{ "type": "URL", "indicator": "https://cpcalendars.contributing.md/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cpcalendars.contributing.md/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3362288034, "indicator": "https://cpcalendars.contributing.md/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 14, "pulses": [ { "id": "69ca38fb0db58d66ca0c73aa", "name": "Untitled.", "description": "Pulses are the latest in a series of web-based attacks, which have seen more than 1.5 million infections since its launch in 2008.. and the first of its kind.", "modified": "2026-04-29T08:14:54.179000", "created": "2026-03-30T08:48:59.142000", "tags": [ "pulse pulses", "passive dns", "urls", "files", "ip address", "domain", "ip whois", "registrar", "domain names", "creation date", "thumbprint", "key identifier", "x509v3 subject", "v3 serial", "number", "cus cngts", "ogoogle trust", "llc validity", "subject public", "key info", "key algorithm", "server", "aaaa", "status", "domain status", "registrar abuse", "data", "date", "google", "levelblue", "alienvault otx" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 154, "domain": 170, "FileHash-SHA1": 155, "FileHash-MD5": 156, "FileHash-SHA256": 487, "URL": 322, "email": 6 }, "indicator_count": 1450, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "31 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d9aeb4f571a55c916fc973", "name": "(Credit Q Vashti Clone: Cyber Espionage - Project Helix)", "description": "", "modified": "2026-04-11T05:42:31.615000", "created": "2026-04-11T02:15:16.240000", "tags": [ "foundry", "helix", "espionage", "intel", "abuse", "tech bro", "united", "unknown aaaa", "unknown ns", "search", "date", "servers", "ip address", "registrar", "encrypt", "record value", "refresh", "denver", "ibm", "monitored target", "dns", "network", "t1071", "protocol", "web protocols", "t1005", "local system", "monitored target", "project helix", "sign", "code", "github", "appearance", "github advanced", "view", "notifications", "find", "star", "project", "anything", "stars", "footer", "dynamicloader", "show", "yara detections", "http", "port", "dynamic", "delete", "entries", "top source", "phishing", "write", "malware infection", "tls handshake", "failure", "default", "medium", "ptjsw", "total", "copy", "upatre", "malware", "unknown", "windows nt", "wow64", "write c", "suspicious", "ukraine domain", "double", "trojan", "yandex.net", "behavior_upatre" ], "references": [ "Spy.Bancos.OQI Checkin", "Double User-Agent (User-Agent User-Agent)", "Crowdsourced Research from multiple sources" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "trojandownloader:Win32/Upatre.A", "display_name": "trojandownloader:Win32/Upatre.A", "target": "/malware/trojandownloader:Win32/Upatre.A" }, { "id": "TrojanDownloader:Win32/Tasekjom.A", "display_name": "TrojanDownloader:Win32/Tasekjom.A", "target": "/malware/TrojanDownloader:Win32/Tasekjom.A" } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government", "Telecommunications", "Technology" ], "TLP": "white", "cloned_from": "6851a3a099527852f95f1092", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1823, "hostname": 503, "domain": 583, "FileHash-SHA1": 154, "email": 3, "FileHash-SHA256": 695, "FileHash-MD5": 156 }, "indicator_count": 3917, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6851a3a099527852f95f1092", "name": "Cyber Espionage - Project Helix", "description": "", "modified": "2025-07-17T17:03:28.261000", "created": "2025-06-17T17:19:28.985000", "tags": [ "foundry", "helix", "espionage", "intel", "abuse", "tech bro", "united", "unknown aaaa", "unknown ns", "search", "date", "servers", "ip address", "registrar", "encrypt", "record value", "refresh", "denver", "ibm", "monitored target", "dns", "network", "t1071", "protocol", "web protocols", "t1005", "local system", "monitored target", "project helix", "sign", "code", "github", "appearance", "github advanced", "view", "notifications", "find", "star", "project", "anything", "stars", "footer", "dynamicloader", "show", "yara detections", "http", "port", "dynamic", "delete", "entries", "top source", "phishing", "write", "malware infection", "tls handshake", "failure", "default", "medium", "ptjsw", "total", "copy", "upatre", "malware", "unknown", "windows nt", "wow64", "write c", "suspicious", "ukraine domain", "double", "trojan", "yandex.net", "behavior_upatre" ], "references": [ "Spy.Bancos.OQI Checkin", "Double User-Agent (User-Agent User-Agent)", "Crowdsourced Research from multiple sources" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "trojandownloader:Win32/Upatre.A", "display_name": "trojandownloader:Win32/Upatre.A", "target": "/malware/trojandownloader:Win32/Upatre.A" }, { "id": "TrojanDownloader:Win32/Tasekjom.A", "display_name": "TrojanDownloader:Win32/Tasekjom.A", "target": "/malware/TrojanDownloader:Win32/Tasekjom.A" } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government", "Telecommunications", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1820, "hostname": 