{ "type": "URL", "indicator": "https://prudentialfranqueados.http.msging.net", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://prudentialfranqueados.http.msging.net", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4126010313, "indicator": "https://prudentialfranqueados.http.msging.net", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69aa0a62f94a92b5168405c2", "name": "fedpaypal clone Q vashti", "description": "", "modified": "2026-03-06T06:39:27.872000", "created": "2026-03-05T22:57:38.559000", "tags": [ "present sep", "virtool", "cryp", "win32", "ip address", "trojan", "ransom", "asn as54113", "passive dns", "msil", "united states", "dynamicloader", "qaeaav12", "high", "qbeipbdii", "write", "paypal", "medium", "search", "vmware", "floodfix", "malware", "united", "mtb apr", "hostname add", "write c", "read c", "yara detections", "upxoepplace", "next", "markus", "april", "ping", "meta http", "content", "gmt server", "th th", "443 ma2592000", "ipv4 add", "url analysis", "urls", "body", "title", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "t1590 gather", "victim network", "status", "name servers", "set cookie", "script urls", "present feb", "cookie", "template", "present oct", "present jul", "present dec", "present jun", "next associated", "urls show", "date checked", "present apr", "url hostname", "united kingdom", "unknown ns", "servers", "great britain", "msr aug", "msr apr", "msr nov", "ite o", "server response", "script script", "files show", "date hash", "avast avg", "creation date", "lcid1033", "sminnotek", "spnvirtualbox", "bvvirtualbox", "present mar", "present nov", "exploit", "error", "server response", "google safe", "results sep", "backdoor", "certificate", "mtb sep", "next http", "scans show", "present may", "results jun", "results jan", "worm", "echo request", "sweep", "payload hello", "world", "ids detections", "cape", "viking", "philis", "et", "torop", "des moines", "contacted hosts", "content reputation", "sabey type", "tulach type", "rexx type", "foundry type", "fred scherr", "twitter", "apple", "monitored target", "financial theft", "psalms 27: 1 - 14" ], "references": [ "fed.paypal.com [redirect for monitored target \u2022 1st documented 2020- still active]", "nr-data.net \u2022 init.ess.apple.com\t\u2022 apple-id-ifind.com \u2022 https://apple-id-ifind.com/\t\u2022 apple-lostandfound.com", "https://www.speakup.it/magazines/places/new-york-city-on-a-budget-big-apple-little-money_2368", "https://login.apple-mac.banugoker.com/cgi-sys/defaultwebpage.cgi \u2022 lsupport-apple.com", "login.apple-mac.banugoker.com \u2022 www.apple-mac.banugoker.com \u2022 http://apple-mac.banugoker.com/", "https://apple-mac.banugoker.com/ \u2022 https://login.apple-mac.banugoker.com/", "http://45.159.189.105/bot/regex \u2022 https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net", "wallpapers-nature.com \u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://wallpapers-nature.com/ tsara-brashears/urlscan-io\t \u2022 https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "http://www.mof.gov.cn.lxcvc.com/ \u2022 http://www.mohurd.gov.cn.lxcvc.\u2022 com/ \u2022 https://www.csrc.gov.cn.lxcvc.com/", "https://lk-prod-webcol.laika.com.co/category/bog/cat/farmacia/collares-isabelinos/todos/todo-para-mascota/1", "https://twitter.com/PORNO_SEXYBABES \u2022 https://megapornfreehd.com/2025/04/360", "https://57d5.zhanyu66.com/com.slamyugllp.strangerrun.xc.apk/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:MalOb-BX\\ [Cryp]", "display_name": "Win32:MalOb-BX\\ [Cryp]", "target": null }, { "id": "Win.Trojan.Fraudpack", "display_name": "Win.Trojan.Fraudpack", "target": null }, { "id": "Fakeav", "display_name": "Fakeav", "target": null }, { "id": "Ransom:MSIL/Genasom.I", "display_name": "Ransom:MSIL/Genasom.I", "target": "/malware/Ransom:MSIL/Genasom.I" }, { "id": "Virtool:Win32/Obfuscator.KI", "display_name": "Virtool:Win32/Obfuscator.KI", "target": "/malware/Virtool:Win32/Obfuscator.KI" }, { "id": "Toga!rfn", "display_name": "Toga!rfn", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Remoteadmin-7056666-0", "display_name": "Win.Malware.Remoteadmin-7056666-0", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Win.Dropper.Unruy-9994363-0", "display_name": "Win.Dropper.Unruy-9994363-0", "target": null }, { "id": "Win.Trojan.Cycler-47", "display_name": "Win.Trojan.Cycler-47", "target": null }, { "id": "Win.Trojan.Clicker-3506", "display_name": "Win.Trojan.Clicker-3506", "target": null }, { "id": "Win.Downloader.Unruy-10026469-0", "display_name": "Win.Downloader.Unruy-10026469-0", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Urelas", "display_name": "Win.Malware.Urelas", "target": null }, { "id": "Win.Malware.Zusy", "display_name": "Win.Malware.Zusy", "target": null }, { "id": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "display_name": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "display_name": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "target": null }, { "id": "Win.Dropper.Tiggre-9845940-0", "display_name": "Win.Dropper.Tiggre-9845940-0", "target": null }, { "id": "PWS:Win32/QQpass.B!MTB", "display_name": "PWS:Win32/QQpass.B!MTB", "target": "/malware/PWS:Win32/QQpass.B!MTB" }, { "id": "Win.Malware.Sfwx-9853337-0", "display_name": "Win.Malware.Sfwx-9853337-0", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Trojan:Win32/Kaicorn!rf", "display_name": "Trojan:Win32/Kaicorn!rf", "target": "/malware/Trojan:Win32/Kaicorn!rf" }, { "id": "Win32:Banker", "display_name": "Win32:Banker", "target": null }, { "id": "Worm:Win32/Cambot!rfn", "display_name": "Worm:Win32/Cambot!rfn", "target": "/malware/Worm:Win32/Cambot!rfn" }, { "id": "Win32:Malware", "display_name": "Win32:Malware", "target": null }, { "id": "Win.Malware.Midie-6847892-0", "display_name": "Win.Malware.Midie-6847892-0", "target": null }, { "id": "ET", "display_name": "ET", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1401", "name": "Device Administrator Permissions", "display_name": "T1401 - Device Administrator Permissions" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1595.002", "name": "Vulnerability Scanning", "display_name": "T1595.002 - Vulnerability Scanning" }, { "id": "T1464", "name": "Jamming or Denial of Service", "display_name": "T1464 - Jamming or Denial of Service" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [], "TLP": "white", "cloned_from": "68c5743593a4bcc81dd94b0b", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1323, "URL": 4360, "FileHash-MD5": 759, "FileHash-SHA1": 748, "FileHash-SHA256": 5148, "domain": 1076, "email": 7 }, "indicator_count": 13421, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68d37e35f99d852d38beb769", "name": "Cryptex Port Key \u2022 RedLine Stealer affects Threat Research Platform/s", "description": "#attack? #honeypot?", "modified": "2025-10-24T04:02:54.218000", "created": "2025-09-24T05:14:28.101000", "tags": [ "x00x00n", "memcommit", "regopenkeyexw", "regsz", "else", "ipnnoysrdi tr", "writeconsolew", "cryptexportkey", "invalid pointer", "x1ex00x00n", "redline stealer", "service", "powershell", "tools", "persistence", "execution", "dock", "write", "updater", "malware", "passive dns", "urls", "url add", "ip address", "related nids", "files location", "hong kong", "united", "present jul", "present dec", "search", "present may", "a domains", "name servers", "unknown aaaa", "trojan", "present jan", "present sep", "moved", "title", "span td", "td td", "tr tr", "a li", "ipv4 internet", "span", "meta", "gmt content", "ipv4 add", "reverse dns", "trojanx", "location hong kong", "software", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "development att", "ascii text", "pattern match", "mitre att", "ck matrix", "sha1", "odigicert inc", "network traffic", "general", "local", "path", "encrypt", "copy md5", "copy sha1", "copy sha256", "sha256", "size", "crlf line", "urlhttps", "extracted files", "acquires", "networking", "readiness" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1086", "name": "PowerShell", "display_name": "T1086 - PowerShell" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 150, "FileHash-SHA1": 148, "FileHash-SHA256": 3059, "domain": 1277, "URL": 4166, "hostname": 1251, "SSLCertFingerprint": 10, "email": 1 }, "indicator_count": 10062, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68cd76f1888c22a2e105e524", "name": "Sign in - Google Accounts | Ransomware G3nasom", "description": "Needs to more research due to how malicious it is. Did attack a monitored target via Google search.\n\nI haven\u2019t put the time into naming all vulnerabilities. Positive for ransomware ALF:Trojan:Win32/G3nasom formerly named \u201c Win.Ransomware.Gandcrab-10044141-0\u201d", "modified": "2025-10-19T14:00:01.535000", "created": "2025-09-19T15:29:53.126000", "tags": [ "sign", "google account", "email", "forgot email", "private window", "learn", "guest mode", "next create", "dynamicloader", "windows nt", "msie", "wow64", "slcc2", "media center", "tlsv1", "owotrus ca", "limited", "server ca", "python", "write", "trojan", "guard", "win64", "accept", "updater", "launcher", "malware", "contacted", "filehash", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "passive dns", "google trust", "ip address", "related nids", "united", "url http", "present aug", "present sep", "present jul", "unknown aaaa", "domain", "title", "body", "trojandropper", "mtb sep", "meta", "next associated", "win32upatre sep", "backdoor", "ipv4", "moved", "ddos", "data upload", "extraction", "iocs", "failed", "source url", "indicato", "mat my", "data", "ck id", "name tactics", "suspicious", "informative", "adversaries", "found", "command", "initial access", "spawns", "chrome", "gmt content", "avast avg", "next http", "ascii text", "size", "pattern match", "mitre att", "error", "null", "android", "general", "local", "path", "click", "strings", "trident", "write c", "medium", "search", "show", "high", "push", "service", "ms defender", "files matching", "number", "hide samples", "date hash", "next yara", "emotet", "g3nasom", "entries", "alerts