{ "type": "Domain", "indicator": "xsloader.pm", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/xsloader.pm", "alexa": "http://www.alexa.com/siteinfo/xsloader.pm", "indicator": "xsloader.pm", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3976619308, "indicator": "xsloader.pm", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69ff110180abb3beb39c04bc", "name": "Microsoft security reporting portal CREATED 2 YEARS AGO MODIFIED 1 YEAR AGO by Arek-BTC [2024 and older]", "description": "", "modified": "2026-05-09T12:20:54.997000", "created": "2026-05-09T10:48:33.286000", "tags": [ "microsoft", "security", "reporting", "portal", "abuse", "privacy", "infringement", "trademark", "trademark infringement", "abuse report", "privacy report", "security report", "security reporting", "abuse reporting", "privacy reporting", "security reporting portal", "abuse reporting portal", "privacy reporting portal", "security reporting form", "abuse reporting form", "privacy reporting form", "security reporting website", "abuse reporting website", "privacy reporting website", "security reporting site", "abuse reporting site", "privacy reporting site", "security reporting page", "abuse reporting page", "privacy reporting page", "security reporting web page", "abuse reporting web page", "privacy reporting web page", "security reporting webform", "abuse reporting webform", "privacy reporting webform", "security reporting web form", "abuse reporting web form", "privacy reporting web form", "javascript" ], "references": [ "https://cert.microsoft.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "66e9c5a4cc3b60c38e6381b8", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 10, "IPv4": 46, "FileHash-SHA256": 1684, "URL": 337, "SSLCertFingerprint": 4, "CIDR": 65, "IPv6": 8, "FileHash-SHA1": 149, "domain": 130, "FileHash-MD5": 169, "hostname": 152, "CVE": 3 }, "indicator_count": 2757, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6840dced3080556150634fa5", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "https://www.virustotal.com/gui/file-analysis/YjljOTQzMGFmMjYyNjBjNWQ5YmYwOGM5MmM2NTRhNzI6MTc0OTA4MTI5NQ==", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-04T23:55:25.528000", "tags": [ "ssdeep", "file type", "ms windows", "pe32", "intel", "utf16", "crlf", "unicode", "tekst unicode", "wersja pliku", "dane obrazu", "rgba", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "string", "bareword", "might", "unknown regexp", "os x", "sandbox", "snort", "memory pattern", "number", "wping", "shell" ], "references": [ "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "http://vgt.pl/static/js/bootstrap-typeahead.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 75, "FileHash-SHA1": 20, "FileHash-SHA256": 76, "URL": 273, "hostname": 78, "domain": 73 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e9c5a4cc3b60c38e6381b8", "name": "Microsoft security reporting portal", "description": "130.0/11.5/12.3/13.4.6.7.8.1.2/14.9. 0/16.25/17..", "modified": "2024-12-17T14:35:36.786000", "created": "2024-09-17T18:08:36.835000", "tags": [ "microsoft", "security", "reporting", "portal", "abuse", "privacy", "infringement", "trademark", "trademark infringement", "abuse report", "privacy report", "security report", "security reporting", "abuse reporting", "privacy reporting", "security reporting portal", "abuse reporting portal", "privacy reporting portal", "security reporting form", "abuse reporting form", "privacy reporting form", "security reporting website", "abuse reporting website", "privacy reporting website", "security reporting site", "abuse reporting site", "privacy reporting site", "security reporting page", "abuse reporting page", "privacy reporting page", "security reporting web page", "abuse reporting web page", "privacy reporting web page", "security reporting webform", "abuse reporting webform", "privacy reporting webform", "security reporting web form", "abuse reporting web form", "privacy reporting web form", "javascript" ], "references": [ "https://cert.microsoft.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 10, "IPv4": 5, "FileHash-SHA256": 1674, "URL": 317, "SSLCertFingerprint": 4, "CIDR": 65, "IPv6": 8, "FileHash-SHA1": 139, "domain": 125, "FileHash-MD5": 159, "hostname": 50, "CVE": 1 }, "indicator_count": 2557, "is_author": false, "is_subscribing": null, "subscriber_count": 126, "modified_text": "531 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "http://vgt.pl/static/js/bootstrap-typeahead.js", "https://cert.microsoft.