{ "type": "URL", "indicator": "https://rdap.db.ripe.net/ip/92.223.96.6", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://rdap.db.ripe.net/ip/92.223.96.6", "type": "url", "type_title": "URL", "validation": [ { "source": "whitelist", "message": "Whitelisted domain ripe.net", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain ripe.net", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4373813683, "indicator": "https://rdap.db.ripe.net/ip/92.223.96.6", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6a11378a9eb9415f8a735969", "name": "VIP Keylogger \u2022 Snakelogger | VirusTotal -rpt: 1/1/25", "description": "[A full list of names and names for the RIPE NCC region has been published by the Royal Commission on Internet Relocation (RCC) on the website of the org, which is based in Amsterdam] < pretext", "modified": "2026-05-23T05:14:14.195000", "created": "2026-05-23T05:13:46.510000", "tags": [ "please", "javascript", "cname", "data c", "accept", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "shutdown", "payload", "guard", "registers", "loads", "handle", "ripe ncc", "ripe network", "entity gcl1mnt", "whois lookup", "netrange", "nethandle", "organization", "ripe", "please note", "VIP keylogger", "Snake keylogger" ], "references": [ "https://www.virustotal.com/gui/file/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2/behavior", "https://vtbehaviour.commondatastorage.googleapis.com/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779512523&Signature=C9LpDx0JzeruofyGcoAFQOA%2FmCTqKEqDqIL9Fp0hCnYCTxFLuUk%2FpGIqciRlTgjrB%2BTeI9AnQxzk9I6epfDw4Eo%2FBc7mmNCkKwIGqMsg1Wom7ZaYr%2FmojnD50m%2FfzOQArTw%2FA0ZNmNoifJWyv3K6zy2uCFA3FEHY52eaPqEBAzhp%2BxF%2Fku65SsHd8iGD4wDz6meymunlFzS4p%2F9B4rBqTM78GTgNcIewny3SHsiQdB" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 24, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 4, "URL": 32, "domain": 3, "hostname": 46, "CIDR": 1 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "7 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/file/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2/behavior", "https://vtbehaviour.commondatastorage.googleapis.com/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779512523&Signature=C9LpDx0JzeruofyGcoAFQOA%2FmCTqKEqDqIL9Fp0hCnYCTxFLuUk%2FpGIqciRlTgjrB%2BTeI9AnQxzk9I6epfDw4Eo%2FBc7mmNCkKwIGqMsg1Wom7ZaYr%2FmojnD50m%2FfzOQArTw%2FA0ZNmNoifJWyv3K6zy2uCFA3FEHY52eaPqEBAzhp%2BxF%2Fku65SsHd8iGD4wDz6meymunlFzS4p%2F9B4rBqTM78GTgNcIewny3SHsiQdB" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 133 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ripe.net", "whois": "http://whois.domaintools.com/ripe.net", "domain": "ripe.net", "hostname": "rdap.db.ripe.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6a11378a9eb9415f8a735969", "name": "VIP Keylogger \u2022 Snakelogger | VirusTotal -rpt: 1/1/25", "description": "[A full list of names and names for the RIPE NCC region has been published by the Royal Commission on Internet Relocation (RCC) on the website of the org, which is based in Amsterdam] < pretext", "modified": "2026-05-23T05:14:14.195000", "created": "2026-05-23T05:13:46.510000", "tags": [ "please", "javascript", "cname", "data c", "accept", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "shutdown", "payload", "guard", "registers", "loads", "handle", "ripe ncc", "ripe network", "entity gcl1mnt", "whois lookup", "netrange", "nethandle", "organization", "ripe", "please note", "VIP keylogger", "Snake keylogger" ], "references": [ "https://www.virustotal.com/gui/file/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2/behavior", "https://vtbehaviour.commondatastorage.googleapis.com/367f6f714a6eea148124d4669325471bb9bbd657920d148bfa7a31bc0646aaf2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779512523&Signature=C9LpDx0JzeruofyGcoAFQOA%2FmCTqKEqDqIL9Fp0hCnYCTxFLuUk%2FpGIqciRlTgjrB%2BTeI9AnQxzk9I6epfDw4Eo%2FBc7mmNCkKwIGqMsg1Wom7ZaYr%2FmojnD50m%2FfzOQArTw%2FA0ZNmNoifJWyv3K6zy2uCFA3FEHY52eaPqEBAzhp%2BxF%2Fku65SsHd8iGD4wDz6meymunlFzS4p%2F9B4rBqTM78GTgNcIewny3SHsiQdB" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 24, "FileHash-MD5": 9, "FileHash-SHA1": 11, "FileHash-SHA256": 4, "URL": 32, "domain": 3, "hostname": 46, "CIDR": 1 }, "indicator_count": 130, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "7 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://rdap.db.ripe.net/ip/92.223.96.6", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://rdap.db.ripe.net/ip/92.223.96.6", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780195208.7659729 }