{
  "type": "Domain",
  "indicator": "qzone.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/qzone.com",
    "alexa": "http://www.alexa.com/siteinfo/qzone.com",
    "indicator": "qzone.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 2869210894,
      "indicator": "qzone.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 13,
      "pulses": [
        {
          "id": "6a103de1e71756a0b58ce416",
          "name": "secret camera * VirusTotal Windows Sandbox",
          "description": "[100s of thousands of people have signed a petition calling for an end to the use of the word \"sex\" in the wake of a fatal accident in London's West Bromwich, which left 11 people dead]<what is this?",
          "modified": "2026-05-22T12:27:31.937000",
          "created": "2026-05-22T11:28:33.791000",
          "tags": [
            "windows sandbox",
            "clear filters",
            "file type",
            "ascii text",
            "pe file",
            "https",
            "ms windows",
            "svg scalable",
            "vector graphics",
            "elite",
            "tls version",
            "unicode text",
            "persistence",
            "malicious",
            "next",
            "default",
            "parent pid",
            "full path",
            "command line",
            "inprocserver32",
            "data",
            "datacrashpad",
            "k localservice",
            "s ngcsvc",
            "s ngcctnrsvc",
            "windir",
            "registry",
            "basic",
            "file name",
            "pe32 executable",
            "intel",
            "file size",
            "sha1",
            "files mitre",
            "windows user",
            "account control",
            "windows",
            "forms",
            "source source",
            "command",
            "enterprise",
            "close",
            "strong",
            "library",
            "address virtual",
            "none rticon",
            "cname",
            "mwdb",
            "bazaar",
            "sha3384",
            "accept",
            "tofsee",
            "shutdown",
            "stream",
            "string id",
            "x5173x95ed",
            "control",
            "wixbundlename",
            "x53d6x6d88",
            "copyright",
            "width",
            "height",
            "helptext",
            "repair",
            "calls process",
            "Camera",
            "Spyware",
            "illegal",
            "test recall",
            "test recall task 5/12/25"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
            "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
            "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
            "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1486",
              "name": "Data Encrypted for Impact",
              "display_name": "T1486 - Data Encrypted for Impact"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 4759,
            "hostname": 1513,
            "IPv4": 576,
            "FileHash-MD5": 1418,
            "FileHash-SHA1": 1413,
            "domain": 1263,
            "URL": 1550,
            "email": 27,
            "IPv6": 8,
            "CVE": 5
          },
          "indicator_count": 12532,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "656aafd0e93efa420f74123c",
          "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
          "description": "",
          "modified": "2024-10-12T01:00:47.836000",
          "created": "2023-12-02T04:17:20.189000",
          "tags": [
            "ssl certificate",
            "contacted",
            "threat roundup",
            "whois record",
            "communicating",
            "subdomains",
            "resolutions",
            "june",
            "july",
            "october",
            "august",
            "noname057",
            "generic malware",
            "ice fog",
            "tag count",
            "thu nov",
            "threat report",
            "ip summary",
            "url summary",
            "summary",
            "sample",
            "first",
            "generic",
            "detection list",
            "blacklist http",
            "cisco umbrella",
            "site",
            "heur",
            "alexa top",
            "safe site",
            "million",
            "malware",
            "alexa",
            "malware site",
            "malicious site",
            "unsafe",
            "artemis",
            "fakealert",
            "exploit",
            "opencandy",
            "riskware",
            "genkryptik",
            "iframe",
            "tiggre",
            "presenoker",
            "agent",
            "conduit",
            "wacatac",
            "phishing",
            "redline stealer",
            "dropper",
            "cobalt strike",
            "acint",
            "nircmd",
            "swrort",
            "downldr",
            "systweak",
            "behav",
            "crack",
            "filetour",
            "cleaner",
            "installpack",
            "xrat",
            "fusioncore",
            "azorult",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "blacknet rat",
            "stealer",
            "maltiverse",
            "webtoolbar",
            "trojanspy",
            "united",
            "engineering",
            "cyber threat",
            "phishing site",
            "america",
            "emotet",
            "zbot",
            "malicious",
            "steam",
            "team",
            "indonesia",
            "miner",
            "ransomware",
            "ramnit",
            "pe resource",
            "historical ssl",
            "execution",
            "hacktool",
            "metasploit",
            "relic",
            "monitoring",
            "android",
            "skynet",
            "et",
            "anonymizer",
            "trojanx",
            "back",
            "laplasclipper",
            "win64",
            "trojan",
            "ghost rat",
            "suppobox",
            "asyncrat",
            "union",
            "samples",
            "blacklist",
            "malicious url",
            "hostname",
            "hostnames",
            "tsara brashears",
            "reinsurance",
            "pinnacol insurance",
            "industry and commerce",
            "state",
            "danger",
            "warning",
            "nr-data.net",
            "apple",
            "data.net",
            "asp.net",
            "domains",
            "hashes",
            "reverse dns",
            "general full",
            "resource",
            "software",
            "asn15169",
            "google",
            "url http",
            "server",
            "hash",
            "get h2",
            "main",
            "cookie",
            "thu dec",
            "germany",
            "frankfurt",
            "netherlands",
            "asn20446",
            "highwinds3",
            "page url",
            "search live",
            "api blog",
            "docs pricing",
            "tags",
            "november",
            "us summary",
            "http",
            "google safe",
            "browsing",
            "adware",
            "xtrat",
            "firehol",
            "microsoft",
            "control server",
            "services",
            "msil",
            "hiloti",
            "asn16509",
            "amazon02",
            "fastly",
            "asn54113",
            "prague",
            "login",
            "listen live",
            "centura health",
            "colorado jobs",
            "eeo public",
            "filing url",
            "blacklist https",
            "mimikatz",
            "beach research",
            "de indicators",
            "copyright",
            "gmbh version",
            "follow",
            "softcnapp",
            "philadelphia",
            "gamehack",
            "value",
            "line",
            "variables",
            "nreum",
            "postrelease",
            "url https",
            "security tls",
            "protocol h2",
            "name value",
            "scam",
            "gesponsert url",
            "outputldjh",
            "oid2",
            "uhis2",
            "uh1200",
            "uw1600",
            "uah1200",
            "uaw1600",
            "ucd24",
            "usd1",
            "utz60",
            "no data",
            "coinminer",
            "ip address",
            "exchange",
            "http attacker",
            "states",
            "jimburkedentistry",
            "leder-family",
            "adam lee",
            "erika lee",
            "malvertizing"
          ],
          "references": [
            "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
            "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
            "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
