{ "type": "Domain", "indicator": "getindication.top", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/getindication.top", "alexa": "http://www.alexa.com/siteinfo/getindication.top", "indicator": "getindication.top", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3685882442, "indicator": "getindication.top", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "65709c176bf14908e11e80d8", "name": "TechM-Threat Intel Report - W23-2023", "description": "", "modified": "2023-12-06T16:06:47.815000", "created": "2023-12-06T16:06:47.815000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 130, "FileHash-MD5": 46, "FileHash-SHA1": 46, "domain": 125, "hostname": 42, "URL": 123, "CVE": 1 }, "indicator_count": 513, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709bdfec2ebd8b9c05c15d", "name": "Threat Intel Report - W22-2023", "description": "", "modified": "2023-12-06T16:05:51.194000", "created": "2023-12-06T16:05:51.194000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 147, "FileHash-MD5": 78, "FileHash-SHA1": 73, "domain": 111, "hostname": 29, "URL": 121 }, "indicator_count": 559, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647da78794bf55c527ee8400", "name": "TechM-Threat Intel Report - W23-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-07-05T08:04:41.483000", "created": "2023-06-05T09:14:47.526000", "tags": [ "kimsuky", "linux", "blackcat", "romcom", "qbot", "remote access", "cvss", "cvss base", "jetpack plugin", "million", "latin america", "camaro dragon", "strikes", "python code", "gigabyte", "dark pink", "romcom rat", "royal", "rokrat", "scarcruft", "indonesia", "exploit", "hashes domains", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "china", "singapore", "romania", "quakbot", "stealc", "anydesk", "guloader", "date", "malware url", "tags", "agenttesla", "rhadamanthy", "privateloader", "smoke loader", "sha1 file", "name submit" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.dnsbl.info/" ], "public": 1, "adversary": "Kimsuky", "targeted_countries": [ "Viet Nam", "Thailand", "Indonesia", "Brunei Darussalam", "Belgium", "United States of America", "Korea, Democratic People's Republic of", "Japan" ], "malware_families": [ { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "RomCom", "display_name": "RomCom", "target": null }, { "id": "BlackCat", "display_name": "BlackCat", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null } ], "attack_ids": [ { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Media", "Social Engineering" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 130, "URL": 123, "domain": 125, "hostname": 42, "CVE": 1 }, "indicator_count": 513, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1061 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64747c916cd830d76839022d", "name": "Threat Intel Report - W22-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-06-28T10:02:59.787000", "created": "2023-05-29T10:21:05.570000", "tags": [ "korean lazarus", "espionage", "lazarus", "buhti", "qbot", "stealthy bandit", "cosmicenergy", "babuk", "moneybird", "kimsuky", "windows", "microsoft", "cvss", "cvss base", "bandit stealer", "google cloud", "cloud sql", "lockbit", "qbot malware", "augusta", "malware", "service", "korean", "hashes domains", "amadey amadey", "ddos", "vidar vidar", "december", "arkei", "vidar", "remcos remcos", "wcry", "wanacryptor", "japan", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "brazil", "canada", "singapore", "qakbot", "privateloader", "date", "malware url", "tags", "coinminer", "smake loader", "sha1 file", "name submit" ], "references": [ "http://sanddroid.xjtu.edu.cn/", "http://jevereg.amnpardaz.com/" ], "public": 1, "adversary": "Korean Lazarus", "targeted_countries": [ "Ukraine", "United States of America", "Georgia" ], "malware_families": [ { "id": "Kimsuky", "display_name": "Kimsuky", "target": null }, { "id": "Moneybird", "display_name": "Moneybird", "target": null }, { "id": "Babuk", "display_name": "Babuk", "target": null }, { "id": "COSMICENERGY", "display_name": "COSMICENERGY", "target": null }, { "id": "Stealthy Bandit", "display_name": "Stealthy Bandit", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "Buhti", "display_name": "Buhti", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 78, "FileHash-SHA1": 73, "FileHash-SHA256": 147, "URL": 121, "domain": 111, "hostname": 29 }, "indicator_count": 559, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1068 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647143991ffc56d78172d48d", "name": "URLHaus data - 26-05-2023", "description": "", "modified": "2023-06-25T23:00:51.347000", "created": "2023-05-26T23:41:13.452000", "tags": [ "BB29", "dll", "geofenced", "msi", "Qakbot", "USA", "64", "exe", "32", "elf", "Mozi", "32-bit", "mips", "mirai", "x86-32", "arm", "hajime", "AsyncRAT", "dropped-by-amadey", "sparc", "PowerPC", "intel", "renesas", "script", "motorola", "ddos-bot", "Stealc", "BRA", "trojan", "dropped-by-SmokeLoader", "LummaStealer", "dropped-by-PrivateLoader", "RedLine", "RedLineStealer", "dcrat", "VoidRAT", "Plasma", "njRAT", "AgentTesla", "Smoke Loader", "Pikabot", "js", "2022", "Password-protected", "zip", "1234", "7z", "AveMariaRAT", "rat", "Loki", "opendir", "geo", "Grandoreiro", "Gozi", "ascii", "Encoded", "RemcosRAT", "doc", "gafgyt", "additionalpayloads", "raccoonv2", "pw:1234", "rar", "RTF" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 999, "domain": 16, "hostname": 1 }, "indicator_count": 1016, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "1070 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.dnsbl.info/", "http://sanddroid.xjtu.edu.cn/", "https://urlhaus.abuse.ch/browse/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "http://jevereg.amnpardaz.com/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Kimsuky", "Korean Lazarus" ], "malware_families": [ "Linux", "Moneybird", "Babuk", "Romcom", "Blackcat", "Qbot", "Buhti", "Remote access", "Cosmicenergy", "Kimsuky", "Stealthy bandit" ], "industries": [ "Social engineering", "Media" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "65709c176bf14908e11e80d8", "name": "TechM-Threat Intel Report - W23-2023", "description": "", "modified": "2023-12-06T16:06:47.815000", "created": "2023-12-06T16:06:47.815000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 130, "FileHash-MD5": 46, "FileHash-SHA1": 46, "domain": 125, "hostname": 42, "URL": 123, "CVE": 1 }, "indicator_count": 513, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709bdfec2ebd8b9c05c15d", "name": "Threat Intel Report - W22-2023", "description": "", "modified": "2023-12-06T16:05:51.194000", "created": "2023-12-06T16:05:51.194000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 147, "FileHash-MD5": 78, "FileHash-SHA1": 73, "domain": 111, "hostname": 29, "URL": 121 }, "indicator_count": 559, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647da78794bf55c527ee8400", "name": "TechM-Threat Intel Report - W23-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-07-05T08:04:41.483000", "created": "2023-06-05T09:14:47.526000", "tags": [ "kimsuky", "linux", "blackcat", "romcom", "qbot", "remote access", "cvss", "cvss base", "jetpack plugin", "million", "latin america", "camaro dragon", "strikes", "python code", "gigabyte", "dark pink", "romcom rat", "royal", "rokrat", "scarcruft", "indonesia", "exploit", "hashes domains", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "china", "singapore", "romania", "quakbot", "stealc", "anydesk", "guloader", "date", "malware url", "tags", "agenttesla", "rhadamanthy", "privateloader", "smoke loader", "sha1 file", "name submit" ], "references": [ "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://www.dnsbl.info/" ], "public": 1, "adversary": "Kimsuky", "targeted_countries": [ "Viet Nam", "Thailand", "Indonesia", "Brunei Darussalam", "Belgium", "United States of America", "Korea, Democratic People's Republic of", "Japan" ], "malware_families": [ { "id": "Remote Access", "display_name": "Remote