{
  "type": "URL",
  "indicator": "https://members.thefasttrackgirl.com",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://members.thefasttrackgirl.com",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 3666891780,
      "indicator": "https://members.thefasttrackgirl.com",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 10,
      "pulses": [
        {
          "id": "65709a271fd1e3c22cf63f86",
          "name": "iCloud - cant access due to insecure conx - yes everything here is compromised via chaining, neural ai and accessibilty kit emulated via android",
          "description": "",
          "modified": "2023-12-06T15:58:31.832000",
          "created": "2023-12-06T15:58:31.832000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 705,
            "domain": 302,
            "FileHash-SHA256": 840,
            "URL": 2603,
            "email": 2,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 51
          },
          "indicator_count": 4554,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "909 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64738158d6da7115bc4ba9ae",
          "name": "v2 with hybrid data 46XKY8QY.htm",
          "description": "The following has been described as \"highly suspicious\" and \"suspicious\" by a number of people on social media, including those who are known to have been caught up in a security breach.",
          "modified": "2023-06-27T12:03:43.609000",
          "created": "2023-05-28T16:29:12.410000",
          "tags": [
            "sandbox",
            "malware",
            "analysis",
            "online",
            "submit",
            "vxstream",
            "sample",
            "download",
            "trojan",
            "apt",
            "ansi",
            "memoryfile scan",
            "dropped file",
            "runtime data",
            "microsoft",
            "dumps",
            "file string",
            "unicode",
            "null",
            "varchar",
            "june",
            "facebook",
            "error",
            "bank",
            "close",
            "code",
            "date",
            "roboto",
            "explorer",
            "meta",
            "body",
            "blink",
            "win64",
            "entity",
            "copia",
            "generator",
            "format",
            "later",
            "grazie",
            "back",
            "batal",
            "comment",
            "suspicious",
            "cookie",
            "contact",
            "import",
            "next",
            "magic",
            "internal",
            "window",
            "blank",
            "void",
            "verify",
            "service",
            "fail",
            "media",
            "alla",
            "enjoy",
            "infinity",
            "yang",
            "mini",
            "webview",
            "4629",
            "false",
            "path",
            "hybrid",
            "click",
            "hosts",
            "valentine",
            "mask",
            "general",
            "strings",
            "team",
            "april",
            "qakbot",
            "welcome",
            "thank",
            "fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de"
          ],
          "references": [
            "http://peoplesservicz.com/",
            "fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de",
            "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de",
            "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de/647341991c874a18be0049f5"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1114",
              "name": "Email Collection",
              "display_name": "T1114 - Email Collection"
            },
            {
              "id": "T1132",
              "name": "Data Encoding",
              "display_name": "T1132 - Data Encoding"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1213",
              "name": "Data from Information Repositories",
              "display_name": "T1213 - Data from Information Repositories"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 26,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 1253,
            "URL": 3938,
            "domain": 1087,
            "FileHash-SHA256": 80,
            "FileHash-MD5": 37,
            "FileHash-SHA1": 25
          },
          "indicator_count": 6420,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 92,
          "modified_text": "1072 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "645ca30c064f9724bb4abfe5",
          "name": "gagnob.com/cl/73c395f8c4c84f9c?p1&p2&source&site",
          "description": "",
          "modified": "2023-05-11T08:12:19.681000",
