{ "type": "URL", "indicator": "https://ws.arin.net/whois", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ws.arin.net/whois", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #6937", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain arin.net", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain arin.net", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4075752878, "indicator": "https://ws.arin.net/whois", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69fc16ec2d769862439b9fbe", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:36.375000", "created": "2026-05-07T04:37:00.866000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 47, "email": 1 }, "indicator_count": 1149, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ee1cf2fec4f744c156", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:02.134000", "created": "2026-05-07T04:37:02.134000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec7fd623409a3982b2", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:00.680000", "created": "2026-05-07T04:37:00.680000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fbebd201b2600be49123bf", "name": "Project_Gifted1_Worker_gifted1_2026-05-07 CREATED 32 MINUTES AGO by sovereign1 clone", "description": "", "modified": "2026-05-07T01:39:07.414000", "created": "2026-05-07T01:33:06.383000", "tags": [ "Project_Gifted1", "Worker_Strike" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69fbe437714a2cdd50e5da0c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 6, "hostname": 26, "CIDR": 8, "URL": 36, "FileHash-SHA256": 12, "FileHash-MD5": 8, "FileHash-SHA1": 8 }, "indicator_count": 104, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684a93360163e8802e213158", "name": "ELF:Mirai AMAZON-02 - Autonomous System 65.0.0.0/14", "description": "ELF:Mirai-BHZ\\ [Trj]\t\n65.0.0.0/14\nAutonomous System Number\n16509\nAutonomous System Label\nAMAZON-02\nRelated to \u2022 103.252.236.26 | \n\u2022 sr2.reliedhosting.com | \n.\u2022 http://planitair.com/ |\n\u2022 bgptools-wildcard-confirmed.acemalibu.com | \n\u2022 https://www.anyxxxtube.net/search-porn/tsara-brashears/ | \t\t\t\n\u2022 static.ads-twitter.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\t\n\u2022 analytics.twitter.com\n\u2022 appleupdate.org\n\u2022 apps.apple.com\n\u2022 pin.it |\n\u2022 https://pin.it/ |\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian Critical issue. Cyber weaponry [Unclear] Stealth contractual US cyber defense entity, endless DGA\u2019s. India IP block.\nAdversary named by bupyeongop:\n\ubd80\ud3c9\uc624\ud53c \ucd9c\uc7a5\ub9c8\uc0ac\uc9c0\uc548\ub0b4.COM \ubd80\ud3c9OP (massage service?)\n*DoS with many OTX features", "modified": "2025-07-12T07:04:05.635000", "created": "2025-06-12T08:43:34.719000", "tags": [ "thumbprint", "apnic", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "internet", "iana", "address range", "cidr", "network name", "allocation type", "whois server", "algorithm", "v3 serial", "number", "cbe oglobalsign", "r6 alphassl", "validity", "subject public", "key info", "key algorithm", "key identifier", "link", "search", "united", "a domains", "ip address", "creation date", "record value", "date", "showing", "india unknown", "status", "passive dns", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "location india", "india asn", "as133296 web", "dns resolutions" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 27, "domain": 2499, "hostname": 2651, "URL": 10986, "CIDR": 2, "FileHash-SHA256": 3596, "email": 1, "FileHash-MD5": 23, "CVE": 7 }, "indicator_count": 19792, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Apnic" ], "industries": [], "unique_indicators": 21144 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/arin.net", "whois": "http://whois.domaintools.com/arin.net", "domain": "arin.net", "hostname": "ws.arin.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69fc16ec2d769862439b9fbe", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:36.375000", "created": "2026-05-07T04:37:00.866000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 47, "email": 1 }, "indicator_count": 1149, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ee1cf2fec4f744c156", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:02.134000", "created": "2026-05-07T04:37:02.134000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec7fd623409a3982b2", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:00.680000", "created": "2026-05-07T04:37:00.680000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fbebd201b2600be49123bf", "name": "Project_Gifted1_Worker_gifted1_2026-05-07 CREATED 32 MINUTES AGO by sovereign1 clone", "description": "", "modified": "2026-05-07T01:39:07.414000", "created": "2026-05-07T01:33:06.383000", "tags": [ "Project_Gifted1", "Worker_Strike" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69fbe437714a2cdd50e5da0c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 6, "hostname": 26, "CIDR": 8, "URL": 36, "FileHash-SHA256": 12, "FileHash-MD5": 8, "FileHash-SHA1": 8 }, "indicator_count": 104, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684a93360163e8802e213158", "name": "ELF:Mirai AMAZON-02 - Autonomous System 65.0.0.0/14", "description": "ELF:Mirai-BHZ\\ [Trj]\t\n65.0.0.0/14\nAutonomous System Number\n16509\nAutonomous System Label\nAMAZON-02\nRelated to \u2022 103.252.236.26 | \n\u2022 sr2.reliedhosting.com | \n.\u2022 http://planitair.com/ |\n\u2022 bgptools-wildcard-confirmed.acemalibu.com | \n\u2022 https://www.anyxxxtube.net/search-porn/tsara-brashears/ | \t\t\t\n\u2022 static.ads-twitter.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\t\n\u2022 analytics.twitter.com\n\u2022 appleupdate.org\n\u2022 apps.apple.com\n\u2022 pin.it |\n\u2022 https://pin.it/ |\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian Critical issue. Cyber weaponry [Unclear] Stealth contractual US cyber defense entity, endless DGA\u2019s. India IP block.\nAdversary named by bupyeongop:\n\ubd80\ud3c9\uc624\ud53c \ucd9c\uc7a5\ub9c8\uc0ac\uc9c0\uc548\ub0b4.COM \ubd80\ud3c9OP (massage service?)\n*DoS with many OTX features", "modified": "2025-07-12T07:04:05.635000", "created": "2025-06-12T08:43:34.719000", "tags": [ "thumbprint", "apnic", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "internet", "iana", "address range", "cidr", "network name", "allocation type", "whois server", "algorithm", "v3 serial", "number", "cbe oglobalsign", "r6 alphassl", "validity", "subject public", "key info", "key algorithm", "key identifier", "link", "search", "united", "a domains", "ip address", "creation date", "record value", "date", "showing", "india unknown", "status", "passive dns", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "location india", "india asn", "as133296 web", "dns resolutions" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 27, "domain": 2499, "hostname": 2651, "URL": 10986, "CIDR": 2, "FileHash-SHA256": 3596, "email": 1, "FileHash-MD5": 23, "CVE": 7 }, "indicator_count": 19792, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "323 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ws.arin.net/whois", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ws.arin.net/whois", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780279816.632425 }