{ "type": "URL", "indicator": "https://aka.ms/o0ukef", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://aka.ms/o0ukef", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #256", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain aka.ms", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain aka.ms", "name": "Whitelisted domain" } ], "base_indicator": { "id": 1570376771, "indicator": "https://aka.ms/o0ukef", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 14, "pulses": [ { "id": "60a794fa6de6293139323f21", "name": "VETTED Phishing URLs", "description": "VETTED Phishing URLs, mostly european targets", "modified": "2026-06-02T06:44:22.106000", "created": "2021-05-21T11:09:46.641000", "tags": [ "europe", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1982030, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "verifrom", "id": "15054", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 107067 }, "indicator_count": 107067, "is_author": false, "is_subscribing": null, "subscriber_count": 1273, "modified_text": "18 minutes ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5d5e3505dead54faab143", "name": "com.apple.security.sos.error.com", "description": "....sos", "modified": "2026-04-02T23:13:44.625000", "created": "2026-03-02T18:24:35.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 139, "domain": 113, "URL": 126, "FileHash-MD5": 91, "FileHash-SHA1": 72, "FileHash-SHA256": 777, "CIDR": 3 }, "indicator_count": 1321, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a6b3699b113a39a3c46c73", "name": "1bef44a9745600e9dca3f425a00ccdac13437523fee7291e4af01c1556ffbb55", "description": "26\nYARA Detections\n5\nAlerts\n0\nAnalysis Overview\nAnalysis Date\n5 years ago\nFile Score\n18\nMalicious\nAntivirus Detections\nALF:PUA:Win32/Coinminer.MK!MTB\nIDS Detections\nCryptocurrency Miner Checkin\nCoinMiner Known Malicious Stratum Authline (2018-03-23 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-03 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-13 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-16 6)\nMore\nYara Detections\nLZMA\n, \nUPX_OEP_place\n, \nUPXV200V290MarkusOberhumerLaszloMolnarJohnReiser\n, \nUPXv20MarkusLaszloReiser\n, \nUPX\nAlerts\n24 Alerts\nnids_malware_alert\nnetwork_icmp\nnolookup_communication\npersistence_autorun\ncreates_service\nsniffer_winpcap\ninjection_resumethread\nantiemu_wine\nnetwork_cnc_http\nnetwork_http\nMore\nIP\u2019s Contacted\n85804 IP\u2019s Contacted\n\n1.0.146.16\n\n1.0.207.201\n\n1.0.240.0\n\n1.0.40.131", "modified": "2026-04-02T10:06:37.073000", "created": "2026-03-03T10:09:45.209000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 220, "FileHash-SHA1": 220, "FileHash-SHA256": 228, "URL": 4, "hostname": 1, "domain": 2, "email": 1 }, "indicator_count": 676, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a68f44600b7a4bdf115e2d", "name": "tc speed connect.com", "description": "", "modified": "2026-04-02T08:23:24.882000", "created": "2026-03-03T07:35:32.338000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 126, "URL": 154, "FileHash-MD5": 130, "FileHash-SHA1": 145, "FileHash-SHA256": 469, "email": 5, "hostname": 555 }, "indicator_count": 1584, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5efafa9d1fbfb53498f75", "name": "CVE-2014-8361", "description": "CVE-2014-8361", "modified": "2026-04-02T05:24:47.244000", "created": "2026-03-02T20:14:39.110000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 50, "URL": 20, "domain": 106, "email": 3, "hostname": 62 }, "indicator_count": 351, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a6a965c5699e9997e46b3e", "name": "CVE-2021-21972", "description": "Not Sandboxed", "modified": "2026-04-02T00:02:40.479000", "created": "2026-03-03T09:27:01.134000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 2, "URL": 1 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a59cdebd67483e912c1309", "name": "com.apple.WebKit.WebContent.xpc.com - unsigned