{
"type": "Domain",
"indicator": "aevga.com",
"general": {
"sections": [
"general",
"geo",
"url_list",
"passive_dns",
"malware",
"whois",
"http_scans"
],
"whois": "http://whois.domaintools.com/aevga.com",
"alexa": "http://www.alexa.com/siteinfo/aevga.com",
"indicator": "aevga.com",
"type": "domain",
"type_title": "Domain",
"validation": [],
"base_indicator": {
"id": 94716,
"indicator": "aevga.com",
"type": "domain",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 23,
"pulses": [
{
"id": "69a5c36b78ed73550bb0bf22",
"name": "by Disable_Duck",
"description": "",
"modified": "2026-03-04T23:37:24.208000",
"created": "2026-03-02T17:05:47.288000",
"tags": [
"kgs0",
"kls0",
"botname http",
"entity",
"UAlberta",
"Telus",
"Norton",
"ffss",
"Alberta",
"AlbertaNDP",
"InteriorHealth",
"RCMP",
"CrimeStoppersAB",
"EdmontonPolice",
"RCMP Kelowna",
"RCMP AB",
"TLS/SSL Crawler",
"CVE-2026-24061 Attempt",
"Generic IoT Default Password Attempt",
"Cisco Prime Infrastructure CVE-2019-1821 RCE Attempt",
"Dahua Backdoor Attempt",
"ENV Crawler",
"DCERPC Protocol",
"Carries HTTP Referer",
"GNU Inetutils Telnetd Auth Bypass",
"ICMPv4 Protocol"
],
"references": [
"https://www.virustotal.com/graph/embed/g34c2ebfedb6c47c286431a829da992c3744ab3fab0d74008946f3b9bbeb83e23?theme=dark",
"https://viz.greynoise.io/ip/analysis/61bb7542-40c2-448e-87d4-947a4623eada",
"https://viz.greynoise.io/ip/analysis/7e527b44-c950-4c01-bb33-d96"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Panama",
"Poland",
"United Kingdom of Great Britain and Northern Ireland",
"Slovakia",
"Aruba",
"Anguilla",
"Australia",
"Costa Rica",
"Guatemala",
"Mexico",
"Trinidad and Tobago",
"Cura\u00e7ao",
"Philippines",
"Virgin Islands, U.S.",
"Ukraine",
"Barbados",
"Germany",
"Sint Maarten (Dutch part)",
"Argentina",
"Switzerland"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Healthcare",
"Government",
"Technology",
"Energy",
"Telecommunications"
],
"TLP": "white",
"cloned_from": "6901363c4ce422f5caf0f72c",
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 3903,
"FileHash-SHA1": 4967,
"FileHash-SHA256": 12884,
"URL": 996,
"domain": 987,
"hostname": 3306,
"email": 4,
"CVE": 1
},
"indicator_count": 27048,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 67,
"modified_text": "88 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6901363c4ce422f5caf0f72c",
"name": "Copy of DevT-OddTags-Browser-BasedOdditites - (L4ke.Aff3ct.216, 01.18.26)",
"description": "Updated based on VT Graph & Tracking Spread of Cybercrime. This Pulse is mostly covering activity in the Province of Alberta Canada. Given recent news, it appears that BC Interior Health and Kelowna RCMP Detachment impacted in addition to Alberta Sectors of Education, Healthcare, and Government (Provincial & Federal - e.g. Treaty 6,7,8 as well as the Canadian CRA heavily impacted). \nEnriched a graph by vt user (L4ke.Aff3ct.216, 01.02.26)\nSubmitted IOCs to Greynoise.io (10.28.25)",
"modified": "2026-02-18T05:00:41.494000",
"created": "2025-10-28T21:31:40.008000",
"tags": [
"kgs0",
"kls0",
"botname http",
"entity",
"UAlberta",
"Telus",
"Norton",
"ffss",
"Alberta",
"AlbertaNDP",
"InteriorHealth",
"RCMP",
"CrimeStoppersAB",
"EdmontonPolice",
"RCMP Kelowna",
"RCMP AB"
],
"references": [
"https://www.virustotal.com/graph/embed/g34c2ebfedb6c47c286431a829da992c3744ab3fab0d74008946f3b9bbeb83e23?theme=dark",
"https://viz.greynoise.io/ip/analysis/61bb7542-40c2-448e-87d4-947a4623eada"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Panama",
"Poland",
"United Kingdom of Great Britain and Northern Ireland",
"Slovakia",
"Aruba",
"Anguilla",
"Australia",
"Costa Rica",
"Guatemala",
"Mexico",
"Trinidad and Tobago",
"Cura\u00e7ao",
"Philippines",
"Virgin Islands, U.S.",
"Ukraine",
"Barbados",
"Germany",
"Sint Maarten (Dutch part)"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Healthcare",
"Government",
"Technology",
"Energy",
"Telecommunications"
],
"TLP": "white",
"cloned_from": null,
"export_count": 1,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 3903,
"FileHash-SHA1": 4967,
"FileHash-SHA256": 12884,
"URL": 995,
"domain": 984,
"hostname": 3305,
"email": 4
},
"indicator_count": 27042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "103 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "68adee67c08cd025b05c2ab0",
"name": "Collection of Collections - Updated - Malicious Certificates & University of Alberta DataBreach - 09.15.25.25",
