{ "type": "URL", "indicator": "https://i.facebook.fr", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://i.facebook.fr", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3323919138, "indicator": "https://i.facebook.fr", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 13, "pulses": [ { "id": "69dba8a0f375964d468b9ba0", "name": "Credit: DorkingBeauty1- Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2026-04-12T14:17:39.016000", "created": "2026-04-12T14:13:52.560000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "622772a53274b509660d46af", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 902, "domain": 338, "URL": 1721, "FileHash-SHA256": 558, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 128, "IPv4": 3 }, "indicator_count": 3814, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "7 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692e068ff95076bb8e75bd9f", "name": "Telehealth Exploit", "description": "", "modified": "2025-12-31T21:02:25", "created": "2025-12-01T21:20:15.043000", "tags": [ "passive dns", "urls", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "none google", "safe browsing", "present dec", "status", "date", "united", "name servers", "netherlands", "unknown ns", "ip address", "search", "showing", "local", "data upload", "extraction", "flag", "bad traffic", "et hunting", "domain m2", "suspicious tls", "sni request", "windir", "openurl c", "dns requests", "et info", "tls handshake", "prefetch2", "analysis", "tor analysis", "domain address", "tlsv1", "jfif", "jpeg image", "ascii text", "entries", "as15169", "show", "read c", "write", "next", "persistence", "execution", "crash", "copy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 555, "URL": 1803, "FileHash-SHA256": 1437, "FileHash-MD5": 113, "FileHash-SHA1": 13, "email": 4, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 4204, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "109 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687d5d33d16ab7837e23bc01", "name": "howmanyofme.com - Packed | Palantir", "description": "howmanyofme.com was a honeypot. The names listed are potentially monitored targets. One was verified target.||\nhttp://howmanyofme.com/search/?given=Tsara&sur=Brashears/\nhttp://ww2.howmanyofme.com/people/Carrie_Henn/\nhttp://ww2.howmanyofme.com/people/Rockmond_Dunbar/\nhttp://howmanyofme.com/people/John_Hurt/\nhttp://howmanyofme.com/people/Mary_Gross/\nhttp://howmanyofme.com/people/Kenneth_Tobey/\nhttp://ww2.howmanyofme.com/people/Royce_Clayton/\n\n\n#Palantir # #honeypot #howmanyofme", "modified": "2025-09-18T23:05:18.490000", "created": "2025-07-20T21:18:43.974000", "tags": [ "united", "unknown ns", "a domains", "ip address", "search", "privacy service", "fbo registrant", "date", "entries", "how many", "destination", "port", "windows nt", "msie", "unknown", "et trojan", "poodle attack", "policy sslv3", "united kingdom", "suspicious", "copy", "virustotal", "malware", "write", "hostile", "next", "triton", "super node", "get reloaded", "x11 snf", "png image", "rgba", "post reloaded", "ascii text", "crlf line", "gnu message", "ms windows", "intel", "pe32", "host", "get babylon", "show", "babylon" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7185, "domain": 706, "hostname": 1906, "email": 5, "FileHash-SHA256": 3645, "FileHash-MD5": 330, "FileHash-SHA1": 135, "CVE": 1 }, "indicator_count": 13913, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "212 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081a5d60fafd1374f007d", "name": "| 35.241.45.82", "description": "", "modified": "2023-12-06T14:13:57.431000", "created": "2023-12-06T14:13:57.431000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 1091, "domain": 281, "hostname": 867, "URL": 3341, "FileHash-SHA1": 523, "FileHash-MD5": 166 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080d7cc6525322cdb9052", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2023-12-06T14:10:31.519000", "created": "2023-12-06T14:10:31.519000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "hostname": 888, "URL": 1698, "email": 4, "domain": 337, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707cf8c190913170fc926d", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "", "modified": "2023-12-06T13:54:00.427000", "created": "2023-12-06T13:54:00.427000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 464, "domain": 633, "hostname": 1080, "URL": 2430, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f948b50ccd8cf706c6e823", "name": "Mas Travel Biro - One Stop Travel Solution - hotspot.mastravelbiro.com", "description": "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "modified": "2022-09-13T00:04:26.244000", "created": "2022-08-14T19:10:45.850000", "tags": [ "mas travel", "biro", "kami juga", "management", "iata", "system iso", "mulya arya", "santika", "kota tangerang", "provinsi banten", "hotspot.mastravelbiro.com" ], "references": [ "https://mastravelbiro.com/", "https://www.facebook.com/100023887989219/posts/667744770698450", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 397, "URL": 760, "domain": 79, "FileHash-SHA256": 232 }, "indicator_count": 1468, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62316bafbe78b6f75bc56759", "name": "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-16T04:46:39.454000", "tags": [], "references": [ "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 327, "domain": 32, "FileHash-SHA256": 283, "CIDR": 2, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 719, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622d46df71336409a29a5d09", "name": "| 35.241.45.82", "description": "", "modified": "2022-04-12T00:02:34.248000", "created": "2022-03-13T01:20:31.311000", "tags": [ "interactive sandbox", "free malware sandbox", "sandbox malware online", "sandbox online", "sandbox service", "sandbox analysis online", "malware sandbox", "malware sandbox online", "malware analisys online", "malware sandbox analysis", "malware hunting", "malware sandboxes services", "online sandbox", "online malware sandbox", "online sandbox analysis", "sha256", "us der", "korean", "russian", "proof", "french", "german", "portuguese", "brazil", "spanish", "turkish", "find", "updater", "click", "write", "autodetect", "fullscreen", "agent", "unknown", "facebook", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "references": [ "https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 867, "URL": 3341, "domain": 281, "FileHash-SHA256": 1091, "CVE": 1, "FileHash-MD5": 166, "FileHash-SHA1": 523 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622772a53274b509660d46af", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "so much familiarity here from the last 5 Years, this is by far compromise on supply chain of the century all the big boys are featured no surprise to me. The question is just how many are compromised from home routers and personal devices", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T15:13:41.976000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 888, "domain": 337, "URL": 1698, "FileHash-SHA256": 537, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61ead7b494741b1fb0523fea", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "Only made it down a few inches if this rabbit hole of hell", "modified": "2022-02-21T00:02:59.215000", "created": "2022-01-21T15:56:36.172000", "tags": [ "ansi", "pcap processing", "pcap", "windows nt", "jannah", "windir", "openurl c", "localappdata", "unicode", "runtime data", "ssl certificate", "whois", "whois whois" ], "references": [ "http://2tnxisg.cn/fHd3hWIT (AV positives: 14/93 scanned on 01/17/2022 03:29:51)", "http://2tnxisg.cn/youtube-mo", "http://red-killer.cf/ (AV positives: 2/93 scanned on 01/21/2022 13:45:26)", "http://2tnxisg.cn/eC8HzMXL (AV positives: 14/93 scanned on 01/19/2022 23:55:29)", "http://waybk97.cn/ (AV positives: 8/93 scanned on 01/19/2022 23:28:31)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1080, "URL": 2430, "domain": 633, "FileHash-SHA256": 464, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1518 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://waybk97.cn/ (AV positives: 8/93 scanned on 01/19/2022 23:28:31)", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "https://mastravelbiro.com/", "Data Analysis", "ns-19.awsdns-02.com", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "http://2tnxisg.cn/eC8HzMXL (AV positives: 14/93 scanned on 01/19/2022 