show", "ck technique", "technique id", "io control", "anomalous", "geofencing", "sha256 add", "pulse pulses", "copy" ], "references": [ "http://accounts.google.com/v3/signin/identifier", "Yara Detection: Cabinet _Archive", "Banking Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "ALF:Trojan:Win32/G3nasom", "display_name": "ALF:Trojan:Win32/G3nasom", "target": null }, { "id": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)", "display_name": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)", "target": null }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null }, { "id": "Trojandropper:Win32/Muldrop.V!MTB", "display_name": "Trojandropper:Win32/Muldrop.V!MTB", "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB" }, { "id": "Backdoor:Win32/Berbew", "display_name": "Backdoor:Win32/Berbew", "target": "/malware/Backdoor:Win32/Berbew" }, { "id": "Upatre", "display_name": "Upatre", "target": null }, { "id": "Trojan:Win32/Emotet.KDS!MTB", "display_name": "Trojan:Win32/Emotet.KDS!MTB", "target": "/malware/Trojan:Win32/Emotet.KDS!MTB" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 531, "FileHash-SHA256": 1069, "URL": 1607, "FileHash-MD5": 275, "FileHash-SHA1": 187, "SSLCertFingerprint": 25, "domain": 188, "email": 2 }, "indicator_count": 3884, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "182 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c5743593a4bcc81dd94b0b", "name": "Fed.PayPal.com - Ransom | Attacks via redirect", "description": "A monitored target, active on various payment platforms for business documented a malicious redirect event 1st seen in 2020. Follows pattern of multiple, critical and ongoing attacks beginning in 2013. In this instance target lost access to PayPal payments. If this is legal, it\u2019s been a grotesque grift. Target was financially and otherwise robbed.\n\n\n#trulymissed #paypal #advesaries #apple #twitter #backdoor #ransom #botnet #reptutationattack", "modified": "2025-10-13T13:27:11.277000", "created": "2025-09-13T13:40:05.671000", "tags": [ "present sep", "virtool", "cryp", "win32", "ip address", "trojan", "ransom", "asn as54113", "passive dns", "msil", "united states", "dynamicloader", "qaeaav12", "high", "qbeipbdii", "write", "paypal", "medium", "search", "vmware", "floodfix", "malware", "united", "mtb apr", "hostname add", "write c", "read c", "yara detections", "upxoepplace", "next", "markus", "april", "ping", "meta http", "content", "gmt server", "th th", "443 ma2592000", "ipv4 add", "url analysis", "urls", "body", "title", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "t1590 gather", "victim network", "status", "name servers", "set cookie", "script urls", "present feb", "cookie", "template", "present oct", "present jul", "present dec", "present jun", "next associated", "urls show", "date checked", "present apr", "url hostname", "united kingdom", "unknown ns", "servers", "great britain", "msr aug", "msr apr", "msr nov", "ite o", "server response", "script script", "files show", "date hash", "avast avg", "creation date", "lcid1033", "sminnotek", "spnvirtualbox", "bvvirtualbox", "present mar", "present nov", "exploit", "error", "server response", "google safe", "results sep", "backdoor", "certificate", "mtb sep", "next http", "scans show", "present may", "results jun", "results jan", "worm", "echo request", "sweep", "payload hello", "world", "ids detections", "cape", "viking", "philis", "et", "torop", "des moines", "contacted hosts", "content reputation", "sabey type", "tulach type", "rexx type", "foundry type", "fred scherr", "twitter", "apple", "monitored target", "financial theft", "psalms 27: 1 - 14" ], "references": [ "fed.paypal.com [redirect for monitored target \u2022 1st documented 2020- still active]", "nr-data.net \u2022 init.ess.apple.com\t\u2022 apple-id-ifind.com \u2022 https://apple-id-ifind.com/\t\u2022 apple-lostandfound.com", "https://www.speakup.it/magazines/places/new-york-city-on-a-budget-big-apple-little-money_2368", "https://login.apple-mac.banugoker.com/cgi-sys/defaultwebpage.cgi \u2022 lsupport-apple.com", "login.apple-mac.banugoker.com \u2022 www.apple-mac.banugoker.com \u2022 http://apple-mac.banugoker.com/", "https://apple-mac.banugoker.com/ \u2022 https://login.apple-mac.banugoker.com/", "http://45.159.189.105/bot/regex \u2022 https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net", "wallpapers-nature.com \u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://wallpapers-nature.com/ tsara-brashears/urlscan-io\t \u2022 https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "http://www.mof.gov.cn.lxcvc.com/ \u2022 http://www.mohurd.gov.cn.lxcvc.