{ "type": "URL", "indicator": "https://api.share.acrobat.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.share.acrobat.com", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #2014", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain acrobat.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain acrobat.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3965278190, "indicator": "https://api.share.acrobat.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "6a09f2637a6b0fe5c3b1c747", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:52.638000", "created": "2026-05-17T16:52:51.703000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09f2648fad43c2e2f73845", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:50.971000", "created": "2026-05-17T16:52:52.401000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09f267384850f72c7bd03e", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:50.627000", "created": "2026-05-17T16:52:55.517000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6d7b75fef587c1e50c91b", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-08T22:06:56.603000", "created": "2026-04-08T22:33:27.027000", "tags": [ "default", "systemroot", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "inprocserver32", "shell folders", "folders", "accept", "shutdown", "get http", "memory pattern", "dns resolutions", "ip traffic", "ja3 digests", "domains", "urls http", "tls sni", "externalnet", "homenet", "needed", "df bit", "mtu denial", "5762", "domainspot llc", "server", "redacted for", "registrar abuse", "privacy tech", "privacy admin", "date", "code", "pdf cbcform", "domain status", "toggle", "count", "ntclose system", "flags", "typelib", "infotip", "precreate", "foldertypeid", "first", "path", "desktop", "music", "tools", "launch", "upgrade", "explorer", "false", "enterprise", "service", "close", "acrongl integ", "adc4240758", "sha256", "file type", "tierranet", "domaindiscover", "type name", "lookups", "red hat", "gnome", "file", "community", "submission", "linux", "apple computer", "afms", "amusements", "calendar", "cards", "embed", "metal", "minicommander", "splash", "term", "test", "magic", "core", "effect", "general", "nautilus", "javascript", "please", "strong", "mitre attack", "network info", "processes extra", "performs dns", "overview", "overview zenbox", "guest system", "ultimate file", "info file", "next", "document exploit", "bit locker hijack", "tofsee" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/019da822f25213f78f714313ce2de1206aba68cd074941a36e77aad8bd8b2d9f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686627&Signature=gfikxFmm7%2FNPH7TVWMXb9BxWY2FM0Z5uhVWKulPg56YTfzM5bVsusIJTrVbF6HrblLIBnRkrS0KuFoalJBBQO0V811mHIZx8yvBv0wmG8z30TE1%2FGbf3cT9AVjzzZxS%2BroAvgCVpEzwjQ8S%2Fc1T3ax4ZyOP4SesM2thFmWbGnuAQ4aESHRkrtOGzJUxsMnCVjoYbtD8efTQkCCODrUaNe0zaGwF4Dqde86hrxV6MXr825FSPBQMMCz", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686973&Signature=hES6bBv6VHE3HyvaxVjqNANxRqNYW4tViKoFR3BcpUgm3kDDk17xmCw4V9F9ezvjAf%2Bq2X9MpmT69%2FCbvBHxHAXIWuDD%2FxAIz5QV7oT%2BIB9V%2BzaW0fjK5rlNFcnlTsBfpl1zWUnwJOomtAVixaGyGUGyDNiRdmM3DxQQOGaGPtFGbAaDdHsjY2hkheR2kaZ%2B1JTQlTDmcZQ63ayVEm9r%2BtXjlfC%2FBqednS3d%2F9u94yj%2", "https://vtbehaviour.commondatastorage.googleapis.com/acc60d8866c1a99d6ecb683b8bc113c444d70bdaab3aed5306e70665c0e33b7