{ "type": "Domain", "indicator": "j.ac", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/j.ac", "alexa": "http://www.alexa.com/siteinfo/j.ac", "indicator": "j.ac", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2255402555, "indicator": "j.ac", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a0daaebfbebe6e44d7c8992", "name": "Public Data - SecondWrite DeepView - 126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270", "description": "Public data sourced thr majority of it flagging red in VT the documents that dont all have mitre findings and process injection, drops, and many other findings. A quick search of cyber concerns and the county would reveal much more.", "modified": "2026-05-21T01:29:58.344000", "created": "2026-05-20T12:36:59.202000", "tags": [ "tj et", "bt f3", "q emc", "bt f2", "bt f1", "default", "bt f11", "font", "extgstate", "rgs8", "stream", "xport", "double", "generic", "enterprise", "matrix", "sandbox", "grease", "strings", "agent", "back", "html", "mitre attack", "network info", "processes extra", "iemobile", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "phishing", "next", "xmpg", "resource", "cmyk", "process", "mediabox", "procset", "core", "false", "recon", "black", "green", "info", "local", "registry keys", "file execution", "update mutex", "instance mutex", "parent pid", "full path", "command line", "files c", "read files", "file type", "united", "json", "com executable", "ascii", "dropped info", "malicious", "norfolk county MA", "Massachusetts", "Zenbox resolver", "offensive security\"\"", "karen read", "courthouse questions", "public corruption", "spyware", "bruno", "julie" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 12, "FileHash-SHA256": 246, "IPv4": 91, "email": 1, "URL": 88, "domain": 57, "hostname": 46 }, "indicator_count": 665, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b92dca4e6c505e4fc9f", "name": "hmmm well here's an interesting collection - cant be good thou", "description": "", "modified": "2023-12-06T14:56:18.197000", "created": "2023-12-06T14:56:18.197000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 203, "FileHash-SHA256": 238, "domain": 228, "URL": 514 }, "indicator_count": 1183, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62546c170788831d1b8f5860", "name": "hmmm well here's an interesting collection - cant be good thou", "description": "ocsp.pk vt google search results x 4 defo a lot of very short domains and a lot of typo squatting domains", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T17:57:43.813000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "icmp6", "out ethertype", "h0f0", "e0c0a", "ei6oa", "cname", "file format", "ocsp.pk" ], "references": [ "21:13:30.518992 IP 10.186.117.95.1578 > 128.210.11.57.53: 2684+ ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029 ...", "07:09:12.821315 IP 192.168.1.132.31021 > 192.168.1.1.53: 415+ A ... milab.cs.purdue.edu File Format: text/plain 0x0200: 861d 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0210: 692e 676f 6f67 2f47 5453 4749 4147 3330 i.goog/GTSGIAG30 0x0220: 1d06 0355 1d0e", "19:31:39.739463 IP 10.186.117.95.20129 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029", "21:11:40.720930 IP 10.186.117.95.23185 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 514, "hostname": 203, "domain": 228, "FileHash-SHA256": 238 }, "indicator_count": 1183, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "21:13:30.518992 IP 10.186.117.95.1578 > 128.210.11.57.53: 2684+ ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029 ...", "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "21:11:40.720930 IP 10.186.117.95.23185 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "07:09:12.821315 IP 192.168.1.132.31021 > 192.168.1.1.53: 415+ A ... milab.cs.purdue.edu File Format: text/plain 0x0200: 861d 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0210: 692e 676f 6f67 2f47 5453 4749 4147 3330 i.goog/GTSGIAG30 0x0220: 1d06 0355 1d0e", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U", "19:31:39.739463 IP 10.186.117.95.20129 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a0daaebfbebe6e44d7c8992", "name": "Public Data - SecondWrite DeepView - 126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270", "description": "Public data sourced thr majority of it flagging red in VT the documents that dont all have mitre findings and process injection, drops, and many other findings. A quick search of cyber concerns and the county would reveal much more.", "modified": "2026-05-21T01:29:58.344000", "created": "2026-05-20T12:36:59.202000", "tags": [ "tj et", "bt f3", "q emc", "bt f2", "bt f1", "default", "bt f11", "font", "extgstate", "rgs8", "stream", "xport", "double", "generic", "enterprise", "matrix", "sandbox", "grease", "strings", "agent", "back", "html", "mitre attack", "network info", "processes extra", "iemobile", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "phishing", "next", "xmpg", "resource", "cmyk", "process", "mediabox", "procset", "core", "false", "recon", "black", "green", "info", "local", "registry keys", "file execution", "update mutex", "instance mutex", "parent pid", "full path", "command line", "files c", "read files", "file type", "united", "json", "com executable", "ascii", "dropped info", "malicious", "norfolk county MA", "Massachusetts", "Zenbox resolver", "offensive security\"\"", "karen read", "courthouse questions", "public corruption", "spyware", "bruno", "julie" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 12, "FileHash-SHA256": 246, "IPv4": 91, "email": 1, "URL": 88, "domain": 57, "hostname": 46 }, "indicator_count": 665, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b92dca4e6c505e4fc9f", "name": "hmmm well here's an interesting collection - cant be good thou", "description": "", "modified": "2023-12-06T14:56:18.197000", "created": "2023-12-06T14:56:18.197000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 203, "FileHash-SHA256": 238, "domain": 228, "URL": 514 }, "indicator_count": 1183, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62546c170788831d1b8f5860", "name": "hmmm well here's an interesting collection - cant be good thou", "description": "ocsp.pk vt google search results x 4 defo a lot of very short domains and a lot of typo squatting domains", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T17:57:43.813000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "icmp6", "out ethertype", "h0f0", "e0c0a", "ei6oa", "cname", "file format", "ocsp.pk" ], "references": [ "21:13:30.518992 IP 10.186.117.95.1578 > 128.210.11.57.53: 2684+ ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029 ...", "07:09:12.821315 IP 192.168.1.132.31021 > 192.168.1.1.53: 415+ A ... milab.cs.purdue.edu File Format: text/plain 0x0200: 861d 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0210: 692e 676f 6f67 2f47 5453 4749 4147 3330 i.goog/GTSGIAG30 0x0220: 1d06 0355 1d0e", "19:31:39.739463 IP 10.186.117.95.20129 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029", "21:11:40.720930 IP 10.186.117.95.23185 > 128.210.11.57.53 ... milab.cs.purdue.edu File Format: text/plain 0x0170: 8619 6874 7470 3a2f 2f6f 6373 702e 706b ..http://ocsp.pk 0x0180: 692e 676f 6f67 2f67 7372 3230 3206 0355 i.goog/gsr202..U 0x0190: 1d1f 042b 3029", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 514, "hostname": 203, "domain": 228, "FileHash-SHA256": 238 }, "indicator_count": 1183, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "j.ac", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "j.ac", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780333072.4871616 }