\u2022 com/ \u2022 https://www.csrc.gov.cn.lxcvc.com/", "https://lk-prod-webcol.laika.com.co/category/bog/cat/farmacia/collares-isabelinos/todos/todo-para-mascota/1", "https://twitter.com/PORNO_SEXYBABES \u2022 https://megapornfreehd.com/2025/04/360", "https://57d5.zhanyu66.com/com.slamyugllp.strangerrun.xc.apk/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:MalOb-BX\\ [Cryp]", "display_name": "Win32:MalOb-BX\\ [Cryp]", "target": null }, { "id": "Win.Trojan.Fraudpack", "display_name": "Win.Trojan.Fraudpack", "target": null }, { "id": "Fakeav", "display_name": "Fakeav", "target": null }, { "id": "Ransom:MSIL/Genasom.I", "display_name": "Ransom:MSIL/Genasom.I", "target": "/malware/Ransom:MSIL/Genasom.I" }, { "id": "Virtool:Win32/Obfuscator.KI", "display_name": "Virtool:Win32/Obfuscator.KI", "target": "/malware/Virtool:Win32/Obfuscator.KI" }, { "id": "Toga!rfn", "display_name": "Toga!rfn", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Remoteadmin-7056666-0", "display_name": "Win.Malware.Remoteadmin-7056666-0", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Win.Dropper.Unruy-9994363-0", "display_name": "Win.Dropper.Unruy-9994363-0", "target": null }, { "id": "Win.Trojan.Cycler-47", "display_name": "Win.Trojan.Cycler-47", "target": null }, { "id": "Win.Trojan.Clicker-3506", "display_name": "Win.Trojan.Clicker-3506", "target": null }, { "id": "Win.Downloader.Unruy-10026469-0", "display_name": "Win.Downloader.Unruy-10026469-0", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Urelas", "display_name": "Win.Malware.Urelas", "target": null }, { "id": "Win.Malware.Zusy", "display_name": "Win.Malware.Zusy", "target": null }, { "id": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "display_name": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "display_name": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "target": null }, { "id": "Win.Dropper.Tiggre-9845940-0", "display_name": "Win.Dropper.Tiggre-9845940-0", "target": null }, { "id": "PWS:Win32/QQpass.B!MTB", "display_name": "PWS:Win32/QQpass.B!MTB", "target": "/malware/PWS:Win32/QQpass.B!MTB" }, { "id": "Win.Malware.Sfwx-9853337-0", "display_name": "Win.Malware.Sfwx-9853337-0", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Trojan:Win32/Kaicorn!rf", "display_name": "Trojan:Win32/Kaicorn!rf", "target": "/malware/Trojan:Win32/Kaicorn!rf" }, { "id": "Win32:Banker", "display_name": "Win32:Banker", "target": null }, { "id": "Worm:Win32/Cambot!rfn", "display_name": "Worm:Win32/Cambot!rfn", "target": "/malware/Worm:Win32/Cambot!rfn" }, { "id": "Win32:Malware", "display_name": "Win32:Malware", "target": null }, { "id": "Win.Malware.Midie-6847892-0", "display_name": "Win.Malware.Midie-6847892-0", "target": null }, { "id": "ET", "display_name": "ET", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1401", "name": "Device Administrator Permissions", "display_name": "T1401 - Device Administrator Permissions" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1595.002", "name": "Vulnerability Scanning", "display_name": "T1595.002 - Vulnerability Scanning" }, { "id": "T1464", "name": "Jamming or Denial of Service", "display_name": "T1464 - Jamming or Denial of Service" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1321, "URL": 4356, "FileHash-MD5": 759, "FileHash-SHA1": 748, "FileHash-SHA256": 5148, "domain": 1076, "email": 7 }, "indicator_count": 13415, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://login.apple-mac.banugoker.com/cgi-sys/defaultwebpage.cgi \u2022 lsupport-apple.com", "login.apple-mac.banugoker.com \u2022 www.apple-mac.banugoker.com \u2022 http://apple-mac.banugoker.com/", "https://twitter.com/PORNO_SEXYBABES \u2022 https://megapornfreehd.com/2025/04/360", "https://apple-mac.banugoker.com/ \u2022 https://login.apple-mac.banugoker.com/", "https://www.speakup.it/magazines/places/new-york-city-on-a-budget-big-apple-little-money_2368", "http://accounts.google.com/v3/signin/identifier", "fed.paypal.com [redirect for monitored target \u2022 1st documented 2020- still active]", "http://www.mof.gov.cn.lxcvc.com/ \u2022 http://www.mohurd.gov.cn.lxcvc.\u2022 com/ \u2022 https://www.csrc.gov.cn.lxcvc.com/", "nr-data.net \u2022 init.ess.apple.com\t\u2022 apple-id-ifind.com \u2022 https://apple-id-ifind.com/\t\u2022 apple-lostandfound.com", "https://57d5.zhanyu66.com/com.slamyugllp.strangerrun.xc.apk/", "Yara Detection: Cabinet _Archive", "https://wallpapers-nature.com/ tsara-brashears/urlscan-io\t \u2022 https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "Banking Malware", "http://45.159.189.105/bot/regex \u2022 https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net", "wallpapers-nature.com \u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://lk-prod-webcol.laika.com.co/category/bog/cat/farmacia/collares-isabelinos/todos/todo-para-mascota/1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Win.dropper.tiggre-9845940-0", "Upatre", "Win.malware.eclz-9953021-0", "Toga!rfn", "Win.downloader.unruy-10026469-0", "Floxif", "Backdoor:win32/berbew", "Win.trojan.clicker-3506", "Win.trojan.barys-10005825-0", "Win.dropper.unruy-9994363-0", "Win.trojan.fraudpack", "Emotet", "Trojan:win32/kaicorn!rf", "Alf:trojan:win32/g3nasom", "Win.trojan.cycler-47", "Tofsee", "#lowfi:suspicioussectionname", "Ransom:msil/genasom.i", "Worm:win32/autorun", "Win.ransomware.gandcrab-10044141-0\t(renamed g3nasom)", "Alf:heraklezeval:pws:win32/qqpass!rfn", "Win.malware.midie-6847892-0", "Fakeav", "Pws:win32/qqpass.b!mtb", "Win.malware.sfwx-9853337-0", "Win32:banker", "Et", "Trojandropper:win32/muldrop.v!mtb", "Backdoor:win32/tofsee.t", "Win.malware.remoteadmin-7056666-0", "Alf:hstr:trojandownloader:win32/purityscan.a!bit", "Win32:malware", "Trojan:win32/emotet.kds!mtb", "Trojan:win32/floxif.e", "Worm:win32/cambot!rfn", "Win.malware.urelas", "Virtool:win32/obfuscator.ki", "Win.malware.zusy", "Malware", "Win32:malob-bx\\ [cryp]" ], "industries": [], "unique_indicators": 27259 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/msging.net", "whois": "http://whois.domaintools.com/msging.net", "domain": "msging.net", "hostname": "prudentialfranqueados.http.msging.