{ "type": "URL", "indicator": "https://ww.yandexmedia.ru", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ww.yandexmedia.ru", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3250138321, "indicator": "https://ww.yandexmedia.ru", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6878ab97e659d23d965452ac", "name": "Yandex - Tofsee.AX | Malvertising Hub for US", "description": "Win32/Tofsee.AX google.com connectivity check\n Can\u2019t access all malware files.\n\nYandex has long been a malvertising Hub for US and other non- Russian threat actors.", "modified": "2025-08-16T07:00:49.321000", "created": "2025-07-17T07:51:51.799000", "tags": [ "status", "russia", "creation date", "passive dns", "urls", "date", "hostname add", "pulse pulses", "files", "verdict", "present jul", "certificate", "ip address", "search", "record value", "showing", "xml title", "present jan", "present sep", "present oct", "whois", "urlvoid", "related", "https", "expiration", "http", "months ago", "expiration http", "url http", "report spam", "smear", "brian sabey", "sabey", "data upload", "extraction", "url https", "type indicator", "role title", "added active", "related pulses", "entries", "tbmvid", "sourcelnms", "zx1724209326040", "hostname", "trojan", "delete c", "united", "grum", "show", "cape", "tofsee", "high", "total", "copy", "write", "malware", "patched", "next", "class", "failed", "indicator role", "title added", "active related", "filehashmd5", "filehashsha1", "filehashsha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2337, "hostname": 833, "email": 4, "domain": 357, "FileHash-MD5": 113, "FileHash-SHA256": 1551, "FileHash-SHA1": 108, "SSLCertFingerprint": 1 }, "indicator_count": 5304, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "289 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9fbdf2a9311be4ec4a", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:51.801000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "Russian", "smart tv", "payment connector - paymentsense.cloud", "yandex.uz", "text.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 6847 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/yandexmedia.ru", "whois": "http://whois.domaintools.com/yandexmedia.ru", "domain": "yandexmedia.ru", "hostname": "ww.yandexmedia.ru" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6878ab97e659d23d965452ac", "name": "Yandex - Tofsee.AX | Malvertising Hub for US", "description": "Win32/Tofsee.AX google.com connectivity check\n Can\u2019t access all malware files.\n\nYandex has long been a malvertising Hub for US and other non- Russian threat actors.", "modified": "2025-08-16T07:00:49.321000", "created": "2025-07-17T07:51:51.799000", "tags": [ "status", "russia", "creation date", "passive dns", "urls", "date", "hostname add", "pulse pulses", "files", "verdict", "present jul", "certificate", "ip address", "search", "record value", "showing", "xml title", "present jan", "present sep", "present oct", "whois", "urlvoid", "related", "https", "expiration", "http", "months ago", "expiration http", "url http", "report spam", "smear", "brian sabey", "sabey", "data upload", "extraction", "url https", "type indicator", "role title", "added active", "related pulses", "entries", "tbmvid", "sourcelnms", "zx1724209326040", "hostname", "trojan", "delete c", "united", "grum", "show", "cape", "tofsee", "high", "total", "copy", "write", "malware", "patched", "next", "class", "failed", "indicator role", "title added", "active related", "filehashmd5", "filehashsha1", "filehashsha256" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1080", "name": "Taint Shared Content", "display_name": "T1080 - Taint Shared Content" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2337, "hostname": 833, "email": 4, "domain": 357, "FileHash-MD5": 113, "FileHash-SHA256": 1551, "FileHash-SHA1": 108, "SSLCertFingerprint": 1 }, "indicator_count": 5304, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "289 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9d17099aad3e3dcc94", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:49.626000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "638c0d9fbdf2a9311be4ec4a", "name": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "description": "Twitter Email Header for unknown request for twitter ads account, claiming my twitter account in ineligible for ad acc", "modified": "2023-01-03T02:02:59.827000", "created": "2022-12-04T03:01:51.801000", "tags": [ "hash seen", "size", "copy md5", "sha1", "copy sha1", "copy sha256", "sha256", "united", "runtime process", "osint", "date", "accept", "malicious", "strings", "hybrid", "general", "click", "hosts", "exim", "info", "subject", "twitter ads", "mimeversion", "feedbackid", "Russian", "twitter", "headers", "paymentsense.cloud" ], "references": [ "text.txt", "g217f1ea17c224d32b505815a1bddd48496c6d20425d744e9b9bced28785aaa74.json", "yandex.uz", "smart tv", "payment connector - paymentsense.cloud", "Russian" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "hostname": 250, "FileHash-SHA256": 640, "domain": 127, "email": 6, "FileHash-MD5": 13, "FileHash-SHA1": 8 }, "indicator_count": 1528, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1245 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ww.yandexmedia.ru", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ww.yandexmedia.ru", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780311376.9822032 }