domain +76.223.54.146 / 13.248.169.48", "description": "The following is the full set of results from an analysis of OTX telemetry on the GoDaddy website, which was created on 19 November 1999 and is now being used by the BBC to broadcast live online. <-prior work new findings in title.", "modified": "2026-04-01T18:00:23.406000", "created": "2026-03-02T14:21:18.714000", "tags": [ "status", "date", "passive dns", "urls", "domain", "cayman", "otx logo", "scan endpoints", "create pulse", "submit sample" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 115, "email": 2, "hostname": 375, "URL": 64, "FileHash-MD5": 6, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "CVE": 2 }, "indicator_count": 572, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5d75fc273098586030d9a", "name": "ec1e74ee749d09294cf471af58c3d0d6eaf9cd4979f3d868c9ad0b465ed4e88d - TROJAN", "description": "DDoS:Linux/Gafgyt.YA!MTB - malicious/racial/disgusting.42\n/62\n42 security vendor\ns\n detected this FileHash - SHA256 as malicious\n2020-12-07 10:05:45\nLast Analysis\nDetections (Top 10)\nSOURCE\nRESULT\nVERSION\nUPDATE\nALYac\tGen:Variant.Linux.Mirai.1\t1.1.1.5\t2020-12-06\nAVG\tELF:DDoS-S [Trj]\t20.10.5736.0\t2020-12-06\nAd-Aware\tGen:Variant.Linux.Mirai.1\t3.0.16.117\t2020-12-06\nAhnLab-V3\tLinux/Mirai.Gen6\t3.19.3.10105\t2020-12-06\nAntiy-AVL\tTrojan[Backdoor]/Linux.Gafgyt.a\t3.0.0.1\t2020-12-06\nArcabit\tTrojan.Linux.Mirai.1\t1.0.0.881\t2020-12-06\nAvast\tELF:DDoS-S [Trj]\t20.10.5736.0\t2020-12-06\nAvast-Mobile\tELF:DDoS-S [Trj]\t201207-00\t2020-12-06\nAvira\tLINUX/Gafgyt.opnd\t8.3.3.10\t2020-12-06\nBitDefender\tGen:Variant.Linux.Mirai.1\t7.2\t2020-12-06", "modified": "2026-04-01T18:00:23.406000", "created": "2026-03-02T18:30:55.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 101, "FileHash-SHA1": 101, "FileHash-SHA256": 102, "CVE": 2, "URL": 14, "domain": 4, "hostname": 9 }, "indicator_count": 333, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5ef78377030e837a7cacf", "name": "CVE-2017-17215", "description": "CVE-2017-17215", "modified": "2026-03-04T23:37:19.358000", "created": "2026-03-02T20:13:44.840000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 3, "hostname": 1, "URL": 1 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a69cf48afeab456b5ae92f", "name": "cve-2021-22005", "description": "", "modified": "2026-03-04T23:37:10.890000", "created": "2026-03-03T08:33:56.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "URL": 5, "domain": 2, "email": 1, "hostname": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a76b234969d9a3816b38b9", "name": "adcfe8c18031801f43cc7f6067ac17c5fd290d50dba786b91e095", "description": "21/62 VT- MD5\n02103dd0af5d000898d00ce211e40fd6 \nSHA-1\naf0a24190e2bed8eb3d25646fe99e5372585095f \nSHA-256\nadcfe8c18031801f43cc7f6067ac17c5fd290d50dba786b91e0957dbf6455b52 \nSSDEEP\n393216:HUZcDcY7V9xp3a+e0d8WoCFk/uB4dItZRbh84hvtOyUIKyiKk8xBz6bYyeo5Fa1I:5E \nTLSH\nT17F373D25E6815987043AC4B1F3137BB4FB7C6E0D430209B4B86F65265F8DFA2126A7ED \nFile type\nEmail \ninternet\nemail\n \nMagic\nmail, ASCII text, with CRLF line terminators \nTrID\nStandard Unix Mailbox (71.6%) E-Mail message (Var. 2) (28.3%) \nMagika\nEML \nFile size\n21.91 MB (22970311 bytes) \nF-PROT packer\nqp, appended", "modified": "2026-03-04T23:37:06.900000", "created": "2026-03-03T23:13:39.033000", "tags": [ "ssdeep", "email internet", "magic mail", "ascii text", "crlf line", "trid standard", "unix mailbox", "magika eml", "file size", "fprot packer" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "FileHash-MD5": 3, "FileHash-SHA1": 3, "URL": 7, "hostname": 1, "domain": 1, "email": 1 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "630a159adbb66d3dd00f87cc", "name": "GeoJS | GeoJS \u00b7 REST/JSON/JSONP GeoIP API", "description": "when you compare this pulse to one with the exact same data that i created yeterday in a mew otx account with user \"callmedoris\" you can clearly see how corrupted and