{ "type": "URL", "indicator": "https://www.visitusvi.com/explore-islands/stthomas", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.visitusvi.com/explore-islands/stthomas", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3739391032, "indicator": "https://www.visitusvi.com/explore-islands/stthomas", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6910dda1fa3b7bb356535044", "name": "Tracking | Phishing (subaru.tk?)", "description": "CnC and I\u2019m not quite sure yet. Target owned a Subaru.., \n*From:\n#christopher_p_ahmann #tam_legal #hijacking #adversarial #malice cyber_crime #hitmen", "modified": "2025-12-09T18:01:03.014000", "created": "2025-11-09T18:29:53.034000", "tags": [ "title added", "active related", "hpb vfx", "layerid", "param", "par element", "d330", "d320", "d130", "layerobj", "d120", "apache", "info", "accept", "encrypt", "track subaru", "present nov", "japan unknown", "present sep", "present apr", "present aug", "present jul", "servers", "present oct", "present jun", "present dec", "service", "lazarus", "ip address", "li li", "gmt server", "gmt etag", "error", "home care", "united states", "japan", "aaaa", "united", "passive dns", "search", "present may", "present feb", "trojan", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "defense evasion", "adversaries", "spawns", "initial access", "windows nt", "sha1", "sha256", "mitre att", "show technique", "ck matrix", "span", "date", "meta", "hybrid", "general", "local", "path", "click", "strings", "generator", "title", "access att", "body", "present jan", "unknown ns", "path max", "cookie", "t1480 execution", "pattern match", "ascii text" ], "references": [ "http://www.subaru.tk/pureasmsaite/ \u2022 subaru.tk", "7545-homecare.com \u2022 http://7545-homecare.com \u2022 https://7545-homecare.com", "Disturbing: (end of kink) https://trk.suprclicks.com/af46e6b8-e87c-4857-a943-16964677dead <-" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Generic36.ABKD", "display_name": "Generic36.ABKD", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1598.001", "name": "Spearphishing Service", "display_name": "T1598.001 - Spearphishing Service" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3867, "FileHash-MD5": 59, "domain": 810, "hostname": 1085, "FileHash-SHA1": 58, "FileHash-SHA256": 249, "email": 3, "SSLCertFingerprint": 2 }, "indicator_count": 6133, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "174 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fe5e685939cb8ce7486", "name": "Direct Search Network", "description": "", "modified": "2023-12-06T16:23:01.912000", "created": "2023-12-06T16:23:01.912000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1105, "domain": 665, "FileHash-SHA256": 1203, "URL": 2334, "FileHash-MD5": 384, "FileHash-SHA1": 62, "email": 2 }, "indicator_count": 5755, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dac57e96082bfaec2f2334", "name": "Direct Search Network", "description": "Direct Search Network - Direct Navigation Traffic\nBat Downloader, Riskware, Malware, Ransomware, AdWare spam, Bots\nMalicious Host\n\nTags:\ncve-2007-0774\ncve-2011-5007\ncve-2009-1122\nbobsoft\ncontains-embedded-js\ncontains-elf\nnsis\ncve-1999-0016\narmadillo\nattachment\ncve-2020-11899\ncve-2016-2211\ncontains-pe\ncve-2010-3281", "modified": "2023-09-14T15:04:53.181000", "created": "2023-08-15T00:23:26.018000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2552, "FileHash-SHA256": 2345, "domain": 1477, "email": 31, "URL": 5053, "FileHash-MD5": 544, "FileHash-SHA1": 79 }, "indicator_count": 12081, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "991 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://www.subaru.tk/pureasmsaite/ \u2022 subaru.tk", "7545-homecare.com \u2022 http://7545-homecare.com \u2022 https://7545-homecare.com", "Disturbing: (end of kink) https://trk.suprclicks.com/af46e6b8-e87c-4857-a943-16964677dead <-" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Other malware", "Mirai", "Generic36.abkd" ], "industries": [], "unique_indicators": 11998 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/visitusvi.com", "whois": "http://whois.domaintools.com/visitusvi.com", "domain": "visitusvi.com", "hostname": "www.visitusvi.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6910dda1fa3b7bb356535044", "name": "Tracking | Phishing (subaru.tk?)", "description": "CnC and I\u2019m not quite sure yet. Target owned a Subaru.., \n*From:\n#christopher_p_ahmann #tam_legal #hijacking #adversarial #malice cyber_crime #hitmen", "modified": "2025-12-09T18:01:03.014000", "created": "2025-11-09T18:29:53.034000", "tags": [ "title added", "active related", "hpb vfx", "layerid", "param", "par element", "d330", "d320", "d130", "layerobj", "d120", "apache", "info", "accept", "encrypt", "track subaru", "present nov", "japan unknown", "present sep", "present apr", "present aug", "present jul", "servers", "present oct", "present jun", "present dec", "service", "lazarus", "ip address", "li li", "gmt server", "gmt etag", "error", "home care", "united states", "japan", "aaaa", "united", "passive dns", "search", "present may", "present feb", "trojan", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "defense evasion", "adversaries", "spawns", "initial access", "windows nt", "sha1", "sha256", "mitre att", "show technique", "ck matrix", "span", "date", "meta", "hybrid", "general", "local", "path", "click", "strings", "generator", "title", "access att", "body", "present jan", "unknown ns", "path max", "cookie", "t1480 execution", "pattern match", "ascii text" ], "references": [ "http://www.subaru.tk/pureasmsaite/ \u2022 subaru.tk", "7545-homecare.com \u2022 http://7545-homecare.com \u2022 https://7545-homecare.com", "Disturbing: (end of kink) https://trk.suprclicks.com/af46e6b8-e87c-4857-a943-16964677dead <-" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Generic36.ABKD", "display_name": "Generic36.ABKD", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1598.001", "name": "Spearphishing Service", "display_name": "T1598.001 - Spearphishing Service" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1017", "name": "Application Deployment Software", "display_name": "T1017 - Application Deployment Software" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3867, "FileHash-MD5": 59, "domain": 810, "hostname": 1085, "FileHash-SHA1": 58, "FileHash-SHA256": 249, "email": 3, "SSLCertFingerprint": 2 }, "indicator_count": 6133, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "174 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fe5e685939cb8ce7486", "name": "Direct Search Network", "description": "", "modified": "2023-12-06T16:23:01.912000", "created": "2023-12-06T16:23:01.912000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1105, "domain": 665, "FileHash-SHA256": 1203, "URL": 2334, "FileHash-MD5": 384, "FileHash-SHA1": 62, "email": 2 }, "indicator_count": 5755, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dac57e96082bfaec2f2334", "name": "Direct Search Network", "description": "Direct Search Network - Direct Navigation Traffic\nBat Downloader, Riskware, Malware, Ransomware, AdWare spam, Bots\nMalicious Host\n\nTags:\ncve-2007-0774\ncve-2011-5007\ncve-2009-1122\nbobsoft\ncontains-embedded-js\ncontains-elf\nnsis\ncve-1999-0016\narmadillo\nattachment\ncve-2020-11899\ncve-2016-2211\ncontains-pe\ncve-2010-3281", "modified": "2023-09-14T15:04:53.181000", "created": "2023-08-15T00:23:26.018000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2552, "FileHash-SHA256": 2345, "domain": 1477, "email": 31, "URL": 5053, "FileHash-MD5": 544, "FileHash-SHA1": 79 }, "indicator_count": 12081, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "991 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.visitusvi.com/explore-islands/stthomas", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.visitusvi.com/explore-islands/stthomas", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780394476.856411 }