{ "type": "URL", "indicator": "http://static.ttnet.com.tr", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://static.ttnet.com.tr", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 11904240, "indicator": "http://static.ttnet.com.tr", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "66e9c8e63a72c7cb531a58ba", "name": "08.09.24 URLscanio 2 weeks.csv", "description": "", "modified": "2025-10-25T02:09:23.619000", "created": "2024-09-17T18:22:30.731000", "tags": [], "references": [ "https://x.com/NorrisN60014/status/1836092481978486802", "https://x.com/NorrisN60014/status/1836092481978486802", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 6, "URL": 1074, "domain": 1530, "email": 2, "hostname": 2849 }, "indicator_count": 5464, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "218 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66f235b9a7a94a6a61acd651", "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan", "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.", "modified": "2025-03-07T08:38:08.584000", "created": "2024-09-24T03:44:57.902000", "tags": [ "geoip", "public url", "as16509", "amazon02", "as20940", "akamaiasn1", "as8075", "as15169", "google", "akamaias", "facebook", "telecom", "twitter", "media", "win64", "level3", "mini", "ukraine", "proton", "ghost", "win32", "cuba", "mexico", "indonesia", "seznam", "as3359", "as852" ], "references": [ "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://n0paste.eu/UH6n5pD/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Anguilla", "Poland", "Aruba", "Australia", "Barbados", "Costa Rica", "Guatemala", "Philippines", "Panama", "Sint Maarten (Dutch part)", "Saint Martin (French part)", "Cayman Islands", "Cura\u00e7ao", "Mexico", "Saint Vincent and the Grenadines", "Saint Kitts and Nevis", "Tanzania, United Republic of", "Netherlands", "Ukraine", "Trinidad and Tobago", "Japan", "Bahamas", "United Kingdom of Great Britain and Northern Ireland", "Georgia" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "CIDR": 1186, "CVE": 4, "FileHash-MD5": 29, "FileHash-SHA1": 3, "URL": 25493, "domain": 5396, "email": 10, "hostname": 10770 }, "indicator_count": 42892, "is_author": false, "is_subscribing": null, "subscriber_count": 149, "modified_text": "449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d504143037071ca7eb72f", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:25.315000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d50425beacf9d86af6693", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:26.675000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d50448f6f04ef4cc74a57", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:28.195000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb4c7e8dfacb55bce2db69", "name": "Threat Intel Report - W27-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T12:04:36.044000", "created": "2024-08-13T12:07:26.492000", "tags": [ "mozi", "mozi link", "week", "windows", "germany", "android", "spain", "brazil", "italy", "russia", "risepro", "remcos", "powershell", "panama", "ukraine", "agent tesla", "asyncrat", "hijackloader", "june", "p2pinfect" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [ "France", "Italy", "United States of America", "Canada", "Spain", "United Kingdom of Great Britain and Northern Ireland", "T\u00fcrkiye" ], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 91, "URL": 150, "FileHash-MD5": 72, "FileHash-SHA1": 72, "FileHash-SHA256": 118, "domain": 7 }, "indicator_count": 510, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66269b1f33258a8e26033b17", "name": "Tracking Domains - Part 4.1", "description": "More Tracking Domains", "modified": "2024-08-30T13:02:28.335000", "created": "2024-04-22T17:15:11.398000", "tags": [ "Tracking Domains" ], "references": [ "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark", "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94496, "FileHash-MD5": 63, "domain": 112327, "URL": 166918, "FileHash-SHA1": 33, "FileHash-SHA256": 103, "CIDR": 216 }, "indicator_count": 374156, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "638 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64be38c912f60b4463ef0628", "name": "Threat Intel Report - W30-2023", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week.\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools.\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2023-08-23T08:00:50.250000", "created": "2023-07-24T08:39:37.070000", "tags": [ "sha1 file", "name submit", "date", "malware url", "china", "ip address", "blacklist host", "ip country", "latest spambot", "visit", "activity", "brazil", "germany", "chile", "week rank", "smoke loader", "domains", "url http", "amadey", "agent tesla", "url https", "ddos", "bladabindi", "njw0rm", "rats", "dofoil" ], "references": [ "https://precisionsec.com/threat-intelligence-feeds/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 37, "FileHash-SHA1": 34, "FileHash-SHA256": 97, "URL": 87, "domain": 31, "hostname": 60 }, "indicator_count": 346, "is_author": false, "is_subscribing": null, "subscriber_count": 108, "modified_text": "1011 