            "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
            "http://tracks.theleders.family",
            "photos.theleders.family",
            "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
            "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
            "http://mobtrack.trkclk.net",
            "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
            "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "nr-data.net",
            "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
            "103.233.208.9                    (CNC IP)",
            "apex.jquery.com             (scammer | works for who?)",
            "api.useragentswitch.com",
            "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
            "dns.google                          (DNS client services - Doug Cole)",
            "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
            "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
            "apple-dns.net",
            "emails.redvue.com  (apple DNS w/amvima)",
            "142.250.180.4 (init.ess)",
            "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
            "freeimdatingsites.thomasdobo.eu",
            "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
            "https://urlscan.io/domain/maxwam.tk",
            "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Generic",
              "display_name": "Generic",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "WebToolbar",
              "display_name": "WebToolbar",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "ET",
              "display_name": "ET",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "GameHack",
              "display_name": "GameHack",
              "target": null
            },
            {
              "id": "States",
              "display_name": "States",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1123",
              "name": "Audio Capture",
              "display_name": "T1123 - Audio Capture"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "6562908e28e6cdc237fbf8db",
          "export_count": 107,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1956,
            "FileHash-SHA1": 867,
            "FileHash-SHA256": 3895,
            "URL": 11195,
            "domain": 2959,
            "hostname": 3575,
            "CVE": 16,
            "SSLCertFingerprint": 1,
            "email": 1
          },
          "indicator_count": 24465,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 233,
          "modified_text": "596 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66cd067460192107bd6e4022",
          "name": "discuz.net",
          "description": "",
          "modified": "2024-08-26T22:49:24.887000",
          "created": "2024-08-26T22:49:24.887000",
          "tags": [
            "qq"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "skocherhan",
            "id": "249290",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 59
          },
          "indicator_count": 59,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 182,
          "modified_text": "642 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6562908e28e6cdc237fbf8db",
          "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
          "description": "",
          "modified": "2023-12-26T00:03:03.925000",
          "created": "2023-11-26T00:25:50.529000",
          "tags": [
            "ssl certificate",
            "contacted",
            "threat roundup",
            "whois record",
            "communicating",
            "subdomains",
            "resolutions",
            "june",
            "july",
            "october",
            "august",
            "noname057",
            "generic malware",
            "ice fog",
            "tag count",
            "thu nov",
            "threat report",
            "ip summary",
            "url summary",
            "summary",
            "sample",
            "first",
            "generic",
            "detection list",
            "blacklist http",
            "cisco umbrella",
            "site",
            "heur",
            "alexa top",
            "safe site",
            "million",
            "malware",
            "alexa",
            "malware site",
            "malicious site",
            "unsafe",
            "artemis",
            "fakealert",
            "exploit",
            "opencandy",
            "riskware",
            "genkryptik",
            "iframe",
            "tiggre",
            "presenoker",
            "agent",
            "conduit",
            "wacatac",
            "phishing",
            "redline stealer",
            "dropper",
            "cobalt strike",
            "acint",
            "nircmd",
            "swrort",
            "downldr",
            "systweak",
            "behav",
            "crack",
            "filetour",
            "cleaner",
            "installpack",
            "xrat",
            "fusioncore",
            "azorult",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "blacknet rat",
            "stealer",
            "maltiverse",
            "webtoolbar",
            "trojanspy",
            "united",
            "engineering",
            "cyber threat",
            "phishing site",
            "america",
            "emotet",
            "zbot",
            "malicious",
            "steam",
            "team",
            "indonesia",
            "miner",
            "ransomware",
            "ramnit",
            "pe resource",
            "historical ssl",
            "execution",
            "hacktool",
            "metasploit",
            "relic",
            "monitoring",
            "android",
            "skynet",
            "et",
            "anonymizer",
            "trojanx",
            "back",
            "laplasclipper",
            "win64",
            "trojan",
            "ghost rat",
            "suppobox",
            "asyncrat",
            "union",
            "samples",
            "blacklist",
            "malicious url",
            "hostname",
            "hostnames",
            "tsara brashears",
            "reinsurance",
            "pinnacol insurance",
            "industry and commerce",
            "state",
            "danger",
            "warning",
            "nr-data.net",
            "apple",
            "data.net",
            "asp.net",
            "domains",
            "hashes",
            "reverse dns",
            "general full",
            "resource",
            "software",
            "asn15169",
            "google",
            "url http",
            "server",
            "hash",
            "get h2",
            "main",
            "cookie",
            "thu dec",
            "germany",
            "frankfurt",
            "netherlands",
            "asn20446",
            "highwinds3",
            "page url",
            "search live",
            "api blog",
            "docs pricing",
            "tags",
            "november",
            "us summary",
            "http",
            "google safe",
            "browsing",
            "adware",
            "xtrat",
            "firehol",
            "microsoft",
            "control server",
            "services",
            "msil",
            "hiloti",
            "asn16509",
            "amazon02",
            "fastly",
            "asn54113",
            "prague",
            "login",
            "listen live",
            "centura health",
            "colorado jobs",
            "eeo public",
            "filing url",
            "blacklist https",
            "mimikatz",
            "beach research",
            "de indicators",
            "copyright",
            "gmbh version",
            "follow",
            "softcnapp",
            "philadelphia",
            "gamehack",
            "value",
            "line",
            "variables",
            "nreum",
            "postrelease",
            "url https",
            "security tls",
            "protocol h2",
            "name value",
            "scam",
            "gesponsert url",
            "outputldjh",
            "oid2",
            "uhis2",
            "uh1200",
            "uw1600",
            "uah1200",
            "uaw1600",
            "ucd24",
            "usd1",
            "utz60",
            "no data",
            "coinminer",
            "ip address",
            "exchange",
            "http attacker",
            "states",
            "jimburkedentistry",
            "leder-family",
            "adam lee",
            "erika lee",
            "malvertizing"
          ],
          "references": [
            "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
            "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
            "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
            "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
            "http://tracks.theleders.family",
            "photos.theleders.family",
            "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
