{ "type": "URL", "indicator": "https://stats.cn.ronghub.com/active.json", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://stats.cn.ronghub.com/active.json", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #5194", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain ronghub.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4073990927, "indicator": "https://stats.cn.ronghub.com/active.json", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68438a5fab82466a04588464", "name": "android.permission.CHANGE_WIFI_MULTICAST_STATE +", "description": "extracted from the Android operating system with many variables, Linux libraries, command and control of victims digital life/ smart tv, phone, profile, PII, PHI, audio , camera, everything. Active.\nAPK\ncn.quicktv.androidpro\ncom.qihoo.util.StartActivity\nFull CnC/ All Permissions / Espionage type / Malicious advertisements, massive malicious , file dumps, aggressive , ongoing campaigns.\nIOC researched: FileHash-SHA256 0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e (Andr.Malware.Agent-1463020) Dangerous Behavior | Contains one or more Linux executables", "modified": "2025-07-07T00:01:51.704000", "created": "2025-06-07T00:39:59.726000", "tags": [ "android", "zip archive", "android package", "java archive", "sweet home", "mozilla archive", "format", "history", "android info", "summary apk" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 113, "FileHash-MD5": 207, "FileHash-SHA1": 204, "FileHash-SHA256": 1365, "domain": 22, "hostname": 157 }, "indicator_count": 2068, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68437e52b8af5d3ada5de35a", "name": "Baidu -Dangerous behavior gained through malicious ads", "description": "droid.permission.RECEIVE_BOOT_COMPLETED\nandroid.permission.WRITE_SETTINGS\nandroid.permission.VIBRATE\ncom.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY\ngetui.permission.GetuiService.cn.quicktv.androidpro\ncom.android.launcher.permission.INSTALL_SHORTCUT\nandroid.permission.ACCESS_WIFI_STATE\nandroid.permission.WAKE_LOCK\nandroid.permission.ACCESS_DOWNLOAD_MANAGER\nandroid.permission.MODIFY_AUDIO_SETTINGS\nMore: https://www.virustotal.com/gui/file/0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e/details", "modified": "2025-07-06T23:00:11.603000", "created": "2025-06-06T23:48:34.875000", "tags": [ "filehashsha1", "filehashsha256", "get http", "post http", "get https", "post https", "resolved ips", "detail info", "flag", "componentname", "componentinfo", "behaviour", "start", "linux", "android", "forbidden date", "gmt connection", "extras", "accept", "file type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 8, "URL": 54, "hostname": 16, "domain": 18 }, "indicator_count": 100, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2487 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ronghub.com", "whois": "http://whois.domaintools.com/ronghub.com", "domain": "ronghub.com", "hostname": "stats.cn.ronghub.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68438a5fab82466a04588464", "name": "android.permission.CHANGE_WIFI_MULTICAST_STATE +", "description": "extracted from the Android operating system with many variables, Linux libraries, command and control of victims digital life/ smart tv, phone, profile, PII, PHI, audio , camera, everything. Active.\nAPK\ncn.quicktv.androidpro\ncom.qihoo.util.StartActivity\nFull CnC/ All Permissions / Espionage type / Malicious advertisements, massive malicious , file dumps, aggressive , ongoing campaigns.\nIOC researched: FileHash-SHA256 0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e (Andr.Malware.Agent-1463020) Dangerous Behavior | Contains one or more Linux executables", "modified": "2025-07-07T00:01:51.704000", "created": "2025-06-07T00:39:59.726000", "tags": [ "android", "zip archive", "android package", "java archive", "sweet home", "mozilla archive", "format", "history", "android info", "summary apk" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 113, "FileHash-MD5": 207, "FileHash-SHA1": 204, "FileHash-SHA256": 1365, "domain": 22, "hostname": 157 }, "indicator_count": 2068, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68437e52b8af5d3ada5de35a", "name": "Baidu -Dangerous behavior gained through malicious ads", "description": "droid.permission.RECEIVE_BOOT_COMPLETED\nandroid.permission.WRITE_SETTINGS\nandroid.permission.VIBRATE\ncom.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY\ngetui.permission.GetuiService.cn.quicktv.androidpro\ncom.android.launcher.permission.INSTALL_SHORTCUT\nandroid.permission.ACCESS_WIFI_STATE\nandroid.permission.WAKE_LOCK\nandroid.permission.ACCESS_DOWNLOAD_MANAGER\nandroid.permission.MODIFY_AUDIO_SETTINGS\nMore: https://www.virustotal.com/gui/file/0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e/details", "modified": "2025-07-06T23:00:11.603000", "created": "2025-06-06T23:48:34.875000", "tags": [ "filehashsha1", "filehashsha256", "get http", "post http", "get https", "post https", "resolved ips", "detail info", "flag", "componentname", "componentinfo", "behaviour", "start", "linux", "android", "forbidden date", "gmt connection", "extras", "accept", "file type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 8, "URL": 54, "hostname": 16, "domain": 18 }, "indicator_count": 100, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://stats.cn.ronghub.com/active.json", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://stats.cn.ronghub.com/active.json", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780383854.007893 }