{
  "type": "Domain",
  "indicator": "nifty.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/nifty.com",
    "alexa": "http://www.alexa.com/siteinfo/nifty.com",
    "indicator": "nifty.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [
      {
        "source": "majestic",
        "message": "Whitelisted domain nifty.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 2134183660,
      "indicator": "nifty.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 10,
      "pulses": [
        {
          "id": "69f30ef4033560d49d39ac55",
          "name": "VirusTotal report\n                    for executable.exe",
          "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
          "modified": "2026-05-30T09:04:01.553000",
          "created": "2026-04-30T08:12:36.771000",
          "tags": [
            "wifi password",
            "joe security",
            "nextron",
            "new run",
            "key pointing",
            "run key",
            "roth",
            "markus neis",
            "sander wiebing",
            "poudel",
            "public",
            "appdata"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1218",
              "name": "Signed Binary Proxy Execution",
              "display_name": "T1218 - Signed Binary Proxy Execution"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1552",
              "name": "Unsecured Credentials",
              "display_name": "T1552 - Unsecured Credentials"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1069,
            "FileHash-SHA1": 868,
            "FileHash-SHA256": 2783,
            "URL": 764,
            "hostname": 756,
            "domain": 293,
            "email": 44,
            "CVE": 44
          },
          "indicator_count": 6621,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "2 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "5fada31a0d8cd2d83222288b",
          "name": "Undesirable Domains",
          "description": "",
          "modified": "2026-01-22T20:21:27.534000",
          "created": "2020-11-12T21:03:22.827000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 14,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "SerSecurityPro",
            "id": "127436",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 80,
            "hostname": 2,
            "email": 1
          },
          "indicator_count": 83,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 52,
          "modified_text": "129 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "68f200ec32b6a41e81731c3f",
          "name": "Phishing [161025]",
          "description": "Phishing domains and IP addresses that have been used to send malicious emails.",
          "modified": "2025-11-16T08:00:36.933000",
          "created": "2025-10-17T08:40:12.012000",
          "tags": [
            "phishing",
            "spearphishing",
            "malicious-domain",
            "malicious-IP"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United Kingdom of Great Britain and Northern Ireland"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1192",
              "name": "Spearphishing Link",
              "display_name": "T1192 - Spearphishing Link"
            }
          ],
          "industries": [
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "FS13JKMK",
            "id": "312129",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 83,
            "hostname": 71,
            "email": 2,
            "URL": 145,
            "FileHash-SHA256": 20
          },
          "indicator_count": 321,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 71,
          "modified_text": "197 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "683a4b1f5681bd81fdbc91a5",
          "name": "Twitter Feed - harugasumi - 30-05-2025",
          "description": "",
          "modified": "2025-05-31T00:19:43.184000",
          "created": "2025-05-31T00:19:43.184000",
          "tags": [
            "phishing"
          ],
          "references": [
            "https://x.com/harugasumi/status/1928295305344155648",
            "https://x.com/harugasumi/status/1928436954707775858",
            "https://x.com/harugasumi/status/1928439464029741226",
            "https://x.com/harugasumi/status/1928442771544940565"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 4,
            "domain": 1,
            "hostname": 3
          },
          "indicator_count": 8,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1622,
          "modified_text": "366 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "659560d63178b32f07838efb",
          "name": "Covert | Big O Tires active cyber threat | Dark Power | Emotet|",
