{ "type": "URL", "indicator": "https://www.facebooks.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.facebooks.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3252330252, "indicator": "https://www.facebooks.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "687f0f210ec1de4316b22522", "name": "Strange Medical Facility with Overt Bad Actors Spying on Disabled", "description": "Strange Medical Facility with Overt Bad Actors already Spying on Disabled. Everything including bathroom is monitored.\nfounderintech.com\nwww.galbutfamilyfoundation.com\t\nwpengine.com\t\nhttps://foundry2sdbl.dvr.dn2.n-helix.com\nhttp://foundry2sdbl.dvr.dn2.n-helix.com\npegasusthruster.com\t\nhttps://www.pegasusthruster.com/\t\nsmtp.pegasustech.net\nhttp://pegasusthruster.com/shoppegasus/includes/att", "modified": "2025-08-21T03:02:43.704000", "created": "2025-07-22T04:10:09.158000", "tags": [ "date", "submit url", "analysis", "passive dns", "urls", "files", "ip address", "asn as13335", "whois registrar", "creation date", "extraction", "data", "extri", "include review", "iocs", "data upload", "united", "unknown aaaa", "search", "showing", "moved", "a domains", "record value", "body" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6560, "FileHash-MD5": 121, "FileHash-SHA1": 125, "FileHash-SHA256": 3989, "domain": 1616, "hostname": 1876, "email": 3, "CVE": 2 }, "indicator_count": 14292, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fb98073ae7c257ccd92", "name": "Truthsocial.com", "description": "", "modified": "2023-12-06T14:05:45.403000", "created": "2023-12-06T14:05:45.403000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1804, "FileHash-SHA256": 1282, "hostname": 598, "domain": 372, "SSLCertFingerprint": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2 }, "indicator_count": 4062, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707cf8c190913170fc926d", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "", "modified": "2023-12-06T13:54:00.427000", "created": "2023-12-06T13:54:00.427000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 464, "domain": 633, "hostname": 1080, "URL": 2430, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e711be241bbaacb36d1a7", "name": "Truthsocial.com", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T19:16:43.455000", "tags": [ "log id", "gmtn", "tls web", "encrypt", "ca issuers", "aa71", "moved", "hostname ip", "country type", "entries server", "code", "false", "body", "date" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1804, "hostname": 598, "domain": 372, "FileHash-SHA256": 1282, "FileHash-MD5": 2, "SSLCertFingerprint": 2, "FileHash-SHA1": 2 }, "indicator_count": 4062, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1480 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61ead7b494741b1fb0523fea", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "Only made it down a few inches if this rabbit hole of hell", "modified": "2022-02-21T00:02:59.215000", "created": "2022-01-21T15:56:36.172000", "tags": [ "ansi", "pcap processing", "pcap", "windows nt", "jannah", "windir", "openurl c", "localappdata", "unicode", "runtime data", "ssl certificate", "whois", "whois whois" ], "references": [ "http://2tnxisg.cn/fHd3hWIT (AV positives: 14/93 scanned on 01/17/2022 03:29:51)", "http://2tnxisg.cn/youtube-mo", "http://red-killer.cf/ (AV positives: 2/93 scanned on 01/21/2022 13:45:26)", "http://2tnxisg.cn/eC8HzMXL (AV positives: 14/93 scanned on 01/19/2022 23:55:29)", "http://waybk97.cn/ (AV positives: 8/93 scanned on 01/19/2022 23:28:31)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1080, "URL": 2430, "domain": 633, "FileHash-SHA256": 464, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1518 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://red-killer.cf/ (AV positives: 2/93 scanned on 01/21/2022 13:45:26)", "Alienvault OTX", "http://waybk97.cn/ (AV positives: 8/93 scanned on 01/19/2022 23:28:31)", "http://2tnxisg.cn/fHd3hWIT (AV positives: 14/93 scanned on 01/17/2022 03:29:51)", "Online Research", "http://2tnxisg.cn/youtube-mo", "http://2tnxisg.cn/eC8HzMXL (AV positives: 14/93 scanned on 01/19/2022 23:55:29)", "WebTools", "Data Analysis" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Backdoor:msil/asyncrat", "Backdoor:msil/quasarrat" ], "industries": [ "Technology", "Social media", "Hacking", "Media" ], "unique_indicators": 45781 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/facebooks.com", "whois": "http://whois.domaintools.com/facebooks.com", "domain": "facebooks.com", "hostname": "www.facebooks.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "687f0f210ec1de4316b22522", "name": "Strange Medical Facility with Overt Bad Actors Spying on Disabled", "description": "Strange Medical Facility with Overt Bad Actors already Spying on Disabled. Everything including bathroom is monitored.