{ "type": "URL", "indicator": "https://schema.org/WebPage", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://schema.org/WebPage", "type": "url", "type_title": "URL", "validation": [ { "source": "whitelist", "message": "Whitelisted domain schema.org", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain schema.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2682757476, "indicator": "https://schema.org/WebPage", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6867624b645b1724745d6584", "name": "BotX | Multiple attack affects \u2018alleged\u2019 Workforce agency", "description": "A \u2018Unnamed\u2019 workforce agency of questionable legitimacy.\nSerious social engineering. #financial. #pii #phi #gathering. \n#Win32:BotX-gen\\ [Trj]\nIDS Detections\n\u2022 TLS Handshake Failure\nAlerts:\n#dead_host\n#network_icmp\n#nolookup_communication\n#modifies_proxy_wpad\n#allocates_rwx\n#injection_process_search\n#protection_rx\n#antivm_network_adapters\n#process_interest\n#antivm_queries_computername\n#checks_debugger\n#pe_unknown_resource\n#injection #apple #remote #rat #dns #virus #malware #bot_gen #attack #masquerading #monitored_target #staged #worforce #whatstrue #withu4ever\n#hoax #banker #ransom #malvertising #innerparty #overwatch #endgame #mirai #virtool #trojans #privilege #meritless #apple \nWeirdness: \n\u2022 simswap.in (mirai)\n\u2022 twitter\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian\ngirlsdoporn.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\n\u2022 apple-dns.net\n\u2022 pornhub.com \u2022 www.pornhub.com #1984\n#whatdidtargetdo? #preemptive\n#Team8 wants to know.", "modified": "2025-08-03T04:01:39.496000", "created": "2025-07-04T05:10:35.672000", "tags": [ "utc ua124682679", "google tag", "utc gr8frkfel9k", "utc gjycztvzbg0", "utc gfjlg9p3ltd", "utc g8dm6znp88p", "utc gvev1mxhhbn", "utc na", "palco", "home", "palco og", "palco article", "wordpress", "elementor", "status code", "body length", "kb body", "rdap database", "server", "date", "country", "dnssec", "code", "registrar abuse", "registrar iana", "registrar url", "registrar whois", "registrar", "ttl value", "language", "html document", "ascii text", "doctype", "network", "solutions", "email", "lookups", "for privacy", "united", "creation date", "overview domain", "passive dns", "urls", "files ip", "address", "location united", "asn as13335", "meta", "accept", "present mar", "date checked", "url hostname", "server response", "ip address", "google safe", "results jul", "present jun", "present apr", "entries", "urls show", "results jun", "script urls", "a domains", "moved", "encrypt", "search", "body", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "gmt content", "certificate", "results jan", "present sep", "present may", "present jul", "backdoor", "next associated", "win32", "error", "present", "response ip", "address google", "safe browsing", "associated urls", "show", "results may", "virgin islands", "unknown soa", "unknown ns", "domain", "aaaa", "status", "record value", "name servers", "afe browsing", "gmt setcookie", "path", "vfrbuk1", "lefasbor1", "formula", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "malware", "copy", "present showing", "files show", "date hash", "avast avg", "showing", "present feb", "virtool", "datacenter", "hosting", "vps reverse", "america flag", "america asn", "graphite", "skynet", "win64", "expiration date", "domain add", "pulse pulses", "files", "present nov", "present aug", "kryptikxp", "cname", "whois registrar", "markmonitor", "pulses", "tags", "related tags", "more indicator", "default", "regsetvalueexa", "process32nextw", "regdword", "high", "medium", "todo", "write", "belize", "overview ip", "location belize", "asn as210083", "privex", "alone email", "body doctype", "gmt server", "content type", "t1055", "discovery", "read", "createnowindow", "dock", "push", "motd", "front", "duster" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2054, "hostname": 368, "domain": 251, "CIDR": 1, "FileHash-MD5": 492, "FileHash-SHA1": 522, "URL": 508, "email": 8, "CVE": 1 }, "indicator_count": 4205, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6867653f0b2d5f4f1abeb55c", "name": "Graphite Mercenary Spyware? Skynet- I failed to adequately research prior pulse. Uh\u2026.hi!", "description": "", "modified": "2025-08-03T04:01:39.496000", "created": "2025-07-04T05:23:11.056000", "tags": [ "utc ua124682679", "google tag", "utc gr8frkfel9k", "utc gjycztvzbg0", "utc gfjlg9p3ltd", "utc g8dm6znp88p", "utc gvev1mxhhbn", "utc na", "palco", "home", "palco og", "palco article", "wordpress", "elementor", "status code", "body length", "kb body", "rdap