{ "type": "URL", "indicator": "https://pardot.trurnit.de", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://pardot.trurnit.de", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3215329207, "indicator": "https://pardot.trurnit.de", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 25, "pulses": [ { "id": "69a9cd444aa144401d0c4988", "name": "Pools Open", "description": "", "modified": "2026-04-15T19:21:28.851000", "created": "2026-03-05T18:36:52.014000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23428, "hostname": 9592, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47103, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "5fa57698ac0f6638b7b9a8ba", "name": "Pool's Closed", "description": "Two paupers from the meadow spring forth an upheaval of nasty sites on the world wide web.", "modified": "2025-12-27T05:02:34.910000", "created": "2020-11-06T16:15:20.139000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": null, "export_count": 61, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23426, "hostname": 9590, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47099, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "113 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4bc7487548e66d6f004", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-12-06T16:43:40.375000", "created": "2023-12-06T16:43:40.375000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4b4259cafcf79907b2f", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution", "description": "", "modified": "2023-12-06T16:43:32.408000", "created": "2023-12-06T16:43:32.408000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4ac54885a7e866cedca", "name": "Elevated Exposure", "description": "", "modified": "2023-12-06T16:43:24.027000", "created": "2023-12-06T16:43:24.027000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4a3ac21d7733c8e1040", "name": "Malvertising", "description": "", "modified": "2023-12-06T16:43:15.632000", "created": "2023-12-06T16:43:15.632000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49b0b6595444a3fdd9a", "name": "passkey.tracker.net", "description": "", "modified": "2023-12-06T16:43:07.031000", "created": "2023-12-06T16:43:07.031000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49207f81d6791c30194", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:58.146000", "created": "2023-12-06T16:42:58.146000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4876f8d1d174f717e7b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:47.591000", "created": "2023-12-06T16:42:47.591000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47e33876ed78e19e1da", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:38.479000", "created": "2023-12-06T16:42:38.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a161f0681f4ff3d67feb", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:29:21.844000", "created": "2023-12-06T16:29:21.844000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a145926a5676de0e2a1a", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:28:53.979000", "created": "2023-12-06T16:28:53.979000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707e5b7df6f60133e8fb50", "name": "Jeeng / Powerbox", "description": "", "modified": "2023-12-06T13:59:55.129000", "created": "2023-12-06T13:59:55.129000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 9072, "domain": 2500, "hostname": 3584, "URL": 13548, "FileHash-MD5": 197, "FileHash-SHA1": 162, "email": 19, "CIDR": 20, "SSLCertFingerprint": 2, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707b9630308cb99a817277", "name": "Pool's Closed", "description": "", "modified": "2023-12-06T13:48:06.514000", "created": "2023-12-06T13:48:06.514000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650361b276a56506778d9231", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:40:34.562000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503618b59e32805d0bbead7", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503618b59e32805d0bbead7", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution ", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:39:55.364000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503612851bdda6828f488da", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503612851bdda6828f488da", "name": "Elevated Exposure ", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:38:16.617000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "6503610f5f100cd8acad748e", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6503610f5f100cd8acad748e", "name": "Malvertising", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:37:51.730000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "65036040d3847fa5df0b8496", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65036040d3847fa5df0b8496", "name": "passkey.tracker.net", "description": "", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:34:24.232000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": "65035fea189a32c0498667d9", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fee309320821ec82f95", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:33:02.262000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fec3cd7bba66ebcef0b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:33:00.802000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65035fea189a32c0498667d9", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "Alert: nr-data.net private Apple) iOS Data Collection & Distribution. Automatically flags as an investigation. Tag 'police agency's auto generated. It's possible with Edward Snowden disclosures, it seems unlikely and completely unethical. Extremely graphic adult content with, beacons, tracking Malicious content poses a cyber threat to the general public , iOS privileges, mouse control, phishing, scanning, open registry, service execution, hooking, passkeys and more. \nAppears in a Japanese themed video game and paired targets. Male subject common name have a profession, many with same name. Female target is singular, occupation & professions. Verdict: cyber espionage threat targeting overtly tarnished female. Potential Spreading issues: False distribution by false distributers of targets, hacked, malware singed, intangible downloads. \nAdult content doesn't portray targets. Tagging. \n(New-Issued by Cloudflare \nshi(.)cloudflaressl(.)com)", "modified": "2023-10-14T17:02:29.483000", "created": "2023-09-14T19:32:58.552000", "tags": [ "resolutions", "referrer", "elevated exposure", "malformed links", "fraud", "abuse", "united", "cyber threat", "phishing", "blockchain", "covid19", "coalition", "engineering", "facebook", "police agency", "japan", "download", "blacklist", "site", "cisco umbrella", "assassin's pride chapter 12 scans", "chapter", "pride chapter", "assassin", "read", "viewed today", "promise", "apotheosis", "rampage", "magister", "goma", "conan", "magician", "click", "Suricata Alert", "Malvertising", "ssl certificate", "contacted", "execution", "whois record", "pfqlnhi4ex http", "pe resource", "investigation", "team", "metro", "malicious", "social