          "created": "2023-05-11T08:10:52.632000",
          "tags": [
            "null",
            "integer not",
            "varchar",
            "drmedgeua",
            "integer default",
            "roboto",
            "facebook",
            "meta",
            "blink",
            "win64",
            "android",
            "trident",
            "suspicious",
            "sonic",
            "mini",
            "infinity",
            "4629",
            "temp",
            "localappdata",
            "ascii text",
            "json data",
            "unicode text",
            "fat filesystem",
            "msdos os2",
            "html document",
            "sqlite version",
            "sqlite rollback",
            "binary file",
            "British Tel",
            "Yahoo",
            "Weird Redirects",
            "RU's"
          ],
          "references": [
            "Exploit/Shellcode Contains escaped byte string (often part of obfuscated shellcode) details \"</script><div><div><div class=\"gb_rd\">Google apps</div></div></div></div><textarea class=\"csi\" name=\"csi\" style=\"display:none\"></textarea><script nonce=\"cuR7J9KsqfEGfvAZwFpeyQ\">(function(){(function(){var d=Date.now(),a=google.c.sxs?\"load2\":\"load\";if(google.timers&&google.timers[a].t){for(var b=document.getElementsByTagName(\"img\"),e=0,c=void 0;c=b[e++];)google.c.setup(c,!1,-1);google.c.bofr=!1;google.c.e(a,\"imn\",Str",
            "Spyware/Information Retrieval Found strings related to file managers details \"\"fasttracktohealth.shop\",\" (Indicator: \"fasttrack\") \"\"thefasttrackgirl.com\",\" (Indicator: \"fasttrack\") source File/Memory",
            "https://www.hybrid-analysis.com/sample/b8835c5d504928af6fe9410fe767122093a621f9e38a8443ea8fc1487abd934e/645bd434d9887372e5041e0e"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 118,
            "domain": 4,
            "URL": 43,
            "hostname": 9,
            "FileHash-MD5": 83,
            "FileHash-SHA1": 66,
            "IPv4": 10
          },
          "indicator_count": 333,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 90,
          "modified_text": "1119 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "645c9552d2976bc754de54f3",
          "name": ";https://ssl.kaptcha.com/collect/sdk?m=700000",
          "description": "[",
          "modified": "2023-05-11T07:12:18.292000",
          "created": "2023-05-11T07:12:18.292000",
          "tags": [],
          "references": [
            "https://ssl.kaptcha.com/collect/sdk?m=700000",
            "https://www.hybrid-analysis.com/sample/161727a812a1c449bd581cbe577ba30fff74533887ce55dccdc7eaad27753b2c/645bf4aed69ba630d909ae5f"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1177,
            "domain": 162,
            "hostname": 321,
            "FileHash-SHA256": 81,
            "IPv4": 6,
            "FileHash-MD5": 71,
            "FileHash-SHA1": 53,
            "email": 3
          },
          "indicator_count": 1874,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 91,
          "modified_text": "1119 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6457df59f333c9e3027ac390",
          "name": "iCloud - cant access due to insecure conx - yes everything here is compromised via chaining, neural ai and accessibilty kit emulated via android",
          "description": "thisi s from scan 25 april 2023 \nlets compare to 2020",
          "modified": "2023-05-07T17:36:13.269000",
          "created": "2023-05-07T17:26:49.285000",
          "tags": [
            "chromeua",
            "optout",
            "windir",
            "prefetch8 ansi",
            "fatalerror",
            "facebook",
            "meta",
            "unknown",
            "suspicious",
            "null",
            "body",
            "black",
            "iframe",
            "media",
            "qakbot",
            "icloud",
            "apple"
          ],
          "references": [
            "https://www.icloud.com",
            "https://www.hybrid-analysis.com/sample/d3ffdf44916b01e14fceca04c3a3beb5fbad5aeea482e2242c5a843793073874/6447a07b59116aba3303e517"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 2603,
            "hostname": 705,
            "domain": 302,
            "FileHash-SHA256": 840,
            "email": 2,
            "IPv4": 10,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 51
          },
          "indicator_count": 4564,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 91,
          "modified_text": "1122 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64407cd64fef37bfabc3aae1",
          "name": ";https://94.42.122.68",
          "description": "",