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69aa0a62f94a92b5168405c2", "name": "fedpaypal clone Q vashti", "description": "", "modified": "2026-03-06T06:39:27.872000", "created": "2026-03-05T22:57:38.559000", "tags": [ "present sep", "virtool", "cryp", "win32", "ip address", "trojan", "ransom", "asn as54113", "passive dns", "msil", "united states", "dynamicloader", "qaeaav12", "high", "qbeipbdii", "write", "paypal", "medium", "search", "vmware", "floodfix", "malware", "united", "mtb apr", "hostname add", "write c", "read c", "yara detections", "upxoepplace", "next", "markus", "april", "ping", "meta http", "content", "gmt server", "th th", "443 ma2592000", "ipv4 add", "url analysis", "urls", "body", "title", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "t1590 gather", "victim network", "status", "name servers", "set cookie", "script urls", "present feb", "cookie", "template", "present oct", "present jul", "present dec", "present jun", "next associated", "urls show", "date checked", "present apr", "url hostname", "united kingdom", "unknown ns", "servers", "great britain", "msr aug", "msr apr", "msr nov", "ite o", "server response", "script script", "files show", "date hash", "avast avg", "creation date", "lcid1033", "sminnotek", "spnvirtualbox", "bvvirtualbox", "present mar", "present nov", "exploit", "error", "server response", "google safe", "results sep", "backdoor", "certificate", "mtb sep", "next http", "scans show", "present may", "results jun", "results jan", "worm", "echo request", "sweep", "payload hello", "world", "ids detections", "cape", "viking", "philis", "et", "torop", "des moines", "contacted hosts", "content reputation", "sabey type", "tulach type", "rexx type", "foundry type", "fred scherr", "twitter", "apple", "monitored target", "financial theft", "psalms 27: 1 - 14" ], "references": [ "fed.paypal.com [redirect for monitored target \u2022 1st documented 2020- still active]", "nr-data.net \u2022 init.ess.apple.com\t\u2022 apple-id-ifind.com \u2022 https://apple-id-ifind.com/\t\u2022 apple-lostandfound.com", "https://www.speakup.it/magazines/places/new-york-city-on-a-budget-big-apple-little-money_2368", "https://login.apple-mac.banugoker.com/cgi-sys/defaultwebpage.cgi \u2022 lsupport-apple.com", "login.apple-mac.banugoker.com \u2022 www.apple-mac.banugoker.com \u2022 http://apple-mac.banugoker.com/", "https://apple-mac.banugoker.com/ \u2022 https://login.apple-mac.banugoker.com/", "http://45.159.189.105/bot/regex \u2022 https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net", "wallpapers-nature.com \u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://wallpapers-nature.com/ tsara-brashears/urlscan-io\t \u2022 https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "http://www.mof.gov.cn.lxcvc.com/ \u2022 http://www.mohurd.gov.cn.lxcvc.\u2022 com/ \u2022 https://www.csrc.gov.cn.lxcvc.com/", "https://lk-prod-webcol.laika.com.co/category/bog/cat/farmacia/collares-isabelinos/todos/todo-para-mascota/1", "https://twitter.com/PORNO_SEXYBABES \u2022 https://megapornfreehd.com/2025/04/360", "https://57d5.zhanyu66.com/com.slamyugllp.strangerrun.xc.apk/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:MalOb-BX\\ [Cryp]", "display_name": "Win32:MalOb-BX\\ [Cryp]", "target": null }, { "id": "Win.Trojan.Fraudpack", "display_name": "Win.Trojan.Fraudpack", "target": null }, { "id": "Fakeav", "display_name": "Fakeav", "target": null }, { "id": "Ransom:MSIL/Genasom.I", "display_name": "Ransom:MSIL/Genasom.I", "target": "/malware/Ransom:MSIL/Genasom.I" }, { "id": "Virtool:Win32/Obfuscator.KI", "display_name": "Virtool:Win32/Obfuscator.KI", "target": "/malware/Virtool:Win32/Obfuscator.KI" }, { "id": "Toga!rfn", "display_name": "Toga!rfn", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Remoteadmin-7056666-0", "display_name": "Win.Malware.Remoteadmin-7056666-0", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Win.Dropper.Unruy-9994363-0", "display_name": "Win.Dropper.Unruy-9994363-0", "target": null }, { "id": "Win.Trojan.Cycler-47", "display_name": "Win.Trojan.Cycler-47", "target": null }, { "id": "Win.Trojan.Clicker-3506", "display_name": "Win.Trojan.Clicker-3506", "target": null }, { "id": "Win.Downloader.Unruy-10026469-0", "display_name": "Win.Downloader.Unruy-10026469-0", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Urelas", "display_name": "Win.Malware.Urelas", "target": null }, { "id": "Win.Malware.Zusy", "display_name": "Win.Malware.Zusy", "target": null }, { "id": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "display_name": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "display_name": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "target": null }, { "id": "Win.Dropper.Tiggre-9845940-0", "display_name": "Win.Dropper.Tiggre-9845940-0", "target": null }, { "id": "PWS:Win32/QQpass.B!MTB", "display_name": "PWS:Win32/QQpass.B!MTB", "target": "/malware/PWS:Win32/QQpass.B!MTB" }, { "id": "Win.Malware.Sfwx-9853337-0", "display_name": "Win.Malware.Sfwx-9853337-0", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Trojan:Win32/Kaicorn!rf", "display_name": "Trojan:Win32/Kaicorn!rf", "target": "/malware/Trojan:Win32/Kaicorn!rf" }, { "id": "Win32:Banker", "display_name": "Win32:Banker", "target": null }, { "id": "Worm:Win32/Cambot!rfn", "display_name": "Worm:Win32/Cambot!rfn", "target": "/malware/Worm:Win32/Cambot!rfn" }, { "id": "Win32:Malware", "display_name": "Win32:Malware", "target": null }, { "id": "Win.Malware.Midie-6847892-0", "display_name": "Win.Malware.Midie-6847892-0", "target": null }, { "id": "ET", "display_name": "ET", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1401", "name": "Device Administrator Permissions", "display_name": "T1401 - Device Administrator Permissions" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1595.002", "name": "Vulnerability Scanning", "display_name": "T1595.002 - Vulnerability Scanning" }, { "id": "T1464", "name": "Jamming or Denial of Service", "display_name": "T1464 - Jamming or Denial of Service" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [], "TLP": "white", "cloned_from": "68c5743593a4bcc81dd94b0b", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1323, "URL": 4360, "FileHash-MD5": 759, "FileHash-SHA1": 748, "FileHash-SHA256": 5148, "domain": 1076, "email": 7 }, "indicator_count": 13421, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68d37e35f99d852d38beb769", "name": "Cryptex Port Key \u2022 RedLine Stealer affects Threat Research Platform/s", "description": "#attack? #honeypot?", "modified": "2025-10-24T04:02:54.218000", "created": "2025-09-24T05:14:28.101000", "tags": [ "x00x00n", "memcommit", "regopenkeyexw", "regsz", "else", "ipnnoysrdi tr", "writeconsolew", "cryptexportkey", "invalid pointer", "x1ex00x00n", "redline stealer", "service", "powershell", "tools", "persistence", "execution", "dock", "write", "updater", "malware", "passive dns", "urls", "url add", "ip address", "related nids", "files location", "hong kong", "united", "present jul", "present dec", "search", "present may", "a domains", "name servers", "unknown aaaa", "trojan", "present jan", "present sep", "moved", "title", "span td", "td td", "tr tr", "a li", "ipv4 internet", "span", "meta", "gmt content", "ipv4 add", "reverse dns", "trojanx", "location hong kong", "software", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "spawns", "development att", "ascii text", "pattern match", "mitre att", "ck matrix", "sha1", "odigicert inc", "network traffic", "general", "local", "path", "encrypt", "copy md5", "copy sha1", "copy sha256", "sha256", "size", "crlf line", "urlhttps", "extracted files", "acquires", "networking", "readiness" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1086", "name": "PowerShell", "display_name": "T1086 - PowerShell" }, { "id": "T1089", "name": "Disabling Security Tools", "display_name": "T1089 - Disabling Security Tools" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 150, "FileHash-SHA1": 148, "FileHash-SHA256": 3059, "domain": 1277, "URL": 4166, "hostname": 1251, "SSLCertFingerprint": 10, "email": 1 }, "indicator_count": 10062, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "177 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68cd76f1888c22a2e105e524", "name": "Sign in - Google Accounts | Ransomware G3nasom", "description": "Needs to more research due to how malicious it is. Did attack a monitored target via Google search.\n\nI haven\u2019t put the time into naming all vulnerabilities. Positive for ransomware ALF:Trojan:Win32/G3nasom formerly named \u201c Win.Ransomware.Gandcrab-10044141-0\u201d", "modified": "2025-10-19T14:00:01.535000", "created": "2025-09-19T15:29:53.126000", "tags": [ "sign", "google account", "email", "forgot email", "private window", "learn", "guest mode", "next create", "dynamicloader", "windows nt", "msie", "wow64", "slcc2", "media center", "tlsv1", "owotrus ca", "limited", "server ca", "python", "write", "trojan", "guard", "win64", "accept", "updater", "launcher", "malware", "contacted", "filehash", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "passive dns", "google trust", "ip address", "related nids", "united", "url http", "present aug", "present sep", "present jul", "unknown aaaa", "domain", "title", "body", "trojandropper", "mtb sep", "meta", "next associated", "win32upatre