{
  "type": "Domain",
  "indicator": "fixation.dev",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/fixation.dev",
    "alexa": "http://www.alexa.com/siteinfo/fixation.dev",
    "indicator": "fixation.dev",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 4322463560,
      "indicator": "fixation.dev",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 3,
      "pulses": [
        {
          "id": "69f3322b53bd6368005d9ac9",
          "name": "Sinkholes, Backdoors, Trojans, and Exploits.",
          "description": "[ full text of this article, which has now been published, is published on the website of the European Union, the EU and the United Arab Emirates (UAE), and can be viewed here.]<not relevant pretext except for perhaps the certificate chain. Cryptographic Validation is imperitive for all agencies, especially those who are hosting a person known or unknown, on their server. Trust bypass opens a giant watering hole that systemically can compromise the entire internet. This is an epic failure in all things IT and a destructive cover for the lifelong of residual internet failures and probelms it will have.",
          "modified": "2026-05-30T13:26:53.645000",
          "created": "2026-04-30T10:42:51.884000",
          "tags": [
            "ipv4",
            "filehashmd5",
            "filehashsha256",
            "show",
            "search",
            "type indicator",
            "role title",
            "added active",
            "related pulses",
            "united",
            "pdfkit.net",
            "sinkhole",
            "backdoor",
            "trojan",
            "exploit",
            "server misuse",
            "entity misappropriation",
            "unsigned certificates",
            "? of apple jailbreak",
            "telecom insider",
            "spyware gone wrong",
            "negligent",
            "stalkerware",
            "retrieval of sent evidence",
            "misuse of systems",
            "hiding malicious artifacts on muni pages exploiting the mass",
            "intentional watering hole",
            "unsigned DNSSEC*",
            "known malic pdfs left open for public clickbait",
            "pdfs connect to a cryptomine",
            "hx of cryptomine",
            "IT abuse",
            "siloh on purpose",
            "active bystander",
            "whistleblower",
            "failed PD intervention",
            "failure to investigate"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 2356,
            "FileHash-SHA1": 2407,
            "FileHash-SHA256": 2479,
            "email": 2,
            "domain": 169,
            "URL": 1549,
            "hostname": 1516,
            "URI": 1,
            "CIDR": 7
          },
          "indicator_count": 10486,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "17 hours ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69ea8e2082633358a0c28090",
          "name": "CAPE Sandbox \"YL\"",
          "description": "\"YL\" imprint left behind on a usere property. Unsure.",
          "modified": "2026-05-23T21:00:44.705000",
          "created": "2026-04-23T21:24:48.742000",
          "tags": [
            "csv text",
            "unicode text",
            "utf8 text",
            "crlf line",
            "text text"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1014",
              "name": "Rootkit",
              "display_name": "T1014 - Rootkit"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1203",
              "name": "Exploitation for Client Execution",
              "display_name": "T1203 - Exploitation for Client Execution"
            },
            {
              "id": "T1221",
              "name": "Template Injection",
              "display_name": "T1221 - Template Injection"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1030",
              "name": "Data Transfer Size Limits",
              "display_name": "T1030 - Data Transfer Size Limits"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 362,
            "FileHash-SHA1": 102,
            "FileHash-SHA256": 347,
            "URL": 243,
            "domain": 79,
            "hostname": 297,
            "email": 5
          },
          "indicator_count": 1435,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "7 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69ea8e2213897ed793fe7036",
          "name": "CAPE Sandbox \"YL\"",
          "description": "\"YL\" imprint left behind on a usere property. Unsure.",
          "modified": "2026-05-23T21:00:44.705000",
          "created": "2026-04-23T21:24:50.034000",
          "tags": [
            "csv text",
            "unicode text",
            "utf8 text",
            "crlf line",
            "text text"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1014",
              "name": "Rootkit",
              "display_name": "T1014 - Rootkit"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1203",
              "name": "Exploitation for Client Execution",
              "display_name": "T1203 - Exploitation for Client Execution"
            },
            {
              "id": "T1221",
              "name": "Template Injection",
              "display_name": "T1221 - Template Injection"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1030",
              "name": "Data Transfer Size Limits",
              "display_name": "T1030 - Data Transfer Size Limits"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 371,
            "FileHash-SHA1": 111,