          "modified": "2023-04-19T23:44:22.632000",
          "created": "2023-04-19T23:44:22.632000",
          "tags": [
            "chromeua",
            "drmedgeua",
            "unicode",
            "optin",
            "edgeua",
            "temp",
            "hidemfhevccodec",
            "qakbot"
          ],
          "references": [
            "https://www.hybrid-analysis.com/sample/db25d2525312fc90c0e6418b3f414a0b0f8415120f846ee46926db665edb9b9f/643744ae6f181717a1063c50"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1087",
              "name": "Account Discovery",
              "display_name": "T1087 - Account Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1551,
            "hostname": 469,
            "domain": 134,
            "FileHash-SHA256": 56,
            "FileHash-MD5": 52,
            "FileHash-SHA1": 52,
            "IPv4": 2
          },
          "indicator_count": 2316,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 90,
          "modified_text": "1140 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64407a3c423306cfb9d66c6d",
          "name": "https://ads.twitter.com/?ref=gl-tw-tw-twitter-advertise0",
          "description": "",
          "modified": "2023-04-19T23:33:16.257000",
          "created": "2023-04-19T23:33:16.257000",
          "tags": [
            "zarma"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/98d509ee5c88d85c96e401cf9a599a9bed2799101079f99e7e4ae974131ebcc1/643e852b401612eba8065bbb"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 178,
            "hostname": 612,
            "URL": 1892,
            "email": 4,
            "IPv4": 5,
            "FileHash-SHA256": 63,
            "FileHash-MD5": 59,
            "FileHash-SHA1": 58
          },
          "indicator_count": 2871,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 92,
          "modified_text": "1140 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64405bb59eb4323cde717b83",
          "name": "ttps://accounts.flybe.com/o3r-app-server/flybe/login - from wallet.bundle.js that i see has not published \ud83d\ude21",
          "description": "",
          "modified": "2023-04-19T21:23:01.734000",
          "created": "2023-04-19T21:23:01.734000",
          "tags": [
            "url https",
            "chromeua",
            "runtime data",
            "optout",
            "ansi",
            "unicode",
            "temp",
            "dropped file",
            "localappdata",
            "drmedgeua",
            "optin",
            "hosts",
            "qakbot"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/62c8b9e6618f124d6103d9cc8bf0b29309e32e250b15f2cf5bdbab7c718c1970/643fc8790148eb4a120d88de"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1087",
              "name": "Account Discovery",
              "display_name": "T1087 - Account Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 150,
            "URL": 1741,
            "hostname": 519,
            "FileHash-SHA256": 73,
            "FileHash-MD5": 69,
            "FileHash-SHA1": 69,
            "IPv4": 2,
            "email": 4
          },
          "indicator_count": 2627,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 90,
          "modified_text": "1140 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "64405bb46b8e08b76da24b14",
          "name": "ttps://accounts.flybe.com/o3r-app-server/flybe/login - from wallet.bundle.js that i see has not published \ud83d\ude21",
          "description": "",
          "modified": "2023-04-19T21:23:00.215000",
          "created": "2023-04-19T21:23:00.215000",
          "tags": [
            "url https",
            "chromeua",
            "runtime data",
            "optout",
            "ansi",
            "unicode",
            "temp",
            "dropped file",
            "localappdata",
            "drmedgeua",
            "optin",
            "hosts",
            "qakbot"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/62c8b9e6618f124d6103d9cc8bf0b29309e32e250b15f2cf5bdbab7c718c1970/643fc8790148eb4a120d88de"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1087",
              "name": "Account Discovery",
              "display_name": "T1087 - Account Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 150,
            "URL": 1741,
            "hostname": 519,
            "FileHash-SHA256": 73,
            "FileHash-MD5": 69,
            "FileHash-SHA1": 69,
            "IPv4": 2,
            "email": 4
          },
          "indicator_count": 2627,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 90,
          "modified_text": "1140 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "643fbdd0f3f6cf9c74a1a242",
          "name": "/c1010.dgcyww.cc",
          "description": "",
