{ "type": "URL", "indicator": "https://twitter.com/ssrecc911", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://twitter.com/ssrecc911", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #37", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #63", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain twitter.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain twitter.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4332399923, "indicator": "https://twitter.com/ssrecc911", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "69f094876e771316d0e3a415", "name": "VirusTotal report Fraud, Forgery & Magic for System32.zip", "description": "Further research highlights how important certificates still are. An ai will NEVER detect this, ever, as they are built on 'once' trusted roots. This does not have a trusted along with the other 5 that are distrusted. This allows for old models, in this instance, edge, to be weaponized by really anyone at this point since everything fails cryptography + we are what truly seems like a short ways away from the entire internet demise based on how many of these I see. This one is extra special, not only is it built with Magic, its primary cert is a crypto domain. Client has brought forward these concerns to most agencies since Sept. 2025. Ignored. Identity stolen.\n-The digital signature of the object did not verify.\n-File distributed by Parted Magic LLC\n-(prime) Code Signing, WHQL Crypto \nrec: expiring the certificates wont work at this point, but its worth a shot. Rec: revoke Code Signing, WHQL Crypto (2012 exp still working!) The other 5 to revoke are in ref.", "modified": "2026-05-29T00:06:38.152000", "created": "2026-04-28T11:05:43.436000", "tags": [ "catalog", "pkcs", "signature", "file type", "pe file", "pe32", "ms windows", "found", "intel", "drops pe", "ascii text", "crlf line", "creates", "defense evasion", "code", "persistence", "fraud", "malicious", "next", "valid from", "valid", "valid usage", "code signing", "whql crypto", "algorithm", "thumbprint", "serial number", "pca status", "root authority", "all algorithm", "microsoft root", "ec df", "service status", "forgery", "trusted root, failed int.&prime", "magic", "internet is imploding", "cooked", "cryptographic failures", "IP mismanagement", "Horrible Oversight, Truly horrible", "Circus with Magic", "Pdfkit.net", "doomsday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya", "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 170, "FileHash-SHA256": 1421, "domain": 122, "hostname": 291, "URL": 133, "CIDR": 2, "email": 4 }, "indicator_count": 2306, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419", "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1950 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/twitter.com", "whois": "http://whois.domaintools.com/twitter.com", "domain": "twitter.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69f094876e771316d0e3a415", "name": "VirusTotal report Fraud, Forgery & Magic for System32.zip", "description": "Further research highlights how important certificates still are. An ai will NEVER detect this, ever, as they are built on 'once' trusted roots. This does not have a trusted along with the other 5 that are distrusted. This allows for old models, in this instance, edge, to be weaponized by really anyone at this point since everything fails cryptography + we are what truly seems like a short ways away from the entire internet demise based on how many of these I see. This one is extra special, not only is it built with Magic, its primary cert is a crypto domain. Client has brought forward these concerns to most agencies since Sept. 2025. Ignored. Identity stolen.\n-The digital signature of the object did not verify.\n-File distributed by Parted Magic LLC\n-(prime) Code Signing, WHQL Crypto \nrec: expiring the certificates wont work at this point, but its worth a shot. Rec: revoke Code Signing, WHQL Crypto (2012 exp still working!) The other 5 to revoke are in ref.", "modified": "2026-05-29T00:06:38.152000", "created": "2026-04-28T11:05:43.436000", "tags": [ "catalog", "pkcs", "signature", "file type", "pe file", "pe32", "ms windows", "found", "intel", "drops pe", "ascii text", "crlf line", "creates", "defense evasion", "code", "persistence", "fraud", "malicious", "next", "valid from", "valid", "valid usage", "code signing", "whql crypto", "algorithm", "thumbprint", "serial number", "pca status", "root authority", "all algorithm", "microsoft root", "ec df", "service status", "forgery", "trusted root, failed int.&prime", "magic", "internet is imploding", "cooked", "cryptographic failures", "IP mismanagement", "Horrible Oversight, Truly horrible", "Circus with Magic", "Pdfkit.net", "doomsday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya", "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 170, "FileHash-SHA256": 1421, "domain": 122, "hostname": 291, "URL": 133, "CIDR": 2, "email": 4 }, "indicator_count": 2306, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://twitter.com/ssrecc911", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://twitter.com/ssrecc911", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780229114.0489502 }