sep", "backdoor", "ipv4", "moved", "ddos", "data upload", "extraction", "iocs", "failed", "source url", "indicato", "mat my", "data", "ck id", "name tactics", "suspicious", "informative", "adversaries", "found", "command", "initial access", "spawns", "chrome", "gmt content", "avast avg", "next http", "ascii text", "size", "pattern match", "mitre att", "error", "null", "android", "general", "local", "path", "click", "strings", "trident", "write c", "medium", "search", "show", "high", "push", "service", "ms defender", "files matching", "number", "hide samples", "date hash", "next yara", "emotet", "g3nasom", "entries", "alerts show", "ck technique", "technique id", "io control", "anomalous", "geofencing", "sha256 add", "pulse pulses", "copy" ], "references": [ "http://accounts.google.com/v3/signin/identifier", "Yara Detection: Cabinet _Archive", "Banking Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "ALF:Trojan:Win32/G3nasom", "display_name": "ALF:Trojan:Win32/G3nasom", "target": null }, { "id": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)", "display_name": "Win.Ransomware.Gandcrab-10044141-0\t(renamed G3nasom)", "target": null }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null }, { "id": "Trojandropper:Win32/Muldrop.V!MTB", "display_name": "Trojandropper:Win32/Muldrop.V!MTB", "target": "/malware/Trojandropper:Win32/Muldrop.V!MTB" }, { "id": "Backdoor:Win32/Berbew", "display_name": "Backdoor:Win32/Berbew", "target": "/malware/Backdoor:Win32/Berbew" }, { "id": "Upatre", "display_name": "Upatre", "target": null }, { "id": "Trojan:Win32/Emotet.KDS!MTB", "display_name": "Trojan:Win32/Emotet.KDS!MTB", "target": "/malware/Trojan:Win32/Emotet.KDS!MTB" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 531, "FileHash-SHA256": 1069, "URL": 1607, "FileHash-MD5": 275, "FileHash-SHA1": 187, "SSLCertFingerprint": 25, "domain": 188, "email": 2 }, "indicator_count": 3884, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "182 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c5743593a4bcc81dd94b0b", "name": "Fed.PayPal.com - Ransom | Attacks via redirect", "description": "A monitored target, active on various payment platforms for business documented a malicious redirect event 1st seen in 2020. Follows pattern of multiple, critical and ongoing attacks beginning in 2013. In this instance target lost access to PayPal payments. If this is legal, it\u2019s been a grotesque grift. Target was financially and otherwise robbed.\n\n\n#trulymissed #paypal #advesaries #apple #twitter #backdoor #ransom #botnet #reptutationattack", "modified": "2025-10-13T13:27:11.277000", "created": "2025-09-13T13:40:05.671000", "tags": [ "present sep", "virtool", "cryp", "win32", "ip address", "trojan", "ransom", "asn as54113", "passive dns", "msil", "united states", "dynamicloader", "qaeaav12", "high", "qbeipbdii", "write", "paypal", "medium", "search", "vmware", "floodfix", "malware", "united", "mtb apr", "hostname add", "write c", "read c", "yara detections", "upxoepplace", "next", "markus", "april", "ping", "meta http", "content", "gmt server", "th th", "443 ma2592000", "ipv4 add", "url analysis", "urls", "body", "title", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "t1590 gather", "victim network", "status", "name servers", "set cookie", "script urls", "present feb", "cookie", "template", "present oct", "present jul", "present dec", "present jun", "next associated", "urls show", "date checked", "present apr", "url hostname", "united kingdom", "unknown ns", "servers", "great britain", "msr aug", "msr apr", "msr nov", "ite o", "server response", "script script", "files show", "date hash", "avast avg", "creation date", "lcid1033", "sminnotek", "spnvirtualbox", "bvvirtualbox", "present mar", "present nov", "exploit", "error", "server response", "google safe", "results sep", "backdoor", "certificate", "mtb sep", "next http", "scans show", "present may", "results jun", "results jan", "worm", "echo request", "sweep", "payload hello", "world", "ids detections", "cape", "viking", "philis", "et", "torop", "des moines", "contacted hosts", "content reputation", "sabey type", "tulach type", "rexx type", "foundry type", "fred scherr", "twitter", "apple", "monitored target", "financial theft", "psalms 27: 1 - 14" ], "references": [ "fed.paypal.com [redirect for monitored target \u2022 1st documented 2020- still active]", "nr-data.net \u2022 init.ess.apple.com\t\u2022 apple-id-ifind.com \u2022 https://apple-id-ifind.com/\t\u2022 apple-lostandfound.com", "https://www.speakup.it/magazines/places/new-york-city-on-a-budget-big-apple-little-money_2368", "https://login.apple-mac.banugoker.com/cgi-sys/defaultwebpage.cgi \u2022 lsupport-apple.com", "login.apple-mac.banugoker.com \u2022 www.apple-mac.banugoker.com \u2022 http://apple-mac.banugoker.com/", "https://apple-mac.banugoker.com/ \u2022 https://login.apple-mac.banugoker.com/", "http://45.159.189.105/bot/regex \u2022 https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net", "wallpapers-nature.com \u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://wallpapers-nature.com/ tsara-brashears/urlscan-io\t \u2022 https://wallpapers-nature.com/%20tsara-brashears/urlscan-io", "http://www.mof.gov.cn.lxcvc.com/ \u2022 http://www.mohurd.gov.cn.lxcvc.