          "description": "Active, ongoing cyber threat, multiple malicious activities including, network rat, ransomware encryption, social engineering,  spammers, infostealer, botnet activity.\nConsumers may also be contacted by mail or phone or find account seized. I haven't benn able to properly access the magnitude of the issue, there has been at least a handful of customers in good standing , with higher limits on paid of cards that ended up being stolen or according to Big O Representatives 'closed' for unfounded reasons; failure to confirm citizenship, identity, unknown patriot act offences, failure to comply Big O Tires via mail.",
          "modified": "2024-02-02T12:04:41.638000",
          "created": "2024-01-03T13:27:50.685000",
          "tags": [
            "ioc search",
            "new ioc",
            "teams api",
            "contact",
            "threat analyzer",
            "threat",
            "paste",
            "iocs",
            "hostnames",
            "urls https",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "unsafeeval",
            "path",
            "expiressat",
            "auto",
            "wheels online",
            "o tires",
            "shop tires",
            "html info",
            "title shop",
            "tires",
            "meta tags",
            "big o",
            "tires language",
            "name verdict",
            "falcon sandbox",
            "samples",
            "localappdata",
            "json data",
            "temp",
            "getprocaddress",
            "ascii text",
            "windir",
            "file",
            "indicator",
            "mitre att",
            "ck id",
            "factory",
            "hybrid",
            "model",
            "comspec",
            "ssl certificate",
            "whois record",
            "execution",
            "contacted",
            "historical ssl",
            "whois whois",
            "simda http",
            "collections",
            "historical",
            "dropped",
            "backdoor",
            "unknown",
            "united",
            "asnone",
            "show",
            "entries",
            "search",
            "intel",
            "ms windows",
            "pe32",
            "windows nt",
            "copy",
            "write",
            "logic",
            "download",
            "malware",
            "suspicious",
            "next",
            "destination",
            "port",
            "components",
            "globalnpf",
            "china as23724",
            "music",
            "data c",
            "mexico",
            "as15169 google",
            "passive dns",
            "scan endpoints",
            "all octoseek",
            "ipv4",
            "pulse pulses",
            "urls",
            "files",
            "win32",
            "united kingdom",
            "explorer",
            "xserver",
            "mtb aug",
            "location united",
            "america asn",
            "open",
            "trojan",
            "worm",
            "dataadobereader",
            "as397240",
            "msie",
            "etpro trojan",
            "virgin islands",
            "script urls",
            "creation date",
            "record value",
            "date",
            "a domains",
            "all search",
            "otx octoseek",
            "url http",
            "http",
            "related nids",
            "pulse http",
            "url https",
            "files location",
            "as20940",
            "aaaa",
            "as2914 ntt",
            "canada unknown",
            "japan unknown",
            "as16625 akamai",
            "domain",
            "hostname",
            "gmt content",
            "gmt report",
            "0 report",
            "sea alt",
            "body",
            "encrypt",
            "social engineering",
            "revenge rat",
            "rat",
            "identity theft",
            "credit card",
            "referrer",
            "communicating",
            "bundled",
            "family",
            "roots",
            "lolkek",
            "tzw variants",
            "quasar rat",
            "dark power",
            "swisyn",
            "wiper",
            "ransomware",
            "cobalt strike",
            "attack",
            "core",
            "emotet",
            "exploit",
            "hacktool",
            "mail spammer",
            "as63949 linode",
            "mtb dec",
            "checkin m1",
            "trojanspy",
            "artro",
            "remote",
            "infostealer"
          ],
          "references": [
            "https://hybrid-analysis.com/sample/3fb8f0af07a9e94045be0f592c675e4f6146c95523f1774bc03f8eb5cf8c7d4e/65951c3d58467c9eb00f69dc"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Ukraine",
            "Georgia",
            "India",
            "Hong Kong",
            "Canada",
            "China",
            "Indonesia",
            "South Africa",
            "Germany",
            "Slovenia",
            "Mexico",
            "Netherlands",