"description": "This Pulse is an attempt to aggregate all known certificates from all sources.\n\nEncrypted Communication: The malware uses Bitcoin and Ethereum addresses for communication, allowing it to receive commands and exfiltrate data securely.\nEvasion Techniques: The malware generates long and unusual domain parts using Domain Generation Algorithms to evade detection and establish communication with its C2 server.\nData Exfiltration: The malware can exfiltrate data to cloud storage services, enabling the threat actor to steal sensitive information from the compromised system.\nRemote Access: The malware leverages bidirectional communication and system binary proxy execution techniques to enable remote access and control over the infected system.\nIngress Tool Transfer: The malware downloads executable files from URLs, indicating its ability to download additional malicious payloads or updates to enhance its capabilities.",
"modified": "2025-10-16T05:02:02.452000",
"created": "2025-08-26T17:27:01.650000",
"tags": [
"http",
"https",
"kgs0",
"kls0",
"Malcerts",
"Certificates",
"Alberta",
"GovAB",
"UAlberta",
"Speader"
],
"references": [
"https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark",
"https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4",
"https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25",
"https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview",
"https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community",
"Added some URLs from FSio Report to URLScan"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Aruba",
"Panama",
"Poland",
"Ukraine",
"United Kingdom of Great Britain and Northern Ireland",
"Anguilla",
"United Arab Emirates",
"Ireland",
"Tanzania, United Republic of",
"Philippines",
"Japan",
"Guatemala",
"Mexico",
"Bahamas",
"Barbados",
"Georgia",
"Slovakia",
"Sint Maarten (Dutch part)",
"Kenya"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Technology",
"Telecommunications",
"Healthcare"
],
"TLP": "white",
"cloned_from": null,
"export_count": 25,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1639,
"FileHash-MD5": 1481,
"FileHash-SHA1": 1421,
"FileHash-SHA256": 5969,
"domain": 707,
"hostname": 2311,
"email": 5,
"CIDR": 13
},
"indicator_count": 13546,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 133,
"modified_text": "228 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "241 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "370 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67aac6e4b628acffaed3f068",
"name": "New Batch - Malcerts - 02.10.25 - unenriched",
"description": "Here is the full text of the text that was found on the website of Mozilla, following an investigation by the security firm Virustotal and the UK's Office of National Statistics (ONS).. [autofilled].\n\nMore Malcerts from Sample Device deployed at several sites in YEG - Canada. Related to pulse - Thor Scan Lite Linux\nNot enriched on import, but did include links to VT entries as IOCs (those will be false positives - but easy access). \nFolder name: Mozilla Located @ /usr/share/ca-certificates",
"modified": "2025-03-16T17:01:06.968000",
"created": "2025-02-11T03:41:24.585000",
"tags": [
"UAlberta",
"Malcerts",
"Certificates",
"Eduroam",
"Alberta"
],
"references": [
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary",
"https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community",
"https://tria.ge/250210-3c3c3askfz",
"https://tria.ge/250210-3nh4kasmes",
"https://tria.ge/250210-3y8f7sspdy",
"https://tria.ge/250211-dhpxgswlax",
"https://tria.ge/250211-dt1hcswme1",
"https://tria.ge/250211-dx9v7swnbw",
"Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark",
"https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Healthcare",
"Telecommunications",
"Finance",
"Agriculture",
"Hospitality",
"Media",
"Retail"
],
"TLP": "white",
"cloned_from": null,
"export_count": 13,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 831,
"FileHash-SHA1": 801,
"FileHash-SHA256": 3227,
"URL": 395,
"domain": 189,
"hostname": 798
},
"indicator_count": 6241,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "441 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65afca8042c6fe9412bfa29b",
"name": "Red Team & Law Firm hijack targets Denver, Arizona, Indiana",
"description": "",
"modified": "2024-01-23T14:17:36.291000",
"created": "2024-01-23T14:17:36.291000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aec0fde095e6b58d81150c",
"export_count": 10,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "859 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65afbae2f2128524e68c4344",
"name": "RED TEAM ",
"description": "",
"modified": "2024-01-23T13:10:58.488000",
"created": "2024-01-23T13:10:58.488000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aebfa135f9d1d8ba5d74a9",