            "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
            "http://mobtrack.trkclk.net",
            "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
            "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "nr-data.net",
            "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
            "103.233.208.9                    (CNC IP)",
            "apex.jquery.com             (scammer | works for who?)",
            "api.useragentswitch.com",
            "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
            "dns.google                          (DNS client services - Doug Cole)",
            "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
            "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
            "apple-dns.net",
            "emails.redvue.com  (apple DNS w/amvima)",
            "142.250.180.4 (init.ess)",
            "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
            "freeimdatingsites.thomasdobo.eu",
            "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
            "https://urlscan.io/domain/maxwam.tk",
            "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Generic",
              "display_name": "Generic",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "WebToolbar",
              "display_name": "WebToolbar",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "ET",
              "display_name": "ET",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "GameHack",
              "display_name": "GameHack",
              "target": null
            },
            {
              "id": "States",
              "display_name": "States",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1123",
              "name": "Audio Capture",
              "display_name": "T1123 - Audio Capture"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 83,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1956,
            "FileHash-SHA1": 867,
            "FileHash-SHA256": 3751,
            "URL": 10878,
            "domain": 2914,
            "hostname": 3520,
            "CVE": 16
          },
          "indicator_count": 23902,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "887 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "656aafce24b001cba328dcbc",
          "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
          "description": "",
          "modified": "2023-12-26T00:03:03.925000",
          "created": "2023-12-02T04:17:18.188000",
          "tags": [
            "ssl certificate",
            "contacted",
            "threat roundup",
            "whois record",
            "communicating",
            "subdomains",
            "resolutions",
            "june",
            "july",
            "october",
            "august",
            "noname057",
            "generic malware",
            "ice fog",
            "tag count",
            "thu nov",
            "threat report",
            "ip summary",
            "url summary",
            "summary",
            "sample",
            "first",
            "generic",
            "detection list",
            "blacklist http",
            "cisco umbrella",
            "site",
            "heur",
            "alexa top",
            "safe site",
            "million",
            "malware",
            "alexa",
            "malware site",
            "malicious site",
            "unsafe",
            "artemis",
            "fakealert",
            "exploit",
            "opencandy",
            "riskware",
            "genkryptik",
            "iframe",
            "tiggre",
            "presenoker",
            "agent",
            "conduit",
            "wacatac",
            "phishing",
            "redline stealer",
            "dropper",
            "cobalt strike",
            "acint",
            "nircmd",
            "swrort",
            "downldr",
            "systweak",
            "behav",
            "crack",
            "filetour",
            "cleaner",
            "installpack",
            "xrat",
            "fusioncore",
            "azorult",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "blacknet rat",
            "stealer",
            "maltiverse",
            "webtoolbar",
            "trojanspy",
            "united",
            "engineering",
            "cyber threat",
            "phishing site",
            "america",
            "emotet",
            "zbot",
            "malicious",
            "steam",
            "team",
            "indonesia",
            "miner",
            "ransomware",
            "ramnit",
            "pe resource",
            "historical ssl",
            "execution",
            "hacktool",
            "metasploit",
            "relic",
            "monitoring",
            "android",
            "skynet",
            "et",
            "anonymizer",
            "trojanx",
            "back",
            "laplasclipper",
            "win64",
            "trojan",
            "ghost rat",
            "suppobox",
            "asyncrat",
            "union",
            "samples",
            "blacklist",
            "malicious url",
            "hostname",
            "hostnames",
            "tsara brashears",
            "reinsurance",
            "pinnacol insurance",
            "industry and commerce",
            "state",
            "danger",
            "warning",
            "nr-data.net",
            "apple",
            "data.net",
            "asp.net",
            "domains",
            "hashes",
            "reverse dns",
            "general full",
            "resource",
            "software",
            "asn15169",
            "google",
            "url http",
            "server",
            "hash",
            "get h2",
            "main",
            "cookie",
            "thu dec",
            "germany",
            "frankfurt",
            "netherlands",
            "asn20446",
            "highwinds3",
            "page url",
            "search live",
            "api blog",
            "docs pricing",
            "tags",
            "november",
            "us summary",
            "http",
            "google safe",
            "browsing",
            "adware",
            "xtrat",
            "firehol",
            "microsoft",
            "control server",
            "services",
            "msil",
            "hiloti",
            "asn16509",
            "amazon02",
            "fastly",
            "asn54113",
            "prague",
            "login",
            "listen live",
            "centura health",
            "colorado jobs",
            "eeo public",
            "filing url",
            "blacklist https",
            "mimikatz",
            "beach research",
            "de indicators",
            "copyright",
            "gmbh version",
            "follow",
            "softcnapp",
            "philadelphia",
            "gamehack",
            "value",
            "line",
            "variables",
            "nreum",
            "postrelease",
            "url https",
            "security tls",
            "protocol h2",
            "name value",
            "scam",
            "gesponsert url",
            "outputldjh",
            "oid2",
            "uhis2",
            "uh1200",
            "uw1600",
            "uah1200",
            "uaw1600",
            "ucd24",
            "usd1",
            "utz60",
            "no data",
            "coinminer",
            "ip address",
            "exchange",
            "http attacker",
            "states",
            "jimburkedentistry",
            "leder-family",
            "adam lee",
            "erika lee",
            "malvertizing"
          ],
          "references": [
            "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
            "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
            "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
            "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
            "http://tracks.theleders.family",
            "photos.theleders.family",
            "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
            "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
            "http://mobtrack.trkclk.net",
            "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
            "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "nr-data.net",
            "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
            "103.233.208.9                    (CNC IP)",
            "apex.jquery.com             (scammer | works for who?)",
            "api.useragentswitch.com",
            "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
            "dns.google                          (DNS client services - Doug Cole)",
            "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
            "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
            "apple-dns.net",
            "emails.redvue.com  (apple DNS w/amvima)",
