ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://positivelike.com/Document.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1684849
IOC: https://positivelike.com/Document
IOC Type :url
Threat Type :payload_delivery
Malware: NetSupportManager RAT
Malware alias:NetSupport
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS202015 HZ-US-AS
Country:- BG
First seen:2025-12-23 08:00:01 UTC
Last seen:never
UUID:a50dbe22-df74-11f0-9957-42010aa4000a
Reporter monitorsg
Reward 5 credits from ThreatFox
Tags:SmartApeSG
Reference: https://infosec.exchange/@monitorsg/115765099612432091

Avatar
monitorsg
hXXps://cansupeker[.]com/d.js (injected) --> hXXps://ourasolid[.]com/websockets/local-storage.js --> hXXps://ourasolid[.]com/websockets/service.php --> hXXps://ourasolid[.]com/websockets/session.js (clickfix) --> hXXps://positivelike[.]com/porsche (HTA) --> hXXps://positivelike[.]com/Document (ZIP)