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "craignbmed",
"id": "181999",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_181999/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 45,
"modified_text": "859 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65aec5db33e8f0cb8010282c",
"name": "Dark Angels Newest Threat -ESXi Ransomware [Pulse created by another user]",
"description": "",
"modified": "2024-01-22T19:45:31.378000",
"created": "2024-01-22T19:45:31.378000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aec0fde095e6b58d81150c",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "860 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65aec0fde095e6b58d81150c",
"name": "Red Team & Law Firm attack target [copy users pulse] Denver, Arizona, Indiana, Germany",
"description": "",
"modified": "2024-01-22T19:24:45.664000",
"created": "2024-01-22T19:24:45.664000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aebfa135f9d1d8ba5d74a9",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "860 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65aebfa135f9d1d8ba5d74a9",
"name": "Red Team - Cyber Security Defense Team attacking individuals for Attorney [copy]",
"description": "",
"modified": "2024-01-22T19:18:57.869000",
"created": "2024-01-22T19:18:57.869000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65709f9a3d87b76cacd54245",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "860 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a4049421d107b6ade1c0",
"name": "",
"description": "",
"modified": "2023-12-06T16:40:36.624000",
"created": "2023-12-06T16:40:36.624000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a3fdf7637f464de729d2",
"name": "Undefined Name",
"description": "",
"modified": "2023-12-06T16:40:29.875000",
"created": "2023-12-06T16:40:29.875000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a3f88930c56241d29c80",
"name": "Spammer",
"description": "",
"modified": "2023-12-06T16:40:24.522000",
"created": "2023-12-06T16:40:24.522000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a3f24e8fd846cc01d23e",
"name": "DGA DOMAIN",
"description": "",
"modified": "2023-12-06T16:40:18.209000",
"created": "2023-12-06T16:40:18.209000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a3ec011405ef6fcd8cb0",
"name": "Passive DNS",
"description": "",
"modified": "2023-12-06T16:40:12.247000",
"created": "2023-12-06T16:40:12.247000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65709f9a3d87b76cacd54245",
"name": "Concerning link. Honeypot? Red Team? Privilege Abuse? Probably",
"description": "",
"modified": "2023-12-06T16:21:46.026000",
"created": "2023-12-06T16:21:46.026000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "907 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64ff7c709c8a4e9c777c77fb",
"name": " ",
"description": "",
"modified": "2023-09-11T20:45:36.974000",
"created": "2023-09-11T20:45:36.974000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64ff7c5912f586a9a6f1d051",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 223,
"modified_text": "993 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64ff7c5912f586a9a6f1d051",
"name": " '_'",
"description": "",
"modified": "2023-09-11T20:45:13.685000",
"created": "2023-09-11T20:45:13.685000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64ff7c3e317fca955b512771",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "993 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64ff7c3e317fca955b512771",
"name": "Spammer ",
"description": "",
"modified": "2023-09-11T20:44:46.122000",
"created": "2023-09-11T20:44:46.122000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64ff7c15511f0383f74b70e0",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "993 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64ff7c15511f0383f74b70e0",
"name": "DGA DOMAIN ",
"description": "",
"modified": "2023-09-11T20:44:05.332000",
"created": "2023-09-11T20:44:05.332000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64ff7b32ed4ca99b3a372173",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "993 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64ff7b32ed4ca99b3a372173",
"name": "Passive DNS ",
"description": "",
"modified": "2023-09-11T20:40:18.041000",
"created": "2023-09-11T20:40:18.041000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64d6a36bb35a9bfd13925ed3",
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "993 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64d6a36bb35a9bfd13925ed3",
"name": "Concerning link. Honeypot? Red Team? Privilege Abuse? Probably",