c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687218&Signature=PNBzptbPOIxHpHdEpF0lalk0C5UcykdoUnURq7GEH9cls4WKdb%2BCMsscFV7q8KedXK1KFfMyt05Zsw50v3LVWLTG4YwNMm06myQ5%2FZBlHmBvLGdgBV1mSealcp8oH%2BSR4qzzJGU6qi%2FpYxyjLmFwI80ajKzEtg7Igde5N6NPNmUWI4U6S2zPai2hmtqaHQhgk0mgKsxbsdXHm5sFFD4phSE9pA66cXd3u6mw6OQx7yeOwXKBJ4Udf%", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687535&Signature=obuHKxgAwaUfqKXqSwSPolxkjLHgSZ2KdOpH%2BrHTEQKQ18GolnwEJJfWXJU6OfSngwgtN6D7c%2FA1y4cSEYrB1KK4rs7BjSmjFKM9eqywFwEUgyOOcNou7j2Ec5Z%2BceQhxrdQmIO%2Fcu6zYH6crekPZLl%2BeEJc7RCDiiowEKOBpczwi5BGnZbu%2BQb4Ozn92RpkSwItmOCP1E73rvDvKmAL2NQNYm82lspgQ1%2FrufXDwvPwZObpB", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687687&Signature=mleqsHpGba1EjbsWoqJWhwHM4HlV24DEqXi0rd%2BtS3bqrUo4gH5JsvZBAOKTwdsINPocWZqyZ13h9WQPK0EotRn5GQnfQS3S45mOrb0nSd7pwVcTbZwJCqV%2BytoK4C83sDQo2jBuZQc%2FsNhYj1jF%2FFRliGRfPq8q3ERU2PHJ%2BTu3oZ25Bect7hIeCTSX%2FeUMf7%2FbRwqsDZato1avCx7CfgNsPsMbx3IFbhnLfYdv2%2FM0WGD5BtJepu", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687734&Signature=CngzriV8FZWNeh6VInMF%2BeDSTSENIazGMogmchr2djThAxq1uqXnMMhp5kotUqyHH4AgzdjECyYbYaZ2ctgAJA94LNcRSM8nX1ax%2BmuypMy%2BOqw86woJYHhEhpfDOsSZElFDpSVr04ZiGD3vrrPF%2FrZj7n%2BHQyggCnX7nFSgGREaWgRee4tyLvwQfYtQ6pXqqrC6RMAcaEUlGIh3c70Rc%2BCmnZBrFyyU4jV18a8aUnEqI8x37Iqj4s43rP" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 285, "FileHash-SHA1": 205, "FileHash-SHA256": 246, "hostname": 89, "URL": 51, "domain": 8, "email": 2 }, "indicator_count": 886, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "600 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com", "https://vtbehaviour.commondatastorage.googleapis.com/acc60d8866c1a99d6ecb683b8bc113c444d70bdaab3aed5306e70665c0e33b7c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687218&Signature=PNBzptbPOIxHpHdEpF0lalk0C5UcykdoUnURq7GEH9cls4WKdb%2BCMsscFV7q8KedXK1KFfMyt05Zsw50v3LVWLTG4YwNMm06myQ5%2FZBlHmBvLGdgBV1mSealcp8oH%2BSR4qzzJGU6qi%2FpYxyjLmFwI80ajKzEtg7Igde5N6NPNmUWI4U6S2zPai2hmtqaHQhgk0mgKsxbsdXHm5sFFD4phSE9pA66cXd3u6mw6OQx7yeOwXKBJ4Udf%", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686973&Signature=hES6bBv6VHE3HyvaxVjqNANxRqNYW4tViKoFR3BcpUgm3kDDk17xmCw4V9F9ezvjAf%2Bq2X9MpmT69%2FCbvBHxHAXIWuDD%2FxAIz5QV7oT%2BIB9V%2BzaW0fjK5rlNFcnlTsBfpl1zWUnwJOomtAVixaGyGUGyDNiRdmM3DxQQOGaGPtFGbAaDdHsjY2hkheR2kaZ%2B1JTQlTDmcZQ63ayVEm9r%2BtXjlfC%2FBqednS3d%2F9u94yj%2", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687687&Signature=mleqsHpGba1EjbsWoqJWhwHM4HlV24DEqXi0rd%2BtS3bqrUo4gH5JsvZBAOKTwdsINPocWZqyZ13h9WQPK0EotRn5GQnfQS3S45mOrb0nSd7pwVcTbZwJCqV%2BytoK4C83sDQo2jBuZQc%2FsNhYj1jF%2FFRliGRfPq8q3ERU2PHJ%2BTu3oZ25Bect7hIeCTSX%2FeUMf7%2FbRwqsDZato1avCx7CfgNsPsMbx3IFbhnLfYdv2%2FM0WGD5BtJepu", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687734&Signature=CngzriV8FZWNeh6VInMF%2BeDSTSENIazGMogmchr2djThAxq1uqXnMMhp5kotUqyHH4AgzdjECyYbYaZ2ctgAJA94LNcRSM8nX1ax%2BmuypMy%2BOqw86woJYHhEhpfDOsSZElFDpSVr04ZiGD3vrrPF%2FrZj7n%2BHQyggCnX7nFSgGREaWgRee4tyLvwQfYtQ6pXqqrC6RMAcaEUlGIh3c70Rc%2BCmnZBrFyyU4jV18a8aUnEqI8x37Iqj4s43rP", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687535&Signature=obuHKxgAwaUfqKXqSwSPolxkjLHgSZ2KdOpH%2BrHTEQKQ18GolnwEJJfWXJU6OfSngwgtN6D7c%2FA1y4cSEYrB1KK4rs7BjSmjFKM9eqywFwEUgyOOcNou7j2Ec5Z%2BceQhxrdQmIO%2Fcu6zYH6crekPZLl%2BeEJc7RCDiiowEKOBpczwi5BGnZbu%2BQb4Ozn92RpkSwItmOCP1E73rvDvKmAL2NQNYm82lspgQ1%2FrufXDwvPwZObpB", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "unlocker-setup_v1.1.2.exe", "https://vtbehaviour.commondatastorage.googleapis.com/019da822f25213f78f714313ce2de1206aba68cd074941a36e77aad8bd8b2d9f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686627&Signature=gfikxFmm7%2FNPH7TVWMXb9BxWY2FM0Z5uhVWKulPg56YTfzM5bVsusIJTrVbF6HrblLIBnRkrS0KuFoalJBBQO0V811mHIZx8yvBv0wmG8z30TE1%2FGbf3cT9AVjzzZxS%2BroAvgCVpEzwjQ8S%2Fc1T3ax4ZyOP4SesM2thFmWbGnuAQ4aESHRkrtOGzJUxsMnCVjoYbtD8efTQkCCODrUaNe0zaGwF4Dqde86hrxV6MXr825FSPBQMMCz", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Win.malware.genpack-9877676-0", "Slf:pua:win32/iobitbundler" ], "industries": [ "Telecommunications", "Technology" ], "unique_indicators": 5526 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/acrobat.com", "whois": "http://whois.domaintools.com/acrobat.com", "domain": "acrobat.com", "hostname": "api.share.acrobat.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "6a09f2637a6b0fe5c3b1c747", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:52.638000", "created": "2026-05-17T16:52:51.703000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09f2648fad43c2e2f73845", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:50.971000", "created": "2026-05-17T16:52:52.401000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a09f267384850f72c7bd03e", "name": "FlexiSpy", "description": "[Pulses, as well as data, are the source of the Whois website, which was created in 2006 and is now being used to identify people who have been infected by a virus]", "modified": "2026-05-18T13:13:50.627000", "created": "2026-05-17T16:52:55.517000", "tags": [ "creation date", "moved", "expiration date", "name servers", "date", "server", "passive dns", "urls", "files", "whois registrar", "title", "registrar abuse", "ascio", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "code", "admin country", "admin postal", "domain name", "host blocklist", "github gist", "github", "file format", "search", "google", "text text", "ascii text", "crlf line", "thumbprint", "postal code", "registry domain", "registrar iana", "admin city" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 244, "domain": 116, "email": 3, "hostname": 229, "IPv4": 15, "FileHash-MD5": 24, "FileHash-SHA1": 32, "FileHash-SHA256": 261 }, "indicator_count": 924, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6d7b75fef587c1e50c91b", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-08T22:06:56.603000", "created": "2026-04-08T22:33:27.027000", "tags": [ "default", "systemroot", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "inprocserver32", "shell folders", "folders", "accept", "shutdown", "get http", "memory pattern", "dns resolutions", "ip traffic", "ja3 digests", "domains", "urls http", "tls sni", "externalnet", "homenet", "needed", "df bit", "mtu denial", "5762", "domainspot llc", "server", "redacted for", "registrar abuse", "privacy tech", "privacy admin", "date", "code", "pdf cbcform", "domain status", "toggle", "count", "ntclose system", "flags", "typelib", "infotip", "precreate", "foldertypeid", "first", "path", "desktop", "music", "tools", "launch", "upgrade", "explorer", "false", "enterprise", "service", "close", "acrongl integ", "adc4240758", "sha256", "file type", "tierranet", "domaindiscover", "type