            "142.250.180.4 (init.ess)",
            "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
            "freeimdatingsites.thomasdobo.eu",
            "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
            "https://urlscan.io/domain/maxwam.tk",
            "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Generic",
              "display_name": "Generic",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            },
            {
              "id": "WebToolbar",
              "display_name": "WebToolbar",
              "target": null
            },
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "ET",
              "display_name": "ET",
              "target": null
            },
            {
              "id": "Beach Research",
              "display_name": "Beach Research",
              "target": null
            },
            {
              "id": "GameHack",
              "display_name": "GameHack",
              "target": null
            },
            {
              "id": "States",
              "display_name": "States",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1123",
              "name": "Audio Capture",
              "display_name": "T1123 - Audio Capture"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "6562908e28e6cdc237fbf8db",
          "export_count": 78,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1956,
            "FileHash-SHA1": 867,
            "FileHash-SHA256": 3751,
            "URL": 10878,
            "domain": 2914,
            "hostname": 3520,
            "CVE": 16
          },
          "indicator_count": 23902,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 229,
          "modified_text": "887 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "657091100e9f5aa6eb534fb4",
          "name": "vmt/geosite.dat at main \u00b7 wegare123/vmt \u00b7 GitHub -  brocaproject.com - hmmm  cert ca issue",
          "description": "",
          "modified": "2023-12-06T15:19:44.839000",
          "created": "2023-12-06T15:19:44.839000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 2410,
            "hostname": 3653,
            "domain": 2723,
            "URL": 442
          },
          "indicator_count": 9228,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708bf87a08635a650eeb9b",
          "name": "ctgserver.net",
          "description": "",
          "modified": "2023-12-06T14:58:00.096000",
          "created": "2023-12-06T14:58:00.096000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1286,
            "domain": 560,
            "hostname": 1602,
            "URL": 7975,
            "FileHash-MD5": 85,
            "FileHash-SHA1": 1
          },
          "indicator_count": 11509,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65708befc4f4c7e2be4370d9",
          "name": "ctgserver.net",
          "description": "",
          "modified": "2023-12-06T14:57:51.922000",
          "created": "2023-12-06T14:57:51.922000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1286,
            "domain": 560,
            "hostname": 1602,
            "URL": 7975,
            "FileHash-MD5": 85,
            "FileHash-SHA1": 1
          },
          "indicator_count": 11509,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "657081115ba7cb3bfd71927f",
          "name": "prod-chatman-ancillary-eu-central-1.pscp.tv - vt graph json and all ioc's - comparable",
          "description": "",
          "modified": "2023-12-06T14:11:29.905000",
          "created": "2023-12-06T14:11:29.905000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 667,
            "hostname": 257,
            "domain": 97,
            "URL": 475
          },
          "indicator_count": 1496,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "62ef13ad6547ed183dba3f3c",
          "name": "vmt/geosite.dat at main \u00b7 wegare123/vmt \u00b7 GitHub -  brocaproject.com - hmmm  cert ca issue",
          "description": "see im reading that domain as bro ca project",
          "modified": "2022-08-07T01:21:49.761000",
          "created": "2022-08-07T01:21:49.761000",
          "tags": [
            "strong",
            "github",
            "jump",
            "github desktop",
            "sign",
            "iosrulescript",
            "quantumult",
            "boxjs",
            "chouchoui",
            "code issues",
            "contact",
            "star",
            "desktop",
            "stars",
            "footer",
            "view",
            "pull",
            "wiki security",
            "unicode",
            "copy",
            "wegare123vmt",
            "phoenix",
            "jquery",
            "discord",
            "ruby",
            "chinaz",
            "startpage"
          ],
          "references": [
            "geosite.dat.html",
            "https://github.com/blackmatrix7/ios_rule_script"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 11,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "dorkingbeauty1",
            "id": "80137",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 2410,
            "hostname": 3653,
            "URL": 442,
            "domain": 2723
          },
          "indicator_count": 9228,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 395,
          "modified_text": "1393 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "625eff927c93e3e5cd50e191",
          "name": "ctgserver.net",
          "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.",
          "modified": "2022-05-19T00:00:49.028000",
          "created": "2022-04-19T18:29:38.810000",
          "tags": [
            "0x1d3c",
            "function",
            "json",
            "date",
            "0x3abb84",
            "0x400e43",
            "0x4e2be0",
            "0x27ecdf",
            "this",
            "0x217f25",
            "webview",
            "array",
            "typeof e",
            "regexp",
            "null",
            "object",
            "string",
            "post",
            "typeof r",
            "error",
            "android",
            "void",
            "math",
            "k3wc3w",
            "o4wo4w",
            "b0z1",
            "a4r1",
            "b2bbbb",
            "o5r1",
            "image",
            "typeof s",
            "typeof console",
            "contenttype",
            "number",
            "60number",
            "new date",
            "close",
            "sector",
            "typeof symbol",
            "crispclient",
            "crisp im",
            "typeof b",
            "width",
            "pseudo",
            "child",
            "sufeffxa0",
            "class",
            "accept"
          ],
          "references": [
            "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js",
            "https://client.crisp.chat/l.js",
            "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=",
            "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js",
            "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js",
            "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102",
            "http://push.zhanzhang.baidu.com/push.js",
            "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798",
            "http://static.geetest.com/static/js/geetest.6.0.9.js",
            "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575",
            "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js",
            "https://sofire.bdstatic.com/js/dfxaf.js",
            "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190",
            "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=",
            "xfe-URL-Zhuzi.me-stix2-2.1-export.json"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "adjadex1@gmail.com",
            "id": "187163",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 7975,
            "FileHash-SHA256": 1286,
            "hostname": 1602,
            "domain": 560,
            "FileHash-MD5": 85,
            "FileHash-SHA1": 1
          },
          "indicator_count": 11509,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "1473 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "625effa1c4edcef37385c4eb",
          "name": "ctgserver.net",
          "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.",
          "modified": "2022-05-19T00:00:49.028000",
          "created": "2022-04-19T18:29:53.960000",
          "tags": [
            "0x1d3c",
            "function",
            "json",
            "date",
            "0x3abb84",
            "0x400e43",
            "0x4e2be0",
            "0x27ecdf",
            "this",
            "0x217f25",
            "webview",
            "array",
            "typeof e",
            "regexp",
            "null",
            "object",
            "string",
            "post",
            "typeof r",
            "error",
            "android",
            "void",
            "math",
            "k3wc3w",
            "o4wo4w",
            "b0z1",
            "a4r1",
