{
  "type": "URL",
  "indicator": "https://whois.arin.net/rest/org/AKAMAI",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://whois.arin.net/rest/org/AKAMAI",
    "type": "url",
    "type_title": "URL",
    "validation": [
      {
        "source": "akamai",
        "message": "Akamai rank: #6937",
        "name": "Akamai Popular Domain"
      },
      {
        "source": "whitelist",
        "message": "Whitelisted domain arin.net",
        "name": "Whitelisted domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain arin.net",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 4084267447,
      "indicator": "https://whois.arin.net/rest/org/AKAMAI",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 9,
      "pulses": [
        {
          "id": "6a1172cd479d8218e859db0c",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:36:11.136000",
          "created": "2026-05-23T09:26:37.608000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 96,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 998,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "8 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cb47ba739f26d5dbd6",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:28:45.751000",
          "created": "2026-05-23T09:26:35.365000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 101,
            "hostname": 295,
            "URL": 290,
            "IPv4": 8,
            "email": 12,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 1043,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cd04ed75967ff3ffc5",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:26:37.004000",
          "created": "2026-05-23T09:26:37.004000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 95,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 997,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cc0a8d5c02b90c7abf",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:26:36.279000",
          "created": "2026-05-23T09:26:36.279000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 95,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 997,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69e7d7edd91aab8d1e8d5590",
          "name": "hxxps://support[.]apple[.]com/100100",
          "description": "hxxps://support[.]apple[.]com/100100",
          "modified": "2026-05-21T20:10:22.225000",
          "created": "2026-04-21T20:02:53.543000",
          "tags": [
            "malware",
            "virus",
            "trojan",
            "ransomware",
            "static",
            "analysis",
            "indicator of compromise",
            "ioc",
            "extraction",
            "emulation",
            "online",
            "submit",
            "sample",
            "download",
            "platform",
            "switch",
            "community add",
            "security menlo",
            "reports",
            "cve list",
            "notes blog",
            "drop your",
            "file",
            "service",
            "privacy policy",
            "intelix portal",
            "javascript",
            "please",
            "strong",
            "united kingdom",
            "urls",
            "domain name",
            "url analysis",
            "report https",
            "request",
            "status",
            "public ev",
            "server rsa",
            "g1 apple",
            "virustotal",
            "domain",
            "benign no",
            "february",
            "date february",
            "safe browsing",
            "ctx database",
            "upgrade plan",
            "my submissions",
            "free",
            "april",
            "august",
            "sandbox",
            "static analyzer",
            "analyzer",
            "vxstream",
            "apt",
            "hybrid analysis",
            "api key",
            "vetting process",
            "please note",
            "triage",
            "report",
            "reported",
            "analyze",
            "md5 sha1",
            "sha256",
            "submit download",
            "sha1",
            "sha512",
            "path c",
            "sha512 tlsh",
            "ssdeep",
            "prefetch8",
            "general",
            "config",
            "copy",
            "target",
            "score",
            "impact",
            "get https",
            "post https",
            "sha512 ssdeep",
            "size",
            "p2404",
            "tlsh",
            "Apple",
            "iPad",
            "Update"
          ],
          "references": [
            "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview",
            "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=",
            "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file",
            "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url",
            "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report",
            "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00",
            "https://tria.ge/260421-ygl5esbt5p/behavioral1",
            "https://www.scyscan.com/scan-report/?rid=1743532660988884337",
            "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70",
            "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e",
            "https://tria.ge/260421-ygl5esbt5p",
            "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup",
            "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark",
