{ "type": "URL", "indicator": "https://glotov.me", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://glotov.me", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2978385840, "indicator": "https://glotov.me", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69afd95e9073ee0f67be8694", "name": "URLSpirit Spyware | Targeted Device attacks | MITM attacks | AI and Browser Attacks", "description": "", "modified": "2026-04-09T08:02:04.521000", "created": "2026-03-10T08:42:06.133000", "tags": [ "msie", "chrome", "search", "united", "unknown ns", "taiwan unknown", "requested range", "ip address", "taiwan", "title", "tlsv1", "windows nt", "wow64", "slcc2", "media center", "stcalifornia", "lmountain view", "ogoogle llc", "unknown", "encrypt", "malware", "suspicious", "learn", "informative", "ck id", "name tactics", "command", "spawns", "found", "id name", "malicious", "over", "ascii text", "pattern match", "mitre att", "size", "null", "refresh", "span", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "http", "data upload", "enter scords", "one on", "extraction", "http request", "checkin", "observed dns", "query", "dns query", "domain", "lila windows", "all se", "file version", "product vers", "failed", "included ic", "review iocs", "ic data", "status", "ch ua", "emails", "servers", "for privacy", "record value", "trojan", "pegasus", "body", "palantir", "se antivirus", "ids deted", "domains", "tachnalnav dan", "origin", "pe versio", "include review", "exclude sugges", "stop data", "q search", "product", "contact data", "contact urlspirit", "url http", "hostname", "url https", "stop show", "types", "type", "indicator", "defense evasion", "sha1", "legalcopyngn", "copyugnt zur", "fileversic data", "exclude data", "no expiration", "ipv4", "filehashsha256", "filehashsha1", "filehashmd5", "macintosh", "khtml", "type indicator", "iocs", "sc type", "hong kong", "certificate", "enterprise", "adversaries", "evasion att", "urlspirit", "targeted att", "monitored target", "browser attacks", "ai chat", "next level", "quasi", "apple", "android", "windows" ], "references": [ "Exploit Source: 210.64.137.210 | IP\u4f4d\u5740\u8cc7\u8a0a\uff08210.64.0.0 tw.ntunhs.net)", "https://otx.alienvault.com/indicator/file/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "Antivirus Detections: Win.Trojan.Agent-1190546", "IDS Detections: URLSpirit Spyware Checkin Observed DNS Query to Suspicious Domain adz2you[.]com", "IDS Detections: DNS Query for Suspicious .cf Domain HTTP Request to a *.xyz domain", "Alerts: network_icmp persistence_autorun disables_proxy modifies_certificates", "Alerts: modifies_proxy_wpad ransomware_dropped_files ransomware_mass_file_delete", "Alerts: dumped_buffer network_cnc_http network_http network_http_post suspicious_tld", "Alerts: allocates_rwx antisandbox_foregroundwindows antisandbox_sleep antivm_disk_size", "Alerts: origin_langid creates_exe injection_process_search multiple_useragents", "Domains Contacted: r4---sn-5goeen7d.googlevideo.com s23.cnzz.com www.youtube.com", "Domains Contacted: c.cnzz.com crl.comodoca4.com ocsp2.globalsign.com a.exdynsrv.com", "Domains Contacted: www.wanuu2.club xml.admidainsight.com www.gstatic.com .", "Indicator deletion during pulse | Requires more research | Positive for MITM attack", "IP\u2019s Contacted: 103.23.108.110 103.23.108.112 103.23.108.114 103.23.108.124 103.23.108.140", "IP\u2019s Contacted: 103.23.108.184 103.23.108.220 103.23.108.80 103.23.108.92 104.18.20.226", "URLSpirit Spyware", "Palantir\u2019s PIT - Prometheus Intelligence Technology Damaging Spyware distribution, AI Man in the Middle Attacks", "Origin: https://otx.alienvault.com/pulse/69af3fd8db2ede31abda6c14", "https://otx.alienvault.com/indicator/file/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "PE Version Information : LegalCopyright: Copyright 2012 Spiritsoft All Rights Reserved. InternalName\tjingling.exe", "FileVersion: 2013.10.10.100 Company Name: \u7cbe\u7075\u8f6f\u4ef6 Comments: \u6d41\u91cf\u7cbe\u7075(1094) ProductName: \u6d41\u91cf\u7cbe\u7075", "Product Version: 4.0.3.1 File Description: \u6d41\u91cf\u7cbe\u7075 Original File name: jingling.exe", "023097.palantir.events \u2022 palantir.events \u2022 url3561.palantir.events", "13.32.178.127 \u2022 023097.palantir.events \u2022 palantir.events \u2022 Email admin@dnstinations.com", "www.palantir.events \u2022 Email cirt@palantir.com \u2022 