{ "type": "URL", "indicator": "https://o.clk71.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://o.clk71.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4074880564, "indicator": "https://o.clk71.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6846a12c0dfc35604bccef3f", "name": "Spyware | \"skype.com\" (Indicator: \"skype.com\"; File: \"s.ashx\")", "description": "Spyware/Information Retrieval\nFound an instant messenger related domain\ndetails\n\"skype.com\" (Indicator: \"skype.com\"; File: \"s.ashx\")\nsource\nFile/Memory\nrelevance\n10/10", "modified": "2025-07-09T08:00:45.459000", "created": "2025-06-09T08:54:04.592000", "tags": [ "eid1338769034", "url https", "eid4828312", "entries", "xmpg", "extgstate", "bbox", "subtypeform", "rlength", "resource", "ri falsek", "process", "xobject", "malware", "ransomware", "core", "cobalt strike", "false", "rats", "black", "hellokitty", "format", "stream", "february", "june", "hybrid", "crypto", "suspicious", "click", "strings", "attack", "close", "green", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found", "window memory", "extra window", "memory", "evasion defense", "associated urls", "submitted", "pattern match", "email address", "t1114", "show technique", "mitre att", "ck matrix", "network related", "united", "present jun", "present may", "cname", "aaaa", "status", "netherlands", "search", "sweden", "creation date", "date", "keepalive", "thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 328, "domain": 131, "email": 8, "hostname": 76, "FileHash-SHA256": 2801, "FileHash-MD5": 451, "FileHash-SHA1": 510 }, "indicator_count": 4305, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "327 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Cobalt strike" ], "industries": [], "unique_indicators": 4587 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/clk71.com", "whois": "http://whois.domaintools.com/clk71.com", "domain": "clk71.com", "hostname": "o.clk71.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6846a12c0dfc35604bccef3f", "name": "Spyware | \"skype.com\" (Indicator: \"skype.com\"; File: \"s.ashx\")", "description": "Spyware/Information Retrieval\nFound an instant messenger related domain\ndetails\n\"skype.com\" (Indicator: \"skype.com\"; File: \"s.ashx\")\nsource\nFile/Memory\nrelevance\n10/10", "modified": "2025-07-09T08:00:45.459000", "created": "2025-06-09T08:54:04.592000", "tags": [ "eid1338769034", "url https", "eid4828312", "entries", "xmpg", "extgstate", "bbox", "subtypeform", "rlength", "resource", "ri falsek", "process", "xobject", "malware", "ransomware", "core", "cobalt strike", "false", "rats", "black", "hellokitty", "format", "stream", "february", "june", "hybrid", "crypto", "suspicious", "click", "strings", "attack", "close", "green", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found", "window memory", "extra window", "memory", "evasion defense", "associated urls", "submitted", "pattern match", "email address", "t1114", "show technique", "mitre att", "ck matrix", "network related", "united", "present jun", "present may", "cname", "aaaa", "status", "netherlands", "search", "sweden", "creation date", "date", "keepalive", "thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 328, "domain": 131, "email": 8, "hostname": 76, "FileHash-SHA256": 2801, "FileHash-MD5": 451, "FileHash-SHA1": 510 }, "indicator_count": 4305, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "327 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://o.clk71.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://o.clk71.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780344442.7135417 }