501, "domain": 583, "FileHash-SHA1": 154, "email": 3, "FileHash-SHA256": 695, "FileHash-MD5": 156 }, "indicator_count": 3912, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6761c6d68582c49eff306fe6", "name": "Likely malicious Google Analytics Alternative - App & Web Analytics - Matomo", "description": "The full text of the \"suspicious\"obfuscation using unescape has been published on the website tylabs.com, as well as the official release of a new version of PDF.", "modified": "2025-05-14T21:24:25.364000", "created": "2024-12-17T18:45:42.250000", "tags": [ "bitcoin address", "didier stevens", "didierstevens", "bitcoinaddress", "june", "copyright", "t1027", "unesc", "unescape", "flash define", "matomo", "string", "date", "sufeffxa0", "regexp", "please", "blob", "null", "tag manager", "link", "url https", "ipv4", "url http", "learn", "it for", "no credit", "cloud trial", "start", "contact", "matomo team", "help", "free", "easy", "tools" ], "references": [ "https://matomo.org https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "https://www.filescan.io/uploads/67619a0f99caec9a276f9efd/reports/92e63ab1-1ebd-41a7-90da-f842f0b90392/details" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 62, "YARA": 8, "domain": 83, "URL": 657, "email": 3, "hostname": 152, "IPv4": 15, "CIDR": 1, "FileHash-SHA1": 57, "FileHash-SHA256": 734 }, "indicator_count": 1772, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67127cfd194972b2b7a01965", "name": "Discord", "description": "Discord W11 Sample Device\nC:\\ProgramData*\\Discord", "modified": "2024-11-17T15:01:49.122000", "created": "2024-10-18T15:21:33.350000", "tags": [ "Discord" ], "references": [ "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/community", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/iocs", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/summary", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/graph" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 80, "FileHash-SHA256": 357, "URL": 472, "domain": 413, "hostname": 153 }, "indicator_count": 1555, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "559 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a127b18f314c64abf0ca", "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information", "description": "", "modified": "2023-12-06T16:28:23.639000", "created": "2023-12-06T16:28:23.639000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11eb966ec5b823d2ae8", "name": "Drive By Malware", "description": "", "modified": "2023-12-06T16:28:14.217000", "created": "2023-12-06T16:28:14.217000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11966ff39f73aed8c7d", "name": "Fileless Malware", "description": "", "modified": "2023-12-06T16:28:09.128000", "created": "2023-12-06T16:28:09.128000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee7075f37dad88d73c3830", "name": "Fileless Malware", "description": "An example of 1 dangerous exploit. \nThis happened on Brand New fully updated locked down Apple iPhone, Samsung. If you happen to be looking at your phone, you may witness the following: Google logo on appengine.goohke .com Drive By will have a disclaimer that it is NOT affiliate.\nYou will see:\nhttps://accounts.google.com/AccountChooser?continue\nAll of your Gmail accounts will be displayed your primary account will be checked. The drive by happens at tspeed of 2 -3 seconds. Without clicking, your entire phone is compromised. Every account, locations, maps, YouTube, voice, camera, , keyloggers installed. This is not your fault. You are a target. There are empty hashes. It's fileless malware which does not write to storage. \nPhishing, malware hosting, other IoC s.\nExtremely hazardous, renders phone a zombie. New network and data plan all without your explicit consent.\nWelcome to the BotNetwork.\nhttp://appengine.google.com/\naccounts.google.com\nconsent.google.com/m?---- (Forced Consent on iOS device)", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:25:53.474000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee70f9eaecf035471ff80c", "name": "Drive By Malware ", "description": "", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:28:09.867000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64ee7075f37dad88d73c3830", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eed9e039cd84d4b7b9aa54", "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information ", "description": "", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-30T05:55:44.012000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64ee70f9eaecf035471ff80c", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "629a4f79c41f8ed509fb02bd", "name": "CYB 