tampered results are produced in this account. As many normal features of otx are totally limited in this account. For mostly in \"callmedoris\" this data auto generates 4 mitre attack codes which are not happening here", "modified": "2022-09-26T00:01:58.557000", "created": "2022-08-27T13:01:14.036000", "tags": [ "no expiration", "expiration", "url https", "filehashsha256", "url http", "filehashsha1", "filehashmd5", "hostname", "domain", "ipv4", "geojs", "span", "highly", "hello", "json", "returns", "api docs", "general chatops", "endpoints blog", "app contact", "twitter", "keybase", "service", "https://otx.alienvault.com/pulse/6307e6d29746a93deaca198f" ], "references": [ "https://www.geojs.io/", "https://hybrid-analysis.com/sample/fb6824e0a6797e465f515669698a944601c7591ed4d4869cceb262f804746252/615bd8a4dcb563321b12fdf5/", "Additionally there is a ton of data pulled here which is pass and parcel", "Another important part of the giant puzzle", "https://otx.alienvault.com/pulse/6307e6d29746a93deaca198f" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 470, "hostname": 127, "FileHash-SHA256": 131, "domain": 34, "FileHash-MD5": 68, "FileHash-SHA1": 61 }, "indicator_count": 891, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1345 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "629bd2456d6cc7c3b45dafe8", "name": "http://www.e30.be/browserconfig.xml", "description": "", "modified": "2022-07-04T00:03:29.389000", "created": "2022-06-04T21:44:37.411000", "tags": [], "references": [ "https://hybrid-analysis.com/sample/66059103ebf5ea317dcbbc2ec01446167679b1c9347331fe73b621f8c38117fe/6293165674d0f04d7966112e" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 50, "hostname": 21, "URL": 128, "domain": 28, "FileHash-MD5": 33, "FileHash-SHA1": 30 }, "indicator_count": 290, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6264b524008ccee1d221f967", "name": "statcounter nefarious ad and analytics in platform webapp delivered ads", "description": "", "modified": "2022-05-24T00:01:27.321000", "created": "2022-04-24T02:25:40.062000", "tags": [ "associated urls", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "section", "ansi", "threat level", "header", "messages", "surveymonkey", "chrome", "firefox", "safari", "microsoft", "date", "span", "path", "body", "accept", "explorer", "suspicious", "main", "hybrid", "close", "click", "hosts", "april", "malicious", "general", "local", "factory", "strings", "team", "february", "hybrid analysis", "input", "report", "falcon sandbox", "please note", "data protection", "policy", "https", "memoryfile scan", "windir", "openurl c", "urlhttps", "pmuid", "no expiration", "filehashsha256", "url http", "expiration" ], "references": [ "https://onetag-sys.com/usync/?pubId=6b859b96c564fbe", "https://sync.richaudience.com/74889303289e27f327ad0c6de7be7264/?p=1BTOoaD22a&consentString=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&ccpa_", "https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA", "https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&us_privacy=1---", "https://hybrid-analysis.com/sample/de66bd83860e9dc66969b28f3b93b36c07c5f9d9568f13b07f0e1928490d6945/62649e273fcef808fa4c2bbb", "https://hybrid-analysis.com/sample/9116e707b9da6b1047df9412e29b816726ba3aa6ebc91d77f7f47741ccb7b7bd/6264a22fa3836270e73495b3", "https://hybrid-analysis.com/sample/b3d7008253008166b2abeb2fcc642d9c5e354435f7cb83a681b3cba82840002e/62626a096a89191d343c4546", "usync.