            "Japan",
            "Spain",
            "Argentina",
            "France",
            "Chile",
            "Italy",
            "Aruba",
            "Switzerland",
            "United Kingdom of Great Britain and Northern Ireland",
            "Denmark",
            "Poland",
            "Colombia",
            "Taiwan",
            "Bulgaria",
            "Austria",
            "Russian Federation",
            "Australia",
            "Philippines",
            "Norway",
            "Sweden"
          ],
          "malware_families": [
            {
              "id": "Trojan:Win32/Comspec",
              "display_name": "Trojan:Win32/Comspec",
              "target": "/malware/Trojan:Win32/Comspec"
            },
            {
              "id": "#Lowfi:SCPT:KiraAsciiObfuscator",
              "display_name": "#Lowfi:SCPT:KiraAsciiObfuscator",
              "target": null
            },
            {
              "id": "Backdoor:Win32/Simda",
              "display_name": "Backdoor:Win32/Simda",
              "target": "/malware/Backdoor:Win32/Simda"
            },
            {
              "id": "Crypt3.BLXP",
              "display_name": "Crypt3.BLXP",
              "target": null
            },
            {
              "id": "PWS:Win32/VB.CU",
              "display_name": "PWS:Win32/VB.CU",
              "target": "/malware/PWS:Win32/VB.CU"
            },
            {
              "id": "Trojan:MSIL/ClipBanker.GB!MTB",
              "display_name": "Trojan:MSIL/ClipBanker.GB!MTB",
              "target": "/malware/Trojan:MSIL/ClipBanker.GB!MTB"
            },
            {
              "id": "Virus:Win32/Floxif.H",
              "display_name": "Virus:Win32/Floxif.H",
              "target": "/malware/Virus:Win32/Floxif.H"
            },
            {
              "id": "Win.Packed.Zusy-7170176-0",
              "display_name": "Win.Packed.Zusy-7170176-0",
              "target": null
            },
            {
              "id": "Win.Trojan.Zbot-9880005-0",
              "display_name": "Win.Trojan.Zbot-9880005-0",
              "target": null
            },
            {
              "id": "'Win32:Trojan-gen",
              "display_name": "'Win32:Trojan-gen",
              "target": null
            },
            {
              "id": "TEL:TrojanDownloader:O97M/MsiexecAbuse",
              "display_name": "TEL:TrojanDownloader:O97M/MsiexecAbuse",
              "target": null
            },
            {
              "id": "Worm:Win32/Mofksys.B",
              "display_name": "Worm:Win32/Mofksys.B",
              "target": "/malware/Worm:Win32/Mofksys.B"
            },
            {
              "id": "Worm:Win32/Mofksys.RND!MTB",
              "display_name": "Worm:Win32/Mofksys.RND!MTB",
              "target": "/malware/Worm:Win32/Mofksys.RND!MTB"
            },
            {
              "id": "Worm:LOGO/Logic",
              "display_name": "Worm:LOGO/Logic",
              "target": "/malware/Worm:LOGO/Logic"
            },
            {
              "id": "ETPro Trojan",
              "display_name": "ETPro Trojan",
              "target": null
            },
            {
              "id": "LolKek",
              "display_name": "LolKek",
              "target": null
            },
            {
              "id": "Ransomware",
              "display_name": "Ransomware",
              "target": null
            },
            {
              "id": "Quasar RAT",
              "display_name": "Quasar RAT",
              "target": null
            },
            {
              "id": "Emotet",
              "display_name": "Emotet",
              "target": null
            },
            {
              "id": "TrojanSpy:Win32/Swisyn",
              "display_name": "TrojanSpy:Win32/Swisyn",
              "target": "/malware/TrojanSpy:Win32/Swisyn"
            },
            {
              "id": "Dark Power",
              "display_name": "Dark Power",
              "target": null
            },
            {
              "id": "Cobalt Strike",
              "display_name": "Cobalt Strike",
              "target": null
            },
            {
              "id": "HackTool",
              "display_name": "HackTool",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Artro",
              "display_name": "Artro",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1546",
              "name": "Event Triggered Execution",
              "display_name": "T1546 - Event Triggered Execution"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1546.015",
              "name": "Component Object Model Hijacking",
              "display_name": "T1546.015 - Component Object Model Hijacking"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1071.003",
              "name": "Mail Protocols",
              "display_name": "T1071.003 - Mail Protocols"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "TA0011",