          "modified": "2023-04-19T10:09:20.316000",
          "created": "2023-04-19T10:09:20.316000",
          "tags": [
            "chromeua",
            "optout",
            "runtime data",
            "drmedgeua",
            "optin",
            "edgeua",
            "secchuamobile",
            "secchuamodel",
            "win64",
            "facebook",
            "date",
            "cray",
            "smwg",
            "click",
            "eret",
            "nuke",
            "lion",
            "ahav",
            "wind",
            "mozi",
            "malicious",
            "/c1010.dgcyww.cc"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/63fd4c8a76248bc599487d799a51c7f40d9bcb26a7f1e15fc4a2d06d46d718c8/643ab05c4c7f408046047472"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1087",
              "name": "Account Discovery",
              "display_name": "T1087 - Account Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1114",
              "name": "Email Collection",
              "display_name": "T1114 - Email Collection"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1555",
              "name": "Credentials from Password Stores",
              "display_name": "T1555 - Credentials from Password Stores"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "callmeDoris",
            "id": "205385",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 2066,
            "hostname": 563,
            "domain": 188,
            "FileHash-SHA256": 72,
            "IPv4": 6,
            "FileHash-MD5": 119,
            "FileHash-SHA1": 49,
            "email": 4
          },
          "indicator_count": 3067,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 90,
          "modified_text": "1141 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.hybrid-analysis.com/sample/161727a812a1c449bd581cbe577ba30fff74533887ce55dccdc7eaad27753b2c/645bf4aed69ba630d909ae5f",
        "https://www.icloud.com",
        "https://www.hybrid-analysis.com/sample/db25d2525312fc90c0e6418b3f414a0b0f8415120f846ee46926db665edb9b9f/643744ae6f181717a1063c50",
        "https://ssl.kaptcha.com/collect/sdk?m=700000",
        "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de/647341991c874a18be0049f5",
        "Spyware/Information Retrieval Found strings related to file managers details \"\"fasttracktohealth.shop\",\" (Indicator: \"fasttrack\") \"\"thefasttrackgirl.com\",\" (Indicator: \"fasttrack\") source File/Memory",
        "https://www.hybrid-analysis.com/sample/b8835c5d504928af6fe9410fe767122093a621f9e38a8443ea8fc1487abd934e/645bd434d9887372e5041e0e",
        "http://peoplesservicz.com/",
        "fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de",
        "https://hybrid-analysis.com/sample/62c8b9e6618f124d6103d9cc8bf0b29309e32e250b15f2cf5bdbab7c718c1970/643fc8790148eb4a120d88de",
        "Exploit/Shellcode Contains escaped byte string (often part of obfuscated shellcode) details \"</script><div><div><div class=\"gb_rd\">Google apps</div></div></div></div><textarea class=\"csi\" name=\"csi\" style=\"display:none\"></textarea><script nonce=\"cuR7J9KsqfEGfvAZwFpeyQ\">(function(){(function(){var d=Date.now(),a=google.c.sxs?\"load2\":\"load\";if(google.timers&&google.timers[a].t){for(var b=document.getElementsByTagName(\"img\"),e=0,c=void 0;c=b[e++];)google.c.setup(c,!1,-1);google.c.bofr=!1;google.c.e(a,\"imn\",Str",
        "https://hybrid-analysis.com/sample/63fd4c8a76248bc599487d799a51c7f40d9bcb26a7f1e15fc4a2d06d46d718c8/643ab05c4c7f408046047472",
        "https://hybrid-analysis.com/sample/98d509ee5c88d85c96e401cf9a599a9bed2799101079f99e7e4ae974131ebcc1/643e852b401612eba8065bbb",
        "https://www.hybrid-analysis.com/sample/d3ffdf44916b01e14fceca04c3a3beb5fbad5aeea482e2242c5a843793073874/6447a07b59116aba3303e517",
        "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 13102
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/thefasttrackgirl.com",
    "whois": "http://whois.domaintools.com/thefasttrackgirl.com",
    "domain": "thefasttrackgirl.com",
    "hostname": "members.thefasttrackgirl.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 10,
  "pulses": [
    {
      "id": "65709a271fd1e3c22cf63f86",
      "name": "iCloud - cant access due to insecure conx - yes everything here is compromised via chaining, neural ai and accessibilty kit emulated via android",
      "description": "",
      "modified": "2023-12-06T15:58:31.832000",
      "created": "2023-12-06T15:58:31.832000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 705,
        "domain": 302,
        "FileHash-SHA256": 840,
        "URL": 2603,
        "email": 2,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 51
      },