            "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary",
            "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1124",
              "name": "System Time Discovery",
              "display_name": "T1124 - System Time Discovery"
            },
            {
              "id": "T1217",
              "name": "Browser Bookmark Discovery",
              "display_name": "T1217 - Browser Bookmark Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Disable_Duck",
            "id": "244325",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 80,
            "hostname": 175,
            "URL": 1571,
            "FileHash-MD5": 183,
            "email": 7,
            "CIDR": 3,
            "FileHash-SHA1": 117,
            "FileHash-SHA256": 181,
            "SSLCertFingerprint": 14
          },
          "indicator_count": 2331,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 131,
          "modified_text": "10 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c0b8fffa9a7fa8cabf2e2a",
          "name": "still not Alkaline",
          "description": "><<<< A list of names and addresses has been published on the website of the Association for the Advancement of Macedonians, also known as AKAMAI. and the Macedonian National Geographic Geographic.<<who made this? no doubt enrichment and cryptography layer this in",
          "modified": "2026-04-22T04:15:14.400000",
          "created": "2026-03-23T03:52:31.666000",
          "tags": [
            "address range",
            "cidr",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "URL": 162,
            "hostname": 169,
            "FileHash-MD5": 26,
            "FileHash-SHA1": 41,
            "FileHash-SHA256": 290,
            "domain": 143,
            "email": 9
          },
          "indicator_count": 843,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "39 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "699da4b51b83807ed9e7442e",
          "name": "GKG.NET + Verizon Infrastructure-  Potential Domain Compromise & Financial Fraud Campaign",
          "description": "Verizon Domain Resolves Here. Financial Concern: CCV checker v1.0 by kid1232.exe (14/72) is a specialized tool for validating stolen credit cards. Its presence is an interesting finding.\nInfrastructure Targeting: The files Master Domain Database (2).xlsx and Accredited-Registrars-202602220056.csv suggest the actor is collecting data on registrars to facilitate Supply Chain Attacks or large-scale domain thefts.\nActive Compromise: The PDF metrosanantonioliving.com DNS Zones and the FireShot screenshot of GKG's DNS configuration page are direct evidence of a \"live\" account takeover or unauthorized configuration of a victim's domain.\nThe Heavy Hitter: The Win32 EXE ending in ...13547c3 with 45/70 detections is likely the primary Infostealer or RAT used to harvest the credentials for these GKG accounts.",
          "modified": "2026-04-01T00:44:45.494000",
          "created": "2026-02-24T13:16:37.558000",
          "tags": [
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cbe oglobalsign",
            "r6 alphassl",
            "validity",
            "subject public",
            "key info"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 356,
            "FileHash-SHA1": 126,
            "FileHash-SHA256": 615,
            "URL": 266,
            "hostname": 187,
            "FileHash-MD5": 108,
            "email": 14,
            "CIDR": 2,
            "CVE": 15
          },
          "indicator_count": 1689,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "60 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69a2de24c6eab1fb7ab42f6f",
          "name": "ARPA LB Pulses",
          "description": "A full list of key words and phrases: \"Dulcetoj\", \"dumsticks\", 'cheapperfume' and \"hyfnrsx1\", as compiled by BBC News",
          "modified": "2026-04-01T00:44:45.494000",
          "created": "2026-02-28T12:23:00.023000",
          "tags": [
            "type indicator",
            "role title",
            "added active",
            "related pulses"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 324,
            "hostname": 63,
            "URL": 189,
            "email": 10,
            "FileHash-SHA1": 8,
            "FileHash-SHA256": 4,
            "CIDR": 3,
            "FileHash-MD5": 4,
            "CVE": 1
          },
          "indicator_count": 606,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "60 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "686b074599cb3cfbd5813614",
          "name": "TikTok - Win32:RansomX-gen [Ransom]",
          "description": "#ransom/lockfile.mk #trojan #zombie#ransom #malicious #malware #malicious #intel #apple #ios #ai #malware",
          "modified": "2025-08-05T23:03:23.051000",
          "created": "2025-07-06T23:31:17.865000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 803,
            "domain": 246,
            "FileHash-SHA256": 1979,
            "FileHash-MD5": 31,
            "URL": 1664,
            "FileHash-SHA1": 34,
            "CIDR": 3,
            "email": 3,
            "CVE": 2
          },
          "indicator_count": 4765,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 141,
          "modified_text": "299 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.scyscan.com/scan-report/?rid=1743532660988884337",
        "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e",
        "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary",
        "https://tria.ge/260421-ygl5esbt5p",