"description": "Hacked from VT by malicious code. Was a malicious link.\n(Not me I'm working alongside a hacker as always: The full text of the full report on the GoDaddy.com website, which was created in 2010, has been released.. and is available to view on www.happylifehappywife.)",
"modified": "2023-09-11T01:03:05.359000",
"created": "2023-08-11T21:08:59.401000",
"tags": [
"united",
"script urls",
"path max",
"age86400 set",
"cookie",
"passive dns",
"urls",
"creation date",
"search",
"record value",
"unknown",
"date",
"body",
"domain related",
"status",
"value dnssec",
"domain name",
"expiration date",
"llc state",
"arizona status",
"showing"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 47,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 1556,
"hostname": 1962,
"URL": 5396,
"email": 23,
"FileHash-SHA256": 2497,
"FileHash-MD5": 193,
"FileHash-SHA1": 163,
"CVE": 2
},
"indicator_count": 11792,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "994 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"references": [
"https://tria.ge/250211-dx9v7swnbw",
"https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark",
"https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview",
"Added some URLs from FSio Report to URLScan",
"c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"https://tria.ge/250210-3c3c3askfz",
"https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"https://viz.greynoise.io/ip/analysis/7e527b44-c950-4c01-bb33-d96",
"https://tria.ge/250210-3y8f7sspdy",
"https://tria.ge/250211-dhpxgswlax",
"https://www.virustotal.com/graph/embed/g34c2ebfedb6c47c286431a829da992c3744ab3fab0d74008946f3b9bbeb83e23?theme=dark",
"https://viz.greynoise.io/ip/analysis/61bb7542-40c2-448e-87d4-947a4623eada",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary",
"https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4",
"https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community",
"Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs",
"https://tria.ge/250211-dt1hcswme1",
"https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"",
"https://tria.ge/250210-3nh4kasmes",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community",
"https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark",
"Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a",
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": []
},
"other": {
"adversary": [],
"malware_families": [],
"industries": [
"Energy",
"Technology",
"Retail",
"Government",
"Media",
"Finance",
"Telecommunications",
"Agriculture",
"Healthcare",
"Hospitality",
"Education"
]
}
}
},
"false_positive": []
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 23,
"pulses": [
{
"id": "69a5c36b78ed73550bb0bf22",
"name": "by Disable_Duck",
"description": "",
"modified": "2026-03-04T23:37:24.208000",
"created": "2026-03-02T17:05:47.288000",
"tags": [
"kgs0",
"kls0",
"botname http",
"entity",
"UAlberta",
"Telus",
"Norton",
"ffss",
"Alberta",
"AlbertaNDP",
"InteriorHealth",
"RCMP",
"CrimeStoppersAB",
"EdmontonPolice",
"RCMP Kelowna",
"RCMP AB",
"TLS/SSL Crawler",
"CVE-2026-24061 Attempt",
"Generic IoT Default Password Attempt",
"Cisco Prime Infrastructure CVE-2019-1821 RCE Attempt",
"Dahua Backdoor Attempt",
"ENV Crawler",
"DCERPC Protocol",
"Carries HTTP Referer",
"GNU Inetutils Telnetd Auth Bypass",
"ICMPv4 Protocol"
],
"references": [
"https://www.virustotal.com/graph/embed/g34c2ebfedb6c47c286431a829da992c3744ab3fab0d74008946f3b9bbeb83e23?theme=dark",
"https://viz.greynoise.io/ip/analysis/61bb7542-40c2-448e-87d4-947a4623eada",
"https://viz.greynoise.io/ip/analysis/7e527b44-c950-4c01-bb33-d96"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Panama",
"Poland",
"United Kingdom of Great Britain and Northern Ireland",
"Slovakia",
"Aruba",
"Anguilla",
"Australia",
"Costa Rica",
"Guatemala",
"Mexico",
"Trinidad and Tobago",
"Cura\u00e7ao",
"Philippines",
"Virgin Islands, U.S.",
"Ukraine",
"Barbados",
"Germany",
"Sint Maarten (Dutch part)",
"Argentina",
"Switzerland"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Healthcare",
"Government",
"Technology",
"Energy",
"Telecommunications"
],
"TLP": "white",
"cloned_from": "6901363c4ce422f5caf0f72c",
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 3903,
"FileHash-SHA1": 4967,
"FileHash-SHA256": 12884,
"URL": 996,
"domain": 987,
"hostname": 3306,
"email": 4,
"CVE": 1
},
"indicator_count": 27048,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 67,
"modified_text": "88 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6901363c4ce422f5caf0f72c",