database", "server", "date", "country", "dnssec", "code", "registrar abuse", "registrar iana", "registrar url", "registrar whois", "registrar", "ttl value", "language", "html document", "ascii text", "doctype", "network", "solutions", "email", "lookups", "for privacy", "united", "creation date", "overview domain", "passive dns", "urls", "files ip", "address", "location united", "asn as13335", "meta", "accept", "present mar", "date checked", "url hostname", "server response", "ip address", "google safe", "results jul", "present jun", "present apr", "entries", "urls show", "results jun", "script urls", "a domains", "moved", "encrypt", "search", "body", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "gmt content", "certificate", "results jan", "present sep", "present may", "present jul", "backdoor", "next associated", "win32", "error", "present", "response ip", "address google", "safe browsing", "associated urls", "show", "results may", "virgin islands", "unknown soa", "unknown ns", "domain", "aaaa", "status", "record value", "name servers", "afe browsing", "gmt setcookie", "path", "vfrbuk1", "lefasbor1", "formula", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "malware", "copy", "present showing", "files show", "date hash", "avast avg", "showing", "present feb", "virtool", "datacenter", "hosting", "vps reverse", "america flag", "america asn", "graphite", "skynet", "win64", "expiration date", "domain add", "pulse pulses", "files", "present nov", "present aug", "kryptikxp", "cname", "whois registrar", "markmonitor", "pulses", "tags", "related tags", "more indicator", "default", "regsetvalueexa", "process32nextw", "regdword", "high", "medium", "todo", "write", "belize", "overview ip", "location belize", "asn as210083", "privex", "alone email", "body doctype", "gmt server", "content type", "t1055", "discovery", "read", "createnowindow", "dock", "push", "motd", "front", "duster" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": "6867624b645b1724745d6584", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2054, "hostname": 368, "domain": 251, "CIDR": 1, "FileHash-MD5": 492, "FileHash-SHA1": 522, "URL": 508, "email": 8, "CVE": 1 }, "indicator_count": 4205, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a598f3d4e8c2cffd4f73", "name": "SMS SPY \u2022 Remote Access", "description": "", "modified": "2023-12-06T16:47:19.410000", "created": "2023-12-06T16:47:19.410000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1043, "hostname": 684, "domain": 639, "FileHash-MD5": 382, "FileHash-SHA1": 212, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080735501c11ddbb7a988", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2023-12-06T14:08:51.329000", "created": "2023-12-06T14:08:51.329000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 663, "hostname": 588, "domain": 413, "URL": 2183, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650b67e5a3ff15727eed5a06", "name": "SMS SPY \u2022 Remote Access", "description": "Malvertizing. Spyware\nMalbranding:\nTagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices.", "modified": "2023-10-20T21:00:45.519000", "created": "2023-09-20T21:45:09.422000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs", "pattern match", "q0o0mahttp", "pfunction", "lkvoid", "glfunction", "befunction", "mrtk", "7jfjrw", "zzvyn6uhsb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 639, "hostname": 684, "FileHash-MD5": 382, "FileHash-SHA1": 212, "FileHash-SHA256": 1043, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62223e385f1cfc8916db66fb", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2022-04-03T00:00:55.161000", "created": "2022-03-04T16:28:40.422000", "tags": [], "references": [ "dominion voting1f", "dominion2", "dominion3", "dominion4", "dominion5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 413, "URL": 2183, "FileHash-SHA256": 663, "hostname": 588, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1519 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "dominion voting1f", "dominion4", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "dominion2", "dominion5", "dominion3" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Wipes", "Trojanspy:win32/bradesco", "Alf:heraklezeval:trojan:win32/zbot", "Cobalt strike", "Formbook", "Trojan:msil/racoonstealer" ], "industries": [], "unique_indicators": 17302 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/schema.org", "whois": "http://whois.domaintools.com/schema.org", "domain": "schema.org", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6867624b645b1724745d6584", "name": "BotX | Multiple attack affects \u2018alleged\u2019 Workforce agency", "description": "A \u2018Unnamed\u2019 workforce agency of questionable legitimacy.