{
  "type": "Domain",
  "indicator": "penn.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/penn.com",
    "alexa": "http://www.alexa.com/siteinfo/penn.com",
    "indicator": "penn.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 2600628368,
      "indicator": "penn.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 6,
      "pulses": [
        {
          "id": "69f30ef4033560d49d39ac55",
          "name": "VirusTotal report\n                    for executable.exe",
          "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
          "modified": "2026-05-30T09:04:01.553000",
          "created": "2026-04-30T08:12:36.771000",
          "tags": [
            "wifi password",
            "joe security",
            "nextron",
            "new run",
            "key pointing",
            "run key",
            "roth",
            "markus neis",
            "sander wiebing",
            "poudel",
            "public",
            "appdata"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1218",
              "name": "Signed Binary Proxy Execution",
              "display_name": "T1218 - Signed Binary Proxy Execution"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1552",
              "name": "Unsecured Credentials",
              "display_name": "T1552 - Unsecured Credentials"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1069,
            "FileHash-SHA1": 868,
            "FileHash-SHA256": 2783,
            "URL": 764,
            "hostname": 756,
            "domain": 293,
            "email": 44,
            "CVE": 44
          },
          "indicator_count": 6621,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "1 day ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6553b88c316cfb531b9c4c10",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
          "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-14T18:12:28.459000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 28,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568ab12429c394dc4b91ea",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
          "description": "",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-16T21:33:37.838000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "6553b88c316cfb531b9c4c10",
          "export_count": 22,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bc6301b7cdf7d04e095",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:44:54.422000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bdc3676a40633a619be",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:45:16.667000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 35,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568d67bd96e06ab44b9b95",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-16T21:45:11.721000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "65536bdc3676a40633a619be",
          "export_count": 25,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "pornhub.com",
        "ytq2rs56.haogfw.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "home.toshiba.com",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "dishmail.net",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor",
        "http://mobile.suddenlink2go.com/",
        "myhughesnet.com",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Maltiverse",
            "Trojanspy",
            "Roblox"
          ],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 6,
  "pulses": [
    {
      "id": "69f30ef4033560d49d39ac55",
      "name": "VirusTotal report\n                    for executable.exe",
      "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
      "modified": "2026-05-30T09:04:01.553000",
      "created": "2026-04-30T08:12:36.771000",
      "tags": [
        "wifi password",
        "joe security",
        "nextron",
        "new run",
        "key pointing",
        "run key",
        "roth",
        "markus neis",
        "sander wiebing",
        "poudel",
        "public",
        "appdata"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1003",
          "name": "OS Credential Dumping",
          "display_name": "T1003 - OS Credential Dumping"
        },
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1218",
          "name": "Signed Binary Proxy Execution",
          "display_name": "T1218 - Signed Binary Proxy Execution"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1552",
          "name": "Unsecured Credentials",
          "display_name": "T1552 - Unsecured Credentials"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1069,
        "FileHash-SHA1": 868,
        "FileHash-SHA256": 2783,
        "URL": 764,
        "hostname": 756,
        "domain": 293,
        "email": 44,
        "CVE": 44
      },
      "indicator_count": 6621,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "1 day ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6553b88c316cfb531b9c4c10",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
      "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-14T18:12:28.459000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 28,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 222,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568ab12429c394dc4b91ea",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
      "description": "",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-16T21:33:37.838000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": "6553b88c316cfb531b9c4c10",
      "export_count": 22,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bc6301b7cdf7d04e095",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:44:54.422000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bdc3676a40633a619be",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:45:16.667000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 35,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568d67bd96e06ab44b9b95",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-16T21:45:11.721000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": "65536bdc3676a40633a619be",
      "export_count": 25,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "penn.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "penn.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780245782.8079417
}