{ "type": "Domain", "indicator": "grok.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/grok.com", "alexa": "http://www.alexa.com/siteinfo/grok.com", "indicator": "grok.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4266961721, "indicator": "grok.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b7f94aa2d8255313aa5e62", "name": "CAPE Sandbox c++ hollow root trust bypass", "description": "", "modified": "2026-04-15T12:09:31.789000", "created": "2026-03-16T12:36:26.354000", "tags": [ "accept", "aaaa", "khtml", "gecko", "windows nt", "msie", "linux x8664", "linux i686", "cname", "win64", "win32", "compiler", "python", "code", "null", "unknown", "shutdown", "root", "winxx" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/014cbbfc40ec1040874e3e096148bbc90e9bb9b55d28e20538495eb5f8027c83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1773664602&Signature=Uqulv%2BNCI4opS2aeb5ebqVEs%2Bje68oAXC%2BZiXSHT%2FVPU5riM2nnmpVCf8rGLhjNogSnZ2L9OOAXFqxDhCvrOnQvLbAEgYFgPgFn4gCRqExGxRUaDuSskurcWZ9nuX23t9qubJ27HORyuQi0txDYfnRxbjC8pc4fmpJSjphCoeAxhABR9CWW2eVab2%2Bgv%2FXe%2FKZKqOIrYGl%2FKG9F%2BnS3uBgDEyjo0EEgUyvRXYmiHQ5D3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1181, "FileHash-MD5": 48, "FileHash-SHA1": 51, "FileHash-SHA256": 48, "SSLCertFingerprint": 1, "domain": 42, "email": 4, "hostname": 493 }, "indicator_count": 1868, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b7f94cd6069c9a37b6c74b", "name": "CAPE Sandbox c++ hollow root trust bypass", "description": "", "modified": "2026-04-15T12:09:31.789000", "created": "2026-03-16T12:36:28.546000", "tags": [ "accept", "aaaa", "khtml", "gecko", "windows nt", "msie", "linux x8664", "linux i686", "cname", "win64", "win32", "compiler", "python", "code", "null", "unknown", "shutdown", "root", "winxx" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/014cbbfc40ec1040874e3e096148bbc90e9bb9b55d28e20538495eb5f8027c83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1773664602&Signature=Uqulv%2BNCI4opS2aeb5ebqVEs%2Bje68oAXC%2BZiXSHT%2FVPU5riM2nnmpVCf8rGLhjNogSnZ2L9OOAXFqxDhCvrOnQvLbAEgYFgPgFn4gCRqExGxRUaDuSskurcWZ9nuX23t9qubJ27HORyuQi0txDYfnRxbjC8pc4fmpJSjphCoeAxhABR9CWW2eVab2%2Bgv%2FXe%2FKZKqOIrYGl%2FKG9F%2BnS3uBgDEyjo0EEgUyvRXYmiHQ5D3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1181, "FileHash-MD5": 48, "FileHash-SHA1": 51, "FileHash-SHA256": 48, "SSLCertFingerprint": 1, "domain": 42, "email": 4, "hostname": 493 }, "indicator_count": 1868, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/014cbbfc40ec1040874e3e096148bbc90e9bb9b55d28e20538495eb5f8027c83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1773664602&Signature=Uqulv%2BNCI4opS2aeb5ebqVEs%2Bje68oAXC%2BZiXSHT%2FVPU5riM2nnmpVCf8rGLhjNogSnZ2L9OOAXFqxDhCvrOnQvLbAEgYFgPgFn4gCRqExGxRUaDuSskurcWZ9nuX23t9qubJ27HORyuQi0txDYfnRxbjC8pc4fmpJSjphCoeAxhABR9CWW2eVab2%2Bgv%2FXe%2FKZKqOIrYGl%2FKG9F%2BnS3uBgDEyjo0EEgUyvRXYmiHQ5D3" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b7f94aa2d8255313aa5e62", "name": "CAPE Sandbox c++ hollow root trust bypass", "description": "", "modified": "2026-04-15T12:09:31.789000", "created": "2026-03-16T12:36:26.354000", "tags": [ "accept", "aaaa", "khtml", "gecko", "windows nt", "msie", "linux x8664", "linux i686", "cname", "win64", "win32", "compiler", "python", "code", "null", "unknown", "shutdown", "root", "winxx" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/014cbbfc40ec1040874e3e096148bbc90e9bb9b55d28e20538495eb5f8027c83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1773664602&Signature=Uqulv%2BNCI4opS2aeb5ebqVEs%2Bje68oAXC%2BZiXSHT%2FVPU5riM2nnmpVCf8rGLhjNogSnZ2L9OOAXFqxDhCvrOnQvLbAEgYFgPgFn4gCRqExGxRUaDuSskurcWZ9nuX23t9qubJ27HORyuQi0txDYfnRxbjC8pc4fmpJSjphCoeAxhABR9CWW2eVab2%2Bgv%2FXe%2FKZKqOIrYGl%2FKG9F%2BnS3uBgDEyjo0EEgUyvRXYmiHQ5D3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1181, "FileHash-MD5": 48, "FileHash-SHA1": 51, "FileHash-SHA256": 48, "SSLCertFingerprint": 1, "domain": 42, "email": 4, "hostname": 493 }, "indicator_count": 1868, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b7f94cd6069c9a37b6c74b", "name": "CAPE Sandbox c++ hollow root trust bypass", "description": "", "modified": "2026-04-15T12:09:31.789000", "created": "2026-03-16T12:36:28.546000", "tags": [ "accept", "aaaa", "khtml", "gecko", "windows nt", "msie", "linux x8664", "linux i686", "cname", "win64", "win32", "compiler", "python", "code", "null", "unknown", "shutdown", "root", "winxx" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/014cbbfc40ec1040874e3e096148bbc90e9bb9b55d28e20538495eb5f8027c83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1773664602&Signature=Uqulv%2BNCI4opS2aeb5ebqVEs%2Bje68oAXC%2BZiXSHT%2FVPU5riM2nnmpVCf8rGLhjNogSnZ2L9OOAXFqxDhCvrOnQvLbAEgYFgPgFn4gCRqExGxRUaDuSskurcWZ9nuX23t9qubJ27HORyuQi0txDYfnRxbjC8pc4fmpJSjphCoeAxhABR9CWW2eVab2%2Bgv%2FXe%2FKZKqOIrYGl%2FKG9F%2BnS3uBgDEyjo0EEgUyvRXYmiHQ5D3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1181, "FileHash-MD5": 48, "FileHash-SHA1": 51, "FileHash-SHA256": 48, "SSLCertFingerprint": 1, "domain": 42, "email": 4, "hostname": 493 }, "indicator_count": 1868, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "grok.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "grok.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780283816.1003315 }