{ "type": "URL", "indicator": "https://o.b.k.call/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://o.b.k.call/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4131204851, "indicator": "https://o.b.k.call/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "1 hour ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1bd66eeaaf6d7290ac299d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-05-31T06:34:22.530000", "created": "2026-05-31T06:34:22.530000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 80, "URL": 94, "domain": 22, "IPv6": 8, "FileHash-SHA256": 32, "IPv4": 26 }, "indicator_count": 279, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c954a80675ccc89b0e9b63", "name": "Trump #45470 | Palantir container | virus:DOS/Hellspawn + ioS (compromised)", "description": "Overt. Trump support campaign text message from #45470. Malicious. Received on a victims hyper compromised iPhone. Attempts to or did take CnC of device. Stutters device, changed App Store , has delete service, device sweep, shuts down service , halts all pages, denial of service, throttles service, steals\npasswords, bots , I don\u2019t know if device can be refurbished or research purposes - Palantir DC DGA domains - Trump. Multiple IoC\u2019s , malware with code overlap, it appears to be from a legitimate text for updates #. Visibly affected all aspects of device and software. Commands device shut down. \n[OTX populated: Failed to retrieve suggested indicator for beta-ui, according to the latest results from the Welsh Government's Office for National Statistics (ONS) and the National Data Centre (NDS))", "modified": "2025-10-16T12:03:14.279000", "created": "2025-09-16T12:14:32.327000", "tags": [ "ttl value", "extraction", "data upload", "failed", "extra data", "include review", "exclude sugges", "stop", "line", "path", "polyline", "getprocaddress", "circle", "span", "ck id", "mitre att", "ck matrix", "null", "error", "open", "spinner", "title", "code", "iframe", "window", "void", "infinity", "crypto", "footer", "generator", "general", "format", "click", "strings", "meta", "install", "encoder", "learn", "command", "name tactics", "suspicious", "informative", "spawns", "evasion att", "t1480 execution", "file defense", "adversaries", "calls", "reads", "defense evasion", "model", "server", "registrar abuse", "ascio", "contact phone", "admin city", "admin country", "admin postal", "dnssec", "http", "ip address", "passive dns", "related nids", "urls", "files location", "united", "flag united", "a domains", "search", "unknown aaaa", "certificate", "yara detections", "av detections", "ids detections", "alerts", "entries elf", "filehash", "name servers", "servers", "moved", "script script", "aaaa", "unknown ns", "domain add", "formbook cnc", "checkin", "lowfi", "mtb jun", "github pages", "twitter", "accept", "cryptobit", "extra", "referen data", "trojanproxy", "dynamicloader", "high", "write c", "medium", "intel", "ms windows", "entries", "pe32", "explorer", "worm", "write", "next", "trojan", "hellspawn", "md5 add", "malware", "data", "included iocs", "script urls", "script domains", "gmt content", "cash amtincart", "expirestue", "domain related", "sea x", "accept encoding", "request id", "body doctype", "apache", "encrypt", "skynet", "third eye tv", "calling", "delete app", "potus", "mtb aug", "backdoor", "gmt cache", "sameorigin", "443 ma2592000", "ipv4 add", "utilads", "trojandropper", "mtb sep", "win32upatre aug", "yara rule", "as15169", "guard", "smartassembly", "associated urls", "date checked", "url hostname", "server response", "domain", "url analysis", "files", "date", "delete service", "45470", "text", "hybrid", "present sep", "body", "fastly error", "please", "xor xor", "sha256 add", "analysis date", "file score", "detections