0055-b2b-nonprod-bigip1.palantir.events \u2022", "151-80-200-88.palantir.events \u2022 196-196-19-74.palantir.events", "http://www.net-chinese.com.tw \u2022 pixanalytics.com \u2022 pixnet.cc \u2022 pixnet.tv", "quecompegasune.tk \u2022 hipicapegaso.com", "This is part of a Prometheus Intelligence Technology (PIT) Palantir Attack", "Incredibly false information, white screens , pink screens and chat erasure", "Definitely requires further research", "Pegasus Indicators deleted during pulse" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia" ], "malware_families": [ { "id": "URLSpirit", "display_name": "URLSpirit", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1048.003", "name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "display_name": "T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" } ], "industries": [ "Technology", "Government", "Defense" ], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 406, "FileHash-SHA1": 391, "FileHash-SHA256": 5770, "URL": 7299, "domain": 1307, "email": 13, "hostname": 2162, "CVE": 3, "SSLCertFingerprint": 45 }, "indicator_count": 17396, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692e068ff95076bb8e75bd9f", "name": "Telehealth Exploit", "description": "", "modified": "2025-12-31T21:02:25", "created": "2025-12-01T21:20:15.043000", "tags": [ "passive dns", "urls", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "none google", "safe browsing", "present dec", "status", "date", "united", "name servers", "netherlands", "unknown ns", "ip address", "search", "showing", "local", "data upload", "extraction", "flag", "bad traffic", "et hunting", "domain m2", "suspicious tls", "sni request", "windir", "openurl c", "dns requests", "et info", "tls handshake", "prefetch2", "analysis", "tor analysis", "domain address", "tlsv1", "jfif", "jpeg image", "ascii text", "entries", "as15169", "show", "read c", "write", "next", "persistence", "execution", "crash", "copy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 555, "URL": 1803, "FileHash-SHA256": 1437, "FileHash-MD5": 113, "FileHash-SHA1": 13, "email": 4, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 4204, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "109 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081a5d60fafd1374f007d", "name": "| 35.241.45.82", "description": "", "modified": "2023-12-06T14:13:57.431000", "created": "2023-12-06T14:13:57.431000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 1091, "domain": 281, "hostname": 867, "URL": 3341, "FileHash-SHA1": 523, "FileHash-MD5": 166 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f948b50ccd8cf706c6e823", "name": "Mas Travel Biro - One Stop Travel Solution - hotspot.mastravelbiro.com", "description": "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "modified": "2022-09-13T00:04:26.244000", "created": "2022-08-14T19:10:45.850000", "tags": [ "mas travel", "biro", "kami juga", "management", "iata", "system iso", "mulya arya", "santika", "kota tangerang", "provinsi banten", "hotspot.mastravelbiro.com" ], "references": [ "https://mastravelbiro.com/", "https://www.facebook.com/100023887989219/posts/667744770698450", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 397, "URL": 760, "domain": 79, "FileHash-SHA256": 232 }, "indicator_count": 1468, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62316bafbe78b6f75bc56759", "name": "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-16T04:46:39.454000", "tags": [], "references": [ "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 327, "domain": 32, "FileHash-SHA256": 283, "CIDR": 2, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 719, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622d46df71336409a29a5d09", "name": "| 35.241.45.82", "description": "", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T01:20:31.311000", "tags": [ "interactive sandbox", "free malware sandbox", "sandbox malware online", "sandbox online", "sandbox service", "sandbox analysis online", "malware sandbox", "malware sandbox online", "malware analisys online", "malware sandbox analysis", "malware hunting", "malware sandboxes services", "online sandbox", "online malware sandbox", "online sandbox analysis", "sha256", "us der", "korean", "russian", "proof", "french", "german", "portuguese", "brazil", "spanish", "turkish", "find", "updater", "click", "write", "autodetect", "fullscreen", "agent", "unknown", "facebook", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "references": [ "https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 867, "URL": 3341, "domain": 281, "FileHash-SHA256": 1091, "CVE": 1, "FileHash-MD5": 166, "FileHash-SHA1": 523 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "This is part of a Prometheus Intelligence Technology (PIT) Palantir Attack", "Alerts: modifies_proxy_wpad ransomware_dropped_files ransomware_mass_file_delete", "WebTools", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "PE Version Information : LegalCopyright: Copyright 2012 Spiritsoft All Rights Reserved. InternalName\tjingling.exe", "Online Research", "Alerts: dumped_buffer network_cnc_http network_http network_http_post suspicious_tld", "023097.palantir.events \u2022 palantir.events \u2022 url3561.palantir.events", "Pegasus Indicators deleted during pulse", "Antivirus Detections: Win.Trojan.Agent-1190546", "https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr", "Alerts: origin_langid creates_exe injection_process_search multiple_useragents", "www.palantir.events \u2022 Email cirt@palantir.com \u2022 0055-b2b-nonprod-bigip1.palantir.events \u2022", "quecompegasune.tk \u2022 hipicapegaso.com", "Exploit Source: 210.64.137.210 | IP\u4f4d\u5740\u8cc7\u8a0a\uff08210.64.0.0 tw.ntunhs.net)", "Origin: https://otx.alienvault.com/pulse/69af3fd8db2ede31abda6c14", "Domains Contacted: r4---sn-5goeen7d.googlevideo.com s23.cnzz.com www.youtube.com", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "Definitely requires further research", "Palantir\u2019s PIT - Prometheus Intelligence Technology Damaging Spyware distribution, AI Man in the Middle Attacks", "Incredibly false information, white screens , pink screens and chat erasure", "FileVersion: 2013.10.10.100 Company Name: \u7cbe\u7075\u8f6f\u4ef6 Comments: \u6d41\u91cf\u7cbe\u7075(1094) ProductName: \u6d41\u91cf\u7cbe\u7075", "IDS Detections: URLSpirit Spyware Checkin Observed DNS Query to Suspicious Domain adz2you[.]com", "151-80-200-88.palantir.events \u2022 196-196-19-74.palantir.events", "URLSpirit Spyware", "Alerts: network_icmp persistence_autorun disables_proxy modifies_certificates", "Product Version: 4.0.3.1 File Description: \u6d41\u91cf\u7cbe\u7075 Original File name: jingling.exe", "Data Analysis", "http://www.net-chinese.com.tw \u2022 pixanalytics.com \u2022 pixnet.cc \u2022 pixnet.tv", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "Domains Contacted: www.wanuu2.club xml.admidainsight.com www.gstatic.com .", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8", "Alerts: allocates_rwx antisandbox_foregroundwindows antisandbox_sleep antivm_disk_size", "IP\u2019s Contacted: 103.23.108.184 103.23.108.220 103.23.108.80 103.23.108.92 104.18.20.226", "Alienvault OTX", "Domains Contacted: c.cnzz.com crl.comodoca4.com ocsp2.globalsign.com a.exdynsrv.com", "IDS Detections: DNS Query for Suspicious .cf Domain HTTP Request to a *.xyz domain", "IP\u2019s Contacted: 103.23.108.110 103.23.108.112 103.23.108.114 103.23.108.124 103.23.108.140", "https://otx.alienvault.com/indicator/file/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "13.32.178.127 \u2022 023097.palantir.events \u2022 palantir.events \u2022 Email admin@dnstinations.com", "https://www.facebook.com/100023887989219/posts/667744770698450", "Indicator deletion during pulse | Requires more research | Positive for MITM attack", "https://mastravelbiro.com/", "35.241.45.82", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Backdoor:msil/asyncrat", "Backdoor:msil/quasarrat", "Urlspirit" ], "industries": [ "Defense", "Government", "Hacking", "Technology", "Media", "Social media" ], "unique_indicators": 51781 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/glotov.me", "whois": "http://whois.domaintools.com/glotov.me", "domain": "glotov.me", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69afd95e9073ee0f67be8694", "name": "URLSpirit Spyware | Targeted Device attacks | MITM attacks | AI and Browser Attacks", "description": "", "modified": "2026-04-09T08:02:04.521000", "created": "2026-03-10T08:42:06.133000", "tags": [ "msie", "chrome", "search", "united", "unknown ns", "taiwan unknown", "requested range", "ip address", "taiwan", "title", "tlsv1", "windows nt", "wow64", "slcc2", "media center", "stcalifornia", "lmountain view", "ogoogle llc", "unknown", "encrypt", "malware", "suspicious", "learn", "informative", "ck