            "b2bbbb",
            "o5r1",
            "image",
            "typeof s",
            "typeof console",
            "contenttype",
            "number",
            "60number",
            "new date",
            "close",
            "sector",
            "typeof symbol",
            "crispclient",
            "crisp im",
            "typeof b",
            "width",
            "pseudo",
            "child",
            "sufeffxa0",
            "class",
            "accept"
          ],
          "references": [
            "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js",
            "https://client.crisp.chat/l.js",
            "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=",
            "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js",
            "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js",
            "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102",
            "http://push.zhanzhang.baidu.com/push.js",
            "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798",
            "http://static.geetest.com/static/js/geetest.6.0.9.js",
            "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575",
            "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js",
            "https://sofire.bdstatic.com/js/dfxaf.js",
            "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190",
            "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=",
            "xfe-URL-Zhuzi.me-stix2-2.1-export.json"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 4,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "adjadex1@gmail.com",
            "id": "187163",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 7975,
            "FileHash-SHA256": 1286,
            "hostname": 1602,
            "domain": 560,
            "FileHash-MD5": 85,
            "FileHash-SHA1": 1
          },
          "indicator_count": 11509,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 69,
          "modified_text": "1473 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6228e039116c659f44bb8c9d",
          "name": "prod-chatman-ancillary-eu-central-1.pscp.tv - vt graph json and all ioc's - comparable",
          "description": "",
          "modified": "2022-04-08T00:05:40.239000",
          "created": "2022-03-09T17:13:29.894000",
          "tags": [
            "whois record",
            "ssl certificate",
            "https://www.virustotal.com/graph/g4a31cf657fde440787d5427c474241"
          ],
          "references": [
            "https://www.virustotal.com/graph/g4a31cf657fde440787d5427c474241d3a8454e41f1574e78b0f88c719846d481"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "dorkingbeauty1",
            "id": "80137",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 257,
            "URL": 475,
            "domain": 97,
            "FileHash-SHA256": 667
          },
          "indicator_count": 1496,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 394,
          "modified_text": "1514 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://github.com/blackmatrix7/ios_rule_script",
        "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
        "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
        "photos.theleders.family",
        "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js",
        "emails.redvue.com  (apple DNS w/amvima)",
        "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190",
        "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js",
        "103.233.208.9                    (CNC IP)",
        "https://sofire.bdstatic.com/js/dfxaf.js",
        "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
        "api.useragentswitch.com",
        "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
        "xfe-URL-Zhuzi.me-stix2-2.1-export.json",
        "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=",
        "apple-dns.net",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B",
        "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
        "https://urlscan.io/domain/maxwam.tk",
        "nr-data.net",
        "http://push.zhanzhang.baidu.com/push.js",
        "https://www.virustotal.com/graph/g4a31cf657fde440787d5427c474241d3a8454e41f1574e78b0f88c719846d481",
        "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js",
        "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
        "http://tracks.theleders.family",
        "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
        "142.250.180.4 (init.ess)",
        "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
        "freeimdatingsites.thomasdobo.eu",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
        "apex.jquery.com             (scammer | works for who?)",
        "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798",
        "dns.google                          (DNS client services - Doug Cole)",
        "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575",
        "http://static.geetest.com/static/js/geetest.6.0.9.js",
        "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
        "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=",
        "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
        "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
        "https://client.crisp.chat/l.js",
        "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
        "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators",
        "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js",
        "http://mobtrack.trkclk.net",
        "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
        "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
        "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
        "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
        "geosite.dat.html",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
        "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Webtoolbar",
            "Gamehack",
            "Maltiverse",
            "States",
            "Generic",
            "Trojanspy",
            "Et",
            "Beach research"
          ],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 13,
  "pulses": [
    {
      "id": "6a103de1e71756a0b58ce416",
      "name": "secret camera * VirusTotal Windows Sandbox",
      "description": "[100s of thousands of people have signed a petition calling for an end to the use of the word \"sex\" in the wake of a fatal accident in London's West Bromwich, which left 11 people dead]<what is this?",
      "modified": "2026-05-22T12:27:31.937000",
      "created": "2026-05-22T11:28:33.791000",
      "tags": [
        "windows sandbox",
        "clear filters",
        "file type",
        "ascii text",
        "pe file",
        "https",
        "ms windows",
        "svg scalable",
        "vector graphics",
        "elite",
        "tls version",
        "unicode text",
        "persistence",
        "malicious",
        "next",
        "default",
        "parent pid",
        "full path",
        "command line",
        "inprocserver32",
        "data",
        "datacrashpad",
        "k localservice",
        "s ngcsvc",
        "s ngcctnrsvc",
        "windir",
        "registry",
        "basic",
        "file name",
        "pe32 executable",
        "intel",
        "file size",
        "sha1",
        "files mitre",
        "windows user",
        "account control",
        "windows",
        "forms",
        "source source",
        "command",
        "enterprise",
        "close",
        "strong",
        "library",
        "address virtual",
        "none rticon",
        "cname",
        "mwdb",
        "bazaar",
        "sha3384",
        "accept",
        "tofsee",
        "shutdown",
        "stream",
        "string id",
        "x5173x95ed",
        "control",
        "wixbundlename",
        "x53d6x6d88",
        "copyright",
        "width",
        "height",
        "helptext",
        "repair",
        "calls process",
        "Camera",
        "Spyware",
        "illegal",
        "test recall",
        "test recall task 5/12/25"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
        "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1539",
          "name": "Steal Web Session Cookie",
          "display_name": "T1539 - Steal Web Session Cookie"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1486",
          "name": "Data Encrypted for Impact",
          "display_name": "T1486 - Data Encrypted for Impact"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 4759,
        "hostname": 1513,
        "IPv4": 576,
        "FileHash-MD5": 1418,
        "FileHash-SHA1": 1413,
        "domain": 1263,
        "URL": 1550,
        "email": 27,
        "IPv6": 8,
        "CVE": 5
      },
      "indicator_count": 12532,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "656aafd0e93efa420f74123c",
      "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
      "description": "",