engineering", "cyber crime Alina", "tracker(.)net", "spyware", "monitoring", "tracking", "MITRE ATT&CKS", "malware", "http://www.evantrah.com/b0ar/ (phishing)", "https(:)//b(.)link / infringement (tracking)", "37.235.49.205 (scan host)", "scan hosts", "passkey", "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection", "nr-data.net", "iOS Unlocker", "iOS Data Collection", "Private Data", "distribution", "hacking" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv", "Data Analysis", "Pattern Behavior Research" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "Canada", "Germany" ], "malware_families": [ { "id": "Alina POS", "display_name": "Alina POS", "target": null }, { "id": "Virus:DOS/Goma", "display_name": "Virus:DOS/Goma", "target": "/malware/Virus:DOS/Goma" }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "Assassin", "display_name": "Assassin", "target": null }, { "id": "Virus:Win32/Magistr", "display_name": "Virus:Win32/Magistr", "target": "/malware/Virus:Win32/Magistr" }, { "id": "Darktrack RAT", "display_name": "Darktrack RAT", "target": null }, { "id": "B.link/infringement (tracking)", "display_name": "B.link/infringement (tracking)", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan.Agent", "display_name": "Trojan.Agent", "target": null }, { "id": "TrojanDownloader:JS/MalSpam", "display_name": "TrojanDownloader:JS/MalSpam", "target": "/malware/TrojanDownloader:JS/MalSpam" } ], "attack_ids": [ { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1043", "name": "Commonly Used Port", "display_name": "T1043 - Commonly Used Port" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2931, "domain": 1095, "hostname": 1798, "URL": 5593, "FileHash-MD5": 23, "FileHash-SHA1": 17, "CVE": 1 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f37719db054ccde25aa9df", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-09-02T17:55:37.269000", "created": "2023-09-02T17:55:37.269000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7851, "URL": 23098, "hostname": 9521, "domain": 4595, "SSLCertFingerprint": 22, "FileHash-MD5": 564, "FileHash-SHA1": 432, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 46120, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "960 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f3771616d9a9891947e4df", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-09-02T17:55:34.095000", "created": "2023-09-02T17:55:34.095000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7851, "URL": 23098, "hostname": 9521, "domain": 4595, "SSLCertFingerprint": 22, "FileHash-MD5": 564, "FileHash-SHA1": 432, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 46120, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "960 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "620c3b1f8af7ea0dcf2c1218", "name": "Jeeng / Powerbox", "description": "", "modified": "2022-06-12T22:01:23.105000", "created": "2022-02-15T23:45:35.234000", "tags": [ "Jeeng", "tim pool", "timcast" ], "references": [ "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 9072, "domain": 2500, "URL": 13548, "hostname": 3584, "FileHash-MD5": 197, "FileHash-SHA1": 162, "CVE": 3, "CIDR": 20, "SSLCertFingerprint": 2, "email": 19, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 97, "modified_text": "1406 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Pool Closed", "Pattern Behavior Research", "Data Analysis", "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap", "Pool's Closed", "http://mangahasu.se/assassins-pride/chapter-12-a-promise-c629157.html?__cf_chl_jschl_tk__=7b4aeee234e6fcb906189a0ee99bff391aedad3f-1591653736-0-ATuxnw3UaJxen2hXCyv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Decovid19", "Malware", "Trojan.agent", "Darktrack rat", "Alina pos", "B.link/infringement (tracking)", "Trojandownloader:js/malspam", "Virus:win32/magistr", "Assassin", "Virus:dos/goma" ], "industries": [ "Media", "Ad fraud" ], "unique_indicators": 84575 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/trurnit.de", "whois": "http://whois.domaintools.com/trurnit.de", "domain": "trurnit.de", "hostname": "pardot.trurnit.de" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 25, "pulses": [ { "id": "69a9cd444aa144401d0c4988", "name": "Pools Open", "description": "", "modified": "2026-04-15T19:21:28.851000", "created": "2026-03-05T18:36:52.014000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23428, "hostname": 9592, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47103, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "5fa57698ac0f6638b7b9a8ba", "name": "Pool's Closed", "description": "Two paupers from the meadow spring forth an upheaval of nasty sites on the world wide web.", "modified": "2025-12-27T05:02:34.910000", "created": "2020-11-06T16:15:20.139000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": null, "export_count": 61, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23426, "hostname": 9590, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47099, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "113 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4bc7487548e66d6f004", "name": "Virus:DOS/Goma", "description": "", "modified": "2023-12-06T16:43:40.375000", "created": "2023-12-06T16:43:40.375000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4b4259cafcf79907b2f", "name": "APPLE ALERT: nr-data.net - Private Apple and iOS Data Collection and Distribution", "description": "", "modified": "2023-12-06T16:43:32.408000", "created": "2023-12-06T16:43:32.408000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4ac54885a7e866cedca", "name": "Elevated Exposure", "description": "", "modified": "2023-12-06T16:43:24.027000", "created": "2023-12-06T16:43:24.027000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4a3ac21d7733c8e1040", "name": "Malvertising", "description": "", "modified": "2023-12-06T16:43:15.632000", "created": "2023-12-06T16:43:15.632000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49b0b6595444a3fdd9a", "name": "passkey.tracker.net", "description": "", "modified": "2023-12-06T16:43:07.031000", "created": "2023-12-06T16:43:07.031000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a49207f81d6791c30194", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:58.146000", "created": "2023-12-06T16:42:58.146000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a4876f8d1d174f717e7b", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:47.591000", "created": "2023-12-06T16:42:47.591000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47e33876ed78e19e1da", "name": "Cyber Espionage w/B(.) Link / Infringement (Tracking)", "description": "", "modified": "2023-12-06T16:42:38.479000", "created": "2023-12-06T16:42:38.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 2931, "hostname": 1798, "FileHash-MD5": 23, "FileHash-SHA1": 17, "URL": 5593, "domain": 1095 }, "indicator_count": 11458, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://pardot.trurnit.de", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://pardot.trurnit.de", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776622352.0297453 }