id", "name tactics", "command", "spawns", "found", "id name", "malicious", "over", "ascii text", "pattern match", "mitre att", "size", "null", "refresh", "span", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "http", "data upload", "enter scords", "one on", "extraction", "http request", "checkin", "observed dns", "query", "dns query", "domain", "lila windows", "all se", "file version", "product vers", "failed", "included ic", "review iocs", "ic data", "status", "ch ua", "emails", "servers", "for privacy", "record value", "trojan", "pegasus", "body", "palantir", "se antivirus", "ids deted", "domains", "tachnalnav dan", "origin", "pe versio", "include review", "exclude sugges", "stop data", "q search", "product", "contact data", "contact urlspirit", "url http", "hostname", "url https", "stop show", "types", "type", "indicator", "defense evasion", "sha1", "legalcopyngn", "copyugnt zur", "fileversic data", "exclude data", "no expiration", "ipv4", "filehashsha256", "filehashsha1", "filehashmd5", "macintosh", "khtml", "type indicator", "iocs", "sc type", "hong kong", "certificate", "enterprise", "adversaries", "evasion att", "urlspirit", "targeted att", "monitored target", "browser attacks", "ai chat", "next level", "quasi", "apple", "android", "windows" ], "references": [ "Exploit Source: 210.64.137.210 | IP\u4f4d\u5740\u8cc7\u8a0a\uff08210.64.0.0 tw.ntunhs.net)", "https://otx.alienvault.com/indicator/file/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "Antivirus Detections: Win.Trojan.Agent-1190546", "IDS Detections: URLSpirit Spyware Checkin Observed DNS Query to Suspicious Domain adz2you[.]com", "IDS Detections: DNS Query for Suspicious .cf Domain HTTP Request to a *.xyz domain", "Alerts: network_icmp persistence_autorun disables_proxy modifies_certificates", "Alerts: modifies_proxy_wpad ransomware_dropped_files ransomware_mass_file_delete", "Alerts: dumped_buffer network_cnc_http network_http network_http_post suspicious_tld", "Alerts: allocates_rwx antisandbox_foregroundwindows antisandbox_sleep antivm_disk_size", "Alerts: origin_langid creates_exe injection_process_search multiple_useragents", "Domains Contacted: r4---sn-5goeen7d.googlevideo.com s23.cnzz.com www.youtube.com", "Domains Contacted: c.cnzz.com crl.comodoca4.com ocsp2.globalsign.com a.exdynsrv.com", "Domains Contacted: www.wanuu2.club xml.admidainsight.com www.gstatic.com .", "Indicator deletion during pulse | Requires more research | Positive for MITM attack", "IP\u2019s Contacted: 103.23.108.110 103.23.108.112 103.23.108.114 103.23.108.124 103.23.108.140", "IP\u2019s Contacted: 103.23.108.184 103.23.108.220 103.23.108.80 103.23.108.92 104.18.20.226", "URLSpirit Spyware", "Palantir\u2019s PIT - Prometheus Intelligence Technology Damaging Spyware distribution, AI Man in the Middle Attacks", "Origin: https://otx.alienvault.com/pulse/69af3fd8db2ede31abda6c14", "https://otx.alienvault.com/indicator/file/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/8550f80522c90177b58eecc3c31b8e82cfbc0a10283c888a45da497b2b5ddca5", "PE Version Information : LegalCopyright: Copyright 2012 Spiritsoft All Rights Reserved. InternalName\tjingling.exe", "FileVersion: 2013.10.10.100 Company Name: \u7cbe\u7075\u8f6f\u4ef6 Comments: \u6d41\u91cf\u7cbe\u7075(1094) ProductName: \u6d41\u91cf\u7cbe\u7075", "Product Version: 4.0.3.1 File Description: \u6d41\u91cf\u7cbe\u7075 Original File name: jingling.exe", "023097.palantir.events \u2022 palantir.events \u2022 url3561.palantir.events", "13.32.178.127 \u2022 023097.palantir.events \u2022 palantir.events \u2022 Email admin@dnstinations.com", "www.palantir.events \u2022 Email cirt@palantir.com \u2022 0055-b2b-nonprod-bigip1.palantir.events \u2022", "151-80-200-88.palantir.events \u2022 196-196-19-74.palantir.events", "http://www.net-chinese.com.tw \u2022 pixanalytics.com \u2022 pixnet.cc \u2022 pixnet.tv", "quecompegasune.tk \u2022 hipicapegaso.com", "This is part of a Prometheus Intelligence Technology (PIT) Palantir Attack", "Incredibly false information, white screens , pink screens and chat erasure", "Definitely requires further research", "Pegasus Indicators deleted during pulse" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Malaysia" ], "malware_families": [ { "id": "URLSpirit", "display_name": "URLSpirit", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1048.003", "name": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", "display_name": "T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1557", "name": "Man-in-the-Middle", "display_name": "T1557 - Man-in-the-Middle" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1428", "name": "Exploit Enterprise Resources", "display_name": "T1428 - Exploit Enterprise Resources" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" } ], "industries": [ "Technology", "Government", "Defense" ], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 406, "FileHash-SHA1": 391, "FileHash-SHA256": 5770, "URL": 7299, "domain": 1307, "email": 13, "hostname": 2162, "CVE": 3, "SSLCertFingerprint": 45 }, "indicator_count": 17396, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692e068ff95076bb8e75bd9f", "name": "Telehealth Exploit", "description": "", "modified": "2025-12-31T21:02:25", "created": "2025-12-01T21:20:15.043000", "tags": [ "passive dns", "urls", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "none google", "safe browsing", "present dec", "status", "date", "united", "name servers", "netherlands", "unknown ns", "ip address", "search", "showing", "local", "data upload", "extraction", "flag", "bad traffic", "et hunting", "domain m2", "suspicious tls", "sni request", "windir", "openurl c", "dns requests", "et info", "tls handshake", "prefetch2", "analysis", "tor analysis", "domain address", "tlsv1", "jfif", "jpeg image", "ascii text", "entries", "as15169", "show", "read c", "write", "next", "persistence", "execution", "crash", "copy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 555, "URL": 1803, "FileHash-SHA256": 1437, "FileHash-MD5": 113, "FileHash-SHA1": 13, "email": 4, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 4204, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "109 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081a5d60fafd1374f007d", "name": "| 35.241.45.82", "description": "", "modified": "2023-12-06T14:13:57.431000", "created": "2023-12-06T14:13:57.431000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 1091, "domain": 281, "hostname": 867, "URL": 3341, "FileHash-SHA1": 523, "FileHash-MD5": 166 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f948b50ccd8cf706c6e823", "name": "Mas Travel Biro - One Stop Travel Solution - hotspot.mastravelbiro.com", "description": "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "modified": "2022-09-13T00:04:26.244000", "created": "2022-08-14T19:10:45.850000", "tags": [ "mas travel", "biro", "kami juga", "management", "iata", "system iso", "mulya arya", "santika", "kota tangerang", "provinsi banten", "hotspot.mastravelbiro.com" ], "references": [ "https://mastravelbiro.com/", "https://www.facebook.com/100023887989219/posts/667744770698450", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 397, "URL": 760, "domain": 79, "FileHash-SHA256": 232 }, "indicator_count": 1468, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62316bafbe78b6f75bc56759", "name": "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-16T04:46:39.454000", "tags": [], "references": [ "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 327, "domain": 32, "FileHash-SHA256": 283, "CIDR": 2, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 719, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622d46df71336409a29a5d09", "name": "| 35.241.45.82", "description": "", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T01:20:31.311000", "tags": [ "interactive sandbox", "free malware sandbox", "sandbox malware online", "sandbox online", "sandbox service", "sandbox analysis online", "malware sandbox", "malware sandbox online", "malware analisys online", "malware sandbox analysis", "malware hunting", "malware sandboxes services", "online sandbox", "online malware sandbox", "online sandbox analysis", "sha256", "us der", "korean", "russian", "proof", "french", "german", "portuguese", "brazil", "spanish", "turkish", "find", "updater", "click", "write", "autodetect", "fullscreen", "agent", "unknown", "facebook", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "references": [ "https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 867, "URL": 3341, "domain": 281, "FileHash-SHA256": 1091, "CVE": 1, "FileHash-MD5": 166, "FileHash-SHA1": 523 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://glotov.me", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://glotov.me", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642251.8599324 }