              "name": "Command and Control",
              "display_name": "TA0011 - Command and Control"
            },
            {
              "id": "T1583.005",
              "name": "Botnet",
              "display_name": "T1583.005 - Botnet"
            }
          ],
          "industries": [
            "Telecommunications"
          ],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 560,
            "FileHash-SHA1": 350,
            "FileHash-SHA256": 4371,
            "URL": 8165,
            "domain": 2548,
            "hostname": 2813,
            "CVE": 4,
            "email": 3
          },
          "indicator_count": 18814,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "850 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6553b88c316cfb531b9c4c10",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
          "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-14T18:12:28.459000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 28,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568ab12429c394dc4b91ea",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
          "description": "",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-16T21:33:37.838000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "6553b88c316cfb531b9c4c10",
          "export_count": 22,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bc6301b7cdf7d04e095",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:44:54.422000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "900 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bdc3676a40633a619be",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:45:16.667000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 35,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "900 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568d67bd96e06ab44b9b95",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-16T21:45:11.721000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "65536bdc3676a40633a619be",
          "export_count": 25,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "900 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "pornhub.com",
        "http://mobile.suddenlink2go.com/",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "ytq2rs56.haogfw.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor",
        "https://monitor.rodgersmith.com",
        "https://x.com/harugasumi/status/1928439464029741226",
        "dishmail.net",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://x.com/harugasumi/status/1928442771544940565",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "home.toshiba.com",
        "https://x.com/harugasumi/status/1928295305344155648",
        "myhughesnet.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "monitor.cablelan.net",
        "https://x.com/harugasumi/status/1928436954707775858",
        "https://hybrid-analysis.com/sample/3fb8f0af07a9e94045be0f592c675e4f6146c95523f1774bc03f8eb5cf8c7d4e/65951c3d58467c9eb00f69dc"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Trojan:win32/comspec",
            "Crypt3.blxp",
            "Worm:win32/mofksys.b",
            "Emotet",
            "Hacktool",
            "Ransomware",
            "Worm:logo/logic",
            "Cobalt strike",
            "Roblox",
            "Dark power",
            "Trojan:msil/clipbanker.gb!mtb",
            "Maltiverse",
            "Lolkek",
            "Backdoor:win32/simda",
            "Win.trojan.zbot-9880005-0",
            "Virus:win32/floxif.h",
            "Trojanspy",
            "Worm:win32/mofksys.rnd!mtb",
            "#lowfi:scpt:kiraasciiobfuscator",
            "Win.packed.zusy-7170176-0",
            "Artro",
            "Etpro trojan",
            "Pws:win32/vb.cu",
            "Quasar rat",
            "Trojanspy:win32/swisyn",
            "'win32:trojan-gen",
            "Tel:trojandownloader:o97m/msiexecabuse"
          ],
          "industries": [
            "Telecommunications",
            "Government"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 10,
  "pulses": [
    {
      "id": "69f30ef4033560d49d39ac55",
      "name": "VirusTotal report\n                    for executable.exe",
      "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
      "modified": "2026-05-30T09:04:01.553000",
      "created": "2026-04-30T08:12:36.771000",
      "tags": [
        "wifi password",
        "joe security",
        "nextron",
        "new run",
        "key pointing",
        "run key",
        "roth",
        "markus neis",
        "sander wiebing",
        "poudel",
        "public",
        "appdata"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1003",
          "name": "OS Credential Dumping",
          "display_name": "T1003 - OS Credential Dumping"
        },
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1218",
          "name": "Signed Binary Proxy Execution",
