otx.alienvault.com
Open in
urlscan Pro
13.32.121.8
Public Scan
Submitted URL: https://otx.alienvault.com/indicator/domain/sorrysing.net#:~:text=%C3%97
Effective URL: https://otx.alienvault.com/indicator/domain/sorrysing.net
Submission: On May 15 via api from US — Scanned from DE
Effective URL: https://otx.alienvault.com/indicator/domain/sorrysing.net
Submission: On May 15 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Domain sorrysing.net Add to Pulse Pulses 2 Passive DNS 11 URLs 0 Files Loading Analysis Analysis Overview WHOIS Registrar: Dynadot Inc, Creation Date:Mar 1, 2024 Related Pulses OTX User-Created Pulses (2) Related Tags 238 Related Tags methodpost , threat , iocs , urls http , samples More External Resources Whois, UrlVoid, VirusTotal WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@dynadot.com Name Servers NS1.SORRYSING.NET Creation Date 2024-03-01T14:22:07 Dnssec unsigned Domain Name SORRYSING.NET Expiration Date 2025-03-01T14:22:07 Name Servers NS2.SORRYSING.NET Name Servers NS3.SORRYSING.NET Name Servers NS4.SORRYSING.NET Registrar Dynadot Inc SHOWING 1 TO 10 OF 13 ENTRIES 1 2 Next RELATED DOMAINS Domain Related Via No Entries Found Analysis Related Pulses Comments (0) WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@dynadot.com Name Servers NS1.SORRYSING.NET Creation Date 2024-03-01T14:22:07 Dnssec unsigned Domain Name SORRYSING.NET Expiration Date 2025-03-01T14:22:07 Name Servers NS2.SORRYSING.NET Name Servers NS3.SORRYSING.NET Name Servers NS4.SORRYSING.NET Registrar Dynadot Inc SHOWING 1 TO 10 OF 13 ENTRIES 1 2 Next PASSIVE DNS Show 10 25 50 100 entries Search: Status Hostname Query Type Address First Seen Last Seen ASN Country Unknown ns2.sorrysing.net A 18.215.44.246 2024-03-20 10:472024-03-20 10:51AS14618 amazon.com inc. United States Unknown ns4.sorrysing.net A 44.205.66.76 2024-03-20 10:462024-03-20 10:49AS14618 amazon.com inc. United States Unknown ns1.sorrysing.net A 18.205.186.231 2024-03-20 10:452024-03-20 10:50AS14618 amazon.com inc. United States Unknown ns3.sorrysing.net A 3.214.185.54 2024-03-20 10:432024-03-20 10:47AS14618 amazon.com inc. United States Unknown sorrysing.net NS ns2.sorrysing.net 2024-03-04 07:592024-03-20 10:48AS14618 amazon.com inc. United States Unknown sorrysing.net SOA ns4.sorrysing.net 2024-03-04 07:592024-03-20 10:48AS14618 amazon.com inc. United States Unknown sorrysing.net A 34.174.78.212 2024-03-04 07:592024-03-20 10:48AS396982 google United States Unknown sorrysing.net NS ns3.sorrysing.net 2024-03-04 07:592024-03-20 10:48AS14618 amazon.com inc. United States Unknown sorrysing.net NS ns1.sorrysing.net 2024-03-04 07:592024-03-20 10:48AS14618 amazon.com inc. United States Unknown sorrysing.net NS ns4.sorrysing.net 2024-03-04 07:592024-03-20 10:48AS14618 amazon.com inc. United States SHOWING 1 TO 10 OF 11 ENTRIES 1 2 Next ASSOCIATED FILES Show 10 25 50 100 entries Loading Date Hash Avast AVG Clamav MSDefender No Entries Found RELATED DOMAINS Domain Related Via No Entries Found * User Created (2) TrojanSpy:Win32/Nivdort | Affected OTX accounts | Yotta Network domain Indicator Active * Created 2 months ago * Modified 1 month ago by scoreblue * Public * TLP: White CIDR: 2 | CVE: 2 | FileHash-MD5: 688 | FileHash-SHA1: 422 | FileHash-SHA256: 3169 | URL: 6765 | Domain: 2171 | Email: 11 | Hostname: 1714 Part II -Some users OTX accounts connected to the following | Unexpected revelation | A group of hackers masquerading as attorneys, government officials, advocates, fake nsa, security professional, help desk, etc. I don't know the association with otx.alienvault. Unauthorized logins OTX users. accounts. Deleted and modified pulses, etc. Needs further research for me to fully understand. methodpost, threat, iocs, urls http, samples, cnc, phishing, ransom, emotet, fraud services, command _and_control, trojan, scanning host, active threat, malicious, date hash, avast avg, susp, win32, paste, hostnames, http response, final url, ip address, status code, body length, b body, headers date, connection, first, utc submissions, submitters, computer, company limited, gandi sas, ovh sas, export, summary iocs, graph community, limited, yotta network, gvb gelimed, kb microsoft, indonesia, kyriazhs1975, vj79, bc https, rexxfield, brian sabey, as21342, united, passive dns, unknown, scan endpoints, all scoreblue, ipv4, pulse submit, url analysis, urls, msie, chrome, creation date, search, dnssec, entries, body, date, as63949 linode, mtb feb, checkin m1, gmt content, type, encrypt, trojan, artro, moved, pulse pulses, yotta data, yotta, private limited, india, limited yotta, number, as140641, network, facebook, info, cisco