303-Final", "description": "HI DAN!!!", "modified": "2022-06-03T18:14:17.636000", "created": "2022-06-03T18:14:17.636000", "tags": [ "mirai", "forks", "yara", "iocs", "tools ioc", "openioc", "compromise", "awesome iocs", "yara signatures", "formats iocs", "code", "purposes", "malware", "trojan" ], "references": [ "https://github.com/sroberts/awesome-iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Forks", "display_name": "Forks", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bman2100", "id": "188508", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4, "URL": 31, "hostname": 4 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "1457 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622ca85e7d68ad8d2e32c1ec", "name": "https://event.trk-tempore.com/register/event_log/v9e118mez8", "description": "", "modified": "2022-03-12T14:04:14.267000", "created": "2022-03-12T14:04:14.267000", "tags": [ "favicon", "div div", "a domains", "link", "code li", "script script", "access control", "443 ma86400", "title push", "body", "install", "first" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 11, "URL": 19, "FileHash-SHA256": 75, "domain": 7 }, "indicator_count": 112, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1540 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61eecf2493a0a21363baa565", "name": "wordpress iOS 3rd party acknowledgment file yet running as generic blog No extras", "description": "I dont have or use mozilla!!! \nJust 1 iPhone with the wordpress app using wordpress.com blog. No Domain, Nothing installed all default. NO use if gestures or any accessibility. NO features. NO Fu.king FACEBOOK Account!!!", "modified": "2022-01-24T16:09:08.461000", "created": "2022-01-24T16:09:08.461000", "tags": [ "foundation", "alamofire", "afnetworking", "jon shier", "kevin", "http networking", "os x", "oauth", "code", "conduct", "noon", "protect", "swift", "copyright", "general public", "license version", "june", "free software", "franklin street", "fifth floor", "boston", "ma 021101301", "vicent mart", "public software", "group", "berlin", "germany", "commonmark spec", "john macfarlane", "commons ccbysa", "software", "mattt thompson", "gnomovision", "absolutely no", "warranty", "license", "form", "source code", "version", "contributor", "public license", "kanvas mozilla", "definitions", "contributions", "automattic", "permission", "work", "licensor", "source form", "source", "object form", "legal entity", "contribution", "mit license", "program", "gnu general", "terms and", "conditions how", "april", "vice", "facebook", "january", "dalton cherry", "terms", "conditions for", "reproduction", "paul williamson", "isc license", "frank denis", "mozilla public", "code form", "license notice", "license file", "licenses notice", "section", "larger work", "date", "libreplanet", "march", "join", "compliance lab", "bulletin", "share", "new year", "find", "the program", "sections", "charge", "general", "zendesk", "created", "zendesk mobile", "zendesk master", "api license", "agreement https", "mobile sdk", "as is", "fitness", "a particular", "warranties of", "in no", "event shall", "whether in", "august", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent clai", "Starscream Apache License ", "SVProgressHUD MIT License Copyright (c) 2011-2018 Sam Vermette", "You may add additional accurate notices of copyright ownership. ", "CropViewController The MIT License (MIT) Copyright (c) 2015-20" ], "references": [ "http://fsf.org/ - Storing Bitcoin Address??? via licence file", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. \u00e2\u20ac\u0153Secondary License\u00e2\u20ac\u009d means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Ve", "WordPress-Editor-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the", "WordPress-Aztec-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the ", "Starscream Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ Copyright (c) 2014-2016 Dalton Cherry. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Definitions", "Sodium ISC License Copyright (c) 2014-2020, Frank Denis Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.", "Sentry The MIT License (MIT) Copyright (c) 2015 Sentry Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright ", "Reachability Copyright (c) 2011, Tony Million. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials p", "RNScreens The MIT License (MIT) Copyright (c) 2018 Krzysztof Magiera Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The ab", "RNSVG The MIT License (MIT) Copyright (c) [2015-2016] [Horcrux] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "RNReanimated The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "RNGestureHandler The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "RNCClipboard MIT License Copyright (c) 2015-present, Facebook, Inc.", "RCT-Folly Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "NSURL+IDN Copyright (c) 2009-2013 Automattic, http://automattic.com Permission is hereby granted, free of charge,", "NSObject-SafeExpectations Copyright (c) 2013 Jorge Bernal", "MRProgress The MIT License (MIT) Copyright (c) 2013 Marius Rackwitz", "You may add additional accurate notices of copyright ownership. Exhibit B - \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d Notice This Source Code Form is \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d, as defined by the Mozilla Public License, v. 2.0.", "2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: for any code that a Contributor has removed from Covered Software; or for infringements caused by: (i) Your and any other third party\u00e2\u20ac\u2122s modifications of Covered Software, or (ii) ", "Kanvas Mozilla Public License Version 2.0 Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor\u00e2\u20ac\u2122s Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the initial Contrib", "Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands show w' and show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than show w' and show c'; they could even be mouse-clicks or menu items--whatever suits your", "Gutenberg GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "Gridicons The GNU General Public License, Version 2, June 1991 (GPLv2) Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and cha", "Gifu The MIT License (MIT) Copyright (c) 2014-2018 Reda Lemeden.", "GTMSessionFetcher Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "FormatterKit Copyright (c) 2011\u00e2\u20ac\u201c2019 Mattt Thompson (http://mattt.me/) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "FSInteractiveMap Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "FBReactNativeSpec GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "The normalization code in runtests.py was derived from the markdowntest project, Copyright 2013 Karl Dubost: The MIT License (MIT) Copyright (c) 2013 Karl Dubost", "The test software in test/ is Copyright (c) 2014, John MacFarlane All rights reserved.", "The CommonMark spec (test/spec.txt) is Copyright (C) 2014-15 John MacFarlane Released under the Creative Commons CC-BY-SA 4.0 license: http://creativecommons.org/licenses/by-sa/4.0/.", "utf8.c and utf8.c are derived from utf8proc (http://www.public-software-group.org/utf8proc), (C) 2009 Public Software Group e. V., Berlin, Germany.", "buffer.h, buffer.c, chunk.h are derived from code (C) 2012 Github, Inc.", "houdini.h, houdini_href_e.c, houdini_html_e.c, houdini_html_u.c, html_unescape.gperf, html_unescape.h derive from https://github.com/vmg/houdini (with some modifications) Copyright (C) 2012 Vicent Mart\u00c3\u00ad", "cmark Copyright (c) 2014, John MacFarlane All rights reserved", "Down The MIT License (MIT) Copyright (c) 2016 Rob Phillips.", "DoubleConversion Copyright 2006-2011, the V8 project authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation a", "CocoaLumberjack BSD 3-Clause License Copyright (c) 2010-2021, Deusty, LLC All rights reserved.", "Copyright 2016 Daniel Cohen Gindi & Philipp Jahoda", "Charts Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "BVLinearGradient MIT License Copyright (c) 2016 React Native Community", "Automattic-Tracks-iOS GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., http://fsf.org/ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble T", "AppAuth Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "AlamofireNetworkActivityIndicator Copyright (c) 2016 Alamofire Software Foundation (http://alamofire.org/)", "AlamofireImage Copyright (c) 2015-2018 Alamofire Software Foundation (http://alamofire.org/)", "http://alamofire.org/", "AMScrollingNavbar The MIT License (MIT) Copyright (c) 2013 Andrea Mazzini" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6, "URL": 32, "FileHash-SHA256": 67, "domain": 11, "email": 2, "BitcoinAddress": 1 }, "indicator_count": 119, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1587 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Double User-Agent (User-Agent User-Agent)", "Crowdsourced Research from multiple sources", "Starscream Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ Copyright (c) 2014-2016 Dalton Cherry. