{ "type": "URL", "indicator": "https://performance.radar.cloudflare.com/beacon.js", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://performance.radar.cloudflare.com/beacon.js", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #465", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #268", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain cloudflare.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain cloudflare.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3739633758, "indicator": "https://performance.radar.cloudflare.com/beacon.js", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 13, "pulses": [ { "id": "69b283a733a36fe75a38bb9c", "name": "The Gatby Script Loader", "description": "Im still hooked on the Belasco Chain being a thing.", "modified": "2026-05-30T00:28:12.957000", "created": "2026-03-12T09:13:11.392000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 227, "FileHash-MD5": 24, "FileHash-SHA1": 14, "domain": 64, "URL": 42, "hostname": 58, "CVE": 6, "JA3": 1 }, "indicator_count": 436, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e30ffa710fafb6d651ca89", "name": "Kelowna detachment - British Columbia by streamminingex", "description": "", "modified": "2026-04-18T05:46:36.582000", "created": "2026-04-18T05:00:42.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a552ac0b6570454709f7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1354, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1239, "CIDR": 8 }, "indicator_count": 11599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e30ffde212f52470137868", "name": "Kelowna detachment - British Columbia by streamminingex", "description": "", "modified": "2026-04-18T05:46:26.897000", "created": "2026-04-18T05:00:45.780000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a552ac0b6570454709f7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1358, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1405, "email": 62, "domain": 1242, "CIDR": 8 }, "indicator_count": 11610, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69434bae6aa51aea5cbe4686", "name": "Malicious Entertainment Licensing Scheme attacked independent artists", "description": "Unique entertainment scheme that seemed to have either intentionally usurped the copyrights of artists accepted for music licensing deals. It\u2019s possible company was attacked. Is connected to a target. Several entities related to this music licensing company were attacked by Pegasus and Lazarus Group including Sony music. Christopher P.\u2019Buzz\u2019 Ahmann is related to the attacks. Unfortunately a Colorado IT company that lists individuals related to hacked studio as an employee has been cyber stalking target. The licensing company is unavailable online. \nInteresting mafia relationships. \nOTX auto populated - AFFixmusic.com is an unregistered domain name with an address address of 166.109.7, the same address as GoDaddy.Com.co.org, which is also known as Godaddy.{", "modified": "2026-01-17T00:03:29.023000", "created": "2025-12-18T00:32:46.567000", "tags": [ "united", "as44273 host", "unknown xn", "title style", "f2f2f2 color", "helvetica neue", "twitter", "ipv4", "hosting", "helvetica arial", "united states", "verdict", "files ip", "name servers", "west domains", "as autonomous", "system", "cloudflar", "cisco", "umbrella rank", "unknown", "present dec", "nxdomain", "object", "com cnt", "dem fin", "gov int", "nav onl", "phy pre", "pur sta", "godaddycomllc", "linux x8664", "khtml", "gecko", "cloudflarenet", "veryhigh", "americachicago", "conflict", "sameorigin", "cloudflare", "please", "text content", "ray id", "utc dns", "what happened", "thank", "cloudflare ray", "click", "performance", "general full", "resource", "name value", "url http", "server", "asn398787", "type mimetype", "uni idc", "passive dns", "urls", "hostname add", "url analysis", "files", "domain", "october", "divi object", "waypoint object", "reverse dns", "software", "asn26496", "resource hash", "security", "main", "google", "page url", "address as", "as26496", "screenshot page", "title affix", "music", "music licensing", "made easy", "history http", "found", "title", "extraction", "lte all", "search otx", "enter", "data upload", "enter source", "url data", "bad request", "next associated", "facebook url", "google url", "new releases", "music url", "kyle troop", "marsna design", "whitelisted", "status", "ip address", "search", "aaaa nxdomain", "present jan", "trojan", "pegasus", "location united", "as20773 host", "singapore", "asnone country", "netherlands", "germany", "as21499 host", "temple", "pulse submit", "date", "lte pulse", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "flag", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "contacted hosts", "lte c", "additionally", "url or", "text type", "expiration", "url https", "no