{ "type": "URL", "indicator": "https://candy.krkr.xyz", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://candy.krkr.xyz", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3683562916, "indicator": "https://candy.krkr.xyz", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "693de4a8a72cf95b028365f0", "name": "Bot Block 162.159.128.0/19 | X Fake tweets | Tofsee", "description": "Tofsee.Trojan.T malware infection affects infected devices. \n\n\n#unlocked #injection #dead_host #compromised_devices #folk_in _browser #botnets", "modified": "2026-01-12T21:02:35.560000", "created": "2025-12-13T22:11:52.474000", "tags": [ "network", "ip address", "subnet", "dynamicloader", "port", "destination", "high", "windows", "united", "write", "tofsee", "stream", "win64", "push", "urls", "url analysis", "dnssec", "script domains", "encrypt", "url add", "http", "related nids", "flag united", "germany", "address google", "passive dns", "ipv4 add", "files", "asn as13335", "dns resolutions", "domains top", "level", "unique tlds", "location united", "asn asnone", "present dec", "backdoor", "lowfi", "win32autoit mar", "urls show", "date checked", "connection", "httponly", "secure", "path", "expiressat", "dynamic cfray", "medium", "delete c", "displayname", "show", "unknown", "next", "rndhex", "malware", "cname", "next associated", "url hostname", "server response", "google safe", "read c", "unicode", "png image", "rgba", "memcommit", "dock", "execution", "files location", "china flag", "china hostname", "hostname", "domain", "files ip", "address", "asn as45102", "gmt content", "certificate", "associated urls", "location china", "china asn", "as4808 china", "present aug", "object", "present apr", "present oct", "alman", "present sep", "error", "present jul", "rmndrp", "present feb", "expiration", "url https", "url http", "iocs", "review iocs", "expireswed", "samesitenone", "maxage86400", "maxage0", "server", "expires", "victina nulcac", "data upload", "extraction", "enter", "enter source", "url data", "type", "extract indic", "included iocs", "china unknown", "botnet", "folk in browser", "japan unknown", "asnone country", "as13335", "a domains", "script urls", "servers", "title", "moved", "record value", "entries", "whitelisted", "powershell", "xf9xb5xf9", "xxcexf6x8fr", "k2xe7xcbxxeaxa2", "x99x19", "x88yxf9xc858", "x83x12x8da", "zx9bx8ex84", "attempts", "yara detections", "contacted", "tags none", "file type", "pe packer", "dll compilation", "guard", "botnets" ], "references": [ "https://x.com/DenverPolice/status/1999710339584475507?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet", "x.com | 162.159.140.229 (162.159.128.0/19) AS 13335 ( CLOUDFLARENET )", "foundry.neconsside.com \u2022 http://foundry.neconsside.com", "http://foundry.neconsside.com/ \u2022 https://foundry.neconsside.com \u2022 https://foundry.neconsside", "IT Mirai | https://otx.alienvault.com/indicator/domain/miraitranslate.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "United States of America", "Russian Federation", "T\u00fcrkiye", "Netherlands" ], "malware_families": [ { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "AutoIT", "display_name": "AutoIT", "target": null }, { "id": "HtBot", "display_name": "HtBot", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1195.001", "name": "Compromise Software Dependencies and Development Tools", "display_name": "T1195.001 - Compromise Software Dependencies and Development Tools" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1593.001", "name": "Social Media", "display_name": "T1593.001 - Social Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1481", "name": "Web Service", "display_name": "T1481 - Web Service" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8145, "domain": 1389, "FileHash-SHA256": 1545, "CIDR": 2, "hostname": 2533, "FileHash-MD5": 209, "FileHash-SHA1": 