alf", "june", "delphi", "attempts", "yara", "high security", "file type", "pe packer", "ransom" ], "references": [ "skynet-dev.tcxn.net tcxn.net Registrar Ascio Technologies, Inc - connection to cloud proxy", "TrojanProxy:Win32/Malynfits CodeOverlap TrojanSpy:Win32/Nivdort CodeOverlap virus:Win32/Lywer CodeOverlap", "https://cryptobit.live/build/assets/app-CkRYqsKL.js \u2022 cryptobit.live \u2022 t.page \u2022 cdn.wallets.cryptobit.live", "Trump Support campaign \u2022_\u2022 lantana-mgmt.washington.palantircloud.com \u2022 containers-reishi.palantirfedstart.com", "Virus:DOS/Hellspawn 192.168.122.49 10/16/25\t\u2022 IPv4 142.251.9.105", "IDS Detections: Win32/Enosch.A gtalk connectivity check | W32/MoonLight.worm User-Agent (HellSpawn)", "PWS:Win32/Ymacco.AA50 Win.Trojan.Generic-9959068-0\t SLF:MSIL/PSTAnomaly.A Win.Dropper.Shakblades-7614016-0\t#LowFI:VBExpensiveLoop Win.Packed.Barys-10031677-0\tTEL:Trojan:MSIL/AgentTesla.VPA!MTB Win.Trojan. Backdoor:MSIL/Remcos!MTB", "hasownproperty.call \u2022 fireeye.grhd.", "Apple Store verified drop down breach \u2018Apple took a screenshot of pages\u201d" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "TrojanProxy:Win32/Malynfits", "display_name": "TrojanProxy:Win32/Malynfits", "target": "/malware/TrojanProxy:Win32/Malynfits" }, { "id": "Virus:Win32/Lywer", "display_name": "Virus:Win32/Lywer", "target": "/malware/Virus:Win32/Lywer" }, { "id": "Worm:Win32/Lightmoon.H", "display_name": "Worm:Win32/Lightmoon.H", "target": "/malware/Worm:Win32/Lightmoon.H" }, { "id": "Virus:DOS/Hellspawn", "display_name": "Virus:DOS/Hellspawn", "target": "/malware/Virus:DOS/Hellspawn" }, { "id": "Win.Trojan.Dialer-266", "display_name": "Win.Trojan.Dialer-266", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Backdoor:MSIL/Remcos", "display_name": "Backdoor:MSIL/Remcos", "target": "/malware/Backdoor:MSIL/Remcos" }, { "id": "ALF:JASYP:Trojan:Win32/IRCbot!atmn", "display_name": "ALF:JASYP:Trojan:Win32/IRCbot!atmn", "target": null }, { "id": "Trojandropper:Win32/Muldrop.V!MTB", "display_name": "Trojandropper:Win32/Muldrop.V!MTB", "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB" }, { "id": "#LowFI:VBExpensiveLoop", "display_name": "#LowFI:VBExpensiveLoop", "target": null }, { "id": "TEL:Trojan:MSIL/AgentTesla.VPA!MTB", "display_name": "TEL:Trojan:MSIL/AgentTesla.VPA!MTB", "target": null }, { "id": "PWS:Win32/VB.CU", "display_name": "PWS:Win32/VB.CU", "target": "/malware/PWS:Win32/VB.CU" }, { "id": "ALF:Ransom:Win32/Babax.SG!MTB", "display_name": "ALF:Ransom:Win32/Babax.SG!MTB", "target": null } ], "attack_ids": [ { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 690, "URL": 1479, "domain": 476, "FileHash-MD5": 526, "FileHash-SHA1": 505, "FileHash-SHA256": 1509, "email": 6 }, "indicator_count": 5191, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "IDS Detections: Win32/Enosch.A gtalk connectivity check | W32/MoonLight.worm User-Agent (HellSpawn)", "https://cryptobit.live/build/assets/app-CkRYqsKL.js \u2022 cryptobit.live \u2022 t.page \u2022 cdn.wallets.cryptobit.live", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "Trump Support campaign \u2022_\u2022 lantana-mgmt.washington.palantircloud.com \u2022 containers-reishi.palantirfedstart.com", "PWS:Win32/Ymacco.AA50 Win.Trojan.Generic-9959068-0\t SLF:MSIL/PSTAnomaly.A Win.Dropper.Shakblades-7614016-0\t#LowFI:VBExpensiveLoop Win.Packed.Barys-10031677-0\tTEL:Trojan:MSIL/AgentTesla.VPA!MTB Win.Trojan. Backdoor:MSIL/Remcos!MTB", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance", "Apple Store verified drop down breach \u2018Apple took a screenshot of pages\u201d", "hasownproperty.call \u2022 fireeye.grhd.", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Virus:DOS/Hellspawn 192.168.122.49 10/16/25\t\u2022 IPv4 