\nSerious social engineering. #financial. #pii #phi #gathering. \n#Win32:BotX-gen\\ [Trj]\nIDS Detections\n\u2022 TLS Handshake Failure\nAlerts:\n#dead_host\n#network_icmp\n#nolookup_communication\n#modifies_proxy_wpad\n#allocates_rwx\n#injection_process_search\n#protection_rx\n#antivm_network_adapters\n#process_interest\n#antivm_queries_computername\n#checks_debugger\n#pe_unknown_resource\n#injection #apple #remote #rat #dns #virus #malware #bot_gen #attack #masquerading #monitored_target #staged #worforce #whatstrue #withu4ever\n#hoax #banker #ransom #malvertising #innerparty #overwatch #endgame #mirai #virtool #trojans #privilege #meritless #apple \nWeirdness: \n\u2022 simswap.in (mirai)\n\u2022 twitter\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian\ngirlsdoporn.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\n\u2022 apple-dns.net\n\u2022 pornhub.com \u2022 www.pornhub.com #1984\n#whatdidtargetdo? #preemptive\n#Team8 wants to know.", "modified": "2025-08-03T04:01:39.496000", "created": "2025-07-04T05:10:35.672000", "tags": [ "utc ua124682679", "google tag", "utc gr8frkfel9k", "utc gjycztvzbg0", "utc gfjlg9p3ltd", "utc g8dm6znp88p", "utc gvev1mxhhbn", "utc na", "palco", "home", "palco og", "palco article", "wordpress", "elementor", "status code", "body length", "kb body", "rdap database", "server", "date", "country", "dnssec", "code", "registrar abuse", "registrar iana", "registrar url", "registrar whois", "registrar", "ttl value", "language", "html document", "ascii text", "doctype", "network", "solutions", "email", "lookups", "for privacy", "united", "creation date", "overview domain", "passive dns", "urls", "files ip", "address", "location united", "asn as13335", "meta", "accept", "present mar", "date checked", "url hostname", "server response", "ip address", "google safe", "results jul", "present jun", "present apr", "entries", "urls show", "results jun", "script urls", "a domains", "moved", "encrypt", "search", "body", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "gmt content", "certificate", "results jan", "present sep", "present may", "present jul", "backdoor", "next associated", "win32", "error", "present", "response ip", "address google", "safe browsing", "associated urls", "show", "results may", "virgin islands", "unknown soa", "unknown ns", "domain", "aaaa", "status", "record value", "name servers", "afe browsing", "gmt setcookie", "path", "vfrbuk1", "lefasbor1", "formula", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "malware", "copy", "present showing", "files show", "date hash", "avast avg", "showing", "present feb", "virtool", "datacenter", "hosting", "vps reverse", "america flag", "america asn", "graphite", "skynet", "win64", "expiration date", "domain add", "pulse pulses", "files", "present nov", "present aug", "kryptikxp", "cname", "whois registrar", "markmonitor", "pulses", "tags", "related tags", "more indicator", "default", "regsetvalueexa", "process32nextw", "regdword", "high", "medium", "todo", "write", "belize", "overview ip", "location belize", "asn as210083", "privex", "alone email", "body doctype", "gmt server", "content type", "t1055", "discovery", "read", "createnowindow", "dock", "push", "motd", "front", "duster" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2054, "hostname": 368, "domain": 251, "CIDR": 1, "FileHash-MD5": 492, "FileHash-SHA1": 522, "URL": 508, "email": 8, "CVE": 1 }, "indicator_count": 4205, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6867653f0b2d5f4f1abeb55c", "name": "Graphite Mercenary Spyware? Skynet- I failed to adequately research prior pulse. Uh\u2026.hi!", "description": "", "modified": "2025-08-03T04:01:39.496000", "created": "2025-07-04T05:23:11.056000", "tags": [ "utc ua124682679", "google tag", "utc gr8frkfel9k", "utc gjycztvzbg0", "utc gfjlg9p3ltd", "utc g8dm6znp88p", "utc gvev1mxhhbn", "utc na", "palco", "home", "palco og", "palco article", "wordpress", "elementor", "status code", "body length", "kb body", "rdap database", "server", "date", "country", "dnssec", "code", "registrar abuse", "registrar iana", "registrar url", "registrar whois", "registrar", "ttl value", "language", "html document", "ascii text", "doctype", "network", "solutions", "email", "lookups", "for privacy", "united", "creation date", "overview domain", "passive dns", "urls", "files ip", "address", "location united", "asn as13335", "meta", "accept", "present mar", "date checked", "url hostname", "server response", "ip address", "google safe", "results jul", "present jun", "present apr", "entries", "urls show", "results jun", "script urls", "a domains", "moved", "encrypt", "search", "body", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "gmt