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Definitions", "2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: for any code that a Contributor has removed from Covered Software; or for infringements caused by: (i) Your and any other third party\u00e2\u20ac\u2122s modifications of Covered Software, or (ii) ", "Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands show w' and show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than show w' and show c'; they could even be mouse-clicks or menu items--whatever suits your", "AlamofireNetworkActivityIndicator Copyright (c) 2016 Alamofire Software Foundation (http://alamofire.org/)", "Copyright 2016 Daniel Cohen Gindi & Philipp Jahoda", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/graph", "NSObject-SafeExpectations Copyright (c) 2013 Jorge Bernal", "You may add additional accurate notices of copyright ownership. Exhibit B - \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d Notice This Source Code Form is \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d, as defined by the Mozilla Public License, v. 2.0.", "RCT-Folly Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/summary", "CocoaLumberjack BSD 3-Clause License Copyright (c) 2010-2021, Deusty, LLC All rights reserved.", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/iocs", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. \u00e2\u20ac\u0153Secondary License\u00e2\u20ac\u009d means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Ve", "Gridicons The GNU General Public License, Version 2, June 1991 (GPLv2) Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and cha", "https://github.com/sroberts/awesome-iocs", "FBReactNativeSpec GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "houdini.h, houdini_href_e.c, houdini_html_e.c, houdini_html_u.c, html_unescape.gperf, html_unescape.h derive from https://github.com/vmg/houdini (with some modifications) Copyright (C) 2012 Vicent Mart\u00c3\u00ad", "Spy.Bancos.OQI Checkin", "RNGestureHandler The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "Charts Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "Gutenberg GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "AppAuth Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "AlamofireImage Copyright (c) 2015-2018 Alamofire Software Foundation (http://alamofire.org/)", "http://fsf.org/ - Storing Bitcoin Address??? via licence file", "WordPress-Aztec-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the ", "cmark Copyright (c) 2014, John MacFarlane All rights reserved", "The normalization code in runtests.py was derived from the markdowntest project, Copyright 2013 Karl Dubost: The MIT License (MIT) Copyright (c) 2013 Karl Dubost", "MRProgress The MIT License (MIT) Copyright (c) 2013 Marius Rackwitz", "DoubleConversion Copyright 2006-2011, the V8 project authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation a", "The test software in test/ is Copyright (c) 2014, John MacFarlane All rights reserved.", "Down The MIT License (MIT) Copyright (c) 2016 Rob Phillips.", "https://matomo.org https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "WordPress-Editor-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the", "http://alamofire.org/", "Reachability Copyright (c) 2011, Tony Million. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials p", "utf8.c and utf8.c are derived from utf8proc (http://www.public-software-group.org/utf8proc), (C) 2009 Public Software Group e. V., Berlin, Germany.", "Automattic-Tracks-iOS GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., http://fsf.org/ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble T", "RNSVG The MIT License (MIT) Copyright (c) [2015-2016] [Horcrux] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "Kanvas Mozilla Public License Version 2.0 Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor\u00e2\u20ac\u2122s Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the initial Contrib", "RNCClipboard MIT License Copyright (c) 2015-present, Facebook, Inc.", "Sodium ISC License Copyright (c) 2014-2020, Frank Denis Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.", "RNScreens The MIT License (MIT) Copyright (c) 2018 Krzysztof Magiera Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The ab", "NSURL+IDN Copyright (c) 2009-2013 Automattic, http://automattic.com Permission is hereby granted, free of charge,", "AMScrollingNavbar The MIT License (MIT) Copyright (c) 2013 Andrea Mazzini", "Sentry The MIT License (MIT) Copyright (c) 2015 Sentry Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright ", "RNReanimated The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "The CommonMark spec (test/spec.txt) is Copyright (C) 2014-15 John MacFarlane Released under the Creative Commons CC-BY-SA 4.0 license: http://creativecommons.org/licenses/by-sa/4.0/.", "FormatterKit Copyright (c) 2011\u00e2\u20ac\u201c2019 Mattt Thompson (http://mattt.me/) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/community", "buffer.h, buffer.c, chunk.h are derived from code (C) 2012 Github, Inc.", "FSInteractiveMap Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "Gifu The MIT License (MIT) Copyright (c) 2014-2018 Reda Lemeden.", "https://www.filescan.io/uploads/67619a0f99caec9a276f9efd/reports/92e63ab1-1ebd-41a7-90da-f842f0b90392/details", "BVLinearGradient MIT License Copyright (c) 2016 React Native