am Vashti. Named after a Queen married to a perverted King who after weeks of rimless and gluttony asked his wife the Queen to reveal herself to the men in his \u2018freak off\u2019 like a true lady she refused and was dethroned. Not a Queens obligation to this. She stood for her rights. He later married a child named Queen Esther.\n#Vashti_said_tell_your_ cat_i_said_hi #foundry #hitmen #comispro #denver #uptown #levelblue", "modified": "2025-08-30T03:00:57.020000", "created": "2025-07-31T03:46:13.849000", "tags": [ "italy unknown", "unknown ns", "united", "moved", "ip address", "creation date", "encrypt", "search", "record value", "entries", "body", "date", "passive dns", "urls", "url add", "pulse pulses", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "a domains", "present jul", "showing", "domains", "domain add", "meta", "encrypt free", "research group", "isrg", "next http", "scans show", "extraction", "data upload", "extra", "source ur", "include data", "type", "extra data", "msie", "windows nt", "win64", "slcc2", "media center", "tlsv1", "show", "unknown", "trojan", "copy", "write", "malware", "hostile", "present may", "checked url", "hostname server", "response ip", "address google", "safe browsing", "present jun", "next associated", "medium", "high", "a file", "ms defender", "files matching", "number", "sample analysis", "hide samples", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "defense evasion", "command", "mitre att", "ck techniques", "ascii text", "copy md5", "copy sha1", "copy sha256", "size", "sha1", "sha256", "pattern match", "jfif", "exif standard", "core", "hybrid", "general", "local", "path", "click", "strings", "format" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1088, "hostname": 407, "domain": 621, "FileHash-SHA1": 156, "FileHash-SHA256": 1498, "email": 2, "FileHash-MD5": 204, "SSLCertFingerprint": 11 }, "indicator_count": 3987, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "276 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a00a2b4a80d812a36033bf", "name": "AS21859 Zenlayer Inc", "description": "", "modified": "2024-08-22T19:05:32.056000", "created": "2024-07-23T19:53:15.294000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1037, "hostname": 1205 }, "indicator_count": 2242, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "649 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "688ae705371a43d76d8f6e69", "name": "Trojan:Win32/Comisproc", "description": "Trojan:Win32/Comisproc!gmb\n[https://www.smsrl.it/en/foundry-toolings/prototypes/sand-casting/]\nFrom previous Hostile Denver community\u2019s pulse \u2018Vashti\u2019 public.Hi!\nI am Vashti. Named after a Queen married to a perverted King who after weeks of rimless and gluttony asked his wife the Queen to reveal herself to the men in his \u2018freak off\u2019 like a true lady she refused and was dethroned. Not a Queens obligation to this. She stood for her rights. He later married a child named Queen Esther.\n#Vashti_said_tell_your_ cat_i_said_hi #foundry #hitmen #comispro #denver #uptown #levelblue", "modified": "2025-08-30T03:00:57.020000", "created": "2025-07-31T03:46:13.849000", "tags": [ "italy unknown", "unknown ns", "united", "moved", "ip address", "creation date", "encrypt", "search", "record value", "entries", "body", "date", "passive dns", "urls", "url add", "pulse pulses", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "a domains", "present jul", "showing", "domains", "domain add", "meta", "encrypt free", "research group", "isrg", "next http", "scans show", "extraction", "data upload", "extra", "source ur", "include data", "type", "extra data", "msie", "windows nt", "win64", "slcc2", "media center", "tlsv1", "show", "unknown", "trojan", "copy", "write", "malware", "hostile", "present may", "checked url", "hostname server", "response ip", "address google", "safe browsing", "present jun", "next associated", "medium", "high", "a file", "ms defender", "files matching", "number", "sample analysis", "hide samples", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "defense evasion", "command", "mitre att", "ck techniques", "ascii text", "copy md5", "copy sha1", "copy sha256", "size", "sha1", "sha256", "pattern match", "jfif", "exif standard", "core", "hybrid", "general", "local", "path", "click", "strings", "format" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1088, "hostname": 407, "domain": 621, "FileHash-SHA1": 156, "FileHash-SHA256": 1498, "email": 2, "FileHash-MD5": 204, "SSLCertFingerprint": 11 }, "indicator_count": 3987, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "276 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a00a2b4a80d812a36033bf", "name": "AS21859 Zenlayer Inc", "description": "", "modified": "2024-08-22T19:05:32.056000", "created": "2024-07-23T19:53:15.294000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1037, "hostname": 1205 }, "indicator_count": 2242, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "649 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "wouldsplay.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "wouldsplay.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780445923.9293172 }