name", "lookups", "red hat", "gnome", "file", "community", "submission", "linux", "apple computer", "afms", "amusements", "calendar", "cards", "embed", "metal", "minicommander", "splash", "term", "test", "magic", "core", "effect", "general", "nautilus", "javascript", "please", "strong", "mitre attack", "network info", "processes extra", "performs dns", "overview", "overview zenbox", "guest system", "ultimate file", "info file", "next", "document exploit", "bit locker hijack", "tofsee" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/019da822f25213f78f714313ce2de1206aba68cd074941a36e77aad8bd8b2d9f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686627&Signature=gfikxFmm7%2FNPH7TVWMXb9BxWY2FM0Z5uhVWKulPg56YTfzM5bVsusIJTrVbF6HrblLIBnRkrS0KuFoalJBBQO0V811mHIZx8yvBv0wmG8z30TE1%2FGbf3cT9AVjzzZxS%2BroAvgCVpEzwjQ8S%2Fc1T3ax4ZyOP4SesM2thFmWbGnuAQ4aESHRkrtOGzJUxsMnCVjoYbtD8efTQkCCODrUaNe0zaGwF4Dqde86hrxV6MXr825FSPBQMMCz", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775686973&Signature=hES6bBv6VHE3HyvaxVjqNANxRqNYW4tViKoFR3BcpUgm3kDDk17xmCw4V9F9ezvjAf%2Bq2X9MpmT69%2FCbvBHxHAXIWuDD%2FxAIz5QV7oT%2BIB9V%2BzaW0fjK5rlNFcnlTsBfpl1zWUnwJOomtAVixaGyGUGyDNiRdmM3DxQQOGaGPtFGbAaDdHsjY2hkheR2kaZ%2B1JTQlTDmcZQ63ayVEm9r%2BtXjlfC%2FBqednS3d%2F9u94yj%2", "https://vtbehaviour.commondatastorage.googleapis.com/acc60d8866c1a99d6ecb683b8bc113c444d70bdaab3aed5306e70665c0e33b7c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687218&Signature=PNBzptbPOIxHpHdEpF0lalk0C5UcykdoUnURq7GEH9cls4WKdb%2BCMsscFV7q8KedXK1KFfMyt05Zsw50v3LVWLTG4YwNMm06myQ5%2FZBlHmBvLGdgBV1mSealcp8oH%2BSR4qzzJGU6qi%2FpYxyjLmFwI80ajKzEtg7Igde5N6NPNmUWI4U6S2zPai2hmtqaHQhgk0mgKsxbsdXHm5sFFD4phSE9pA66cXd3u6mw6OQx7yeOwXKBJ4Udf%", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687535&Signature=obuHKxgAwaUfqKXqSwSPolxkjLHgSZ2KdOpH%2BrHTEQKQ18GolnwEJJfWXJU6OfSngwgtN6D7c%2FA1y4cSEYrB1KK4rs7BjSmjFKM9eqywFwEUgyOOcNou7j2Ec5Z%2BceQhxrdQmIO%2Fcu6zYH6crekPZLl%2BeEJc7RCDiiowEKOBpczwi5BGnZbu%2BQb4Ozn92RpkSwItmOCP1E73rvDvKmAL2NQNYm82lspgQ1%2FrufXDwvPwZObpB", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687687&Signature=mleqsHpGba1EjbsWoqJWhwHM4HlV24DEqXi0rd%2BtS3bqrUo4gH5JsvZBAOKTwdsINPocWZqyZ13h9WQPK0EotRn5GQnfQS3S45mOrb0nSd7pwVcTbZwJCqV%2BytoK4C83sDQo2jBuZQc%2FsNhYj1jF%2FFRliGRfPq8q3ERU2PHJ%2BTu3oZ25Bect7hIeCTSX%2FeUMf7%2FbRwqsDZato1avCx7CfgNsPsMbx3IFbhnLfYdv2%2FM0WGD5BtJepu", "https://vtbehaviour.commondatastorage.googleapis.com/1b94f0e037bf690c5429c13268b0a8bfc333a872db6c8f71b9922f8c456c759a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775687734&Signature=CngzriV8FZWNeh6VInMF%2BeDSTSENIazGMogmchr2djThAxq1uqXnMMhp5kotUqyHH4AgzdjECyYbYaZ2ctgAJA94LNcRSM8nX1ax%2BmuypMy%2BOqw86woJYHhEhpfDOsSZElFDpSVr04ZiGD3vrrPF%2FrZj7n%2BHQyggCnX7nFSgGREaWgRee4tyLvwQfYtQ6pXqqrC6RMAcaEUlGIh3c70Rc%2BCmnZBrFyyU4jV18a8aUnEqI8x37Iqj4s43rP" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 285, "FileHash-SHA1": 205, "FileHash-SHA256": 246, "hostname": 89, "URL": 51, "domain": 8, "email": 2 }, "indicator_count": 886, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66dea8f783e2e21fe8105fa8", "name": "IObit Unlocker", "description": "Browser bar, API access ,\ncached, , device unlocker, search result attacks. |\n\nLink below opened appeared on a device, deleted private crowdstrike.com pulse and other IoC's. Device