content", "certificate", "results jan", "present sep", "present may", "present jul", "backdoor", "next associated", "win32", "error", "present", "response ip", "address google", "safe browsing", "associated urls", "show", "results may", "virgin islands", "unknown soa", "unknown ns", "domain", "aaaa", "status", "record value", "name servers", "afe browsing", "gmt setcookie", "path", "vfrbuk1", "lefasbor1", "formula", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "malware", "copy", "present showing", "files show", "date hash", "avast avg", "showing", "present feb", "virtool", "datacenter", "hosting", "vps reverse", "america flag", "america asn", "graphite", "skynet", "win64", "expiration date", "domain add", "pulse pulses", "files", "present nov", "present aug", "kryptikxp", "cname", "whois registrar", "markmonitor", "pulses", "tags", "related tags", "more indicator", "default", "regsetvalueexa", "process32nextw", "regdword", "high", "medium", "todo", "write", "belize", "overview ip", "location belize", "asn as210083", "privex", "alone email", "body doctype", "gmt server", "content type", "t1055", "discovery", "read", "createnowindow", "dock", "push", "motd", "front", "duster" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" } ], "industries": [], "TLP": "green", "cloned_from": "6867624b645b1724745d6584", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2054, "hostname": 368, "domain": 251, "CIDR": 1, "FileHash-MD5": 492, "FileHash-SHA1": 522, "URL": 508, "email": 8, "CVE": 1 }, "indicator_count": 4205, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a598f3d4e8c2cffd4f73", "name": "SMS SPY \u2022 Remote Access", "description": "", "modified": "2023-12-06T16:47:19.410000", "created": "2023-12-06T16:47:19.410000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1043, "hostname": 684, "domain": 639, "FileHash-MD5": 382, "FileHash-SHA1": 212, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080735501c11ddbb7a988", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2023-12-06T14:08:51.329000", "created": "2023-12-06T14:08:51.329000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 663, "hostname": 588, "domain": 413, "URL": 2183, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650b67e5a3ff15727eed5a06", "name": "SMS SPY \u2022 Remote Access", "description": "Malvertizing. Spyware\nMalbranding:\nTagging tool tags allows adversaries to tag targets name in malicious website. Target may be lured by salacious content featuring their own name or someone known to person, click on link infecting devices.", "modified": "2023-10-20T21:00:45.519000", "created": "2023-09-20T21:45:09.422000", "tags": [ "site", "cisco umbrella", "alexa top", "million", "alexa", "united", "engineering", "phishing", "bank", "cobalt strike", "emotet", "phishtank", "spammer", "malware site", "deepscan", "malicious", "smsspy", "bradesco", "stealer", "facebook", "download", "service", "zbot", "formbook", "coinminer", "raccoonstealer", "social engineering", "vj75", "http", "oid3", "vis1", "redirect chain", "z554903578", "slfrd1", "xpccbgarern6r", "xpcyqqhir7yvq", "xpchgxkc32lbs", "pattern match", "q0o0mahttp", "pfunction", "lkvoid", "glfunction", "befunction", "mrtk", "7jfjrw", "zzvyn6uhsb" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:MSIL/RacoonStealer", "display_name": "Trojan:MSIL/RacoonStealer", "target": "/malware/Trojan:MSIL/RacoonStealer" }, { "id": "ALF:HeraklezEval:Trojan:Win32/Zbot", "display_name": "ALF:HeraklezEval:Trojan:Win32/Zbot", "target": null }, { "id": "TrojanSpy:Win32/Bradesco", "display_name": "TrojanSpy:Win32/Bradesco", "target": "/malware/TrojanSpy:Win32/Bradesco" }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 639, "hostname": 684, "FileHash-MD5": 382, "FileHash-SHA1": 212, "FileHash-SHA256": 1043, "URL": 2215 }, "indicator_count": 5175, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "954 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62223e385f1cfc8916db66fb", "name": "Dominionvoting.com 03.03.22", "description": "", "modified": "2022-04-03T00:00:55.161000", "created": "2022-03-04T16:28:40.422000", "tags": [], "references": [ "dominion voting1f", "dominion2", "dominion3", "dominion4", "dominion5" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 413, "URL": 2183, "FileHash-SHA256": 663, "hostname": 588, "FileHash-MD5": 7 }, "indicator_count": 3854, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1519 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://schema.org/WebPage", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://schema.org/WebPage", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780265679.3024983 }