190, "email": 6, "SSLCertFingerprint": 4 }, "indicator_count": 14023, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "140 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646be882a93eaafbac458b1d", "name": "strings containing exe urls from dvdfab.cn", "description": "", "modified": "2023-06-23T22:19:18.469000", "created": "2023-05-22T22:11:14.019000", "tags": [ "user-profile.dvdfab.cn", "app-api-c1.dvdfab.cn", "Licence File" ], "references": [ "https://secure-webtv-static.canal-plus.com/widevine/cert/cert_license_widevine_com.bin", "See Int Strings - https://otx.alienvault.com/indicator/file/c775b8d5a0be1a6b4f54c7788b3afb88cc3e94e378b5f61beb115fea2e0268c8", "http://ocsp.globalsign.com/ca/gstsacasha384g40C http://crl.globalsign.com/gsgccr45codesignca2020.crl0 http://crl.globalsign.com/root.crl0G https://d12.dvdfab.cn/download/57_12087_fd74252b/dvdfab12mini_12087.exe https://www.globalsign.com/repository/0 https://d18.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d217.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d207.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe http://ocsp.globalsign.com/gsgc", "https://www.dvdfab.cn/streamfab http://www.dvdfab.cn/thankyou.htm?s=dvdfab12 https://www.microsoft.com http://www.dvdfab.cn/dvdfab https://www.dvdfab.cn/video b.@e.Ae ftp@example.com 127.0.0.1 12.0.8.7 1.0.0.1", "Surprise Surprise \"Whitelisted\"", "IP Whitelisted\td18.dvdfab.cn\t85.17.26.18 Whitelisted\td17.dvdfab.cn\t95.211.83.221 Whitelisted\td217.dvdfab.cn\t95.168.186.217 Whitelisted\tdl.dvdfab.cn\t188.114.97.1 Whitelisted\td207.dvdfab.cn\t188.114.96.1 Whitelisted\td12.dvdfab.cn\t50.31.252.12 Whitelisted\tapp-api-c1.dvdfab.cn\t188.114.97.1 Whitelisted\td140.dvdfab.cn\t46.165.244.140 Whitelisted\tuser-profile.dvdfab.cn\t64.120.114.160" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 55, "hostname": 32, "URL": 45, "domain": 17 }, "indicator_count": 149, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1074 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646bf67162d33e0832760b3e", "name": "whitelisted dvdfab.cn and everything", "description": "d217.vidusoft.com", "modified": "2023-06-23T22:19:18.469000", "created": "2023-05-22T23:10:41.262000", "tags": [ "user-profile.dvdfab.cn", "app-api-c1.dvdfab.cn", "Licence File" ], "references": [ "https://secure-webtv-static.canal-plus.com/widevine/cert/cert_license_widevine_com.bin", "See Int Strings - https://otx.alienvault.com/indicator/file/c775b8d5a0be1a6b4f54c7788b3afb88cc3e94e378b5f61beb115fea2e0268c8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 219, "URL": 900, "domain": 66, "FileHash-SHA256": 478, "FileHash-MD5": 25, "FileHash-SHA1": 25 }, "indicator_count": 1713, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1074 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://ocsp.globalsign.com/ca/gstsacasha384g40C http://crl.globalsign.com/gsgccr45codesignca2020.crl0 http://crl.globalsign.com/root.crl0G https://d12.dvdfab.cn/download/57_12087_fd74252b/dvdfab12mini_12087.exe https://www.globalsign.com/repository/0 https://d18.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d217.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d207.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe http://ocsp.globalsign.com/gsgc", "IP Whitelisted\td18.dvdfab.cn\t85.17.26.18 Whitelisted\td17.dvdfab.cn\t95.211.83.221 Whitelisted\td217.dvdfab.cn\t95.168.186.217 Whitelisted\tdl.dvdfab.cn\t188.114.97.1 Whitelisted\td207.dvdfab.cn\t188.114.96.1 Whitelisted\td12.dvdfab.cn\t50.31.252.12 Whitelisted\tapp-api-c1.dvdfab.cn\t188.114.97.1 Whitelisted\td140.dvdfab.cn\t46.165.244.140 Whitelisted\tuser-profile.dvdfab.cn\t64.120.114.160", "https://www.dvdfab.cn/streamfab http://www.dvdfab.cn/thankyou.htm?s=dvdfab12 https://www.microsoft.com http://www.dvdfab.cn/dvdfab https://www.dvdfab.cn/video b.