        "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url",
        "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70",
        "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file",
        "https://tria.ge/260421-ygl5esbt5p/behavioral1",
        "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs",
        "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=",
        "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview",
        "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup",
        "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report",
        "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00",
        "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Technology"
          ],
          "unique_indicators": 8868
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/arin.net",
    "whois": "http://whois.domaintools.com/arin.net",
    "domain": "arin.net",
    "hostname": "whois.arin.net"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 9,
  "pulses": [
    {
      "id": "6a1172cd479d8218e859db0c",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:36:11.136000",
      "created": "2026-05-23T09:26:37.608000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 96,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 998,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "8 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cb47ba739f26d5dbd6",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:28:45.751000",
      "created": "2026-05-23T09:26:35.365000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 101,
        "hostname": 295,
        "URL": 290,
        "IPv4": 8,
        "email": 12,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 1043,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cd04ed75967ff3ffc5",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:26:37.004000",
      "created": "2026-05-23T09:26:37.004000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 95,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 997,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cc0a8d5c02b90c7abf",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:26:36.279000",
      "created": "2026-05-23T09:26:36.279000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 95,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 997,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69e7d7edd91aab8d1e8d5590",
      "name": "hxxps://support[.]apple[.]com/100100",
      "description": "hxxps://support[.]apple[.]com/100100",
      "modified": "2026-05-21T20:10:22.225000",
      "created": "2026-04-21T20:02:53.543000",
      "tags": [
        "malware",
        "virus",
        "trojan",
        "ransomware",
        "static",
        "analysis",
        "indicator of compromise",
        "ioc",
        "extraction",
        "emulation",
        "online",
        "submit",
        "sample",
        "download",
        "platform",
        "switch",
        "community add",
        "security menlo",
        "reports",
        "cve list",
        "notes blog",
        "drop your",
        "file",
        "service",
        "privacy policy",
        "intelix portal",
        "javascript",
        "please",
        "strong",
        "united kingdom",
        "urls",
        "domain name",
        "url analysis",
        "report https",
        "request",
        "status",
        "public ev",
        "server rsa",
        "g1 apple",
        "virustotal",
        "domain",
        "benign no",
        "february",
        "date february",
        "safe browsing",
        "ctx database",
        "upgrade plan",
        "my submissions",
        "free",
        "april",
        "august",
        "sandbox",
        "static analyzer",
        "analyzer",
        "vxstream",
        "apt",
        "hybrid analysis",
        "api key",
        "vetting process",
        "please note",
        "triage",
        "report",
        "reported",
        "analyze",
        "md5 sha1",
        "sha256",
        "submit download",
        "sha1",
        "sha512",
        "path c",
        "sha512 tlsh",
        "ssdeep",
        "prefetch8",
        "general",
        "config",
        "copy",
        "target",
        "score",
        "impact",
        "get https",
        "post https",
        "sha512 ssdeep",
        "size",
        "p2404",
        "tlsh",
        "Apple",
        "iPad",
        "Update"
      ],
      "references": [
        "https://www.filescan.io/uploads/69e7ceb08a82359247ab7647/reports/e7fdc5f9-d521-4ce6-afae-50b558e39445/overview",
        "https://metadefender.com/results/url/aHR0cHM6Ly9zdXBwb3J0LmFwcGxlLmNvbS8xMDAxMDA=",
        "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/file",
        "https://intelix.sophos.com/report/ce2b7a12bcf74e2f8bae0263e6ae69f0/static/url",
        "https://app.threat.zone/submission/9484b40d-a27f-4837-9e66-956835282d63/url-analysis-report",
        "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00",
        "https://tria.ge/260421-ygl5esbt5p/behavioral1",
        "https://www.scyscan.com/scan-report/?rid=1743532660988884337",
        "https://polyswarm.network/scan/results/url/a6220c097dabdc5fd659eb3ca1441fd3ce853817647bbac71109847df837af70",
        "http://hybrid-analysis.com/sample/0a875f2646dc2b4b36fdf7196e357b8b2718a449e3e92b817194ba287238ae00/69e7d3627e525d99f106537e",
        "https://tria.ge/260421-ygl5esbt5p",
        "https://opentip.kaspersky.com/https%3A%2F%2Fsupport.apple.com%2F100100/?tab=lookup",