          "display_name": "T1218 - Signed Binary Proxy Execution"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1552",
          "name": "Unsecured Credentials",
          "display_name": "T1552 - Unsecured Credentials"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1069,
        "FileHash-SHA1": 868,
        "FileHash-SHA256": 2783,
        "URL": 764,
        "hostname": 756,
        "domain": 293,
        "email": 44,
        "CVE": 44
      },
      "indicator_count": 6621,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "2 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "5fada31a0d8cd2d83222288b",
      "name": "Undesirable Domains",
      "description": "",
      "modified": "2026-01-22T20:21:27.534000",
      "created": "2020-11-12T21:03:22.827000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 14,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "SerSecurityPro",
        "id": "127436",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 80,
        "hostname": 2,
        "email": 1
      },
      "indicator_count": 83,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 52,
      "modified_text": "129 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "68f200ec32b6a41e81731c3f",
      "name": "Phishing [161025]",
      "description": "Phishing domains and IP addresses that have been used to send malicious emails.",
      "modified": "2025-11-16T08:00:36.933000",
      "created": "2025-10-17T08:40:12.012000",
      "tags": [
        "phishing",
        "spearphishing",
        "malicious-domain",
        "malicious-IP"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United Kingdom of Great Britain and Northern Ireland"
      ],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1192",
          "name": "Spearphishing Link",
          "display_name": "T1192 - Spearphishing Link"
        }
      ],
      "industries": [
        "Government"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "FS13JKMK",
        "id": "312129",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 83,
        "hostname": 71,
        "email": 2,
        "URL": 145,
        "FileHash-SHA256": 20
      },
      "indicator_count": 321,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 71,
      "modified_text": "197 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "683a4b1f5681bd81fdbc91a5",
      "name": "Twitter Feed - harugasumi - 30-05-2025",
      "description": "",
      "modified": "2025-05-31T00:19:43.184000",
      "created": "2025-05-31T00:19:43.184000",
      "tags": [
        "phishing"
      ],
      "references": [
        "https://x.com/harugasumi/status/1928295305344155648",
        "https://x.com/harugasumi/status/1928436954707775858",
        "https://x.com/harugasumi/status/1928439464029741226",
        "https://x.com/harugasumi/status/1928442771544940565"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 6,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "CyberHunterAutoFeed",
        "id": "182496",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 4,
        "domain": 1,
        "hostname": 3
      },
      "indicator_count": 8,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 1622,
      "modified_text": "366 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "659560d63178b32f07838efb",
      "name": "Covert | Big O Tires active cyber threat | Dark Power | Emotet|",
      "description": "Active, ongoing cyber threat, multiple malicious activities including, network rat, ransomware encryption, social engineering,  spammers, infostealer, botnet activity.\nConsumers may also be contacted by mail or phone or find account seized. I haven't benn able to properly access the magnitude of the issue, there has been at least a handful of customers in good standing , with higher limits on paid of cards that ended up being stolen or according to Big O Representatives 'closed' for unfounded reasons; failure to confirm citizenship, identity, unknown patriot act offences, failure to comply Big O Tires via mail.",
      "modified": "2024-02-02T12:04:41.638000",
      "created": "2024-01-03T13:27:50.685000",
      "tags": [
        "ioc search",
        "new ioc",
        "teams api",
        "contact",
        "threat analyzer",
        "threat",
        "paste",
        "iocs",
        "hostnames",
        "urls https",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "unsafeeval",
        "path",
        "expiressat",
        "auto",
        "wheels online",
        "o tires",
        "shop tires",
        "html info",
        "title shop",
        "tires",
        "meta tags",
        "big o",
        "tires language",
        "name verdict",
        "falcon sandbox",
        "samples",
        "localappdata",
        "json data",
        "temp",
        "getprocaddress",
        "ascii text",
        "windir",
        "file",
        "indicator",
        "mitre att",
        "ck id",
        "factory",