Community", "GTMSessionFetcher Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Forks", "Trojandownloader:win32/upatre.a", "Mirai", "Trojandownloader:win32/tasekjom.a" ], "industries": [ "Government", "Telecommunications", "Technology" ], "unique_indicators": 13312 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/contributing.md", "whois": "http://whois.domaintools.com/contributing.md", "domain": "contributing.md", "hostname": "cpcalendars.contributing.md" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 14, "pulses": [ { "id": "69ca38fb0db58d66ca0c73aa", "name": "Untitled.", "description": "Pulses are the latest in a series of web-based attacks, which have seen more than 1.5 million infections since its launch in 2008.. and the first of its kind.", "modified": "2026-04-29T08:14:54.179000", "created": "2026-03-30T08:48:59.142000", "tags": [ "pulse pulses", "passive dns", "urls", "files", "ip address", "domain", "ip whois", "registrar", "domain names", "creation date", "thumbprint", "key identifier", "x509v3 subject", "v3 serial", "number", "cus cngts", "ogoogle trust", "llc validity", "subject public", "key info", "key algorithm", "server", "aaaa", "status", "domain status", "registrar abuse", "data", "date", "google", "levelblue", "alienvault otx" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 154, "domain": 170, "FileHash-SHA1": 155, "FileHash-MD5": 156, "FileHash-SHA256": 487, "URL": 322, "email": 6 }, "indicator_count": 1450, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "31 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d9aeb4f571a55c916fc973", "name": "(Credit Q Vashti Clone: Cyber Espionage - Project Helix)", "description": "", "modified": "2026-04-11T05:42:31.615000", "created": "2026-04-11T02:15:16.240000", "tags": [ "foundry", "helix", "espionage", "intel", "abuse", "tech bro", "united", "unknown aaaa", "unknown ns", "search", "date", "servers", "ip address", "registrar", "encrypt", "record value", "refresh", "denver", "ibm", "monitored target", "dns", "network", "t1071", "protocol", "web protocols", "t1005", "local system", "monitored target", "project helix", "sign", "code", "github", "appearance", "github advanced", "view", "notifications", "find", "star", "project", "anything", "stars", "footer", "dynamicloader", "show", "yara detections", "http", "port", "dynamic", "delete", "entries", "top source", "phishing", "write", "malware infection", "tls handshake", "failure", "default", "medium", "ptjsw", "total", "copy", "upatre", "malware", "unknown", "windows nt", "wow64", "write c", "suspicious", "ukraine domain", "double", "trojan", "yandex.net", "behavior_upatre" ], "references": [ "Spy.Bancos.OQI Checkin", "Double User-Agent (User-Agent User-Agent)", "Crowdsourced Research from multiple sources" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "trojandownloader:Win32/Upatre.A", "display_name": "trojandownloader:Win32/Upatre.A", "target": "/malware/trojandownloader:Win32/Upatre.A" }, { "id": "TrojanDownloader:Win32/Tasekjom.A", "display_name": "TrojanDownloader:Win32/Tasekjom.A", "target": "/malware/TrojanDownloader:Win32/Tasekjom.A" } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government", "Telecommunications", "Technology" ], "TLP": "white", "cloned_from": "6851a3a099527852f95f1092", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1823, "hostname": 503, "domain": 583, "FileHash-SHA1": 154, "email": 3, "FileHash-SHA256": 695, "FileHash-MD5": 156 }, "indicator_count": 3917, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6851a3a099527852f95f1092", "name": "Cyber Espionage - Project Helix", "description": "", "modified": "2025-07-17T17:03:28.261000", "created": "2025-06-17T17:19:28.985000", "tags": [ "foundry", "helix", "espionage", "intel", "abuse", "tech bro", "united", "unknown aaaa", "unknown ns", "search", "date", "servers", "ip address", "registrar", "encrypt", "record value", "refresh", "denver", "ibm", "monitored target", "dns", "network", "t1071", "protocol", "web protocols", "t1005", "local system", "monitored target", "project helix", "sign", "code", "github", "appearance", "github advanced", "view", "notifications", "find", "star", "project", "anything", "stars", "footer", "dynamicloader", "show", "yara detections", "http", "port", "dynamic", "delete", "entries", "top source", "phishing", "write", "malware infection", "tls handshake", "failure", "default", "medium", "ptjsw", "total", "copy", "upatre", "malware", "unknown", "windows nt", "wow64", "write c", "suspicious", "ukraine domain", "double", "trojan", "yandex.net", "behavior_upatre" ], "references": [ "Spy.Bancos.OQI Checkin", "Double User-Agent (User-Agent User-Agent)", "Crowdsourced Research from multiple