Access", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "RomCom", "display_name": "RomCom", "target": null }, { "id": "BlackCat", "display_name": "BlackCat", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null } ], "attack_ids": [ { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [ "Media", "Social Engineering" ], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 46, "FileHash-SHA256": 130, "URL": 123, "domain": 125, "hostname": 42, "CVE": 1 }, "indicator_count": 513, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "1061 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64747c916cd830d76839022d", "name": "Threat Intel Report - W22-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-06-28T10:02:59.787000", "created": "2023-05-29T10:21:05.570000", "tags": [ "korean lazarus", "espionage", "lazarus", "buhti", "qbot", "stealthy bandit", "cosmicenergy", "babuk", "moneybird", "kimsuky", "windows", "microsoft", "cvss", "cvss base", "bandit stealer", "google cloud", "cloud sql", "lockbit", "qbot malware", "augusta", "malware", "service", "korean", "hashes domains", "amadey amadey", "ddos", "vidar vidar", "december", "arkei", "vidar", "remcos remcos", "wcry", "wanacryptor", "japan", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "brazil", "canada", "singapore", "qakbot", "privateloader", "date", "malware url", "tags", "coinminer", "smake loader", "sha1 file", "name submit" ], "references": [ "http://sanddroid.xjtu.edu.cn/", "http://jevereg.amnpardaz.com/" ], "public": 1, "adversary": "Korean Lazarus", "targeted_countries": [ "Ukraine", "United States of America", "Georgia" ], "malware_families": [ { "id": "Kimsuky", "display_name": "Kimsuky", "target": null }, { "id": "Moneybird", "display_name": "Moneybird", "target": null }, { "id": "Babuk", "display_name": "Babuk", "target": null }, { "id": "COSMICENERGY", "display_name": "COSMICENERGY", "target": null }, { "id": "Stealthy Bandit", "display_name": "Stealthy Bandit", "target": null }, { "id": "QBot", "display_name": "QBot", "target": null }, { "id": "Buhti", "display_name": "Buhti", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 78, "FileHash-SHA1": 73, "FileHash-SHA256": 147, "URL": 121, "domain": 111, "hostname": 29 }, "indicator_count": 559, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "1068 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "647143991ffc56d78172d48d", "name": "URLHaus data - 26-05-2023", "description": "", "modified": "2023-06-25T23:00:51.347000", "created": "2023-05-26T23:41:13.452000", "tags": [ "BB29", "dll", "geofenced", "msi", "Qakbot", "USA", "64", "exe", "32", "elf", "Mozi", "32-bit", "mips", "mirai", "x86-32", "arm", "hajime", "AsyncRAT", "dropped-by-amadey", "sparc", "PowerPC", "intel", "renesas", "script", "motorola", "ddos-bot", "Stealc", "BRA", "trojan", "dropped-by-SmokeLoader", "LummaStealer", "dropped-by-PrivateLoader", "RedLine", "RedLineStealer", "dcrat", "VoidRAT", "Plasma", "njRAT", "AgentTesla", "Smoke Loader", "Pikabot", "js", "2022", "Password-protected", "zip", "1234", "7z", "AveMariaRAT", "rat", "Loki", "opendir", "geo", "Grandoreiro", "Gozi", "ascii", "Encoded", "RemcosRAT", "doc", "gafgyt", "additionalpayloads", "raccoonv2", "pw:1234", "rar", "RTF" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 999, "domain": 16, "hostname": 1 }, "indicator_count": 1016, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "1070 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "getindication.top", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "getindication.top", "found": true, "verdict": "malicious", "url_count": 2, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "https://getindication.top/mslink1.exe", "status": "offline", "threat": "malware_download", "date_added": "2023-05-30", "tags": [ "Stealc" ] }, { "url": "http://getindication.top/mslink1.exe", "status": "offline", "threat": "malware_download", "date_added": "2023-05-26", "tags": [ "dropped-by-PrivateLoader", "Stealc" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780242312.1383011 }