      "modified": "2024-10-12T01:00:47.836000",
      "created": "2023-12-02T04:17:20.189000",
      "tags": [
        "ssl certificate",
        "contacted",
        "threat roundup",
        "whois record",
        "communicating",
        "subdomains",
        "resolutions",
        "june",
        "july",
        "october",
        "august",
        "noname057",
        "generic malware",
        "ice fog",
        "tag count",
        "thu nov",
        "threat report",
        "ip summary",
        "url summary",
        "summary",
        "sample",
        "first",
        "generic",
        "detection list",
        "blacklist http",
        "cisco umbrella",
        "site",
        "heur",
        "alexa top",
        "safe site",
        "million",
        "malware",
        "alexa",
        "malware site",
        "malicious site",
        "unsafe",
        "artemis",
        "fakealert",
        "exploit",
        "opencandy",
        "riskware",
        "genkryptik",
        "iframe",
        "tiggre",
        "presenoker",
        "agent",
        "conduit",
        "wacatac",
        "phishing",
        "redline stealer",
        "dropper",
        "cobalt strike",
        "acint",
        "nircmd",
        "swrort",
        "downldr",
        "systweak",
        "behav",
        "crack",
        "filetour",
        "cleaner",
        "installpack",
        "xrat",
        "fusioncore",
        "azorult",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "blacknet rat",
        "stealer",
        "maltiverse",
        "webtoolbar",
        "trojanspy",
        "united",
        "engineering",
        "cyber threat",
        "phishing site",
        "america",
        "emotet",
        "zbot",
        "malicious",
        "steam",
        "team",
        "indonesia",
        "miner",
        "ransomware",
        "ramnit",
        "pe resource",
        "historical ssl",
        "execution",
        "hacktool",
        "metasploit",
        "relic",
        "monitoring",
        "android",
        "skynet",
        "et",
        "anonymizer",
        "trojanx",
        "back",
        "laplasclipper",
        "win64",
        "trojan",
        "ghost rat",
        "suppobox",
        "asyncrat",
        "union",
        "samples",
        "blacklist",
        "malicious url",
        "hostname",
        "hostnames",
        "tsara brashears",
        "reinsurance",
        "pinnacol insurance",
        "industry and commerce",
        "state",
        "danger",
        "warning",
        "nr-data.net",
        "apple",
        "data.net",
        "asp.net",
        "domains",
        "hashes",
        "reverse dns",
        "general full",
        "resource",
        "software",
        "asn15169",
        "google",
        "url http",
        "server",
        "hash",
        "get h2",
        "main",
        "cookie",
        "thu dec",
        "germany",
        "frankfurt",
        "netherlands",
        "asn20446",
        "highwinds3",
        "page url",
        "search live",
        "api blog",
        "docs pricing",
        "tags",
        "november",
        "us summary",
        "http",
        "google safe",
        "browsing",
        "adware",
        "xtrat",
        "firehol",
        "microsoft",
        "control server",
        "services",
        "msil",
        "hiloti",
        "asn16509",
        "amazon02",
        "fastly",
        "asn54113",
        "prague",
        "login",
        "listen live",
        "centura health",
        "colorado jobs",
        "eeo public",
        "filing url",
        "blacklist https",
        "mimikatz",
        "beach research",
        "de indicators",
        "copyright",
        "gmbh version",
        "follow",
        "softcnapp",
        "philadelphia",
        "gamehack",
        "value",
        "line",
        "variables",
        "nreum",
        "postrelease",
        "url https",
        "security tls",
        "protocol h2",
        "name value",
        "scam",
        "gesponsert url",
        "outputldjh",
        "oid2",
        "uhis2",
        "uh1200",
        "uw1600",
        "uah1200",
        "uaw1600",
        "ucd24",
        "usd1",
        "utz60",
        "no data",
        "coinminer",
        "ip address",
        "exchange",
        "http attacker",
        "states",
        "jimburkedentistry",
        "leder-family",
        "adam lee",
        "erika lee",
        "malvertizing"
      ],
      "references": [
        "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
        "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
        "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
        "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
        "http://tracks.theleders.family",
        "photos.theleders.family",
        "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
        "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
        "http://mobtrack.trkclk.net",
        "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
        "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "nr-data.net",
        "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
        "103.233.208.9                    (CNC IP)",
        "apex.jquery.com             (scammer | works for who?)",
        "api.useragentswitch.com",
        "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
        "dns.google                          (DNS client services - Doug Cole)",
        "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
        "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
        "apple-dns.net",
        "emails.redvue.com  (apple DNS w/amvima)",
        "142.250.180.4 (init.ess)",
        "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
        "freeimdatingsites.thomasdobo.eu",
        "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
        "https://urlscan.io/domain/maxwam.tk",
        "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [
        {
          "id": "Generic",
          "display_name": "Generic",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "WebToolbar",
          "display_name": "WebToolbar",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "ET",
          "display_name": "ET",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "GameHack",
          "display_name": "GameHack",
          "target": null
        },
        {
          "id": "States",
          "display_name": "States",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1176",
          "name": "Browser Extensions",
          "display_name": "T1176 - Browser Extensions"
        },
        {
          "id": "T1123",
          "name": "Audio Capture",
          "display_name": "T1123 - Audio Capture"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": "6562908e28e6cdc237fbf8db",
      "export_count": 107,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1956,
        "FileHash-SHA1": 867,
        "FileHash-SHA256": 3895,
        "URL": 11195,
        "domain": 2959,
        "hostname": 3575,
        "CVE": 16,
        "SSLCertFingerprint": 1,
        "email": 1
      },
      "indicator_count": 24465,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 233,
      "modified_text": "596 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "66cd067460192107bd6e4022",
      "name": "discuz.net",
      "description": "",
      "modified": "2024-08-26T22:49:24.887000",
      "created": "2024-08-26T22:49:24.887000",
      "tags": [
        "qq"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 6,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "skocherhan",
        "id": "249290",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 59
      },
      "indicator_count": 59,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 182,
      "modified_text": "642 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6562908e28e6cdc237fbf8db",
      "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
      "description": "",
      "modified": "2023-12-26T00:03:03.925000",
      "created": "2023-11-26T00:25:50.529000",
      "tags": [
        "ssl certificate",
        "contacted",
        "threat roundup",
        "whois record",
        "communicating",
        "subdomains",
        "resolutions",
        "june",
        "july",
        "october",
        "august",
        "noname057",
        "generic malware",
        "ice fog",
        "tag count",
        "thu nov",
        "threat report",
        "ip summary",
        "url summary",
        "summary",
        "sample",
        "first",
        "generic",
        "detection list",
        "blacklist http",
        "cisco umbrella",
        "site",
        "heur",
        "alexa top",
        "safe site",
        "million",
        "malware",
        "alexa",
        "malware site",
        "malicious site",
        "unsafe",
        "artemis",
        "fakealert",
        "exploit",
        "opencandy",
        "riskware",
        "genkryptik",
        "iframe",
        "tiggre",
        "presenoker",