        "https://www.virustotal.com/graph/embed/ge7e62e923913419f9a4096f64b057f85af4f61c7ddba41b09ce577061284a468?theme=dark",
        "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/summary",
        "https://www.virustotal.com/gui/collection/31128b22372d1d820a4c494cc4e846ae3a5a60ffd1dd7b00b4e303a8007529bc/iocs"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "Canada"
      ],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1124",
          "name": "System Time Discovery",
          "display_name": "T1124 - System Time Discovery"
        },
        {
          "id": "T1217",
          "name": "Browser Bookmark Discovery",
          "display_name": "T1217 - Browser Bookmark Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Disable_Duck",
        "id": "244325",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 80,
        "hostname": 175,
        "URL": 1571,
        "FileHash-MD5": 183,
        "email": 7,
        "CIDR": 3,
        "FileHash-SHA1": 117,
        "FileHash-SHA256": 181,
        "SSLCertFingerprint": 14
      },
      "indicator_count": 2331,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 131,
      "modified_text": "10 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c0b8fffa9a7fa8cabf2e2a",
      "name": "still not Alkaline",
      "description": "><<<< A list of names and addresses has been published on the website of the Association for the Advancement of Macedonians, also known as AKAMAI. and the Macedonian National Geographic Geographic.<<who made this? no doubt enrichment and cryptography layer this in",
      "modified": "2026-04-22T04:15:14.400000",
      "created": "2026-03-23T03:52:31.666000",
      "tags": [
        "address range",
        "cidr",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "URL": 162,
        "hostname": 169,
        "FileHash-MD5": 26,
        "FileHash-SHA1": 41,
        "FileHash-SHA256": 290,
        "domain": 143,
        "email": 9
      },
      "indicator_count": 843,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "39 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "699da4b51b83807ed9e7442e",
      "name": "GKG.NET + Verizon Infrastructure-  Potential Domain Compromise & Financial Fraud Campaign",
      "description": "Verizon Domain Resolves Here. Financial Concern: CCV checker v1.0 by kid1232.exe (14/72) is a specialized tool for validating stolen credit cards. Its presence is an interesting finding.\nInfrastructure Targeting: The files Master Domain Database (2).xlsx and Accredited-Registrars-202602220056.csv suggest the actor is collecting data on registrars to facilitate Supply Chain Attacks or large-scale domain thefts.\nActive Compromise: The PDF metrosanantonioliving.com DNS Zones and the FireShot screenshot of GKG's DNS configuration page are direct evidence of a \"live\" account takeover or unauthorized configuration of a victim's domain.\nThe Heavy Hitter: The Win32 EXE ending in ...13547c3 with 45/70 detections is likely the primary Infostealer or RAT used to harvest the credentials for these GKG accounts.",
      "modified": "2026-04-01T00:44:45.494000",
      "created": "2026-02-24T13:16:37.558000",
      "tags": [
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cbe oglobalsign",
        "r6 alphassl",
        "validity",
        "subject public",
        "key info"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 356,
        "FileHash-SHA1": 126,
        "FileHash-SHA256": 615,
        "URL": 266,
        "hostname": 187,
        "FileHash-MD5": 108,
        "email": 14,
        "CIDR": 2,
        "CVE": 15
      },
      "indicator_count": 1689,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "60 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69a2de24c6eab1fb7ab42f6f",
      "name": "ARPA LB Pulses",
      "description": "A full list of key words and phrases: \"Dulcetoj\", \"dumsticks\", 'cheapperfume' and \"hyfnrsx1\", as compiled by BBC News",
      "modified": "2026-04-01T00:44:45.494000",
      "created": "2026-02-28T12:23:00.023000",
      "tags": [
        "type indicator",
        "role title",
        "added active",
        "related pulses"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 324,
        "hostname": 63,
        "URL": 189,
        "email": 10,
        "FileHash-SHA1": 8,
        "FileHash-SHA256": 4,
        "CIDR": 3,
        "FileHash-MD5": 4,
        "CVE": 1
      },
      "indicator_count": 606,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "60 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "686b074599cb3cfbd5813614",
      "name": "TikTok - Win32:RansomX-gen [Ransom]",
      "description": "#ransom/lockfile.mk #trojan #zombie#ransom #malicious #malware #malicious #intel #apple #ios #ai #malware",
      "modified": "2025-08-05T23:03:23.051000",
      "created": "2025-07-06T23:31:17.865000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Q.Vashti",
        "id": "337942",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 803,
        "domain": 246,
        "FileHash-SHA256": 1979,
        "FileHash-MD5": 31,
        "URL": 1664,
        "FileHash-SHA1": 34,
        "CIDR": 3,
        "email": 3,
        "CVE": 2
      },
      "indicator_count": 4765,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 141,
      "modified_text": "299 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://whois.arin.net/rest/org/AKAMAI",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://whois.arin.net/rest/org/AKAMAI",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780269534.048229
}