            "FileHash-SHA256": 238,
            "URL": 197,
            "domain": 167,
            "hostname": 215,
            "email": 8,
            "URI": 3
          },
          "indicator_count": 1310,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "7 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 3,
  "pulses": [
    {
      "id": "69f3322b53bd6368005d9ac9",
      "name": "Sinkholes, Backdoors, Trojans, and Exploits.",
      "description": "[ full text of this article, which has now been published, is published on the website of the European Union, the EU and the United Arab Emirates (UAE), and can be viewed here.]<not relevant pretext except for perhaps the certificate chain. Cryptographic Validation is imperitive for all agencies, especially those who are hosting a person known or unknown, on their server. Trust bypass opens a giant watering hole that systemically can compromise the entire internet. This is an epic failure in all things IT and a destructive cover for the lifelong of residual internet failures and probelms it will have.",
      "modified": "2026-05-30T13:26:53.645000",
      "created": "2026-04-30T10:42:51.884000",
      "tags": [
        "ipv4",
        "filehashmd5",
        "filehashsha256",
        "show",
        "search",
        "type indicator",
        "role title",
        "added active",
        "related pulses",
        "united",
        "pdfkit.net",
        "sinkhole",
        "backdoor",
        "trojan",
        "exploit",
        "server misuse",
        "entity misappropriation",
        "unsigned certificates",
        "? of apple jailbreak",
        "telecom insider",
        "spyware gone wrong",
        "negligent",
        "stalkerware",
        "retrieval of sent evidence",
        "misuse of systems",
        "hiding malicious artifacts on muni pages exploiting the mass",
        "intentional watering hole",
        "unsigned DNSSEC*",
        "known malic pdfs left open for public clickbait",
        "pdfs connect to a cryptomine",
        "hx of cryptomine",
        "IT abuse",
        "siloh on purpose",
        "active bystander",
        "whistleblower",
        "failed PD intervention",
        "failure to investigate"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 2356,
        "FileHash-SHA1": 2407,
        "FileHash-SHA256": 2479,
        "email": 2,
        "domain": 169,
        "URL": 1549,
        "hostname": 1516,
        "URI": 1,
        "CIDR": 7
      },
      "indicator_count": 10486,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "17 hours ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69ea8e2082633358a0c28090",
      "name": "CAPE Sandbox \"YL\"",
      "description": "\"YL\" imprint left behind on a usere property. Unsure.",
      "modified": "2026-05-23T21:00:44.705000",
      "created": "2026-04-23T21:24:48.742000",
      "tags": [
        "csv text",
        "unicode text",
        "utf8 text",
        "crlf line",
        "text text"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1014",
          "name": "Rootkit",
          "display_name": "T1014 - Rootkit"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1203",
          "name": "Exploitation for Client Execution",
          "display_name": "T1203 - Exploitation for Client Execution"
        },
        {
          "id": "T1221",
          "name": "Template Injection",
          "display_name": "T1221 - Template Injection"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1030",
          "name": "Data Transfer Size Limits",
          "display_name": "T1030 - Data Transfer Size Limits"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 362,
        "FileHash-SHA1": 102,
        "FileHash-SHA256": 347,
        "URL": 243,
        "domain": 79,
        "hostname": 297,
        "email": 5
      },
      "indicator_count": 1435,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "7 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69ea8e2213897ed793fe7036",
      "name": "CAPE Sandbox \"YL\"",
      "description": "\"YL\" imprint left behind on a usere property. Unsure.",
      "modified": "2026-05-23T21:00:44.705000",
      "created": "2026-04-23T21:24:50.034000",
      "tags": [
        "csv text",
        "unicode text",
        "utf8 text",
        "crlf line",
        "text text"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1014",
          "name": "Rootkit",
          "display_name": "T1014 - Rootkit"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1203",
          "name": "Exploitation for Client Execution",
          "display_name": "T1203 - Exploitation for Client Execution"
        },
        {
          "id": "T1221",
          "name": "Template Injection",
          "display_name": "T1221 - Template Injection"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1030",
          "name": "Data Transfer Size Limits",
          "display_name": "T1030 - Data Transfer Size Limits"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 371,
        "FileHash-SHA1": 111,
        "FileHash-SHA256": 238,
        "URL": 197,
        "domain": 167,
        "hostname": 215,
        "email": 8,
        "URI": 3
      },
      "indicator_count": 1310,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "7 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "fixation.dev",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "fixation.dev",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780211315.9547112
}