23:55:29)", "http://2tnxisg.cn/fHd3hWIT (AV positives: 14/93 scanned on 01/17/2022 03:29:51)", "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "Alienvault OTX", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "http://red-killer.cf/ (AV positives: 2/93 scanned on 01/21/2022 13:45:26)", "35.241.45.82", "46389d4767e7481478ad10dfa541d7ee54179eb861e4f4b14e465e18593f73b8", "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://www.facebook.com/100023887989219/posts/667744770698450", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://www.google.com/url?client=internal-element-cse&cx=003414466004237966221:dgg7iftvryo&q=https://any.run/report/26b19ed6b29d4f27db1487e13281f0c80753d320a1a2bd9703dec5cb97580c33/c4a777b1-f9b7-4e65-bf6d-d80d0b5c996e&sa=U&ved=2ahUKEwic5Kv_7MH2AhVnQvEDHeIwAVsQFnoECAkQAg&usg=AOvVaw3YaSzDTJOZNf7XGn5zphhr", "Online Research", "http://2tnxisg.cn/youtube-mo", "WebTools" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Backdoor:msil/quasarrat", "Backdoor:msil/asyncrat" ], "industries": [ "Media", "Hacking", "Social media", "Technology" ], "unique_indicators": 56070 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/facebook.fr", "whois": "http://whois.domaintools.com/facebook.fr", "domain": "facebook.fr", "hostname": "i.facebook.fr" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 13, "pulses": [ { "id": "69dba8a0f375964d468b9ba0", "name": "Credit: DorkingBeauty1- Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2026-04-12T14:17:39.016000", "created": "2026-04-12T14:13:52.560000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "data", "decrypted ssl", "windows nt", "threat level", "ecacc", "gmtetag", "date", "sha256", "pcap", "path", "accept", "back", "close", "click", "solid", "class", "flame", "splash", "verify", "direct", "suspicious", "malicious", "sybuex", "core", "agent", "code", "model", "next", "first", "phase", "impact", "trim", "hybrid", "hosts", "format", "general", "strings", "dupont", "meta", "body", "local", "trident", "gynx", "mozilla" ], "references": [ "https://hybrid-analysis.com/sample/62b6cea0e6e2b40533d835de1968ce767764a36f1f9de2b603ddc2d72aa5e246?environmentId=100", "https://hybrid-analysis.com/sample/1e018f44cfe693f0cd2a5e6491a21eb65bdd0f02fb694eb131eaf5d9118f39ee?environmentId=100", "https://hybrid-analysis.com/sample/e9425c4658ad484851e6b207e7c1ebb7df9da7f793bc35216c46285ef224aa83?environmentId=100", "ok12110.ok1.chatbot.lab.works-hi.co.jp", "ns-19.awsdns-02.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "622772a53274b509660d46af", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 902, "domain": 338, "URL": 1721, "FileHash-SHA256": 558, "email": 4, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 128, "IPv4": 3 }, "indicator_count": 3814, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "7 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692e068ff95076bb8e75bd9f", "name": "Telehealth Exploit", "description": "", "modified": "2025-12-31T21:02:25", "created": "2025-12-01T21:20:15.043000", "tags": [ "passive dns", "urls", "http", "hostname", "files domain", "files related", "pulses none", "related tags", "none google", "safe browsing", "present dec", "status", "date", "united", "name servers", "netherlands", "unknown ns", "ip address", "search", "showing", "local", "data upload", "extraction", "flag", "bad traffic", "et hunting", "domain m2", "suspicious tls", "sni request", "windir", "openurl c", "dns requests", "et info", "tls handshake", "prefetch2", "analysis", "tor analysis", "domain address", "tlsv1", "jfif", "jpeg image", "ascii text", "entries", "as15169", "show", "read c", "write", "next", "persistence", "execution", "crash", "copy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 260, "hostname": 555, "URL": 1803, "FileHash-SHA256": 1437, "FileHash-MD5": 113, "FileHash-SHA1": 13, "email": 4, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 4204, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "109 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "687d5d33d16ab7837e23bc01", "name": "howmanyofme.com - Packed | Palantir", "description": "howmanyofme.com was a honeypot. The names listed are potentially monitored targets. One was verified target.