@e.Ae ftp@example.com 127.0.0.1 12.0.8.7 1.0.0.1", "See Int Strings - https://otx.alienvault.com/indicator/file/c775b8d5a0be1a6b4f54c7788b3afb88cc3e94e378b5f61beb115fea2e0268c8", "http://foundry.neconsside.com/ \u2022 https://foundry.neconsside.com \u2022 https://foundry.neconsside", "IT Mirai | https://otx.alienvault.com/indicator/domain/miraitranslate.com", "foundry.neconsside.com \u2022 http://foundry.neconsside.com", "Surprise Surprise \"Whitelisted\"", "x.com | 162.159.140.229 (162.159.128.0/19) AS 13335 ( CLOUDFLARENET )", "https://secure-webtv-static.canal-plus.com/widevine/cert/cert_license_widevine_com.bin", "https://x.com/DenverPolice/status/1999710339584475507?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Htbot", "Backdoor:win32/tofsee", "Mirai", "Autoit" ], "industries": [], "unique_indicators": 15970 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/krkr.xyz", "whois": "http://whois.domaintools.com/krkr.xyz", "domain": "krkr.xyz", "hostname": "candy.krkr.xyz" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "693de4a8a72cf95b028365f0", "name": "Bot Block 162.159.128.0/19 | X Fake tweets | Tofsee", "description": "Tofsee.Trojan.T malware infection affects infected devices. \n\n\n#unlocked #injection #dead_host #compromised_devices #folk_in _browser #botnets", "modified": "2026-01-12T21:02:35.560000", "created": "2025-12-13T22:11:52.474000", "tags": [ "network", "ip address", "subnet", "dynamicloader", "port", "destination", "high", "windows", "united", "write", "tofsee", "stream", "win64", "push", "urls", "url analysis", "dnssec", "script domains", "encrypt", "url add", "http", "related nids", "flag united", "germany", "address google", "passive dns", "ipv4 add", "files", "asn as13335", "dns resolutions", "domains top", "level", "unique tlds", "location united", "asn asnone", "present dec", "backdoor", "lowfi", "win32autoit mar", "urls show", "date checked", "connection", "httponly", "secure", "path", "expiressat", "dynamic cfray", "medium", "delete c", "displayname", "show", "unknown", "next", "rndhex", "malware", "cname", "next associated", "url hostname", "server response", "google safe", "read c", "unicode", "png image", "rgba", "memcommit", "dock", "execution", "files location", "china flag", "china hostname", "hostname", "domain", "files ip", "address", "asn as45102", "gmt content", "certificate", "associated urls", "location china", "china asn", "as4808 china", "present aug", "object", "present apr", "present oct", "alman", "present sep", "error", "present jul", "rmndrp", "present feb", "expiration", "url https", "url http", "iocs", "review iocs", "expireswed", "samesitenone", "maxage86400", "maxage0", "server", "expires", "victina nulcac", "data upload", "extraction", "enter", "enter source", "url data", "type", "extract indic", "included iocs", "china unknown", "botnet", "folk in browser", "japan unknown", "asnone country", "as13335", "a domains", "script urls", "servers", "title", "moved", "record value", "entries", "whitelisted", "powershell", "xf9xb5xf9", "xxcexf6x8fr", "k2xe7xcbxxeaxa2", "x99x19", "x88yxf9xc858", "x83x12x8da", "zx9bx8ex84", "attempts", "yara detections", "contacted", "tags none", "file type", "pe packer", "dll compilation", "guard", "botnets" ], "references": [ "https://x.com/DenverPolice/status/1999710339584475507?