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63d25ef07da3766f5cde7b74", "name": "GitHub - stamparm/ipsum: Daily feed of bad IPs (with blacklist hit scores)", "description": "", "modified": "2023-02-25T11:03:08.045000", "created": "2023-01-26T11:07:28.697000", "tags": [ "ipsum", "greater", "wall", "shame", "ip dns", "number" ], "references": [ "https://github.com/stamparm/ipsum" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cwalkden34", "id": "222073", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 26, "domain": 33, "hostname": 292 }, "indicator_count": 351, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "1190 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://urlhaus.abuse.ch/", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://n0paste.eu/UH6n5pD/", "https://github.com/stamparm/ipsum", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://precisionsec.com/threat-intelligence-feeds/", "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time", "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551", "https://x.com/NorrisN60014/status/1836092481978486802", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Sparrowdoor", "Clop", "Infostealer", "Lumma", "Hardhat", "Qilin" ], "industries": [ "Cryptocurrency", "Hospitality", "Government", "Telecommunications", "Technology", "Healthcare", "Education" ], "unique_indicators": 83846 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ttnet.com.tr", "whois": "http://whois.domaintools.com/ttnet.com.tr", "domain": "ttnet.com.tr", "hostname": "static.ttnet.com.tr" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "66e9c8e63a72c7cb531a58ba", "name": "08.09.24 URLscanio 2 weeks.csv", "description": "", "modified": "2025-10-25T02:09:23.619000", "created": "2024-09-17T18:22:30.731000", "tags": [], "references": [ "https://x.com/NorrisN60014/status/1836092481978486802", "https://x.com/NorrisN60014/status/1836092481978486802", "https://www.hybrid-analysis.com/sample/a4f03d9a35524a7c0596777ea2b1fe5d98161b2462435e6056e4e39eb869396d/66e9ae1eb806d5b3300b842f", "https://viz.greynoise.io/analysis/79a3ab55-982c-4fb7-9952-abde6f1219c2", "https://www.filescan.io/uploads/66e9b5494a48170ff00c8102/reports", "https://report.netcraft.com/submission/9R7KbGQKOvzU9GBdraRBpUJ4C", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-MD5": 6, "URL": 1074, "domain": 1530, "email": 2, "hostname": 2849 }, "indicator_count": 5464, "is_author": false, "is_subscribing": null, "subscriber_count": 187, "modified_text": "218 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67ef8df5d1dfcf2ce2fce716", "name": "Threat Intel Report - W13-2025", "description": "These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-05-04T07:02:31.627000", "created": "2025-04-04T07:44:53.871000", "tags": [ "mozi", "mozi link", "china", "russia", "microsoft", "windows", "week", "germany", "iocs", "clearfake", "indonesia", "remcos", "asyncrat", "sharepoint", "malware", "date", "mexico", "panama", "amadey", "infostealer", "sparrowdoor", "clop" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Infostealer", "display_name": "Infostealer", "target": null }, { "id": "SparrowDoor", "display_name": "SparrowDoor", "target": null }, { "id": "Clop", "display_name": "Clop", "target": null } ], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Cryptocurrency", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 264, "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 18, "domain": 59, "hostname": 115 }, "indicator_count": 480, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "391 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66f235b9a7a94a6a61acd651", "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan", "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.", "modified": "2025-03-07T08:38:08.584000", "created": "2024-09-24T03:44:57.902000", "tags": [ "geoip", "public url", "as16509", "amazon02", "as20940", "akamaiasn1", "as8075", "as15169", "google", "akamaias", "facebook", "telecom", "twitter", "media", "win64", "level3", "mini", "ukraine", "proton", "ghost", "win32", "cuba", "mexico", "indonesia", "seznam", "as3359", "as852" ], "references": [ "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://n0paste.eu/UH6n5pD/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Anguilla", "Poland", "Aruba", "Australia", "Barbados", "Costa Rica", "Guatemala", "Philippines", "Panama", "Sint Maarten (Dutch part)", "Saint Martin (French part)", "Cayman Islands", "Cura\u00e7ao", "Mexico", "Saint Vincent and the Grenadines", "Saint Kitts and Nevis", "Tanzania, United Republic of", "Netherlands", "Ukraine", "Trinidad and Tobago", "Japan", "Bahamas", "United Kingdom of Great Britain and Northern Ireland", "Georgia" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "CIDR": 1186, "CVE": 4, "FileHash-MD5": 29, "FileHash-SHA1": 3, "URL": 25493, "domain": 5396, "email": 10, "hostname": 10770 }, "indicator_count": 42892, "is_author": false, "is_subscribing": null, "subscriber_count": 149, "modified_text": "449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "679b5dfdefa11d18f84b2acd", "name": "Threat Intel Report - W01-2025", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced \nfrom various channels and tools.