{ "type": "URL", "indicator": "https://cafesecretoquemagrasa.online/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cafesecretoquemagrasa.online/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4335493643, "indicator": "https://cafesecretoquemagrasa.online/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "69f2d65574fec0eb30ae9d57", "name": "VirusTotal report\n for executable.exe", "description": "[The Yara malware sample was detected on 16 January 2023 and the full report has now been published on the Microsoft Research website, which looks at the most common types of malware and how to identify]", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:11:01.330000", "tags": [ "pe file", "file type", "sample", "signatures", "drops pe", "hips", "ascii text", "crlf line", "yara", "spawns", "malicious", "persistence", "formbook", "defense evasion", "next", "windows sandbox", "calls process", "azaz09", "homenet", "externalnet", "et malware", "formbook cnc", "checkin", "connection3a", "clientendpoint", "malware", "moderate", "major", "msg:\"et" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/55df12366f4fdd8bd59c392bfb9b6b3830b03ae15cda3d31bfec0b0aa9d11b10_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777521929&Signature=ko7K7%2BzvBx9Hy15brk86WUuEDCVjAvIYADj8FFjCVDNDpNUnP%2BNCTKkNyrRVq0PhW9R5t6%2BbuOLgqE6EOaQkTtTxKDvwd3vVEr05serzPyKhQ41%2FliJW0pvODbZ2pAVLZQaDVonbEDszVTFTTWHoTBRb2Zg%2Buqvwc4%2FvOUSOE9JxiFdf2ju%2FTVyLHRr0Ha%2F9cND2fpZsNndAgcUNXWRG4lQxS%2BtT7Vj98%2Bym12XfiV9d%2BdpF", "https://vtbehaviour.commondatastorage.googleapis.com/fd8f8402bcc0ab9c896433464d13e11d1f519f064496280d493a55fda86a5c23_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777522125&Signature=gj0mZHrVuHo8drmVW6Za274Y%2B%2FJpTFtNTkz%2ByHr9nheaDG78mV23JwRvSopqBA7%2Fkr7DSNgXcOWhGQnNFST6fpS6LMKxqtZ3x24mDO7rFcZJMTb14GFB71mn1a0W9grmyEYe1WxMGU%2FDCd2VNoYul0%2Fyszkeb8u5mHXQdw4niujdzg%2FPXKAebwYAYVnqwMDUJ0zvnQowWeGz%2FrbMm4saHkZoahsvXdihbtXDi6nR" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "msg:\"ET", "display_name": "msg:\"ET", "target": null } ], "attack_ids": [ { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 169, "URL": 113, "hostname": 103, "domain": 121, "email": 3, "CVE": 6 }, "indicator_count": 627, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/55df12366f4fdd8bd59c392bfb9b6b3830b03ae15cda3d31bfec0b0aa9d11b10_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777521929&Signature=ko7K7%2BzvBx9Hy15brk86WUuEDCVjAvIYADj8FFjCVDNDpNUnP%2BNCTKkNyrRVq0PhW9R5t6%2BbuOLgqE6EOaQkTtTxKDvwd3vVEr05serzPyKhQ41%2FliJW0pvODbZ2pAVLZQaDVonbEDszVTFTTWHoTBRb2Zg%2Buqvwc4%2FvOUSOE9JxiFdf2ju%2FTVyLHRr0Ha%2F9cND2fpZsNndAgcUNXWRG4lQxS%2BtT7Vj98%2Bym12XfiV9d%2BdpF", "https://vtbehaviour.commondatastorage.googleapis.com/fd8f8402bcc0ab9c896433464d13e11d1f519f064496280d493a55fda86a5c23_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777522125&Signature=gj0mZHrVuHo8drmVW6Za274Y%2B%2FJpTFtNTkz%2ByHr9nheaDG78mV23JwRvSopqBA7%2Fkr7DSNgXcOWhGQnNFST6fpS6LMKxqtZ3x24mDO7rFcZJMTb14GFB71mn1a0W9grmyEYe1WxMGU%2FDCd2VNoYul0%2Fyszkeb8u5mHXQdw4niujdzg%2FPXKAebwYAYVnqwMDUJ0zvnQowWeGz%2FrbMm4saHkZoahsvXdihbtXDi6nR" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Msg:\"et" ], "industries": [], "unique_indicators": 577 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cafesecretoquemagrasa.online", "whois": "http://whois.domaintools.com/cafesecretoquemagrasa.online", "domain": "cafesecretoquemagrasa.online", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69f2d65574fec0eb30ae9d57", "name": "VirusTotal report\n for executable.exe", "description": "[The Yara malware sample was detected on 16 January 2023 and the full report has now been published on the Microsoft Research website, which looks at the most common types of malware and how to identify]", "modified": "2026-05-30T04:04:00.214000", "created": "2026-04-30T04:11:01.330000", "tags": [ "pe file", "file type", "sample", "signatures", "drops pe", "hips", "ascii text", "crlf line", "yara", "spawns", "malicious", "persistence", "formbook", "defense evasion", "next", "windows sandbox", "calls process", "azaz09", "homenet", "externalnet", "et malware", "formbook cnc", "checkin", "connection3a", "clientendpoint", "malware", "moderate", "major", "msg:\"et" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/55df12366f4fdd8bd59c392bfb9b6b3830b03ae15cda3d31bfec0b0aa9d11b10_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777521929&Signature=ko7K7%2BzvBx9Hy15brk86WUuEDCVjAvIYADj8FFjCVDNDpNUnP%2BNCTKkNyrRVq0PhW9R5t6%2BbuOLgqE6EOaQkTtTxKDvwd3vVEr05serzPyKhQ41%2FliJW0pvODbZ2pAVLZQaDVonbEDszVTFTTWHoTBRb2Zg%2Buqvwc4%2FvOUSOE9JxiFdf2ju%2FTVyLHRr0Ha%2F9cND2fpZsNndAgcUNXWRG4lQxS%2BtT7Vj98%2Bym12XfiV9d%2BdpF", "https://vtbehaviour.commondatastorage.googleapis.com/fd8f8402bcc0ab9c896433464d13e11d1f519f064496280d493a55fda86a5c23_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777522125&Signature=gj0mZHrVuHo8drmVW6Za274Y%2B%2FJpTFtNTkz%2ByHr9nheaDG78mV23JwRvSopqBA7%2Fkr7DSNgXcOWhGQnNFST6fpS6LMKxqtZ3x24mDO7rFcZJMTb14GFB71mn1a0W9grmyEYe1WxMGU%2FDCd2VNoYul0%2Fyszkeb8u5mHXQdw4niujdzg%2FPXKAebwYAYVnqwMDUJ0zvnQowWeGz%2FrbMm4saHkZoahsvXdihbtXDi6nR" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "msg:\"ET", "display_name": "msg:\"ET", "target": null } ], "attack_ids": [ { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 56, "FileHash-SHA1": 56, "FileHash-SHA256": 169, "URL": 113, "hostname": 103, "domain": 121, "email": 3, "CVE": 6 }, "indicator_count": 627, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cafesecretoquemagrasa.online/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cafesecretoquemagrasa.online/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780289170.9510627 }