{ "type": "URL", "indicator": "https://3f96f975.0797school.cn", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://3f96f975.0797school.cn", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3454275463, "indicator": "https://3f96f975.0797school.cn", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "66d86e0d76778bf1bcb47e5d", "name": "AS140227 enriched", "description": "", "modified": "2025-06-07T15:40:37.476000", "created": "2024-09-04T14:26:21.356000", "tags": [], "references": [ "https://www.virustotal.com/graph/g883116b41ba0417e98c7d99988fd2464797fb1fe54054692a35fe49c03255297" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 1331, "domain": 4165, "hostname": 3720, "URL": 11188, "CVE": 1 }, "indicator_count": 20435, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "358 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "665e54dbff4658a62e79cc66", "name": "Trojan Dropper | Ransomware | Weaponized Underage Pornography", "description": "69.165.78.78 (Command \"target\" 'ty connection') \nFraming\nibiceteena.media\nhttps://www.govolunteerabroad.org/blog/best-teen-and-high-school-volunteer-programs-abroad\n\n\nDomain\ntheteenxxx1.co\nhttps://theteenxxx1.com\nhttp://theteenxxx1.com\nhttp://www.hear-movie.com/wp-content/plugins/gkplugins-for-wordpress/sabeydee/plugins/gkplugins_mthai.swf\t\t\tJun 3, 2024, 11:04:48 PM\t\t6\t\n\nURL\thttp://www.hear-movie.com/wp-content/plugins/gkplugins-for-wordpress/sabeydee/plugins/gkplugins_sendspace.swf\t\t\t\t\t\n (Resources: \nat6800d.exe | https://www.virustotal.com/gui/file/e78282d8d71f0dd9bff906d3ed39d42c08d8e563f2ce36e2ce6e4f20eb14ea97/community)", "modified": "2024-07-03T23:02:42.914000", "created": "2024-06-03T23:42:19.702000", "tags": [ "historical ssl", "june", "threat roundup", "referrer", "unknown win", "executable", "url http", "indicator role", "title added", "active related", "pulses ipv4", "filehashmd5", "showing", "entries", "log id", "gmtn", "passive dns", "urls", "go daddy", "authority", "tls web", "arizona", "scottsdale", "ca issuers", "false", "united", "as30148 sucuri", "unknown", "meta", "ransom", "sucuri website", "sucuri security", "a domains", "win32", "trojandropper", "trojan", "error", "null", "back", "simda", "best targets", "sites", "amazon 02", "metro", "malware", "formbook", "win32 exe", "detections type", "name", "html", "summary", "submission", "ssdeep", "file type", "html internet", "magic ascii", "html document", "crlf line", "file size", "history first", "analysis" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 528, "domain": 1070, "hostname": 1578, "URL": 4320, "FileHash-MD5": 49, "FileHash-SHA1": 46, "CVE": 2, "SSLCertFingerprint": 2 }, "indicator_count": 7595, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e7ca78fb9ed8bda43d0", "name": "Part 2 of the small sub section post - This a sample of the infrastructure on the perimeter of each of those controlled websrv and devuces on home lans", "description": "", "modified": "2023-12-06T15:08:44.795000", "created": "2023-12-06T15:08:44.795000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 19, "hostname": 404, "FileHash-SHA256": 1484, "FileHash-SHA1": 1, "URL": 1141, "domain": 202, "FileHash-MD5": 1 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6286f196943a5ae10bc4e72c", "name": "Part 2 of the small sub section post - This a sample of the infrastructure on the perimeter of each of those controlled websrv and devuces on home lans", "description": "", "modified": "2022-06-19T00:05:22.053000", "created": "2022-05-20T01:40:38.150000", "tags": [], "references": [ "layer 2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 404, "FileHash-SHA256": 1484, "URL": 1141, "domain": 202, "CVE": 19, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1442 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/g883116b41ba0417e98c7d99988fd2464797fb1fe54054692a35fe49c03255297", "layer 2" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 31352 