      "indicator_count": 4554,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 109,
      "modified_text": "909 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64738158d6da7115bc4ba9ae",
      "name": "v2 with hybrid data 46XKY8QY.htm",
      "description": "The following has been described as \"highly suspicious\" and \"suspicious\" by a number of people on social media, including those who are known to have been caught up in a security breach.",
      "modified": "2023-06-27T12:03:43.609000",
      "created": "2023-05-28T16:29:12.410000",
      "tags": [
        "sandbox",
        "malware",
        "analysis",
        "online",
        "submit",
        "vxstream",
        "sample",
        "download",
        "trojan",
        "apt",
        "ansi",
        "memoryfile scan",
        "dropped file",
        "runtime data",
        "microsoft",
        "dumps",
        "file string",
        "unicode",
        "null",
        "varchar",
        "june",
        "facebook",
        "error",
        "bank",
        "close",
        "code",
        "date",
        "roboto",
        "explorer",
        "meta",
        "body",
        "blink",
        "win64",
        "entity",
        "copia",
        "generator",
        "format",
        "later",
        "grazie",
        "back",
        "batal",
        "comment",
        "suspicious",
        "cookie",
        "contact",
        "import",
        "next",
        "magic",
        "internal",
        "window",
        "blank",
        "void",
        "verify",
        "service",
        "fail",
        "media",
        "alla",
        "enjoy",
        "infinity",
        "yang",
        "mini",
        "webview",
        "4629",
        "false",
        "path",
        "hybrid",
        "click",
        "hosts",
        "valentine",
        "mask",
        "general",
        "strings",
        "team",
        "april",
        "qakbot",
        "welcome",
        "thank",
        "fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de"
      ],
      "references": [
        "http://peoplesservicz.com/",
        "fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de",
        "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de",
        "https://hybrid-analysis.com/sample/fb47468a2cd3953c7131431991afcc6a2703f14640520102eea0a685a7e8d6de/647341991c874a18be0049f5"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1114",
          "name": "Email Collection",
          "display_name": "T1114 - Email Collection"
        },
        {
          "id": "T1132",
          "name": "Data Encoding",
          "display_name": "T1132 - Data Encoding"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1213",
          "name": "Data from Information Repositories",
          "display_name": "T1213 - Data from Information Repositories"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 26,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 1253,
        "URL": 3938,
        "domain": 1087,
        "FileHash-SHA256": 80,
        "FileHash-MD5": 37,
        "FileHash-SHA1": 25
      },
      "indicator_count": 6420,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 92,
      "modified_text": "1072 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "645ca30c064f9724bb4abfe5",
      "name": "gagnob.com/cl/73c395f8c4c84f9c?p1&p2&source&site",
      "description": "",
      "modified": "2023-05-11T08:12:19.681000",
      "created": "2023-05-11T08:10:52.632000",
      "tags": [
        "null",
        "integer not",
        "varchar",
        "drmedgeua",
        "integer default",
        "roboto",
        "facebook",
        "meta",
        "blink",
        "win64",
        "android",
        "trident",
        "suspicious",
        "sonic",
        "mini",
        "infinity",
        "4629",
        "temp",
        "localappdata",
        "ascii text",
        "json data",
        "unicode text",
        "fat filesystem",
        "msdos os2",
        "html document",
        "sqlite version",
        "sqlite rollback",
        "binary file",
        "British Tel",
        "Yahoo",
        "Weird Redirects",
        "RU's"
      ],
      "references": [
        "Exploit/Shellcode Contains escaped byte string (often part of obfuscated shellcode) details \"</script><div><div><div class=\"gb_rd\">Google apps</div></div></div></div><textarea class=\"csi\" name=\"csi\" style=\"display:none\"></textarea><script nonce=\"cuR7J9KsqfEGfvAZwFpeyQ\">(function(){(function(){var d=Date.now(),a=google.c.sxs?\"load2\":\"load\";if(google.timers&&google.timers[a].t){for(var b=document.getElementsByTagName(\"img\"),e=0,c=void 0;c=b[e++];)google.c.setup(c,!1,-1);google.c.bofr=!1;google.c.e(a,\"imn\",Str",