umbrella, site, alexa top, site top, million, safe site, million alexa, site safe, cobalt strike, malicious url, blacknet rat, union, vidar, malware, stealer, bank, alexa, deepscan, phishing, team, super, blacknet, babar, detection list, blacklist http, sample, submission, history first, analysis, utc http, response final, url http, kb body, path, as396982 google, bq mar, win32cve mar, exploit, virtool, status, name servers, emails, servers, next, files, as44273 host, germany unknown, expiration date, showing, win32upatre mar, milehighmedia, ids detections, possible fake, av checkin, initial checkin, checkin, utah data, center, june, data center, responsible, nsa utah, march, closeup view, july, view, february, prism, cascade, darpa, twitter, as20940, aaaa, as16625 akamai, nxdomain, whitelisted, domain, as54113, msil, cryp, files show, entries related, domains, as15169 google, gmt cache, sameorigin, trojandropper, asnone united, title error, porkbun, mtb mar, trojanspy, installer, loader, hijacker, targeting, as30456, sec ch, for privacy, ch ua, hash avast, avg clamav, msdefender mar, lowfi, dns replication, ip detections, country, contacted, graph, ssdeep, file type, html internet, magic html, ascii text, trid file, file size, open threat, learn, html info, exchange meta, tags twitter, alienvault, script tags, iframe tags, google tag, manager anchor, iana, whois lookup, ipv4 address, ripe ncc, afrinic, africa, apnic, asia pacific, arin, lacnic, google, amazon ec2, email, city, server, amazon data, amazon, code, form, po box, tech, show, description ype, collections, partru, execution, fake host * 86 Subscribers Nivdort | Affected OTX accounts | Yotta Network (Cloned OTX user) domain Indicator Active * Created 2 months ago * Modified 1 month ago by OctoSeek * Public * TLP: White CIDR: 2 | CVE: 2 | FileHash-MD5: 688 | FileHash-SHA1: 422 | FileHash-SHA256: 3169 | URL: 6765 | Domain: 2171 | Email: 11 | Hostname: 1714 methodpost, threat, iocs, urls http, samples, cnc, phishing, ransom, emotet, fraud services, command _and_control, trojan, scanning host, active threat, malicious, date hash, avast avg, susp, win32, paste, hostnames, http response, final url, ip address, status code, body length, b body, headers date, connection, first, utc submissions, submitters, computer, company limited, gandi sas, ovh sas, export, summary iocs, graph community, limited, yotta network, gvb gelimed, kb microsoft, indonesia, kyriazhs1975, vj79, bc https, rexxfield, brian sabey, as21342, united, passive dns, unknown, scan endpoints, all scoreblue, ipv4, pulse submit, url analysis, urls, msie, chrome, creation date, search, dnssec, entries, body, date, as63949 linode, mtb feb, checkin m1, gmt content, type, encrypt, trojan, artro, moved, pulse pulses, yotta data, yotta, private limited, india, limited yotta, number, as140641, network, facebook, info, cisco umbrella, site, alexa top, site top, million, safe site, million alexa, site safe, cobalt strike, malicious url, blacknet rat, union, vidar, malware, stealer, bank, alexa, deepscan, phishing, team, super, blacknet, babar, detection list, blacklist http, sample, submission, history first, analysis, utc http, response final, url http, kb body, path, as396982 google, bq mar, win32cve mar, exploit, virtool, status, name servers, emails, servers, next, files, as44273 host, germany unknown, expiration date, showing, win32upatre mar, milehighmedia, ids detections, possible fake, av checkin, initial checkin, checkin, utah data, center, june, data center, responsible, nsa utah, march, closeup view, july, view, february, prism, cascade, darpa, twitter, as20940, aaaa, as16625 akamai, nxdomain, whitelisted, domain, as54113, msil, cryp, files show, entries related, domains, as15169 google, gmt cache, sameorigin, trojandropper, asnone united, title error, porkbun, mtb mar, trojanspy, installer, loader, hijacker, targeting, as30456, sec ch, for privacy, ch ua, hash avast, avg clamav, msdefender mar, lowfi, dns replication, ip detections, country, contacted, graph, ssdeep, file type, html internet, magic html, ascii text, trid file, file size, open threat, learn, html info, exchange meta, tags twitter, alienvault, script tags, iframe tags, google tag, manager anchor, iana, whois lookup, ipv4 address, ripe ncc, afrinic, africa, apnic, asia pacific, arin, lacnic, google, amazon ec2, email, city, server, amazon data, amazon, code, form, po box, tech, show, description ype, collections, partru, execution, fake host * 128 Subscribers COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2024 LevelBlue, Inc. * Legal * Status