\u2022 com/ \u2022 https://www.csrc.gov.cn.lxcvc.com/", "https://lk-prod-webcol.laika.com.co/category/bog/cat/farmacia/collares-isabelinos/todos/todo-para-mascota/1", "https://twitter.com/PORNO_SEXYBABES \u2022 https://megapornfreehd.com/2025/04/360", "https://57d5.zhanyu66.com/com.slamyugllp.strangerrun.xc.apk/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:MalOb-BX\\ [Cryp]", "display_name": "Win32:MalOb-BX\\ [Cryp]", "target": null }, { "id": "Win.Trojan.Fraudpack", "display_name": "Win.Trojan.Fraudpack", "target": null }, { "id": "Fakeav", "display_name": "Fakeav", "target": null }, { "id": "Ransom:MSIL/Genasom.I", "display_name": "Ransom:MSIL/Genasom.I", "target": "/malware/Ransom:MSIL/Genasom.I" }, { "id": "Virtool:Win32/Obfuscator.KI", "display_name": "Virtool:Win32/Obfuscator.KI", "target": "/malware/Virtool:Win32/Obfuscator.KI" }, { "id": "Toga!rfn", "display_name": "Toga!rfn", "target": null }, { "id": "Malware", "display_name": "Malware", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Remoteadmin-7056666-0", "display_name": "Win.Malware.Remoteadmin-7056666-0", "target": null }, { "id": "Floxif", "display_name": "Floxif", "target": null }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Win.Dropper.Unruy-9994363-0", "display_name": "Win.Dropper.Unruy-9994363-0", "target": null }, { "id": "Win.Trojan.Cycler-47", "display_name": "Win.Trojan.Cycler-47", "target": null }, { "id": "Win.Trojan.Clicker-3506", "display_name": "Win.Trojan.Clicker-3506", "target": null }, { "id": "Win.Downloader.Unruy-10026469-0", "display_name": "Win.Downloader.Unruy-10026469-0", "target": null }, { "id": "Trojan:Win32/Floxif.E", "display_name": "Trojan:Win32/Floxif.E", "target": "/malware/Trojan:Win32/Floxif.E" }, { "id": "Win.Malware.Urelas", "display_name": "Win.Malware.Urelas", "target": null }, { "id": "Win.Malware.Zusy", "display_name": "Win.Malware.Zusy", "target": null }, { "id": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "display_name": "ALF:HeraklezEval:PWS:Win32/QQPass!rfn", "target": null }, { "id": "Win.Malware.Eclz-9953021-0", "display_name": "Win.Malware.Eclz-9953021-0", "target": null }, { "id": "#Lowfi:SuspiciousSectionName", "display_name": "#Lowfi:SuspiciousSectionName", "target": null }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "display_name": "ALF:HSTR:TrojanDownloader:Win32/PurityScan.A!bit", "target": null }, { "id": "Win.Dropper.Tiggre-9845940-0", "display_name": "Win.Dropper.Tiggre-9845940-0", "target": null }, { "id": "PWS:Win32/QQpass.B!MTB", "display_name": "PWS:Win32/QQpass.B!MTB", "target": "/malware/PWS:Win32/QQpass.B!MTB" }, { "id": "Win.Malware.Sfwx-9853337-0", "display_name": "Win.Malware.Sfwx-9853337-0", "target": null }, { "id": "Backdoor:Win32/Tofsee.T", "display_name": "Backdoor:Win32/Tofsee.T", "target": "/malware/Backdoor:Win32/Tofsee.T" }, { "id": "Trojan:Win32/Kaicorn!rf", "display_name": "Trojan:Win32/Kaicorn!rf", "target": "/malware/Trojan:Win32/Kaicorn!rf" }, { "id": "Win32:Banker", "display_name": "Win32:Banker", "target": null }, { "id": "Worm:Win32/Cambot!rfn", "display_name": "Worm:Win32/Cambot!rfn", "target": "/malware/Worm:Win32/Cambot!rfn" }, { "id": "Win32:Malware", "display_name": "Win32:Malware", "target": null }, { "id": "Win.Malware.Midie-6847892-0", "display_name": "Win.Malware.Midie-6847892-0", "target": null }, { "id": "ET", "display_name": "ET", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1133", "name": "External Remote Services", "display_name": "T1133 - External Remote Services" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1450", "name": "Exploit SS7 to Track Device Location", "display_name": "T1450 - Exploit SS7 to Track Device Location" }, { "id": "T1459", "name": "Device Unlock Code Guessing or Brute Force", "display_name": "T1459 - Device Unlock Code Guessing or Brute Force" }, { "id": "T1401", "name": "Device Administrator Permissions", "display_name": "T1401 - Device Administrator Permissions" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1595", "name": "Active Scanning", "display_name": "T1595 - Active Scanning" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1595.002", "name": "Vulnerability Scanning", "display_name": "T1595.002 - Vulnerability Scanning" }, { "id": "T1464", "name": "Jamming or Denial of Service", "display_name": "T1464 - Jamming or Denial of Service" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1321, "URL": 4356, "FileHash-MD5": 759, "FileHash-SHA1": 748, "FileHash-SHA256": 5148, "domain": 1076, "email": 7 }, "indicator_count": 13415, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://prudentialfranqueados.http.msging.net", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://prudentialfranqueados.http.msging.net", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642368.694485 }