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/0797school.cn", "whois": "http://whois.domaintools.com/0797school.cn", "domain": "0797school.cn", "hostname": "3f96f975.0797school.cn" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "66d86e0d76778bf1bcb47e5d", "name": "AS140227 enriched", "description": "", "modified": "2025-06-07T15:40:37.476000", "created": "2024-09-04T14:26:21.356000", "tags": [], "references": [ "https://www.virustotal.com/graph/g883116b41ba0417e98c7d99988fd2464797fb1fe54054692a35fe49c03255297" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 1331, "domain": 4165, "hostname": 3720, "URL": 11188, "CVE": 1 }, "indicator_count": 20435, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "358 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "665e54dbff4658a62e79cc66", "name": "Trojan Dropper | Ransomware | Weaponized Underage Pornography", "description": "69.165.78.78 (Command \"target\" 'ty connection') \nFraming\nibiceteena.media\nhttps://www.govolunteerabroad.org/blog/best-teen-and-high-school-volunteer-programs-abroad\n\n\nDomain\ntheteenxxx1.co\nhttps://theteenxxx1.com\nhttp://theteenxxx1.com\nhttp://www.hear-movie.com/wp-content/plugins/gkplugins-for-wordpress/sabeydee/plugins/gkplugins_mthai.swf\t\t\tJun 3, 2024, 11:04:48 PM\t\t6\t\n\nURL\thttp://www.hear-movie.com/wp-content/plugins/gkplugins-for-wordpress/sabeydee/plugins/gkplugins_sendspace.swf\t\t\t\t\t\n (Resources: \nat6800d.exe | https://www.virustotal.com/gui/file/e78282d8d71f0dd9bff906d3ed39d42c08d8e563f2ce36e2ce6e4f20eb14ea97/community)", "modified": "2024-07-03T23:02:42.914000", "created": "2024-06-03T23:42:19.702000", "tags": [ "historical ssl", "june", "threat roundup", "referrer", "unknown win", "executable", "url http", "indicator role", "title added", "active related", "pulses ipv4", "filehashmd5", "showing", "entries", "log id", "gmtn", "passive dns", "urls", "go daddy", "authority", "tls web", "arizona", "scottsdale", "ca issuers", "false", "united", "as30148 sucuri", "unknown", "meta", "ransom", "sucuri website", "sucuri security", "a domains", "win32", "trojandropper", "trojan", "error", "null", "back", "simda", "best targets", "sites", "amazon 02", "metro", "malware", "formbook", "win32 exe", "detections type", "name", "html", "summary", "submission", "ssdeep", "file type", "html internet", "magic ascii", "html document", "crlf line", "file size", "history first", "analysis" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 528, "domain": 1070, "hostname": 1578, "URL": 4320, "FileHash-MD5": 49, "FileHash-SHA1": 46, "CVE": 2, "SSLCertFingerprint": 2 }, "indicator_count": 7595, "is_author": false, "is_subscribing": null, "subscriber_count": 230, "modified_text": "696 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e7ca78fb9ed8bda43d0", "name": "Part 2 of the small sub section post - This a sample of the infrastructure on the perimeter of each of those controlled websrv and devuces on home lans", "description": "", "modified": "2023-12-06T15:08:44.795000", "created": "2023-12-06T15:08:44.795000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 19, "hostname": 404, "FileHash-SHA256": 1484, "FileHash-SHA1": 1, "URL": 1141, "domain": 202, "FileHash-MD5": 1 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6286f196943a5ae10bc4e72c", "name": "Part 2 of the small sub section post - This a sample of the infrastructure on the perimeter of each of those controlled websrv and devuces on home lans", "description": "", "modified": "2022-06-19T00:05:22.053000", "created": "2022-05-20T01:40:38.150000", "tags": [], "references": [ "layer 2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 404, "FileHash-SHA256": 1484, "URL": 1141, "domain": 202, "CVE": 19, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1442 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://3f96f975.0797school.cn", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://3f96f975.0797school.cn", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780266275.127183 }