had only been used for research. Private Crowdstrike pulses included highly highly priority and critical issues found prior to h,obal outage. Unsure if related to IObit. . \n\nhttps://otx.alienvault.com/browse/global/pulses?q=tag:%22esta%20caliente%22&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=esta%20caliente\n\nAs reported before both VirusTotal & otx.alienvault.com experiences frequent attacks. New stealer found.. Other users have mentioned otx issues on other forums.", "modified": "2024-10-09T06:02:16.991000", "created": "2024-09-09T07:51:19.348000", "tags": [ "pe resource", "the bazar", "story", "hackers", "cyber attack", "spotify artist", "gamers", "inno setup", "delphi generic", "win32 exe", "pe32", "intel", "ms windows", "pe32 installer", "module", "linker", "delphi", "info header", "name md5", "language", "overlay", "algorithm", "thumbprint", "serial number", "symantec time", "stamping", "sha256 code", "signing ca", "valid", "valid usage", "class", "windows", "uninstall iobit", "files", "file type", "javascript", "get http", "http requests", "dns resolutions", "ip traffic", "legalcopyright", "component", "read", "write", "dynamicloader", "medium", "time stamping", "malware fighter", "variant", "invalid variant", "stack", "format", "error", "msie", "chrome", "passive dns", "gmt content", "all scoreblue", "name servers", "as35819", "moved", "red team", "are you hiring", "united states", "aaaa", "asnone united", "cname", "nxdomain", "whitelisted", "showing", "as44273 host", "inno5311", "win32", "ipv4", "widgitoolbar", "unknown", "hashes", "windows nt", "win32 dll", "kb file", "historical ssl", "referrer", "malware", "network", "cancer", "dynadot inc", "temp", "domains", "mesh digital" ], "references": [ "unlocker-setup_v1.1.2.exe", "FileHash-SHA256 055fb1f2d36226f676514de472d04d84772a104ebc6bc2cb190d08c967c197c6", "codes.iobit.com", "ALF:PUA:Block:IObit.R!MTB | External Hosts: Reverse IP ASN 3.128.123.2\tapi.mybrowserbar.com *DisableUserModeCallbackFilter", "Crowdsourced IDS: Matches rule (http_inspect) HTTP Content-Length message body was truncated Matches rule FILEEXT JPG file claimed", "Yara Detections: Zeppelin_10 , stack_string , ConventionEngine_Keyword_Laun", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing]", "Aug 31, 2024\thttp://bluesprig.mybrowserbar.com/\tbluesprig.mybrowserbar.com\t200\t18.116.57.197", "Yara: Matches rule Windows_API_Function from ruleset Windows_API_Function by InQuest Labs", "img-prod-cms-rt-microsoft-com.akamaized.net | iobitapps.mybrowserbar.com | recorder-iobit-com.us-east-1.elasticbeanstalk.com" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Genpack-9877676-0", "display_name": "Win.Malware.Genpack-9877676-0", "target": null }, { "id": "SLF:PUA:Win32/IObitBundler", "display_name": "SLF:PUA:Win32/IObitBundler", "target": null } ], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 379, "FileHash-SHA1": 357, "FileHash-SHA256": 1383, "URL": 122, "domain": 286, "hostname": 568, "email": 8 }, "indicator_count": 3103, "is_author": false, "is_subscribing": null, "subscriber_count": 233, "modified_text": "600 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.share.acrobat.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.share.acrobat.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780309032.9922245 }