        "Spyware/Information Retrieval Found strings related to file managers details \"\"fasttracktohealth.shop\",\" (Indicator: \"fasttrack\") \"\"thefasttrackgirl.com\",\" (Indicator: \"fasttrack\") source File/Memory",
        "https://www.hybrid-analysis.com/sample/b8835c5d504928af6fe9410fe767122093a621f9e38a8443ea8fc1487abd934e/645bd434d9887372e5041e0e"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 6,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 118,
        "domain": 4,
        "URL": 43,
        "hostname": 9,
        "FileHash-MD5": 83,
        "FileHash-SHA1": 66,
        "IPv4": 10
      },
      "indicator_count": 333,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 90,
      "modified_text": "1119 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "645c9552d2976bc754de54f3",
      "name": ";https://ssl.kaptcha.com/collect/sdk?m=700000",
      "description": "[",
      "modified": "2023-05-11T07:12:18.292000",
      "created": "2023-05-11T07:12:18.292000",
      "tags": [],
      "references": [
        "https://ssl.kaptcha.com/collect/sdk?m=700000",
        "https://www.hybrid-analysis.com/sample/161727a812a1c449bd581cbe577ba30fff74533887ce55dccdc7eaad27753b2c/645bf4aed69ba630d909ae5f"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 7,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 1177,
        "domain": 162,
        "hostname": 321,
        "FileHash-SHA256": 81,
        "IPv4": 6,
        "FileHash-MD5": 71,
        "FileHash-SHA1": 53,
        "email": 3
      },
      "indicator_count": 1874,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 91,
      "modified_text": "1119 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6457df59f333c9e3027ac390",
      "name": "iCloud - cant access due to insecure conx - yes everything here is compromised via chaining, neural ai and accessibilty kit emulated via android",
      "description": "thisi s from scan 25 april 2023 \nlets compare to 2020",
      "modified": "2023-05-07T17:36:13.269000",
      "created": "2023-05-07T17:26:49.285000",
      "tags": [
        "chromeua",
        "optout",
        "windir",
        "prefetch8 ansi",
        "fatalerror",
        "facebook",
        "meta",
        "unknown",
        "suspicious",
        "null",
        "body",
        "black",
        "iframe",
        "media",
        "qakbot",
        "icloud",
        "apple"
      ],
      "references": [
        "https://www.icloud.com",
        "https://www.hybrid-analysis.com/sample/d3ffdf44916b01e14fceca04c3a3beb5fbad5aeea482e2242c5a843793073874/6447a07b59116aba3303e517"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 2603,
        "hostname": 705,
        "domain": 302,
        "FileHash-SHA256": 840,
        "email": 2,
        "IPv4": 10,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 51
      },
      "indicator_count": 4564,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 91,
      "modified_text": "1122 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64407cd64fef37bfabc3aae1",
      "name": ";https://94.42.122.68",
      "description": "",
      "modified": "2023-04-19T23:44:22.632000",
      "created": "2023-04-19T23:44:22.632000",
      "tags": [
        "chromeua",
        "drmedgeua",
        "unicode",
        "optin",
        "edgeua",
        "temp",
        "hidemfhevccodec",
        "qakbot"
      ],
      "references": [
        "https://www.hybrid-analysis.com/sample/db25d2525312fc90c0e6418b3f414a0b0f8415120f846ee46926db665edb9b9f/643744ae6f181717a1063c50"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1087",
          "name": "Account Discovery",
          "display_name": "T1087 - Account Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 6,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 1551,
        "hostname": 469,
        "domain": 134,
        "FileHash-SHA256": 56,
        "FileHash-MD5": 52,
        "FileHash-SHA1": 52,
        "IPv4": 2
      },
      "indicator_count": 2316,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 90,
      "modified_text": "1140 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64407a3c423306cfb9d66c6d",
      "name": "https://ads.twitter.com/?ref=gl-tw-tw-twitter-advertise0",
      "description": "",
      "modified": "2023-04-19T23:33:16.257000",
      "created": "2023-04-19T23:33:16.257000",
      "tags": [
        "zarma"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/98d509ee5c88d85c96e401cf9a599a9bed2799101079f99e7e4ae974131ebcc1/643e852b401612eba8065bbb"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 5,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 178,
        "hostname": 612,
        "URL": 1892,
        "email": 4,
        "IPv4": 5,