142.251.9.105", "TrojanProxy:Win32/Malynfits CodeOverlap TrojanSpy:Win32/Nivdort CodeOverlap virus:Win32/Lywer CodeOverlap", "skynet-dev.tcxn.net tcxn.net Registrar Ascio Technologies, Inc - connection to cloud proxy", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Pws:win32/vb.cu", "Trojanproxy:win32/malynfits", "Virus:win32/lywer", "Worm:win32/lightmoon.h", "Agenttesla", "Alf:jasyp:trojan:win32/ircbot!atmn", "Trojanspy:win32/nivdort", "Virus:dos/hellspawn", "Trojandropper:win32/muldrop.v!mtb", "#lowfi:vbexpensiveloop", "Win.trojan.dialer-266", "Alf:ransom:win32/babax.sg!mtb", "Backdoor:msil/remcos", "Tel:trojan:msil/agenttesla.vpa!mtb" ], "industries": [], "unique_indicators": 5660 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/k.call", "whois": "http://whois.domaintools.com/k.call", "domain": "k.call", "hostname": "o.b.k.call" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "1 hour ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1bd66eeaaf6d7290ac299d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-05-31T06:34:22.530000", "created": "2026-05-31T06:34:22.530000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 80, "URL": 94, "domain": 22, "IPv6": 8, "FileHash-SHA256": 32, "IPv4": 26 }, "indicator_count": 279, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "1 day ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c954a80675ccc89b0e9b63", "name": "Trump #45470 | Palantir container | virus:DOS/Hellspawn + ioS (compromised)", "description": "Overt. Trump support campaign text message from #45470. Malicious. Received on a victims hyper compromised iPhone. Attempts to or did take CnC of device. Stutters device, changed App Store , has delete service, device sweep, shuts down service , halts all pages, denial of service, throttles service, steals\npasswords, bots , I don\u2019t know if device can be refurbished or research purposes - Palantir DC DGA domains - Trump. Multiple IoC\u2019s , malware with code overlap, it appears to be from a legitimate text for updates #. Visibly affected all aspects of device and software. Commands device shut down. \n[OTX populated: Failed to retrieve suggested indicator for beta-ui, according to the latest results from the Welsh Government's Office for National Statistics (ONS) and the National Data Centre (NDS))", "modified": "2025-10-16T12:03:14.279000", "created": "2025-09-16T12:14:32.327000", "tags": [ "ttl value", "extraction", "data upload", "failed", "extra data", "include review", "exclude sugges", "stop", "line", "path", "polyline", "getprocaddress", "circle", "span", "ck id", "mitre att", "ck matrix", "null", "error", "open", "spinner", "title", "code", "iframe", "window", "void", "infinity", "crypto", "footer", "generator", "general", "format", "click", "strings", "meta", "install", "encoder", "learn", "command", "name tactics", "suspicious", "informative", "spawns", "evasion att", "t1480 execution", "file defense", "adversaries", "calls", "reads", "defense evasion", "model", "server", "registrar abuse", "ascio", "contact phone", "admin city", "admin country", "admin postal", "dnssec", "http", "ip address", "passive dns", "related nids", "urls", "files location", "united", "flag united", "a domains", "search", "unknown aaaa", "certificate", "yara detections", "av detections", "ids detections", "alerts", "entries elf", "filehash", "name servers", "servers", "moved", "script script", "aaaa", "unknown ns", "domain add", "formbook cnc", "checkin", "lowfi", "mtb jun", "github pages", "twitter", "accept", "cryptobit", "extra", "referen data", "trojanproxy", "dynamicloader", "high", "write c", "medium", "intel", "ms windows", "entries", "pe32", "explorer", "worm", "write", "next", "trojan", "hellspawn", "md5 add", "malware", "data", "included iocs", "script