expiration", "hostname", "iocs", "pulse show", "type indicator", "text drag", "drop or", "create c", "read c", "delete", "write", "medium", "create", "show", "rgba", "next", "dock", "execution", "malware", "mitre att", "show technique", "ck matrix", "pattern match", "ascii text", "sha1", "network traffic", "show process", "hybrid", "general", "local", "path", "strings", "virus", "high", "dns query", "packing t1045", "pdb path", "pe resource", "win32", "present jun", "present mar", "a nxdomain", "present aug", "formpere", "msie", "windows nt", "entries", "defender", "t1071", "chrome", "creation date", "expiration date", "body", "t1045", "copy", "filehashsha256", "showing", "mafia", "lombardi mafia", "gambino", "genovese crime family", "crime families", "john t sasha", "jeffrey reimer", "navy", "danica implants", "jon", "bonus", "silva" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "France", "Poland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Belgium", "Japan", "Slovenia", "Spain", "Finland", "Hungary" ], "malware_families": [ { "id": "Virus:Win32/Triusor.A", "display_name": "Virus:Win32/Triusor.A", "target": "/malware/Virus:Win32/Triusor.A" }, { "id": "#LOWFI:HSTR:MSIL/Obfuscator", "display_name": "#LOWFI:HSTR:MSIL/Obfuscator", "target": null }, { "id": "!InstallCreatorPro_2_0", "display_name": "!InstallCreatorPro_2_0", "target": null }, { "id": "Win.Downloader.130721-1", "display_name": "Win.Downloader.130721-1", "target": null }, { "id": "Pegasus Family", "display_name": "Pegasus Family", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1172, "hostname": 1200, "URL": 2438, "email": 6, "FileHash-SHA256": 610, "FileHash-MD5": 490, "FileHash-SHA1": 463, "CIDR": 2, "SSLCertFingerprint": 3 }, "indicator_count": 6384, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "134 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6926228c245602830fd82fe5", "name": "hxxps://www[.]cloudflare[.]com/5xx-error-landing - 11.25.25", "description": "Cloudflare Abuse", "modified": "2025-12-25T21:00:52.783000", "created": "2025-11-25T21:41:32.156000", "tags": [ "sandbox", "static analyzer", "emulation", "analyzer", "url", "scanner", "reputation", "phishing", "malware", "cloudflare", "warning icon", "share report", "domain", "systems", "host", "amazon web", "services", "varnish", "onetrust", "error", "bunny", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "online", "submit", "sample", "download", "platform", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "javascript", "ansi", "runtime data", "file string", "dumps", "varchar", "null", "integer default", "localappdata", "integer not", "license", "path", "date", "facebook", "close", "roboto", "meta", "title", "span", "body", "blink", "win64", "contact", "mexico", "protect", "enterprise", "project", "suspicious", "hybrid", "mendoza", "mini", "code", "galileo", "4629", "false", "media", "critical", "fast", "stream", "cloud", "click", "hosts", "dorv", "lion", "cascade", "august", "general", "strings", "malicious" ], "references": [ "https://app.threat.zone/submission/5b29d473-2767-440f-8f03-12e48c58fd29/url-analysis-report", "https://urlquery.net/report/4eec9c27-98f9-4826-96ee-3e02a77c3646", "https://www.filescan.io/uploads/69261defaf4aba3912d48f77/reports/ad684d0b-2509-498d-8ab4-3c67a075029f/ioc", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582", "https://www.virustotal.com/gui/url/72220e2a2e1b36610c2efcd3585aa08ba8021ad13891821e47bbfd1f26709128/details", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582/64ddb54ab6da189fe1047708" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 520, "FileHash-MD5": 136, "FileHash-SHA1": 82, "domain": 120, "hostname": 275, "FileHash-SHA256": 136, "email": 12 }, "indicator_count": 1281, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "156 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a9b81da64500aa609122", "name": "APPLE CVE", "description": "", "modified": "2023-12-06T17:04:56.966000", "created": "2023-12-06T17:04:56.966000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 705, "FileHash-MD5": 171, "domain": 242, "hostname": 361, "URL": 496, "email": 3, "FileHash-SHA1": 123, "CVE": 1, "SSLCertFingerprint": 4 }, "indicator_count": 2106, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a552ac0b6570454709f7", "name": "Kelowna detachment - British Columbia (Pulse created by ellenmmm)", "description": "", "modified": "2023-12-06T16:46:09.708000", "created": "2023-12-06T16:46:09.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1349, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1237, "CIDR": 8 }, "indicator_count": 11592, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fb3b919327802eaa6c5", "name": "Kelowna detachment - British Columbia", "description": "", "modified": "2023-12-06T16:22:11.032000", "created": "2023-12-06T16:22:11.