"name": "Copy of DevT-OddTags-Browser-BasedOdditites - (L4ke.Aff3ct.216, 01.18.26)",
"description": "Updated based on VT Graph & Tracking Spread of Cybercrime. This Pulse is mostly covering activity in the Province of Alberta Canada. Given recent news, it appears that BC Interior Health and Kelowna RCMP Detachment impacted in addition to Alberta Sectors of Education, Healthcare, and Government (Provincial & Federal - e.g. Treaty 6,7,8 as well as the Canadian CRA heavily impacted). \nEnriched a graph by vt user (L4ke.Aff3ct.216, 01.02.26)\nSubmitted IOCs to Greynoise.io (10.28.25)",
"modified": "2026-02-18T05:00:41.494000",
"created": "2025-10-28T21:31:40.008000",
"tags": [
"kgs0",
"kls0",
"botname http",
"entity",
"UAlberta",
"Telus",
"Norton",
"ffss",
"Alberta",
"AlbertaNDP",
"InteriorHealth",
"RCMP",
"CrimeStoppersAB",
"EdmontonPolice",
"RCMP Kelowna",
"RCMP AB"
],
"references": [
"https://www.virustotal.com/graph/embed/g34c2ebfedb6c47c286431a829da992c3744ab3fab0d74008946f3b9bbeb83e23?theme=dark",
"https://viz.greynoise.io/ip/analysis/61bb7542-40c2-448e-87d4-947a4623eada"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Panama",
"Poland",
"United Kingdom of Great Britain and Northern Ireland",
"Slovakia",
"Aruba",
"Anguilla",
"Australia",
"Costa Rica",
"Guatemala",
"Mexico",
"Trinidad and Tobago",
"Cura\u00e7ao",
"Philippines",
"Virgin Islands, U.S.",
"Ukraine",
"Barbados",
"Germany",
"Sint Maarten (Dutch part)"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Healthcare",
"Government",
"Technology",
"Energy",
"Telecommunications"
],
"TLP": "white",
"cloned_from": null,
"export_count": 1,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 3903,
"FileHash-SHA1": 4967,
"FileHash-SHA256": 12884,
"URL": 995,
"domain": 984,
"hostname": 3305,
"email": 4
},
"indicator_count": 27042,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "103 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "68adee67c08cd025b05c2ab0",
"name": "Collection of Collections - Updated - Malicious Certificates & University of Alberta DataBreach - 09.15.25.25",
"description": "This Pulse is an attempt to aggregate all known certificates from all sources.\n\nEncrypted Communication: The malware uses Bitcoin and Ethereum addresses for communication, allowing it to receive commands and exfiltrate data securely.\nEvasion Techniques: The malware generates long and unusual domain parts using Domain Generation Algorithms to evade detection and establish communication with its C2 server.\nData Exfiltration: The malware can exfiltrate data to cloud storage services, enabling the threat actor to steal sensitive information from the compromised system.\nRemote Access: The malware leverages bidirectional communication and system binary proxy execution techniques to enable remote access and control over the infected system.\nIngress Tool Transfer: The malware downloads executable files from URLs, indicating its ability to download additional malicious payloads or updates to enhance its capabilities.",
"modified": "2025-10-16T05:02:02.452000",
"created": "2025-08-26T17:27:01.650000",
"tags": [
"http",
"https",
"kgs0",
"kls0",
"Malcerts",
"Certificates",
"Alberta",
"GovAB",
"UAlberta",
"Speader"
],
"references": [
"https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark",
"https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4",
"https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25",
"https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview",
"https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community",
"Added some URLs from FSio Report to URLScan"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada",
"Netherlands",
"Aruba",
"Panama",
"Poland",
"Ukraine",
"United Kingdom of Great Britain and Northern Ireland",
"Anguilla",
"United Arab Emirates",
"Ireland",
"Tanzania, United Republic of",
"Philippines",
"Japan",
"Guatemala",
"Mexico",
"Bahamas",
"Barbados",
"Georgia",
"Slovakia",
"Sint Maarten (Dutch part)",
"Kenya"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Technology",
"Telecommunications",
"Healthcare"
],
"TLP": "white",
"cloned_from": null,
"export_count": 25,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 2,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1639,
"FileHash-MD5": 1481,
"FileHash-SHA1": 1421,
"FileHash-SHA256": 5969,
"domain": 707,
"hostname": 2311,
"email": 5,
"CIDR": 13
},
"indicator_count": 13546,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 133,
"modified_text": "228 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "241 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "370 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "67aac6e4b628acffaed3f068",