        "hybrid",
        "model",
        "comspec",
        "ssl certificate",
        "whois record",
        "execution",
        "contacted",
        "historical ssl",
        "whois whois",
        "simda http",
        "collections",
        "historical",
        "dropped",
        "backdoor",
        "unknown",
        "united",
        "asnone",
        "show",
        "entries",
        "search",
        "intel",
        "ms windows",
        "pe32",
        "windows nt",
        "copy",
        "write",
        "logic",
        "download",
        "malware",
        "suspicious",
        "next",
        "destination",
        "port",
        "components",
        "globalnpf",
        "china as23724",
        "music",
        "data c",
        "mexico",
        "as15169 google",
        "passive dns",
        "scan endpoints",
        "all octoseek",
        "ipv4",
        "pulse pulses",
        "urls",
        "files",
        "win32",
        "united kingdom",
        "explorer",
        "xserver",
        "mtb aug",
        "location united",
        "america asn",
        "open",
        "trojan",
        "worm",
        "dataadobereader",
        "as397240",
        "msie",
        "etpro trojan",
        "virgin islands",
        "script urls",
        "creation date",
        "record value",
        "date",
        "a domains",
        "all search",
        "otx octoseek",
        "url http",
        "http",
        "related nids",
        "pulse http",
        "url https",
        "files location",
        "as20940",
        "aaaa",
        "as2914 ntt",
        "canada unknown",
        "japan unknown",
        "as16625 akamai",
        "domain",
        "hostname",
        "gmt content",
        "gmt report",
        "0 report",
        "sea alt",
        "body",
        "encrypt",
        "social engineering",
        "revenge rat",
        "rat",
        "identity theft",
        "credit card",
        "referrer",
        "communicating",
        "bundled",
        "family",
        "roots",
        "lolkek",
        "tzw variants",
        "quasar rat",
        "dark power",
        "swisyn",
        "wiper",
        "ransomware",
        "cobalt strike",
        "attack",
        "core",
        "emotet",
        "exploit",
        "hacktool",
        "mail spammer",
        "as63949 linode",
        "mtb dec",
        "checkin m1",
        "trojanspy",
        "artro",
        "remote",
        "infostealer"
      ],
      "references": [
        "https://hybrid-analysis.com/sample/3fb8f0af07a9e94045be0f592c675e4f6146c95523f1774bc03f8eb5cf8c7d4e/65951c3d58467c9eb00f69dc"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "Ukraine",
        "Georgia",
        "India",
        "Hong Kong",
        "Canada",
        "China",
        "Indonesia",
        "South Africa",
        "Germany",
        "Slovenia",
        "Mexico",
        "Netherlands",
        "Japan",
        "Spain",
        "Argentina",
        "France",
        "Chile",
        "Italy",
        "Aruba",
        "Switzerland",
        "United Kingdom of Great Britain and Northern Ireland",
        "Denmark",
        "Poland",
        "Colombia",
        "Taiwan",
        "Bulgaria",
        "Austria",
        "Russian Federation",
        "Australia",
        "Philippines",
        "Norway",
        "Sweden"
      ],
      "malware_families": [
        {
          "id": "Trojan:Win32/Comspec",
          "display_name": "Trojan:Win32/Comspec",
          "target": "/malware/Trojan:Win32/Comspec"
        },
        {
          "id": "#Lowfi:SCPT:KiraAsciiObfuscator",
          "display_name": "#Lowfi:SCPT:KiraAsciiObfuscator",
          "target": null
        },
        {
          "id": "Backdoor:Win32/Simda",
          "display_name": "Backdoor:Win32/Simda",
          "target": "/malware/Backdoor:Win32/Simda"
        },
        {
          "id": "Crypt3.BLXP",
          "display_name": "Crypt3.BLXP",
          "target": null
        },
        {
          "id": "PWS:Win32/VB.CU",
          "display_name": "PWS:Win32/VB.CU",
          "target": "/malware/PWS:Win32/VB.CU"
        },
        {
          "id": "Trojan:MSIL/ClipBanker.GB!MTB",
          "display_name": "Trojan:MSIL/ClipBanker.GB!MTB",
          "target": "/malware/Trojan:MSIL/ClipBanker.GB!MTB"
        },
        {
          "id": "Virus:Win32/Floxif.H",
          "display_name": "Virus:Win32/Floxif.H",
          "target": "/malware/Virus:Win32/Floxif.H"
        },
        {
          "id": "Win.Packed.Zusy-7170176-0",
          "display_name": "Win.Packed.Zusy-7170176-0",
          "target": null
        },
        {
          "id": "Win.Trojan.Zbot-9880005-0",
          "display_name": "Win.Trojan.Zbot-9880005-0",
          "target": null
        },
        {
          "id": "'Win32:Trojan-gen",
          "display_name": "'Win32:Trojan-gen",
          "target": null
        },
        {