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet", "x.com | 162.159.140.229 (162.159.128.0/19) AS 13335 ( CLOUDFLARENET )", "foundry.neconsside.com \u2022 http://foundry.neconsside.com", "http://foundry.neconsside.com/ \u2022 https://foundry.neconsside.com \u2022 https://foundry.neconsside", "IT Mirai | https://otx.alienvault.com/indicator/domain/miraitranslate.com" ], "public": 1, "adversary": "", "targeted_countries": [ "Hong Kong", "United States of America", "Russian Federation", "T\u00fcrkiye", "Netherlands" ], "malware_families": [ { "id": "Backdoor:Win32/Tofsee", "display_name": "Backdoor:Win32/Tofsee", "target": "/malware/Backdoor:Win32/Tofsee" }, { "id": "AutoIT", "display_name": "AutoIT", "target": null }, { "id": "HtBot", "display_name": "HtBot", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1195.001", "name": "Compromise Software Dependencies and Development Tools", "display_name": "T1195.001 - Compromise Software Dependencies and Development Tools" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1593.001", "name": "Social Media", "display_name": "T1593.001 - Social Media" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1481", "name": "Web Service", "display_name": "T1481 - Web Service" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8145, "domain": 1389, "FileHash-SHA256": 1545, "CIDR": 2, "hostname": 2533, "FileHash-MD5": 209, "FileHash-SHA1": 190, "email": 6, "SSLCertFingerprint": 4 }, "indicator_count": 14023, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "140 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646be882a93eaafbac458b1d", "name": "strings containing exe urls from dvdfab.cn", "description": "", "modified": "2023-06-23T22:19:18.469000", "created": "2023-05-22T22:11:14.019000", "tags": [ "user-profile.dvdfab.cn", "app-api-c1.dvdfab.cn", "Licence File" ], "references": [ "https://secure-webtv-static.canal-plus.com/widevine/cert/cert_license_widevine_com.bin", "See Int Strings - https://otx.alienvault.com/indicator/file/c775b8d5a0be1a6b4f54c7788b3afb88cc3e94e378b5f61beb115fea2e0268c8", "http://ocsp.globalsign.com/ca/gstsacasha384g40C http://crl.globalsign.com/gsgccr45codesignca2020.crl0 http://crl.globalsign.com/root.crl0G https://d12.dvdfab.cn/download/57_12087_fd74252b/dvdfab12mini_12087.exe https://www.globalsign.com/repository/0 https://d18.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d217.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe https://d207.dvdfab.cn/download/58_12087_14b5d9df/dvdfab12mini_x64_12087.exe http://ocsp.globalsign.com/gsgc", "https://www.dvdfab.cn/streamfab http://www.dvdfab.cn/thankyou.htm?s=dvdfab12 https://www.microsoft.com http://www.dvdfab.cn/dvdfab https://www.dvdfab.cn/video b.@e.Ae ftp@example.com 127.0.0.1 12.0.8.7 1.0.0.1", "Surprise Surprise \"Whitelisted\"", "IP Whitelisted\td18.dvdfab.cn\t85.17.26.18 Whitelisted\td17.dvdfab.cn\t95.211.83.221 Whitelisted\td217.dvdfab.cn\t95.168.186.217 Whitelisted\tdl.dvdfab.cn\t188.114.97.1 Whitelisted\td207.dvdfab.cn\t188.114.96.1 Whitelisted\td12.dvdfab.cn\t50.31.252.12 Whitelisted\tapp-api-c1.dvdfab.cn\t188.114.97.1 Whitelisted\td140.dvdfab.cn\t46.165.244.140 Whitelisted\tuser-profile.dvdfab.cn\t64.120.114.160" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 55, "hostname": 32, "URL": 45, "domain": 17 }, "indicator_count": 149, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1074 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "646bf67162d33e0832760b3e", "name": "whitelisted dvdfab.cn and everything", "description": "d217.vidusoft.com", "modified": "2023-06-23T22:19:18.469000", "created": "2023-05-22T23:10:41.262000", "tags": [ "user-profile.dvdfab.cn", "app-api-c1.dvdfab.cn", "Licence File" ], "references": [ "https://secure-webtv-static.canal-plus.com/widevine/cert/cert_license_widevine_com.bin", "See Int Strings - https://otx.alienvault.com/indicator/file/c775b8d5a0be1a6b4f54c7788b3afb88cc3e94e378b5f61beb115fea2e0268c8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 219, "URL": 900, "domain": 66, "FileHash-SHA256": 478, "FileHash-MD5": 25, "FileHash-SHA1": 25 }, "indicator_count": 1713, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1074 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://candy.krkr.xyz", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://candy.krkr.xyz", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780398881.755215 }