{ "type": "URL", "indicator": "https://exoplayer.dev/issues/cleartext-not-permitted", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://exoplayer.dev/issues/cleartext-not-permitted", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4300861337, "indicator": "https://exoplayer.dev/issues/cleartext-not-permitted", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6bcb74584f603b3858f33", "name": "VirusTotal report\n for PROD_buckshot_google_google_1.0.30.0_2024-06-07-15-08.jar", "description": "< A sample of malware: PK.Xkl.jar, compiled by the University of Oxford, is published on the Microsoft website and is available to download on \u00c2\u00a31.5m.> This is a speckle of activity in a much larger framework", "modified": "2026-04-08T20:38:15.378000", "created": "2026-04-08T20:38:15.378000", "tags": [ "file type", "sysv", "buildid", "ascii text", "arm aarch64", "unicode text", "utf8 text", "eabi5 version", "ascii", "drops", "persistence", "exploit", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/02724389e4be5d18502b0334242de65ece7ba8b309a9078c8e5b91a596e3703e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775680356&Signature=HGNJAUStAFTCwuNY8BcVvADCLQEr6H914t6UXjORgyoKtjjb021pJEFAdkWkQQrLNKFbxGZ%2F0IO7rSQJcteIb5Snlwv5vgQvUlqukNl%2BfjHisVXwWGPd5te7A4urx0h3R1xhKli7E5hmUuw5hTtWboYbLTyriW4E9dGl%2Ft97v%2BSHrXP7XAHs5IgOPoMaY9fPfzewz%2BPxnrn2%2F0DiowRuxMvruJRNacipvbSTdtwz7iGmpe9zOYMIUe%2Be" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 56, "FileHash-SHA256": 327, "URL": 6, "domain": 21, "hostname": 4 }, "indicator_count": 479, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "53 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6bcae3ee3665627dff920", "name": "VirusTotal report\n for PROD_buckshot_google_google_1.0.30.0_2024-06-07-15-08.jar", "description": "< A sample of malware: PK.Xkl.jar, compiled by the University of Oxford, is published on the Microsoft website and is available to download on \u00c2\u00a31.5m.> This is a speckle of activity in a much larger framework", "modified": "2026-04-08T20:38:06.970000", "created": "2026-04-08T20:38:06.970000", "tags": [ "file type", "sysv", "buildid", "ascii text", "arm aarch64", "unicode text", "utf8 text", "eabi5 version", "ascii", "drops", "persistence", "exploit", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/02724389e4be5d18502b0334242de65ece7ba8b309a9078c8e5b91a596e3703e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775680356&Signature=HGNJAUStAFTCwuNY8BcVvADCLQEr6H914t6UXjORgyoKtjjb021pJEFAdkWkQQrLNKFbxGZ%2F0IO7rSQJcteIb5Snlwv5vgQvUlqukNl%2BfjHisVXwWGPd5te7A4urx0h3R1xhKli7E5hmUuw5hTtWboYbLTyriW4E9dGl%2Ft97v%2BSHrXP7XAHs5IgOPoMaY9fPfzewz%2BPxnrn2%2F0DiowRuxMvruJRNacipvbSTdtwz7iGmpe9zOYMIUe%2Be" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 56, "FileHash-SHA256": 327, "URL": 6, "domain": 21, "hostname": 4 }, "indicator_count": 479, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "53 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/02724389e4be5d18502b0334242de65ece7ba8b309a9078c8e5b91a596e3703e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775680356&Signature=HGNJAUStAFTCwuNY8BcVvADCLQEr6H914t6UXjORgyoKtjjb021pJEFAdkWkQQrLNKFbxGZ%2F0IO7rSQJcteIb5Snlwv5vgQvUlqukNl%2BfjHisVXwWGPd5te7A4urx0h3R1xhKli7E5hmUuw5hTtWboYbLTyriW4E9dGl%2Ft97v%2BSHrXP7XAHs5IgOPoMaY9fPfzewz%2BPxnrn2%2F0DiowRuxMvruJRNacipvbSTdtwz7iGmpe9zOYMIUe%2Be", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Wipes" ], "industries": [], "unique_indicators": 4564 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/exoplayer.dev", "whois": "http://whois.domaintools.com/exoplayer.dev", "domain": "exoplayer.dev", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6bcb74584f603b3858f33", "name": "VirusTotal report\n for PROD_buckshot_google_google_1.0.30.0_2024-06-07-15-08.jar", "description": "< A sample of malware: PK.Xkl.jar, compiled by the University of Oxford, is published on the Microsoft website and is available to download on \u00c2\u00a31.5m.> This is a speckle of activity in a much larger framework", "modified": "2026-04-08T20:38:15.378000", "created": "2026-04-08T20:38:15.378000", "tags": [ "file type", "sysv", "buildid", "ascii text", "arm aarch64", "unicode text", "utf8 text", "eabi5 version", "ascii", "drops", "persistence", "exploit", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/02724389e4be5d18502b0334242de65ece7ba8b309a9078c8e5b91a596e3703e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775680356&Signature=HGNJAUStAFTCwuNY8BcVvADCLQEr6H914t6UXjORgyoKtjjb021pJEFAdkWkQQrLNKFbxGZ%2F0IO7rSQJcteIb5Snlwv5vgQvUlqukNl%2BfjHisVXwWGPd5te7A4urx0h3R1xhKli7E5hmUuw5hTtWboYbLTyriW4E9dGl%2Ft97v%2BSHrXP7XAHs5IgOPoMaY9fPfzewz%2BPxnrn2%2F0DiowRuxMvruJRNacipvbSTdtwz7iGmpe9zOYMIUe%2Be" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 56, "FileHash-SHA256": 327, "URL": 6, "domain": 21, "hostname": 4 }, "indicator_count": 479, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "53 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d6bcae3ee3665627dff920", "name": "VirusTotal report\n for PROD_buckshot_google_google_1.0.30.0_2024-06-07-15-08.jar", "description": "< A sample of malware: PK.Xkl.jar, compiled by the University of Oxford, is published on the Microsoft website and is available to download on \u00c2\u00a31.5m.> This is a speckle of activity in a much larger framework", "modified": "2026-04-08T20:38:06.970000", "created": "2026-04-08T20:38:06.970000", "tags": [ "file type", "sysv", "buildid", "ascii text", "arm aarch64", "unicode text", "utf8 text", "eabi5 version", "ascii", "drops", "persistence", "exploit", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/02724389e4be5d18502b0334242de65ece7ba8b309a9078c8e5b91a596e3703e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775680356&Signature=HGNJAUStAFTCwuNY8BcVvADCLQEr6H914t6UXjORgyoKtjjb021pJEFAdkWkQQrLNKFbxGZ%2F0IO7rSQJcteIb5Snlwv5vgQvUlqukNl%2BfjHisVXwWGPd5te7A4urx0h3R1xhKli7E5hmUuw5hTtWboYbLTyriW4E9dGl%2Ft97v%2BSHrXP7XAHs5IgOPoMaY9fPfzewz%2BPxnrn2%2F0DiowRuxMvruJRNacipvbSTdtwz7iGmpe9zOYMIUe%2Be" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65, "FileHash-SHA1": 56, "FileHash-SHA256": 327, "URL": 6, "domain": 21, "hostname": 4 }, "indicator_count": 479, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "53 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://exoplayer.dev/issues/cleartext-not-permitted", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://exoplayer.dev/issues/cleartext-not-permitted", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780271483.8384187 }