||\nhttp://howmanyofme.com/search/?given=Tsara&sur=Brashears/\nhttp://ww2.howmanyofme.com/people/Carrie_Henn/\nhttp://ww2.howmanyofme.com/people/Rockmond_Dunbar/\nhttp://howmanyofme.com/people/John_Hurt/\nhttp://howmanyofme.com/people/Mary_Gross/\nhttp://howmanyofme.com/people/Kenneth_Tobey/\nhttp://ww2.howmanyofme.com/people/Royce_Clayton/\n\n\n#Palantir # #honeypot #howmanyofme", "modified": "2025-09-18T23:05:18.490000", "created": "2025-07-20T21:18:43.974000", "tags": [ "united", "unknown ns", "a domains", "ip address", "search", "privacy service", "fbo registrant", "date", "entries", "how many", "destination", "port", "windows nt", "msie", "unknown", "et trojan", "poodle attack", "policy sslv3", "united kingdom", "suspicious", "copy", "virustotal", "malware", "write", "hostile", "next", "triton", "super node", "get reloaded", "x11 snf", "png image", "rgba", "post reloaded", "ascii text", "crlf line", "gnu message", "ms windows", "intel", "pe32", "host", "get babylon", "show", "babylon" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7185, "domain": 706, "hostname": 1906, "email": 5, "FileHash-SHA256": 3645, "FileHash-MD5": 330, "FileHash-SHA1": 135, "CVE": 1 }, "indicator_count": 13913, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "212 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657081a5d60fafd1374f007d", "name": "| 35.241.45.82", "description": "", "modified": "2023-12-06T14:13:57.431000", "created": "2023-12-06T14:13:57.431000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 1091, "domain": 281, "hostname": 867, "URL": 3341, "FileHash-SHA1": 523, "FileHash-MD5": 166 }, "indicator_count": 6270, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080d7cc6525322cdb9052", "name": "Charles-152.199.19.160- from scan various dupont domains- malicious- Oracle Supply Chain or Turning Blind eye", "description": "", "modified": "2023-12-06T14:10:31.519000", "created": "2023-12-06T14:10:31.519000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 537, "hostname": 888, "URL": 1698, "email": 4, "domain": 337, "CVE": 1, "FileHash-MD5": 159, "FileHash-SHA1": 127 }, "indicator_count": 3751, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707cf8c190913170fc926d", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "", "modified": "2023-12-06T13:54:00.427000", "created": "2023-12-06T13:54:00.427000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 464, "domain": 633, "hostname": 1080, "URL": 2430, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f948b50ccd8cf706c6e823", "name": "Mas Travel Biro - One Stop Travel Solution - hotspot.mastravelbiro.com", "description": "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "modified": "2022-09-13T00:04:26.244000", "created": "2022-08-14T19:10:45.850000", "tags": [ "mas travel", "biro", "kami juga", "management", "iata", "system iso", "mulya arya", "santika", "kota tangerang", "provinsi banten", "hotspot.mastravelbiro.com" ], "references": [ "https://mastravelbiro.com/", "https://www.facebook.com/100023887989219/posts/667744770698450", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://chat.whatsapp.com/FM9CervGe8x5V6byb2GNZl", "https://twitter.com/consultancy_ms?s=21&t=AuhTmUXZYvIjKLWQUKR-EA", "https://twitter.com/ubudviewbungalo?s=21&t=AuhTmUXZYvIjKLWQUKR-EA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 397, "URL": 760, "domain": 79, "FileHash-SHA256": 232 }, "indicator_count": 1468, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1314 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62316bafbe78b6f75bc56759", "name": "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf", "description": "", "modified": "2022-04-14T00:01:40.805000", "created": "2022-03-16T04:46:39.454000", "tags": [], "references": [ "www.facebook.com:login:? next=https%3A%2F%2Fwww.facebook.com%2FHotChocolate.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 72, "URL": 327, "domain": 32, "FileHash-SHA256": 283, "CIDR": 2, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 719, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://i.facebook.fr", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://i.facebook.fr", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776639746.6995275 }