        "agent",
        "conduit",
        "wacatac",
        "phishing",
        "redline stealer",
        "dropper",
        "cobalt strike",
        "acint",
        "nircmd",
        "swrort",
        "downldr",
        "systweak",
        "behav",
        "crack",
        "filetour",
        "cleaner",
        "installpack",
        "xrat",
        "fusioncore",
        "azorult",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "blacknet rat",
        "stealer",
        "maltiverse",
        "webtoolbar",
        "trojanspy",
        "united",
        "engineering",
        "cyber threat",
        "phishing site",
        "america",
        "emotet",
        "zbot",
        "malicious",
        "steam",
        "team",
        "indonesia",
        "miner",
        "ransomware",
        "ramnit",
        "pe resource",
        "historical ssl",
        "execution",
        "hacktool",
        "metasploit",
        "relic",
        "monitoring",
        "android",
        "skynet",
        "et",
        "anonymizer",
        "trojanx",
        "back",
        "laplasclipper",
        "win64",
        "trojan",
        "ghost rat",
        "suppobox",
        "asyncrat",
        "union",
        "samples",
        "blacklist",
        "malicious url",
        "hostname",
        "hostnames",
        "tsara brashears",
        "reinsurance",
        "pinnacol insurance",
        "industry and commerce",
        "state",
        "danger",
        "warning",
        "nr-data.net",
        "apple",
        "data.net",
        "asp.net",
        "domains",
        "hashes",
        "reverse dns",
        "general full",
        "resource",
        "software",
        "asn15169",
        "google",
        "url http",
        "server",
        "hash",
        "get h2",
        "main",
        "cookie",
        "thu dec",
        "germany",
        "frankfurt",
        "netherlands",
        "asn20446",
        "highwinds3",
        "page url",
        "search live",
        "api blog",
        "docs pricing",
        "tags",
        "november",
        "us summary",
        "http",
        "google safe",
        "browsing",
        "adware",
        "xtrat",
        "firehol",
        "microsoft",
        "control server",
        "services",
        "msil",
        "hiloti",
        "asn16509",
        "amazon02",
        "fastly",
        "asn54113",
        "prague",
        "login",
        "listen live",
        "centura health",
        "colorado jobs",
        "eeo public",
        "filing url",
        "blacklist https",
        "mimikatz",
        "beach research",
        "de indicators",
        "copyright",
        "gmbh version",
        "follow",
        "softcnapp",
        "philadelphia",
        "gamehack",
        "value",
        "line",
        "variables",
        "nreum",
        "postrelease",
        "url https",
        "security tls",
        "protocol h2",
        "name value",
        "scam",
        "gesponsert url",
        "outputldjh",
        "oid2",
        "uhis2",
        "uh1200",
        "uw1600",
        "uah1200",
        "uaw1600",
        "ucd24",
        "usd1",
        "utz60",
        "no data",
        "coinminer",
        "ip address",
        "exchange",
        "http attacker",
        "states",
        "jimburkedentistry",
        "leder-family",
        "adam lee",
        "erika lee",
        "malvertizing"
      ],
      "references": [
        "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
        "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
        "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
        "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
        "http://tracks.theleders.family",
        "photos.theleders.family",
        "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
        "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
        "http://mobtrack.trkclk.net",
        "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
        "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "nr-data.net",
        "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
        "103.233.208.9                    (CNC IP)",
        "apex.jquery.com             (scammer | works for who?)",
        "api.useragentswitch.com",
        "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
        "dns.google                          (DNS client services - Doug Cole)",
        "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
        "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
        "apple-dns.net",
        "emails.redvue.com  (apple DNS w/amvima)",
        "142.250.180.4 (init.ess)",
        "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
        "freeimdatingsites.thomasdobo.eu",
        "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
        "https://urlscan.io/domain/maxwam.tk",
        "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [
        {
          "id": "Generic",
          "display_name": "Generic",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "WebToolbar",
          "display_name": "WebToolbar",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "ET",
          "display_name": "ET",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "GameHack",
          "display_name": "GameHack",
          "target": null
        },
        {
          "id": "States",
          "display_name": "States",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1176",
          "name": "Browser Extensions",
          "display_name": "T1176 - Browser Extensions"
        },
        {
          "id": "T1123",
          "name": "Audio Capture",
          "display_name": "T1123 - Audio Capture"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 83,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1956,
        "FileHash-SHA1": 867,
        "FileHash-SHA256": 3751,
        "URL": 10878,
        "domain": 2914,
        "hostname": 3520,
        "CVE": 16
      },
      "indicator_count": 23902,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 222,
      "modified_text": "887 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "656aafce24b001cba328dcbc",
      "name": "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
      "description": "",
      "modified": "2023-12-26T00:03:03.925000",
      "created": "2023-12-02T04:17:18.188000",
      "tags": [
        "ssl certificate",
        "contacted",
        "threat roundup",
        "whois record",
        "communicating",
        "subdomains",
        "resolutions",
        "june",
        "july",
        "october",
        "august",
        "noname057",
        "generic malware",
        "ice fog",
        "tag count",
        "thu nov",
        "threat report",
        "ip summary",
        "url summary",
        "summary",
        "sample",
        "first",
        "generic",
        "detection list",
        "blacklist http",
        "cisco umbrella",
        "site",
        "heur",
        "alexa top",
        "safe site",
        "million",
        "malware",
        "alexa",
        "malware site",
        "malicious site",
        "unsafe",
        "artemis",
        "fakealert",
        "exploit",
        "opencandy",
        "riskware",
        "genkryptik",
        "iframe",
        "tiggre",
        "presenoker",
        "agent",
        "conduit",
        "wacatac",
        "phishing",
        "redline stealer",
        "dropper",
        "cobalt strike",
        "acint",
        "nircmd",
        "swrort",
        "downldr",
        "systweak",
        "behav",
        "crack",
        "filetour",
        "cleaner",
        "installpack",
        "xrat",
        "fusioncore",
        "azorult",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "blacknet rat",
        "stealer",
        "maltiverse",
        "webtoolbar",
        "trojanspy",
        "united",
        "engineering",
        "cyber threat",
        "phishing site",
        "america",
        "emotet",
        "zbot",
        "malicious",
        "steam",
        "team",
        "indonesia",
        "miner",
        "ransomware",
        "ramnit",
        "pe resource",
        "historical ssl",
        "execution",
        "hacktool",
        "metasploit",
        "relic",
        "monitoring",
        "android",
        "skynet",
        "et",
        "anonymizer",
        "trojanx",
        "back",
        "laplasclipper",
        "win64",
        "trojan",
        "ghost rat",
        "suppobox",
        "asyncrat",
        "union",
        "samples",
        "blacklist",
        "malicious url",
        "hostname",
        "hostnames",
        "tsara brashears",
        "reinsurance",
        "pinnacol insurance",
        "industry and commerce",
        "state",
        "danger",
        "warning",
        "nr-data.net",
        "apple",
        "data.net",
        "asp.net",
        "domains",
        "hashes",
        "reverse dns",
        "general full",
        "resource",
        "software",
        "asn15169",
        "google",
