otx.alienvault.com
Open in
urlscan Pro
108.138.36.104
Public Scan
URL:
https://otx.alienvault.com/indicator/hostname/qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com
Submission: On October 17 via api from IN — Scanned from DE
Submission: On October 17 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Hostname qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com Add to Pulse Pulses 5 Passive DNS 3 URLs 0 Files 0 Loading Analysis Analysis Overview WHOIS Registrar: Amazon Registrar, Inc., Creation Date:Feb 21, 2022 Related Pulses LevelBlue Labs Pulses (1) , OTX User-Created Pulses (4) Related Tags 18 Related Tags WSFTPSVR_WTM , C# , Windows API , PowerShell , Curl More External Resources Whois, UrlVoid, VirusTotal WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@amazonaws.com Name On behalf of oastify.com owner Name Servers NS1.OASTIFY.COM Org Whois Privacy Service Address P.O. Box 81226 City Seattle Country US Creation Date 2022-02-21T15:22:14 Dnssec unsigned Domain Name OASTIFY.COM SHOWING 1 TO 10 OF 26 ENTRIES 1 2 3 Next RELATED DOMAINS Show 10 25 50 100 entries Search: Domain Related Via condomanagementsmart.com abuse@amazonaws.com flastagee.com abuse@amazonaws.com codwfare.com abuse@amazonaws.com gamepaytoplay.com abuse@amazonaws.com chelsearadin.com abuse@amazonaws.com churchdatalytics.com abuse@amazonaws.com dnsaround.com abuse@amazonaws.com amazonaws.com abuse@amazonaws.com lenekasaza.com abuse@amazonaws.com chinastarkitchennj.com abuse@amazonaws.com SHOWING 1 TO 10 OF 100 ENTRIES 1 2 3 4 5 ... 10 Next Analysis Related Pulses Comments (0) WHOIS Show 10 25 50 100 entries Search: Record Value Emails abuse@amazonaws.com Name On behalf of oastify.com owner Name Servers NS1.OASTIFY.COM Org Whois Privacy Service Address P.O. Box 81226 City Seattle Country US Creation Date 2022-02-21T15:22:14 Dnssec unsigned Domain Name OASTIFY.COM SHOWING 1 TO 10 OF 26 ENTRIES 1 2 3 Next PASSIVE DNS Status Hostname Query Type Address First Seen Last Seen ASN Country Unknown qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com A 3.248.33.252 2023-10-09 06:312024-06-08 05:46AS16509 amazon.com inc Ireland Unknown qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com A 54.77.139.23 2023-10-09 06:312024-06-08 05:46AS16509 amazon.com inc Ireland Unknown qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com CNAME PublicInteractionNLB-3bddf5ff6abb91b6.elb.eu-west-1.amazonaws.com 2023-10-09 06:312023-10-09 06:33AS16509 amazon.com inc Ireland ASSOCIATED FILES Show 10 25 50 100 entries Date Hash Avast AVG Clamav MSDefender No Entries Found HTTP SCANS Show 10 25 50 100 entries Search: Record Value 80 Body html body 5bfudevdzav7lmncg51ot2zjjgz /body /html 80 HeaderHTTP/1.1 200 OK Server: Burp Collaborator https://burpcollaborator.net/ X Collaborator Version: 4 Content Type: text/html Content Length: 53 443 Certificate Subject*.oastify.com443 Certificate IssuerGB443 Certificate IssuerGreater Manchester443 Certificate IssuerSalford443 Certificate IssuerSectigo Limited443 Certificate IssuerSectigo RSA Domain Validation Secure Server CA443 Certificate Version3443 Certificate Serialnumber86B545927F4EA2F976189B3B2FDB7C30 SHOWING 1 TO 10 OF 16 ENTRIES 1 2 Next RELATED DOMAINS Show 10 25 50 100 entries Search: Domain Related Via condomanagementsmart.com abuse@amazonaws.com flastagee.com abuse@amazonaws.com codwfare.com abuse@amazonaws.com gamepaytoplay.com abuse@amazonaws.com chelsearadin.com abuse@amazonaws.com churchdatalytics.com abuse@amazonaws.com dnsaround.com abuse@amazonaws.com amazonaws.com abuse@amazonaws.com lenekasaza.com abuse@amazonaws.com chinastarkitchennj.com abuse@amazonaws.com SHOWING 1 TO 10 OF 100 ENTRIES 1 2 3 4 5 ... 10 Next * LevelBlue Labs (1) * User Created (4) Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains hostname Indicator Active * Created 1 year ago * Modified 10 months ago by AlienVault * Public * TLP: White FileHash-SHA1: 19 | Hostname: 3 Starting on September 30, 2023, SentinelOne has observed actors exploiting the recently disclosed flaws in Progress’ WS_FTP against Windows servers running a vulnerable version of the software. The two highest severity vulnerabilities–CVE-2023-40044 and CVE-2023-42657–were assigned a CVSS score of 10 and 9.9, respectively. We observed at least three types of multi-stage attack chains, which begin with exploitation, and then commands to download a payload from a remote server, often via an IP-literal URL. WSFTPSVR_WTM, C#, Windows API, PowerShell, Curl, Active Directory (AD) * 288,458 Subscribers Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains hostname Indicator Active * Created 1 year ago * Modified 11 months ago by feisty-swim1410 * Public * TLP: White FileHash-SHA1: 19 | Domain: 1 | Hostname: 3 Starting on September 30, 2023, SentinelOne has observed actors exploiting the recently disclosed flaws in Progress’ WS_FTP against Windows servers running a vulnerable version of the software. The two highest severity vulnerabilities–CVE-2023-40044 and CVE-2023-42657–were assigned a CVSS score of 10 and 9.9, respectively. We observed at least three types of multi-stage attack chains, which begin with exploitation, and then commands to download a payload from a remote server, often via an IP-literal URL. WSFTPSVR_WTM, C#, Windows API, PowerShell, Curl, Active Directory (AD) * 45 Subscribers Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains hostname Indicator Active * Created 1 year ago * Modified 11 months ago by tr2222200 * Public * TLP: White FileHash-SHA1: 19 | Domain: 1 | Hostname: 3 WSFTPSVR_WTM, C#, Windows API, PowerShell, Curl, Active Directory (AD) * 139 Subscribers Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains hostname Indicator Active * Created 12 months ago * Modified 11 months ago by Tr1sa111 * Public * TLP: White FileHash-SHA1: 19 | Domain: 1 | Hostname: 3 WSFTPSVR_WTM, C#, Windows API, PowerShell, Curl, Active Directory (AD) * 139 Subscribers Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains - SentinelOne hostname Indicator Active * Created 1 year ago * Modified 11 months ago by AL-SOC@ascendlearning.com * Public * TLP: White CVE: 2 | FileHash-SHA1: 19 | URL: 14 | Domain: 2 | Hostname: 4 Stay up-to-date with the latest updates from SentinelOne, the world’s leading cybersecurity company, at the OneCon23 event in Las Vegas, USA, on 23 May. powershell, attack chain, c curl, progress, variable, temp, curl, ssw0rd123, moveit transfer, september, virustotal, june * 26 Subscribers COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2024 LevelBlue, Inc. * Legal * Status