sources" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "trojandownloader:Win32/Upatre.A", "display_name": "trojandownloader:Win32/Upatre.A", "target": "/malware/trojandownloader:Win32/Upatre.A" }, { "id": "TrojanDownloader:Win32/Tasekjom.A", "display_name": "TrojanDownloader:Win32/Tasekjom.A", "target": "/malware/TrojanDownloader:Win32/Tasekjom.A" } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" } ], "industries": [ "Government", "Telecommunications", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1820, "hostname": 501, "domain": 583, "FileHash-SHA1": 154, "email": 3, "FileHash-SHA256": 695, "FileHash-MD5": 156 }, "indicator_count": 3912, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6761c6d68582c49eff306fe6", "name": "Likely malicious Google Analytics Alternative - App & Web Analytics - Matomo", "description": "The full text of the \"suspicious\"obfuscation using unescape has been published on the website tylabs.com, as well as the official release of a new version of PDF.", "modified": "2025-05-14T21:24:25.364000", "created": "2024-12-17T18:45:42.250000", "tags": [ "bitcoin address", "didier stevens", "didierstevens", "bitcoinaddress", "june", "copyright", "t1027", "unesc", "unescape", "flash define", "matomo", "string", "date", "sufeffxa0", "regexp", "please", "blob", "null", "tag manager", "link", "url https", "ipv4", "url http", "learn", "it for", "no credit", "cloud trial", "start", "contact", "matomo team", "help", "free", "easy", "tools" ], "references": [ "https://matomo.org https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "https://www.filescan.io/uploads/67619a0f99caec9a276f9efd/reports/92e63ab1-1ebd-41a7-90da-f842f0b90392/details" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 62, "YARA": 8, "domain": 83, "URL": 657, "email": 3, "hostname": 152, "IPv4": 15, "CIDR": 1, "FileHash-SHA1": 57, "FileHash-SHA256": 734 }, "indicator_count": 1772, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67127cfd194972b2b7a01965", "name": "Discord", "description": "Discord W11 Sample Device\nC:\\ProgramData*\\Discord", "modified": "2024-11-17T15:01:49.122000", "created": "2024-10-18T15:21:33.350000", "tags": [ "Discord" ], "references": [ "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/community", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/iocs", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/summary", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/graph" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 80, "FileHash-SHA256": 357, "URL": 472, "domain": 413, "hostname": 153 }, "indicator_count": 1555, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "559 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a127b18f314c64abf0ca", "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information", "description": "", "modified": "2023-12-06T16:28:23.639000", "created": "2023-12-06T16:28:23.639000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11eb966ec5b823d2ae8", "name": "Drive By Malware", "description": "", "modified": "2023-12-06T16:28:14.217000", "created": "2023-12-06T16:28:14.217000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11966ff39f73aed8c7d", "name": "Fileless Malware", "description": "", "modified": "2023-12-06T16:28:09.128000", "created": "2023-12-06T16:28:09.128000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee7075f37dad88d73c3830", "name": "Fileless Malware", "description": "An example of 1 dangerous exploit. \nThis happened on Brand New fully updated locked down Apple iPhone, Samsung. If you happen to be looking at your phone, you may witness the following: Google logo on appengine.goohke .com Drive By will have a disclaimer that it is NOT affiliate.\nYou will see:\nhttps://accounts.google.com/AccountChooser?continue\nAll of your Gmail accounts will be displayed your primary account will be checked. The drive by happens at tspeed of 2 -3 seconds. Without clicking, your entire phone is compromised. Every account, locations, maps, YouTube, voice, camera, , keyloggers installed. This is not your fault. You are a target. There are empty hashes. It's fileless malware which does not write to storage. \nPhishing, malware hosting, other IoC s.\nExtremely hazardous, renders phone a zombie. New network and data plan all without your explicit consent.\nWelcome to the BotNetwork.\nhttp://appengine.google.com/\naccounts.google.com\nconsent.google.com/m?---- (Forced Consent on iOS device)", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:25:53.474000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee70f9eaecf035471ff80c", "name": "Drive By Malware ", "description": "", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:28:09.867000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64ee7075f37dad88d73c3830", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cpcalendars.contributing.md/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cpcalendars.contributing.md/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780200020.844711 }