        "url http",
        "server",
        "hash",
        "get h2",
        "main",
        "cookie",
        "thu dec",
        "germany",
        "frankfurt",
        "netherlands",
        "asn20446",
        "highwinds3",
        "page url",
        "search live",
        "api blog",
        "docs pricing",
        "tags",
        "november",
        "us summary",
        "http",
        "google safe",
        "browsing",
        "adware",
        "xtrat",
        "firehol",
        "microsoft",
        "control server",
        "services",
        "msil",
        "hiloti",
        "asn16509",
        "amazon02",
        "fastly",
        "asn54113",
        "prague",
        "login",
        "listen live",
        "centura health",
        "colorado jobs",
        "eeo public",
        "filing url",
        "blacklist https",
        "mimikatz",
        "beach research",
        "de indicators",
        "copyright",
        "gmbh version",
        "follow",
        "softcnapp",
        "philadelphia",
        "gamehack",
        "value",
        "line",
        "variables",
        "nreum",
        "postrelease",
        "url https",
        "security tls",
        "protocol h2",
        "name value",
        "scam",
        "gesponsert url",
        "outputldjh",
        "oid2",
        "uhis2",
        "uh1200",
        "uw1600",
        "uah1200",
        "uaw1600",
        "ucd24",
        "usd1",
        "utz60",
        "no data",
        "coinminer",
        "ip address",
        "exchange",
        "http attacker",
        "states",
        "jimburkedentistry",
        "leder-family",
        "adam lee",
        "erika lee",
        "malvertizing"
      ],
      "references": [
        "http://maxwam.tk/news/top-stories/widow-penalized-for-late-husband-s-legal-marijuana-use/769762335",
        "https://www.denverpost.com/2018/07/17/marijuana-workers-compensation/amp/ Source",
        "http://jcsservices.in/gkqikjxn/index.php?pnz=jim@thejimburkefamily.com",
        "http://www.burkedentistry.com/Quarryville-Dentist-and-Staff/1567",
        "http://tracks.theleders.family",
        "photos.theleders.family",
        "http://45.159.189.105/bot/regex      (tracks Tsara Brashears)",
        "45.159.189.105                   (CNC IP \u2022 Tracking Tsara Brashears)",
        "http://mobtrack.trkclk.net",
        "https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/tsara-brashears/",
        "https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "nr-data.net",
        "https://wallpapers-nature.com/%20tsara-brashears/urlscan-io",
        "103.233.208.9                    (CNC IP)",
        "apex.jquery.com             (scammer | works for who?)",
        "api.useragentswitch.com",
        "bam-cell.nr-data.net        (Apple Private Data Collection | since found, result continuously modified)",
        "dns.google                          (DNS client services - Doug Cole)",
        "https://www.9and10news.com/2021/09/17/fbi-releases-update-on-suspicious-packages-left-at-att-stores/",
        "https://api.openinstall.io/api/v2/android/otby76/init?certFinger=44:B4:38:61:15:B4:57:55:B5:BF:D1:6B:34:CC:60:72:DA:C7:40:CE&macAddress=6D:51:08:93:04:7B&serialNumber=&apiVersion=2.3.0&deviceId=&pkg=com.mobikok.ecoupon&version=8.1.0&installId=&androidId=91ed20d90734918e&versionCode=333\u00d7tamp=1684541379839",
        "apple-dns.net",
        "emails.redvue.com  (apple DNS w/amvima)",
        "142.250.180.4 (init.ess)",
        "init.ess.apple.com   (Highly malicious. Will infiltrate devices when exploited. Spyware)",
        "freeimdatingsites.thomasdobo.eu",
        "https://urlscan.io/result/07fe876e-8864-474f-8b32-ba2d50c9a242/#indicators",
        "https://urlscan.io/domain/maxwam.tk",
        "https://urlscan.io/result/e770a861-9818-4309-b31e-fd18510532a7/#indicators"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [
        {
          "id": "Generic",
          "display_name": "Generic",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        },
        {
          "id": "WebToolbar",
          "display_name": "WebToolbar",
          "target": null
        },
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "ET",
          "display_name": "ET",
          "target": null
        },
        {
          "id": "Beach Research",
          "display_name": "Beach Research",
          "target": null
        },
        {
          "id": "GameHack",
          "display_name": "GameHack",
          "target": null
        },
        {
          "id": "States",
          "display_name": "States",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1176",
          "name": "Browser Extensions",
          "display_name": "T1176 - Browser Extensions"
        },
        {
          "id": "T1123",
          "name": "Audio Capture",
          "display_name": "T1123 - Audio Capture"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": "6562908e28e6cdc237fbf8db",
      "export_count": 78,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1956,
        "FileHash-SHA1": 867,
        "FileHash-SHA256": 3751,
        "URL": 10878,
        "domain": 2914,
        "hostname": 3520,
        "CVE": 16
      },
      "indicator_count": 23902,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 229,
      "modified_text": "887 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "657091100e9f5aa6eb534fb4",
      "name": "vmt/geosite.dat at main \u00b7 wegare123/vmt \u00b7 GitHub -  brocaproject.com - hmmm  cert ca issue",
      "description": "",
      "modified": "2023-12-06T15:19:44.839000",
      "created": "2023-12-06T15:19:44.839000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 5,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 2410,
        "hostname": 3653,
        "domain": 2723,
        "URL": 442
      },
      "indicator_count": 9228,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 110,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65708bf87a08635a650eeb9b",
      "name": "ctgserver.net",
      "description": "",
      "modified": "2023-12-06T14:58:00.096000",
      "created": "2023-12-06T14:58:00.096000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 1286,
        "domain": 560,
        "hostname": 1602,
        "URL": 7975,
        "FileHash-MD5": 85,
        "FileHash-SHA1": 1
      },
      "indicator_count": 11509,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 109,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65708befc4f4c7e2be4370d9",
      "name": "ctgserver.net",
      "description": "",
      "modified": "2023-12-06T14:57:51.922000",
      "created": "2023-12-06T14:57:51.922000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 1286,
        "domain": 560,
        "hostname": 1602,
        "URL": 7975,
        "FileHash-MD5": 85,
        "FileHash-SHA1": 1
      },
      "indicator_count": 11509,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 109,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "657081115ba7cb3bfd71927f",
      "name": "prod-chatman-ancillary-eu-central-1.pscp.tv - vt graph json and all ioc's - comparable",
      "description": "",
      "modified": "2023-12-06T14:11:29.905000",
      "created": "2023-12-06T14:11:29.905000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 667,
        "hostname": 257,
        "domain": 97,
        "URL": 475
      },
      "indicator_count": 1496,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 109,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "62ef13ad6547ed183dba3f3c",
      "name": "vmt/geosite.dat at main \u00b7 wegare123/vmt \u00b7 GitHub -  brocaproject.com - hmmm  cert ca issue",
      "description": "see im reading that domain as bro ca project",
      "modified": "2022-08-07T01:21:49.761000",
      "created": "2022-08-07T01:21:49.761000",
      "tags": [
        "strong",
        "github",
        "jump",
        "github desktop",
        "sign",
        "iosrulescript",
        "quantumult",
        "boxjs",
        "chouchoui",
        "code issues",
        "contact",
        "star",
        "desktop",
        "stars",
        "footer",
        "view",
        "pull",
        "wiki security",
        "unicode",
        "copy",
        "wegare123vmt",
        "phoenix",
        "jquery",
        "discord",
        "ruby",
        "chinaz",
        "startpage"
      ],
      "references": [
        "geosite.dat.html",
        "https://github.com/blackmatrix7/ios_rule_script"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 11,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "dorkingbeauty1",
        "id": "80137",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 2410,
        "hostname": 3653,
        "URL": 442,
        "domain": 2723
      },
      "indicator_count": 9228,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 395,
      "modified_text": "1393 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "qzone.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "qzone.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780264246.0565703
}