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 693, "hostname": 325, "domain": 205, "FileHash-SHA256": 148, "FileHash-MD5": 31, "CVE": 1, "FileHash-SHA1": 22, "email": 3 }, "indicator_count": 1428, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/de66bd83860e9dc66969b28f3b93b36c07c5f9d9568f13b07f0e1928490d6945/62649e273fcef808fa4c2bbb", "https://hybrid-analysis.com/sample/66059103ebf5ea317dcbbc2ec01446167679b1c9347331fe73b621f8c38117fe/6293165674d0f04d7966112e", "https://hybrid-analysis.com/sample/fb6824e0a6797e465f515669698a944601c7591ed4d4869cceb262f804746252/615bd8a4dcb563321b12fdf5/", "Another important part of the giant puzzle", "https://otx.alienvault.com/pulse/6307e6d29746a93deaca198f", "Additionally there is a ton of data pulled here which is pass and parcel", "https://hybrid-analysis.com/sample/b3d7008253008166b2abeb2fcc642d9c5e354435f7cb83a681b3cba82840002e/62626a096a89191d343c4546", "usync.html", "https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&us_privacy=1---", "https://sync.richaudience.com/74889303289e27f327ad0c6de7be7264/?p=1BTOoaD22a&consentString=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA&ccpa_", "https://ssbsync.smartadserver.com/api/sync?callerId=43&gdpr=1&gdpr_consent=CPX4AJgPX4AJgDlBEAENCMCsAP_AAH_AACiQIsNf_X__b3_n-_7___t0eY1f9_7__-0zjhfdt-8N3f_X_L8X_2M7vF36tr4KuR4ku3bBIQdtHOncTUmx6olVrzPsbk2cr7NKJ7Pkmnsbe2dYGH9_n93T_ZKZ7______7________________________-_____9____________________________8EWACTDUvIAuxLHBk2jSKFECMKwkOoFABRQDC0RWEDq4KdlcBPqCFgAgFQEYEQIMQUYMAgAEAgCQiICQA8EAiAIgEAAIAFQCEABGwCCwAsDAIABQDQsQIoAhAkIMigiOUwICJEooJ7KxBKDvY0whDrLACgUf0VCAiUAIFgZCQsHMcASAlwskCzFC-QAjAAAA", "https://www.geojs.io/", "https://hybrid-analysis.com/sample/9116e707b9da6b1047df9412e29b816726ba3aa6ebc91d77f7f47741ccb7b7bd/6264a22fa3836270e73495b3", "https://onetag-sys.com/usync/?pubId=6b859b96c564fbe" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 114922 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/aka.ms", "whois": "http://whois.domaintools.com/aka.ms", "domain": "aka.ms", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 14, "pulses": [ { "id": "60a794fa6de6293139323f21", "name": "VETTED Phishing URLs", "description": "VETTED Phishing URLs, mostly european targets", "modified": "2026-06-02T06:44:22.106000", "created": "2021-05-21T11:09:46.641000", "tags": [ "europe", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1982030, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "verifrom", "id": "15054", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 107067 }, "indicator_count": 107067, "is_author": false, "is_subscribing": null, "subscriber_count": 1273, "modified_text": "18 minutes ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5d5e3505dead54faab143", "name": "com.apple.security.sos.error.com", "description": "....sos", "modified": "2026-04-02T23:13:44.625000", "created": "2026-03-02T18:24:35.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 139, "domain": 113, "URL": 126, "FileHash-MD5": 91, "FileHash-SHA1": 72, "FileHash-SHA256": 777, "CIDR": 3 }, "indicator_count": 1321, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a6b3699b113a39a3c46c73", "name": "1bef44a9745600e9dca3f425a00ccdac13437523fee7291e4af01c1556ffbb55", "description": "26\nYARA Detections\n5\nAlerts\n0\nAnalysis Overview\nAnalysis Date\n5 years ago\nFile Score\n18\nMalicious\nAntivirus Detections\nALF:PUA:Win32/Coinminer.MK!MTB\nIDS Detections\nCryptocurrency Miner Checkin\nCoinMiner Known Malicious Stratum Authline (2018-03-23 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-03 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-13 2)\nCoinMiner Known Malicious Stratum Authline (2018-04-16 6)\nMore\nYara Detections\nLZMA\n, \nUPX_OEP_place\n, \nUPXV200V290MarkusOberhumerLaszloMolnarJohnReiser\n, \nUPXv20MarkusLaszloReiser\n, \nUPX\nAlerts\n24 Alerts\nnids_malware_alert\nnetwork_icmp\nnolookup_communication\npersistence_autorun\ncreates_service\nsniffer_winpcap\ninjection_resumethread\nantiemu_wine\nnetwork_cnc_http\nnetwork_http\nMore\nIP\u2019s Contacted\n85804 IP\u2019s Contacted\n\n1.0.146.16\n\n1.0.207.201\n\n1.0.240.0\n\n1.0.40.131", "modified": "2026-04-02T10:06:37.073000", "created": "2026-03-03T10:09:45.209000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 220, "FileHash-SHA1": 220, "FileHash-SHA256": 228, "URL": 4, "hostname": 1, "domain": 2, "email": 1 }, "indicator_count": 676, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a68f44600b7a4bdf115e2d", "name": "tc speed connect.com", "description": "", "modified": "2026-04-02T08:23:24.882000", "created": "2026-03-03T07:35:32.338000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 126, "URL": 154, "FileHash-MD5": 130, "FileHash-SHA1": 145, "FileHash-SHA256": 469, "email": 5, "hostname": 555 }, "indicator_count": 1584, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5efafa9d1fbfb53498f75", "name": "CVE-2014-8361", "description": "CVE-2014-8361", "modified": "2026-04-02T05:24:47.244000", "created": "2026-03-02T20:14:39.110000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 51, "FileHash-SHA1": 51, "FileHash-SHA256": 50, "URL": 20, "domain": 106, "email": 3, "hostname": 62 }, "indicator_count": 351, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a6a965c5699e9997e46b3e", "name": "CVE-2021-21972", "description": "Not Sandboxed", "modified": "2026-04-02T00:02:40.479000", "created": "2026-03-03T09:27:01.134000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 2, "URL": 1 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a59cdebd67483e912c1309", "name": "com.apple.WebKit.WebContent.xpc.com - unsigned domain +76.223.54.146 / 13.248.169.48", "description": "The following is the full set of results from an analysis of OTX telemetry on the GoDaddy website, which was created on 19 November 1999 and is now being used by the BBC to broadcast live online. <-prior work new findings in title.", "modified": "2026-04-01T18:00:23.406000", "created": "2026-03-02T14:21:18.714000", "tags": [ "status", "date", "passive dns", "urls", "domain", "cayman", "otx logo", "scan endpoints", "create pulse", "submit sample" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 115, "email": 2, "hostname": 375, "URL": 64, "FileHash-MD5": 6, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "CVE": 2 }, "indicator_count": 572, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5d75fc273098586030d9a", "name": "ec1e74ee749d09294cf471af58c3d0d6eaf9cd4979f3d868c9ad0b465ed4e88d - TROJAN", "description": "DDoS:Linux/Gafgyt.YA!MTB - malicious/racial/disgusting.42\n/62\n42 security vendor\ns\n detected this FileHash - SHA256 as malicious\n2020-12-07 10:05:45\nLast Analysis\nDetections (Top 10)\nSOURCE\nRESULT\nVERSION\nUPDATE\nALYac\tGen:Variant.Linux.Mirai.1\t1.1.1.5\t2020-12-06\nAVG\tELF:DDoS-S [Trj]\t20.10.5736.0\t2020-12-06\nAd-Aware\tGen:Variant.Linux.Mirai.1\t3.0.16.117\t2020-12-06\nAhnLab-V3\tLinux/Mirai.Gen6\t3.19.3.10105\t2020-12-06\nAntiy-AVL\tTrojan[Backdoor]/Linux.Gafgyt.a\t3.0.0.1\t2020-12-06\nArcabit\tTrojan.Linux.Mirai.1\t1.0.0.881\t2020-12-06\nAvast\tELF:DDoS-S [Trj]\t20.10.5736.0\t2020-12-06\nAvast-Mobile\tELF:DDoS-S [Trj]\t201207-00\t2020-12-06\nAvira\tLINUX/Gafgyt.opnd\t8.3.3.10\t2020-12-06\nBitDefender\tGen:Variant.Linux.Mirai.1\t7.2\t2020-12-06", "modified": "2026-04-01T18:00:23.406000", "created": "2026-03-02T18:30:55.317000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 101, "FileHash-SHA1": 101, "FileHash-SHA256": 102, "CVE": 2, "URL": 14, "domain": 4, "hostname": 9 }, "indicator_count": 333, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "61 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a5ef78377030e837a7cacf", "name": "CVE-2017-17215", "description": "CVE-2017-17215", "modified": "2026-03-04T23:37:19.358000", "created": "2026-03-02T20:13:44.840000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 3, "hostname": 1, "URL": 1 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a69cf48afeab456b5ae92f", "name": "cve-2021-22005", "description": "", "modified": "2026-03-04T23:37:10.890000", "created": "2026-03-03T08:33:56.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "URL": 5, "domain": 2, "email": 1, "hostname": 3 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://aka.ms/o0ukef", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://aka.ms/o0ukef", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780383754.853889 }