urls", "script domains", "gmt content", "cash amtincart", "expirestue", "domain related", "sea x", "accept encoding", "request id", "body doctype", "apache", "encrypt", "skynet", "third eye tv", "calling", "delete app", "potus", "mtb aug", "backdoor", "gmt cache", "sameorigin", "443 ma2592000", "ipv4 add", "utilads", "trojandropper", "mtb sep", "win32upatre aug", "yara rule", "as15169", "guard", "smartassembly", "associated urls", "date checked", "url hostname", "server response", "domain", "url analysis", "files", "date", "delete service", "45470", "text", "hybrid", "present sep", "body", "fastly error", "please", "xor xor", "sha256 add", "analysis date", "file score", "detections alf", "june", "delphi", "attempts", "yara", "high security", "file type", "pe packer", "ransom" ], "references": [ "skynet-dev.tcxn.net tcxn.net Registrar Ascio Technologies, Inc - connection to cloud proxy", "TrojanProxy:Win32/Malynfits CodeOverlap TrojanSpy:Win32/Nivdort CodeOverlap virus:Win32/Lywer CodeOverlap", "https://cryptobit.live/build/assets/app-CkRYqsKL.js \u2022 cryptobit.live \u2022 t.page \u2022 cdn.wallets.cryptobit.live", "Trump Support campaign \u2022_\u2022 lantana-mgmt.washington.palantircloud.com \u2022 containers-reishi.palantirfedstart.com", "Virus:DOS/Hellspawn 192.168.122.49 10/16/25\t\u2022 IPv4 142.251.9.105", "IDS Detections: Win32/Enosch.A gtalk connectivity check | W32/MoonLight.worm User-Agent (HellSpawn)", "PWS:Win32/Ymacco.AA50 Win.Trojan.Generic-9959068-0\t SLF:MSIL/PSTAnomaly.A Win.Dropper.Shakblades-7614016-0\t#LowFI:VBExpensiveLoop Win.Packed.Barys-10031677-0\tTEL:Trojan:MSIL/AgentTesla.VPA!MTB Win.Trojan. Backdoor:MSIL/Remcos!MTB", "hasownproperty.call \u2022 fireeye.grhd.", "Apple Store verified drop down breach \u2018Apple took a screenshot of pages\u201d" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "TrojanProxy:Win32/Malynfits", "display_name": "TrojanProxy:Win32/Malynfits", "target": "/malware/TrojanProxy:Win32/Malynfits" }, { "id": "Virus:Win32/Lywer", "display_name": "Virus:Win32/Lywer", "target": "/malware/Virus:Win32/Lywer" }, { "id": "Worm:Win32/Lightmoon.H", "display_name": "Worm:Win32/Lightmoon.H", "target": "/malware/Worm:Win32/Lightmoon.H" }, { "id": "Virus:DOS/Hellspawn", "display_name": "Virus:DOS/Hellspawn", "target": "/malware/Virus:DOS/Hellspawn" }, { "id": "Win.Trojan.Dialer-266", "display_name": "Win.Trojan.Dialer-266", "target": null }, { "id": "AgentTesla", "display_name": "AgentTesla", "target": null }, { "id": "Backdoor:MSIL/Remcos", "display_name": "Backdoor:MSIL/Remcos", "target": "/malware/Backdoor:MSIL/Remcos" }, { "id": "ALF:JASYP:Trojan:Win32/IRCbot!atmn", "display_name": "ALF:JASYP:Trojan:Win32/IRCbot!atmn", "target": null }, { "id": "Trojandropper:Win32/Muldrop.V!MTB", "display_name": "Trojandropper:Win32/Muldrop.V!MTB", "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB" }, { "id": "#LowFI:VBExpensiveLoop", "display_name": "#LowFI:VBExpensiveLoop", "target": null }, { "id": "TEL:Trojan:MSIL/AgentTesla.VPA!MTB", "display_name": "TEL:Trojan:MSIL/AgentTesla.VPA!MTB", "target": null }, { "id": "PWS:Win32/VB.CU", "display_name": "PWS:Win32/VB.CU", "target": "/malware/PWS:Win32/VB.CU" }, { "id": "ALF:Ransom:Win32/Babax.SG!MTB", "display_name": "ALF:Ransom:Win32/Babax.SG!MTB", "target": null } ], "attack_ids": [ { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 690, "URL": 1479, "domain": 476, "FileHash-MD5": 526, "FileHash-SHA1": 505, "FileHash-SHA256": 1509, "email": 6 }, "indicator_count": 5191, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "228 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://o.b.k.call/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://o.b.k.call/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780372378.098203 }