\nfounderintech.com\nwww.galbutfamilyfoundation.com\t\nwpengine.com\t\nhttps://foundry2sdbl.dvr.dn2.n-helix.com\nhttp://foundry2sdbl.dvr.dn2.n-helix.com\npegasusthruster.com\t\nhttps://www.pegasusthruster.com/\t\nsmtp.pegasustech.net\nhttp://pegasusthruster.com/shoppegasus/includes/att", "modified": "2025-08-21T03:02:43.704000", "created": "2025-07-22T04:10:09.158000", "tags": [ "date", "submit url", "analysis", "passive dns", "urls", "files", "ip address", "asn as13335", "whois registrar", "creation date", "extraction", "data", "extri", "include review", "iocs", "data upload", "united", "unknown aaaa", "search", "showing", "moved", "a domains", "record value", "body" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6560, "FileHash-MD5": 121, "FileHash-SHA1": 125, "FileHash-SHA256": 3989, "domain": 1616, "hostname": 1876, "email": 3, "CVE": 2 }, "indicator_count": 14292, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a581b1024ea61979da96", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "", "modified": "2023-12-06T16:46:57.782000", "created": "2023-12-06T16:46:57.782000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 5791, "hostname": 3255, "domain": 2317, "FileHash-MD5": 44, "FileHash-SHA1": 34, "URL": 11513 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fb98073ae7c257ccd92", "name": "Truthsocial.com", "description": "", "modified": "2023-12-06T14:05:45.403000", "created": "2023-12-06T14:05:45.403000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1804, "FileHash-SHA256": 1282, "hostname": 598, "domain": 372, "SSLCertFingerprint": 2, "FileHash-MD5": 2, "FileHash-SHA1": 2 }, "indicator_count": 4062, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707cf8c190913170fc926d", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "", "modified": "2023-12-06T13:54:00.427000", "created": "2023-12-06T13:54:00.427000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 464, "domain": 633, "hostname": 1080, "URL": 2430, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650a0b7c9a6b3c5d0a2a3960", "name": "Quasar - Dark Web Instagram Account | Link found | Remote Access Trojan (RAT)", "description": "Link: apple.instagram.com \nQuasar is a lightweight, publicly available open-source Remote Access Trojan (RAT). Used by a variety of attackers. Typically packed to make analysis of the source demanding.\nAccount appears to have been breached, operational in dark web. Dead host.", "modified": "2023-10-19T14:04:37.381000", "created": "2023-09-19T20:58:36.137000", "tags": [ "contacted", "threat roundup", "execution", "ssl certificate", "dark web", "crypto threat", "resolutions", "referrer", "stealer", "quasar", "asyncrat", "error", "social engineering", "iPhone phishing", "Apple phishing", "email phishing", "emotet", "remote", "attacks" ], "references": [ "Alienvault OTX", "Data Analysis", "Online Research", "WebTools" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "India" ], "malware_families": [ { "id": "Backdoor:MSIL/AsyncRAT", "display_name": "Backdoor:MSIL/AsyncRAT", "target": "/malware/Backdoor:MSIL/AsyncRAT" }, { "id": "Backdoor:MSIL/QuasarRat", "display_name": "Backdoor:MSIL/QuasarRat", "target": "/malware/Backdoor:MSIL/QuasarRat" } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" } ], "industries": [ "Media", "Social Media", "Technology", "Hacking" ], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 34, "FileHash-SHA256": 5791, "URL": 11513, "domain": 2317, "hostname": 3255, "CVE": 3 }, "indicator_count": 22957, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621e711be241bbaacb36d1a7", "name": "Truthsocial.com", "description": "", "modified": "2022-03-31T00:02:44.795000", "created": "2022-03-01T19:16:43.455000", "tags": [ "log id", "gmtn", "tls web", "encrypt", "ca issuers", "aa71", "moved", "hostname ip", "country type", "entries server", "code", "false", "body", "date" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1804, "hostname": 598, "domain": 372, "FileHash-SHA256": 1282, "FileHash-MD5": 2, "SSLCertFingerprint": 2, "FileHash-SHA1": 2 }, "indicator_count": 4062, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1480 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "61ead7b494741b1fb0523fea", "name": "iomart. hosting facebook masking icloud abuse multi phish, click fraud and Espionage of zombie devices", "description": "Only made it down a few inches if this rabbit hole of hell", "modified": "2022-02-21T00:02:59.215000", "created": "2022-01-21T15:56:36.172000", "tags": [ "ansi", "pcap processing", "pcap", "windows nt", "jannah", "windir", "openurl c", "localappdata", "unicode", "runtime data", "ssl certificate", "whois", "whois whois" ], "references": [ "http://2tnxisg.cn/fHd3hWIT (AV positives: 14/93 scanned on 01/17/2022 03:29:51)", "http://2tnxisg.cn/youtube-mo", "http://red-killer.cf/ (AV positives: 2/93 scanned on 01/21/2022 13:45:26)", "http://2tnxisg.cn/eC8HzMXL (AV positives: 14/93 scanned on 01/19/2022 23:55:29)", "http://waybk97.cn/ (AV positives: 8/93 scanned on 01/19/2022 23:28:31)" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1080, "URL": 2430, "domain": 633, "FileHash-SHA256": 464, "FileHash-SHA1": 1 }, "indicator_count": 4608, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1518 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.facebooks.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.facebooks.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776642143.7677648 }