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1349, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1237, "CIDR": 8 }, "indicator_count": 11592, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6556878669ae5d5aa6b1a61f", "name": "APPLE CVE", "description": "", "modified": "2023-11-16T21:20:06.454000", "created": "2023-11-16T21:20:06.454000", "tags": [ "scan endpoints", "all cve", "ellenmmm cve", "pulse pulses", "files", "exploits", "targeted", "cve overview", "ventura", "creation date", "impact" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "652e0a354e1ed460e652842c", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 523, "domain": 263, "hostname": 460, "FileHash-SHA256": 1269, "FileHash-MD5": 385, "FileHash-SHA1": 329, "SSLCertFingerprint": 4, "email": 3 }, "indicator_count": 3237, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "926 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "652e0a354e1ed460e652842c", "name": "APPLE CVE", "description": "Apple has fixed a bug in its operating system that may cause files to be infected with malware and then be opened and downloaded without a quarantine flag being put on the file, as well as a security check.", "modified": "2023-11-16T16:02:38.424000", "created": "2023-10-17T04:14:45.289000", "tags": [ "scan endpoints", "all cve", "ellenmmm cve", "pulse pulses", "files", "exploits", "targeted", "cve overview", "ventura", "creation date", "impact" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 523, "domain": 263, "hostname": 460, "FileHash-SHA256": 1269, "FileHash-MD5": 385, "FileHash-SHA1": 329, "SSLCertFingerprint": 4, "email": 3 }, "indicator_count": 3237, "is_author": false, "is_subscribing": null, "subscriber_count": 86, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64d95fd67f4ea1e4a8cb8d38", "name": "Kelowna detachment - British Columbia", "description": "https://www.rcmp-grc.gc.ca/detach/en/d/201", "modified": "2023-09-21T05:02:23.556000", "created": "2023-08-13T22:57:26.810000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1488, "domain": 1323, "email": 70, "URL": 1453, "FileHash-SHA1": 2122, "FileHash-SHA256": 9810, "FileHash-MD5": 2117, "CVE": 15, "CIDR": 8 }, "indicator_count": 18406, "is_author": false, "is_subscribing": null, "subscriber_count": 87, "modified_text": "983 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6507da1c48c6e5e5dd1ce72f", "name": "Kelowna detachment - British Columbia (Pulse created by ellenmmm)", "description": "", "modified": "2023-09-21T05:02:23.556000", "created": "2023-09-18T05:03:24.704000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "64d95fd67f4ea1e4a8cb8d38", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1488, "domain": 1323, "email": 70, "URL": 1453, "FileHash-SHA1": 2122, "FileHash-SHA256": 9810, "FileHash-MD5": 2117, "CVE": 15, "CIDR": 8 }, "indicator_count": 18406, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "983 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582/64ddb54ab6da189fe1047708", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "https://urlquery.net/report/4eec9c27-98f9-4826-96ee-3e02a77c3646", "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582", "https://www.virustotal.com/gui/url/72220e2a2e1b36610c2efcd3585aa08ba8021ad13891821e47bbfd1f26709128/details", "https://app.threat.zone/submission/5b29d473-2767-440f-8f03-12e48c58fd29/url-analysis-report", "ELF:Agent-AQB\\ [Trj]", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "https://www.filescan.io/uploads/69261defaf4aba3912d48f77/reports/ad684d0b-2509-498d-8ab4-3c67a075029f/ioc" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Pegasus family", "Backdoor:win32/small.ir", "!installcreatorpro_2_0", "Win.trojan.agent-31853", "Win.downloader.130721-1", "Win.downloader.92-4", "#lowfi:hstr:msil/obfuscator", "Elf:agent-aqb\\ [trj]", "Win.trojan.fugrafa-9733007-0", "Virus:win32/triusor.a" ], "industries": [], "unique_indicators": 25921 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cloudflare.com", "whois": "http://whois.domaintools.com/cloudflare.com", "domain": "cloudflare.com", "hostname": "performance.radar.cloudflare.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 13, "pulses": [ { "id": "69b283a733a36fe75a38bb9c", "name": "The Gatby Script Loader", "description": "Im still hooked on the Belasco Chain being a thing.", "modified": "2026-05-30T00:28:12.957000", "created": "2026-03-12T09:13:11.392000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 227, "FileHash-MD5": 24, "FileHash-SHA1": 14, "domain": 64, "URL": 42, "hostname": 58, "CVE": 6, "JA3": 1 }, "indicator_count": 436, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e30ffa710fafb6d651ca89", "name": "Kelowna detachment - British Columbia by streamminingex", "description": "", "modified": "2026-04-18T05:46:36.582000", "created": "2026-04-18T05:00:42.