"name": "New Batch - Malcerts - 02.10.25 - unenriched",
"description": "Here is the full text of the text that was found on the website of Mozilla, following an investigation by the security firm Virustotal and the UK's Office of National Statistics (ONS).. [autofilled].\n\nMore Malcerts from Sample Device deployed at several sites in YEG - Canada. Related to pulse - Thor Scan Lite Linux\nNot enriched on import, but did include links to VT entries as IOCs (those will be false positives - but easy access). \nFolder name: Mozilla Located @ /usr/share/ca-certificates",
"modified": "2025-03-16T17:01:06.968000",
"created": "2025-02-11T03:41:24.585000",
"tags": [
"UAlberta",
"Malcerts",
"Certificates",
"Eduroam",
"Alberta"
],
"references": [
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/iocs",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/summary",
"https://hybrid-analysis.com/file-collection/67aa8951a3fc5708a905306a",
"https://www.virustotal.com/gui/collection/207ce29e0defa958ed9ce12667ce39b491e3e8d1f0a345b3c6b50992c9879b5c/community",
"https://tria.ge/250210-3c3c3askfz",
"https://tria.ge/250210-3nh4kasmes",
"https://tria.ge/250210-3y8f7sspdy",
"https://tria.ge/250211-dhpxgswlax",
"https://tria.ge/250211-dt1hcswme1",
"https://tria.ge/250211-dx9v7swnbw",
"Zipped IOC: c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"https://www.virustotal.com/graph/embed/g4d7797bcffdd450281d4012ac3a0a5ee3fafe8b4f5964c18b4e0332306cb367b?theme=dark",
"https://tip.neiki.dev/file/c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"c85a87adee4c099081c0be6a69d7468280f4d289bde882c66af86d023d32288a",
"Cert[.]pl MLDB: 1da23fc67a5f101321e39d04e76dcaa7"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education",
"Government",
"Healthcare",
"Telecommunications",
"Finance",
"Agriculture",
"Hospitality",
"Media",
"Retail"
],
"TLP": "white",
"cloned_from": null,
"export_count": 13,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 831,
"FileHash-SHA1": 801,
"FileHash-SHA256": 3227,
"URL": 395,
"domain": 189,
"hostname": 798
},
"indicator_count": 6241,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "441 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65afca8042c6fe9412bfa29b",
"name": "Red Team & Law Firm hijack targets Denver, Arizona, Indiana",
"description": "",
"modified": "2024-01-23T14:17:36.291000",
"created": "2024-01-23T14:17:36.291000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aec0fde095e6b58d81150c",
"export_count": 10,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "scoreblue",
"id": "254100",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 228,
"modified_text": "859 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65afbae2f2128524e68c4344",
"name": "RED TEAM ",
"description": "",
"modified": "2024-01-23T13:10:58.488000",
"created": "2024-01-23T13:10:58.488000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aebfa135f9d1d8ba5d74a9",
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 1,
"follower_count": 0,
"vote": 0,
"author": {
"username": "craignbmed",
"id": "181999",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_181999/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 45,
"modified_text": "859 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65aec5db33e8f0cb8010282c",
"name": "Dark Angels Newest Threat -ESXi Ransomware [Pulse created by another user]",
"description": "",
"modified": "2024-01-22T19:45:31.378000",
"created": "2024-01-22T19:45:31.378000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aec0fde095e6b58d81150c",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 222,
"modified_text": "860 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65aec0fde095e6b58d81150c",
"name": "Red Team & Law Firm attack target [copy users pulse] Denver, Arizona, Indiana, Germany",
"description": "",
"modified": "2024-01-22T19:24:45.664000",
"created": "2024-01-22T19:24:45.664000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "65aebfa135f9d1d8ba5d74a9",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 2,
"domain": 1083,
"URL": 4338,
"hostname": 1386,
"FileHash-SHA256": 1740,
"FileHash-SHA1": 83,
"email": 12,
"FileHash-MD5": 96
},
"indicator_count": 8740,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "860 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "aevga.com",
"type": "Domain"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "aevga.com",
"found": false,
"verdict": "clean",
"urls": [],
"error": null
},
"from_cache": true,
"_cached_at": 1780316716.3451762
}