        "FileHash-SHA256": 63,
        "FileHash-MD5": 59,
        "FileHash-SHA1": 58
      },
      "indicator_count": 2871,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 92,
      "modified_text": "1140 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64405bb59eb4323cde717b83",
      "name": "ttps://accounts.flybe.com/o3r-app-server/flybe/login - from wallet.bundle.js that i see has not published \ud83d\ude21",
      "description": "",
      "modified": "2023-04-19T21:23:01.734000",
      "created": "2023-04-19T21:23:01.734000",
      "tags": [
        "url https",
        "chromeua",
        "runtime data",
        "optout",
        "ansi",
        "unicode",
        "temp",
        "dropped file",
        "localappdata",
        "drmedgeua",
        "optin",
        "hosts",
        "qakbot"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/62c8b9e6618f124d6103d9cc8bf0b29309e32e250b15f2cf5bdbab7c718c1970/643fc8790148eb4a120d88de"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1087",
          "name": "Account Discovery",
          "display_name": "T1087 - Account Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 150,
        "URL": 1741,
        "hostname": 519,
        "FileHash-SHA256": 73,
        "FileHash-MD5": 69,
        "FileHash-SHA1": 69,
        "IPv4": 2,
        "email": 4
      },
      "indicator_count": 2627,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 90,
      "modified_text": "1140 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "64405bb46b8e08b76da24b14",
      "name": "ttps://accounts.flybe.com/o3r-app-server/flybe/login - from wallet.bundle.js that i see has not published \ud83d\ude21",
      "description": "",
      "modified": "2023-04-19T21:23:00.215000",
      "created": "2023-04-19T21:23:00.215000",
      "tags": [
        "url https",
        "chromeua",
        "runtime data",
        "optout",
        "ansi",
        "unicode",
        "temp",
        "dropped file",
        "localappdata",
        "drmedgeua",
        "optin",
        "hosts",
        "qakbot"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/62c8b9e6618f124d6103d9cc8bf0b29309e32e250b15f2cf5bdbab7c718c1970/643fc8790148eb4a120d88de"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1087",
          "name": "Account Discovery",
          "display_name": "T1087 - Account Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 150,
        "URL": 1741,
        "hostname": 519,
        "FileHash-SHA256": 73,
        "FileHash-MD5": 69,
        "FileHash-SHA1": 69,
        "IPv4": 2,
        "email": 4
      },
      "indicator_count": 2627,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 90,
      "modified_text": "1140 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "643fbdd0f3f6cf9c74a1a242",
      "name": "/c1010.dgcyww.cc",
      "description": "",
      "modified": "2023-04-19T10:09:20.316000",
      "created": "2023-04-19T10:09:20.316000",
      "tags": [
        "chromeua",
        "optout",
        "runtime data",
        "drmedgeua",
        "optin",
        "edgeua",
        "secchuamobile",
        "secchuamodel",
        "win64",
        "facebook",
        "date",
        "cray",
        "smwg",
        "click",
        "eret",
        "nuke",
        "lion",
        "ahav",
        "wind",
        "mozi",
        "malicious",
        "/c1010.dgcyww.cc"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/63fd4c8a76248bc599487d799a51c7f40d9bcb26a7f1e15fc4a2d06d46d718c8/643ab05c4c7f408046047472"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1087",
          "name": "Account Discovery",
          "display_name": "T1087 - Account Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1114",
          "name": "Email Collection",
          "display_name": "T1114 - Email Collection"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1555",
          "name": "Credentials from Password Stores",
          "display_name": "T1555 - Credentials from Password Stores"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 5,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "callmeDoris",
        "id": "205385",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 2066,
        "hostname": 563,
        "domain": 188,
        "FileHash-SHA256": 72,
        "IPv4": 6,
        "FileHash-MD5": 119,
        "FileHash-SHA1": 49,
        "email": 4
      },
      "indicator_count": 3067,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 90,
      "modified_text": "1141 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://members.thefasttrackgirl.com",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://members.thefasttrackgirl.com",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780490798.5847008
}