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a552ac0b6570454709f7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1354, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1239, "CIDR": 8 }, "indicator_count": 11599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e30ffde212f52470137868", "name": "Kelowna detachment - British Columbia by streamminingex", "description": "", "modified": "2026-04-18T05:46:26.897000", "created": "2026-04-18T05:00:45.780000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "6570a552ac0b6570454709f7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1358, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1405, "email": 62, "domain": 1242, "CIDR": 8 }, "indicator_count": 11610, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "43 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69434bae6aa51aea5cbe4686", "name": "Malicious Entertainment Licensing Scheme attacked independent artists", "description": "Unique entertainment scheme that seemed to have either intentionally usurped the copyrights of artists accepted for music licensing deals. It\u2019s possible company was attacked. Is connected to a target. Several entities related to this music licensing company were attacked by Pegasus and Lazarus Group including Sony music. Christopher P.\u2019Buzz\u2019 Ahmann is related to the attacks. Unfortunately a Colorado IT company that lists individuals related to hacked studio as an employee has been cyber stalking target. The licensing company is unavailable online. \nInteresting mafia relationships. \nOTX auto populated - AFFixmusic.com is an unregistered domain name with an address address of 166.109.7, the same address as GoDaddy.Com.co.org, which is also known as Godaddy.{", "modified": "2026-01-17T00:03:29.023000", "created": "2025-12-18T00:32:46.567000", "tags": [ "united", "as44273 host", "unknown xn", "title style", "f2f2f2 color", "helvetica neue", "twitter", "ipv4", "hosting", "helvetica arial", "united states", "verdict", "files ip", "name servers", "west domains", "as autonomous", "system", "cloudflar", "cisco", "umbrella rank", "unknown", "present dec", "nxdomain", "object", "com cnt", "dem fin", "gov int", "nav onl", "phy pre", "pur sta", "godaddycomllc", "linux x8664", "khtml", "gecko", "cloudflarenet", "veryhigh", "americachicago", "conflict", "sameorigin", "cloudflare", "please", "text content", "ray id", "utc dns", "what happened", "thank", "cloudflare ray", "click", "performance", "general full", "resource", "name value", "url http", "server", "asn398787", "type mimetype", "uni idc", "passive dns", "urls", "hostname add", "url analysis", "files", "domain", "october", "divi object", "waypoint object", "reverse dns", "software", "asn26496", "resource hash", "security", "main", "google", "page url", "address as", "as26496", "screenshot page", "title affix", "music", "music licensing", "made easy", "history http", "found", "title", "extraction", "lte all", "search otx", "enter", "data upload", "enter source", "url data", "bad request", "next associated", "facebook url", "google url", "new releases", "music url", "kyle troop", "marsna design", "whitelisted", "status", "ip address", "search", "aaaa nxdomain", "present jan", "trojan", "pegasus", "location united", "as20773 host", "singapore", "asnone country", "netherlands", "germany", "as21499 host", "temple", "pulse submit", "date", "lte pulse", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "flag", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "contacted hosts", "lte c", "additionally", "url or", "text type", "expiration", "url https", "no expiration", "hostname", "iocs", "pulse show", "type indicator", "text drag", "drop or", "create c", "read c", "delete", "write", "medium", "create", "show", "rgba", "next", "dock", "execution", "malware", "mitre att", "show technique", "ck matrix", "pattern match", "ascii text", "sha1", "network traffic", "show process", "hybrid", "general", "local", "path", "strings", "virus", "high", "dns query", "packing t1045", "pdb path", "pe resource", "win32", "present jun", "present mar", "a nxdomain", "present aug", "formpere", "msie", "windows nt", "entries", "defender", "t1071", "chrome", "creation date", "expiration date", "body", "t1045", "copy", "filehashsha256", "showing", "mafia", "lombardi mafia", "gambino", "genovese crime family", "crime families", "john t sasha", "jeffrey reimer", "navy", "danica implants", "jon", "bonus", "silva" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Netherlands", "France", "Poland", "Sweden", "Germany", "United Kingdom of Great Britain and Northern Ireland", "Belgium", "Japan", "Slovenia", "Spain", "Finland", "Hungary" ], "malware_families": [ { "id": "Virus:Win32/Triusor.A", "display_name": "Virus:Win32/Triusor.A", "target": "/malware/Virus:Win32/Triusor.A" }, { "id": "#LOWFI:HSTR:MSIL/Obfuscator", "display_name": "#LOWFI:HSTR:MSIL/Obfuscator", "target": null }, { "id": "!InstallCreatorPro_2_0", "display_name": "!InstallCreatorPro_2_0", "target": null }, { "id": "Win.Downloader.130721-1", "display_name": "Win.Downloader.130721-1", "target": null }, { "id": "Pegasus Family", "display_name": "Pegasus Family", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1172, "hostname": 1200, "URL": 2438, "email": 6, "FileHash-SHA256": 610, "FileHash-MD5": 490, "FileHash-SHA1": 463, "CIDR": 2, "SSLCertFingerprint": 3 }, "indicator_count": 6384, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "134 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6926228c245602830fd82fe5", "name": "hxxps://www[.]cloudflare[.]com/5xx-error-landing - 11.25.25", "description": "Cloudflare Abuse", "modified": "2025-12-25T21:00:52.783000", "created": "2025-11-25T21:41:32.156000", "tags": [ "sandbox", "static analyzer", "emulation", "analyzer", "url", "scanner", "reputation", "phishing", "malware", "cloudflare", "warning icon", "share report", "domain", "systems", "host", "amazon web", "services", "varnish", "onetrust", "error", "bunny", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "online", "submit", "sample", "download", "platform", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "javascript", "ansi", "runtime data", "file string", "dumps", "varchar", "null", "integer default", "localappdata", "integer not", "license", "path", "date", "facebook", "close", "roboto", "meta", "title", "span", "body", "blink", "win64", "contact", "mexico", "protect", "enterprise", "project", "suspicious", "hybrid", "mendoza", "mini", "code", "galileo", "4629", "false", "media", "critical", "fast", "stream", "cloud", "click", "hosts", "dorv", "lion", "cascade", "august", "general", "strings", "malicious" ], "references": [ "https://app.threat.zone/submission/5b29d473-2767-440f-8f03-12e48c58fd29/url-analysis-report", "https://urlquery.net/report/4eec9c27-98f9-4826-96ee-3e02a77c3646", "https://www.filescan.io/uploads/69261defaf4aba3912d48f77/reports/ad684d0b-2509-498d-8ab4-3c67a075029f/ioc", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582", "https://www.virustotal.com/gui/url/72220e2a2e1b36610c2efcd3585aa08ba8021ad13891821e47bbfd1f26709128/details", "https://hybrid-analysis.com/sample/fa4f8265e8be5eb4d59ced85c040c15fadf017ce9ae2ffe4869da356ec184582/64ddb54ab6da189fe1047708" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 520, "FileHash-MD5": 136, "FileHash-SHA1": 82, "domain": 120, "hostname": 275, "FileHash-SHA256": 136, "email": 12 }, "indicator_count": 1281, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "156 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a9b81da64500aa609122", "name": "APPLE CVE", "description": "", "modified": "2023-12-06T17:04:56.966000", "created": "2023-12-06T17:04:56.966000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 705, "FileHash-MD5": 171, "domain": 242, "hostname": 361, "URL": 496, "email": 3, "FileHash-SHA1": 123, "CVE": 1, "SSLCertFingerprint": 4 }, "indicator_count": 2106, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a552ac0b6570454709f7", "name": "Kelowna detachment - British Columbia (Pulse created by ellenmmm)", "description": "", "modified": "2023-12-06T16:46:09.708000", "created": "2023-12-06T16:46:09.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1349, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1237, "CIDR": 8 }, "indicator_count": 11592, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fb3b919327802eaa6c5", "name": "Kelowna detachment - British Columbia", "description": "", "modified": "2023-12-06T16:22:11.032000", "created": "2023-12-06T16:22:11.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 15, "URL": 1349, "FileHash-MD5": 1308, "FileHash-SHA1": 1314, "FileHash-SHA256": 4898, "hostname": 1401, "email": 62, "domain": 1237, "CIDR": 8 }, "indicator_count": 11592, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6556878669ae5d5aa6b1a61f", "name": "APPLE CVE", "description": "", "modified": "2023-11-16T21:20:06.454000", "created": "2023-11-16T21:20:06.454000", "tags": [ "scan endpoints", "all cve", "ellenmmm cve", "pulse pulses", "files", "exploits", "targeted", "cve overview", "ventura", "creation date", "impact" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "652e0a354e1ed460e652842c", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "URL": 523, "domain": 263, "hostname": 460, "FileHash-SHA256": 1269, "FileHash-MD5": 385, "FileHash-SHA1": 329, "SSLCertFingerprint": 4, "email": 3 }, "indicator_count": 3237, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "926 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://performance.radar.cloudflare.com/beacon.js", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://performance.radar.cloudflare.com/beacon.js", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780256272.7224188 }