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69ff110180abb3beb39c04bc", "name": "Microsoft security reporting portal CREATED 2 YEARS AGO MODIFIED 1 YEAR AGO by Arek-BTC [2024 and older]", "description": "", "modified": "2026-05-09T12:20:54.997000", "created": "2026-05-09T10:48:33.286000", "tags": [ "microsoft", "security", "reporting", "portal", "abuse", "privacy", "infringement", "trademark", "trademark infringement", "abuse report", "privacy report", "security report", "security reporting", "abuse reporting", "privacy reporting", "security reporting portal", "abuse reporting portal", "privacy reporting portal", "security reporting form", "abuse reporting form", "privacy reporting form", "security reporting website", "abuse reporting website", "privacy reporting website", "security reporting site", "abuse reporting site", "privacy reporting site", "security reporting page", "abuse reporting page", "privacy reporting page", "security reporting web page", "abuse reporting web page", "privacy reporting web page", "security reporting webform", "abuse reporting webform", "privacy reporting webform", "security reporting web form", "abuse reporting web form", "privacy reporting web form", "javascript" ], "references": [ "https://cert.microsoft.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "66e9c5a4cc3b60c38e6381b8", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 10, "IPv4": 46, "FileHash-SHA256": 1684, "URL": 337, "SSLCertFingerprint": 4, "CIDR": 65, "IPv6": 8, "FileHash-SHA1": 149, "domain": 130, "FileHash-MD5": 169, "hostname": 152, "CVE": 3 }, "indicator_count": 2757, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6840dced3080556150634fa5", "name": "VGT INTERNET - pozycjonowanie, serwery, domeny, strony www, poligrafia", "description": "https://www.virustotal.com/gui/file-analysis/YjljOTQzMGFmMjYyNjBjNWQ5YmYwOGM5MmM2NTRhNzI6MTc0OTA4MTI5NQ==", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-04T23:55:25.528000", "tags": [ "ssdeep", "file type", "ms windows", "pe32", "intel", "utf16", "crlf", "unicode", "tekst unicode", "wersja pliku", "dane obrazu", "rgba", "profesjonalne", "projektowanie", "tworzenie", "stron", "internetowych", "strony", "internetowe", "pozycjonowanie", "poligrafia", "web design", "hosting", "internet", "cms", "reklama", "vgt internet", "skuteczna", "przegldaj", "skontaktuj", "z nami", "info", "ssl domeny", "copyright", "string", "bareword", "might", "unknown regexp", "os x", "sandbox", "snort", "memory pattern", "number", "wping", "shell" ], "references": [ "(stream_tcp) data sent on stream after TCP reset sent (1).txt", "http://vgt.pl/static/js/bootstrap-typeahead.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 75, "FileHash-SHA1": 20, "FileHash-SHA256": 76, "URL": 273, "hostname": 78, "domain": 73 }, "indicator_count": 595, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66e9c5a4cc3b60c38e6381b8", "name": "Microsoft security reporting portal", "description": "130.0/11.5/12.3/13.4.6.7.8.1.2/14.9. 0/16.25/17..", "modified": "2024-12-17T14:35:36.786000", "created": "2024-09-17T18:08:36.835000", "tags": [ "microsoft", "security", "reporting", "portal", "abuse", "privacy", "infringement", "trademark", "trademark infringement", "abuse report", "privacy report", "security report", "security reporting", "abuse reporting", "privacy reporting", "security reporting portal", "abuse reporting portal", "privacy reporting portal", "security reporting form", "abuse reporting form", "privacy reporting form", "security reporting website", "abuse reporting website", "privacy reporting website", "security reporting site", "abuse reporting site", "privacy reporting site", "security reporting page", "abuse reporting page", "privacy reporting page", "security reporting web page", "abuse reporting web page", "privacy reporting web page", "security reporting webform", "abuse reporting webform", "privacy reporting webform", "security reporting web form", "abuse reporting web form", "privacy reporting web form", "javascript" ], "references": [ "https://cert.microsoft.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 10, "IPv4": 5, "FileHash-SHA256": 1674, "URL": 317, "SSLCertFingerprint": 4, "CIDR": 65, "IPv6": 8, "FileHash-SHA1": 139, "domain": 125, "FileHash-MD5": 159, "hostname": 50, "CVE": 1 }, "indicator_count": 2557, "is_author": false, "is_subscribing": null, "subscriber_count": 126, "modified_text": "531 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "xsloader.pm", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "xsloader.pm", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780327813.8326488 }