\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective \nactions to upgrade their security infrastructure against newly identified threats and attacks in this week.", "modified": "2025-03-01T10:02:53.494000", "created": "2025-01-30T11:09:49.734000", "tags": [ "mozi", "tech mahindra", "csrmirteam", "threat report", "netherland", "mozi link", "blacklist host", "ip country", "latest spambot", "visit", "dcrat", "uruguay", "asyncrat", "space bears", "malware", "date", "xworm", "sality", "steam", "lumma", "hardhat" ], "references": [ "https://urlhaus.abuse.ch/", "https://any.run/malware-trends/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null }, { "id": "Hardhat", "display_name": "Hardhat", "target": null } ], "attack_ids": [], "industries": [ "Cryptocurrency" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 74, "hostname": 83, "URL": 165, "FileHash-MD5": 14, "FileHash-SHA1": 14, "FileHash-SHA256": 14 }, "indicator_count": 364, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "455 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d504143037071ca7eb72f", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:25.315000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d50425beacf9d86af6693", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:26.675000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "674d50448f6f04ef4cc74a57", "name": "Threat Intel Report - W47-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2025-01-01T06:03:42.757000", "created": "2024-12-02T06:14:28.195000", "tags": [ "mozi", "webserverpirata", "russia", "germany", "china", "singapore", "brazil", "bulgaria", "kazakstan", "turkey", "ukraine", "stealc", "indonesia", "redline stealer", "amadey", "panama", "belarus" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 79, "URL": 272, "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 17, "hostname": 79 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "514 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb4c7e8dfacb55bce2db69", "name": "Threat Intel Report - W27-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T12:04:36.044000", "created": "2024-08-13T12:07:26.492000", "tags": [ "mozi", "mozi link", "week", "windows", "germany", "android", "spain", "brazil", "italy", "russia", "risepro", "remcos", "powershell", "panama", "ukraine", "agent tesla", "asyncrat", "hijackloader", "june", "p2pinfect" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [ "France", "Italy", "United States of America", "Canada", "Spain", "United Kingdom of Great Britain and Northern Ireland", "T\u00fcrkiye" ], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [ "Hospitality" ], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 91, "URL": 150, "FileHash-MD5": 72, "FileHash-SHA1": 72, "FileHash-SHA256": 118, "domain": 7 }, "indicator_count": 510, "is_author": false, "is_subscribing": null, "subscriber_count": 107, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66bb44c55928675e15bc818d", "name": "Threat Intel Report - W30-2024", "description": "This is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and tools. \n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade their security infrastructure against newly identified threats and attacks in this week. \n\nSecurity is a continuous process, and it has to be reviewed and audited on a continuous manner through manual or automated tools. \n\nThese details may be used as an additional layer to verify the current security posture of an organization against latest cyber trends.", "modified": "2024-09-12T11:00:55.410000", "created": "2024-08-13T11:34:29.979000", "tags": [ "mozi", "microsoft", "week", "windows", "panama", "germany", "russia", "lithuania", "romania", "urls http", "agent tesla", "asyncrat", "dcrat", "muddywater", "indonesia", "mexico", "remcos", "stealc", "steam", "lockbit", "february", "qilin" ], "references": [ "https://any.run/malware-trends/", "https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qilin", "display_name": "Qilin", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "hostname": 82, "URL": 211, "FileHash-MD5": 69, "FileHash-SHA1": 68, "FileHash-SHA256": 117, "CVE": 1 }, "indicator_count": 618, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "625 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66269b1f33258a8e26033b17", "name": "Tracking Domains - Part 4.1", "description": "More Tracking Domains", "modified": "2024-08-30T13:02:28.335000", "created": "2024-04-22T17:15:11.398000", "tags": [ "Tracking Domains" ], "references": [ "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark", "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94496, "FileHash-MD5": 63, "domain": 112327, "URL": 166918, "FileHash-SHA1": 33, "FileHash-SHA256": 103, "CIDR": 216 }, "indicator_count": 374156, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "638 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://static.ttnet.com.tr", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://static.ttnet.com.tr", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780197489.830453 }