{ "type": "URL", "indicator": "https://www.intercom.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.intercom.com", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #5792", "name": "Akamai Popular Domain" }, { "source": "majestic", "message": "Whitelisted domain intercom.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4216514816, "indicator": "https://www.intercom.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69cf54dc2c334d92d90ad45b", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T06:02:28.790000", "created": "2026-04-03T05:49:13.607000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf54e17e5745f45ea8a996", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T05:49:17.778000", "created": "2026-04-03T05:49:17.778000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995ec2803ec8263d6cb9902", "name": "Potential for Abuse on Trusted Support Sites", "description": "Analysis of AlienVault OTX data shows that support.apple.com\u2014a whitelisted domain\u2014is associated with 69 malicious files, including Sodinokibi and BazarLoader.\nThe Potential for Abuse:\nBecause these domains are trusted by security filters (like Cisco Umbrella), they may be being used to:\nBypass Firewalls: Mask malicious traffic behind a \"safe\" reputation.\nTarget Vulnerable Users: Exploit the trust of people in high-stress situations who are seeking help.\nHide in Subdomains: Use fragmented assets (like rss.support.*) to avoid active monitoring.\nThe Precaution:\nWhitelisted status does not equal absolute safety. Researchers and users should:\nCheck Certificates: Verify the SSL/TLS Certificate is official.\nVerify Redirects: Check for Open Redirect triggers in links.\nNavigate Directly: Type URLs manually when possible.\nConclusion:\nSupport infrastructure is a high-trust environment. This trust may be being used to target users when they are most vulnerable. Caution is required.", "modified": "2026-04-01T00:44:45.494000", "created": "2026-02-18T16:43:20.757000", "tags": [], "references": [ "", "msudosos note: Caution is required as I have noticed this accross multiple support sites." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 112, "domain": 178, "CVE": 23, "FileHash-MD5": 62, "FileHash-SHA1": 59, "FileHash-SHA256": 59, "email": 1 }, "indicator_count": 726, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "https://pastes.io/3XO0mF9Q", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "msudosos note: Caution is required as I have noticed this accross multiple support sites.", "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Government", "Education" ], "unique_indicators": 3749 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/intercom.com", "whois": "http://whois.domaintools.com/intercom.com", "domain": "intercom.com", "hostname": "www.intercom.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69cf54dc2c334d92d90ad45b", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T06:02:28.790000", "created": "2026-04-03T05:49:13.607000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q", "https://www.virustotal.com/gui/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d/detection", "https://www.filescan.io/uploads/69cf553c2346b9da57bab574/reports/94ee293e-60a9-4d72-9f74-ec3157c5c26b/ioc", "https://traceix.com/search?sha256=a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d&wait=1&tab=capa", "https://polyswarm.network/scan/results/file/a3e43f4f6f2597a450677bcd6833e4ef0015ceb7c9110d9bacc73ac12d8e4d0d", "https://metadefender.com/results/file/bzI2MDQwMzJNaU1Wd1k1RVJYcUpBeW5NMWpl", "https://opentip.kaspersky.com/A3E43F4F6F2597A450677BCD6833E4EF0015CEB7C9110D9BACC73AC12D8E4D0D/results?tab=upload" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 17, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf54e17e5745f45ea8a996", "name": "University of Alberta - Active Exploits in the Wild", "description": "These are active exploits currently being used in the wild by multiple TAs.\nReport was presented to dosdean & CISO ( \"No Problems\" ).\nReport presented to AlbertaNDP Nenshi (similar infrastructure) of Gov. Alberta", "modified": "2026-04-03T05:49:17.778000", "created": "2026-04-03T05:49:17.778000", "tags": [ "http security", "source", "detection", "informational", "vulnerable url", "checks", "http missing", "ssltls", "n description", "ssl certificate", "score", "impact", "apache", "speed", "test", "form", "find", "coldfusion", "unknown", "malware", "false", "encrypt", "critical", "bypass", "generator", "project" ], "references": [ "https://app.threat.zone/submission/15cdf13c-df91-427a-bef3-e58bc78e5d06/overview", "https://pastebin.com/fqfVmTSv", "https://pastes.io/3XO0mF9Q" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2510, "CVE": 31, "FileHash-MD5": 1, "domain": 29, "email": 1, "hostname": 541 }, "indicator_count": 3113, "is_author": false, "is_subscribing": null, "subscriber_count": 18, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6995ec2803ec8263d6cb9902", "name": "Potential for Abuse on Trusted Support Sites", "description": "Analysis of AlienVault OTX data shows that support.apple.com\u2014a whitelisted domain\u2014is associated with 69 malicious files, including Sodinokibi and BazarLoader.\nThe Potential for Abuse:\nBecause these domains are trusted by security filters (like Cisco Umbrella), they may be being used to:\nBypass Firewalls: Mask malicious traffic behind a \"safe\" reputation.\nTarget Vulnerable Users: Exploit the trust of people in high-stress situations who are seeking help.\nHide in Subdomains: Use fragmented assets (like rss.support.*) to avoid active monitoring.\nThe Precaution:\nWhitelisted status does not equal absolute safety. Researchers and users should:\nCheck Certificates: Verify the SSL/TLS Certificate is official.\nVerify Redirects: Check for Open Redirect triggers in links.\nNavigate Directly: Type URLs manually when possible.\nConclusion:\nSupport infrastructure is a high-trust environment. This trust may be being used to target users when they are most vulnerable. Caution is required.", "modified": "2026-04-01T00:44:45.494000", "created": "2026-02-18T16:43:20.757000", "tags": [], "references": [ "", "msudosos note: Caution is required as I have noticed this accross multiple support sites." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 112, "domain": 178, "CVE": 23, "FileHash-MD5": 62, "FileHash-SHA1": 59, "FileHash-SHA256": 59, "email": 1 }, "indicator_count": 726, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.intercom.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.intercom.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776631394.629569 }