          "id": "TEL:TrojanDownloader:O97M/MsiexecAbuse",
          "display_name": "TEL:TrojanDownloader:O97M/MsiexecAbuse",
          "target": null
        },
        {
          "id": "Worm:Win32/Mofksys.B",
          "display_name": "Worm:Win32/Mofksys.B",
          "target": "/malware/Worm:Win32/Mofksys.B"
        },
        {
          "id": "Worm:Win32/Mofksys.RND!MTB",
          "display_name": "Worm:Win32/Mofksys.RND!MTB",
          "target": "/malware/Worm:Win32/Mofksys.RND!MTB"
        },
        {
          "id": "Worm:LOGO/Logic",
          "display_name": "Worm:LOGO/Logic",
          "target": "/malware/Worm:LOGO/Logic"
        },
        {
          "id": "ETPro Trojan",
          "display_name": "ETPro Trojan",
          "target": null
        },
        {
          "id": "LolKek",
          "display_name": "LolKek",
          "target": null
        },
        {
          "id": "Ransomware",
          "display_name": "Ransomware",
          "target": null
        },
        {
          "id": "Quasar RAT",
          "display_name": "Quasar RAT",
          "target": null
        },
        {
          "id": "Emotet",
          "display_name": "Emotet",
          "target": null
        },
        {
          "id": "TrojanSpy:Win32/Swisyn",
          "display_name": "TrojanSpy:Win32/Swisyn",
          "target": "/malware/TrojanSpy:Win32/Swisyn"
        },
        {
          "id": "Dark Power",
          "display_name": "Dark Power",
          "target": null
        },
        {
          "id": "Cobalt Strike",
          "display_name": "Cobalt Strike",
          "target": null
        },
        {
          "id": "HackTool",
          "display_name": "HackTool",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Artro",
          "display_name": "Artro",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1546",
          "name": "Event Triggered Execution",
          "display_name": "T1546 - Event Triggered Execution"
        },
        {
          "id": "T1060",
          "name": "Registry Run Keys / Startup Folder",
          "display_name": "T1060 - Registry Run Keys / Startup Folder"
        },
        {
          "id": "T1119",
          "name": "Automated Collection",
          "display_name": "T1119 - Automated Collection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1546.015",
          "name": "Component Object Model Hijacking",
          "display_name": "T1546.015 - Component Object Model Hijacking"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1071.003",
          "name": "Mail Protocols",
          "display_name": "T1071.003 - Mail Protocols"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "TA0011",
          "name": "Command and Control",
          "display_name": "TA0011 - Command and Control"
        },
        {
          "id": "T1583.005",
          "name": "Botnet",
          "display_name": "T1583.005 - Botnet"
        }
      ],
      "industries": [
        "Telecommunications"
      ],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 560,
        "FileHash-SHA1": 350,
        "FileHash-SHA256": 4371,
        "URL": 8165,
        "domain": 2548,
        "hostname": 2813,
        "CVE": 4,
        "email": 3
      },
      "indicator_count": 18814,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "850 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6553b88c316cfb531b9c4c10",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
      "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-14T18:12:28.459000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 28,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 222,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568ab12429c394dc4b91ea",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
      "description": "",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-16T21:33:37.838000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": "6553b88c316cfb531b9c4c10",
      "export_count": 22,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bc6301b7cdf7d04e095",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:44:54.422000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "900 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bdc3676a40633a619be",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:45:16.667000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 35,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "900 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568d67bd96e06ab44b9b95",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-16T21:45:11.721000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": "65536bdc3676a40633a619be",
      "export_count": 25,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "900 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "nifty.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "nifty.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780322465.3346446
}