{ "type": "Domain", "indicator": "singletoncop.info", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/singletoncop.info", "alexa": "http://www.alexa.com/siteinfo/singletoncop.info", "indicator": "singletoncop.info", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4288017779, "indicator": "singletoncop.info", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69cbf2dc8db31bdbd9069344", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "A sophisticated phishing campaign targeting LinkedIn users has been identified. The attack uses fake LinkedIn message notifications to lure victims into clicking on malicious links. The emails closely mimic legitimate LinkedIn communications, including spoofed display names and formatting. Upon clicking, users are redirected to a convincing but fraudulent LinkedIn login page designed to steal credentials. The phishing page uses a deceptive domain name similar to 'LinkedIn' to further trick users. This campaign demonstrates the evolving tactics of cybercriminals in exploiting human trust and curiosity. The analysis emphasizes the importance of vigilance, source verification, and caution when interacting with seemingly routine notifications.", "modified": "2026-03-31T18:41:40.249000", "created": "2026-03-31T16:14:20.518000", "tags": [ "credential theft", "social engineering", "email spoofing", "notification imitation", "domain spoofing", "fake login page", "linkedin", "phishing" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 386449, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d73f806377e1786da61411", "name": "EbeeApril2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-09T05:12:44.308000", "created": "2026-04-09T05:56:16.764000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5.", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 77, "FileHash-MD5": 180, "FileHash-SHA1": 136, "FileHash-SHA256": 280, "CVE": 2, "domain": 162, "hostname": 56 }, "indicator_count": 893, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cbc6492c8a6ccc5c214092", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "", "modified": "2026-04-30T13:11:24.721000", "created": "2026-03-31T13:04:09.103000", "tags": [ "cofense", "platform", "new era", "ai download", "linkedin", "defense center", "click away", "aidriven", "cofense cofense", "grow", "demo", "attack", "phishme", "accept" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 3, "hostname": 1 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cca04c3ef3980619e6bcb0", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "", "modified": "2026-04-01T04:34:20.828000", "created": "2026-04-01T04:34:20.828000", "tags": [ "credential theft", "social engineering", "email spoofing", "notification imitation", "domain spoofing", "fake login page", "linkedin", "phishing" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" } ], "industries": [], "TLP": "white", "cloned_from": "69cbf2dc8db31bdbd9069344", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "59 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Book1.csv", "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5." ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69cbf2dc8db31bdbd9069344", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "A sophisticated phishing campaign targeting LinkedIn users has been identified. The attack uses fake LinkedIn message notifications to lure victims into clicking on malicious links. The emails closely mimic legitimate LinkedIn communications, including spoofed display names and formatting. Upon clicking, users are redirected to a convincing but fraudulent LinkedIn login page designed to steal credentials. The phishing page uses a deceptive domain name similar to 'LinkedIn' to further trick users. This campaign demonstrates the evolving tactics of cybercriminals in exploiting human trust and curiosity. The analysis emphasizes the importance of vigilance, source verification, and caution when interacting with seemingly routine notifications.", "modified": "2026-03-31T18:41:40.249000", "created": "2026-03-31T16:14:20.518000", "tags": [ "credential theft", "social engineering", "email spoofing", "notification imitation", "domain spoofing", "fake login page", "linkedin", "phishing" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 386449, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d73f806377e1786da61411", "name": "EbeeApril2026 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-09T05:12:44.308000", "created": "2026-04-09T05:56:16.764000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1" ], "references": [ "Book1.csv" ], "public": 1, "adversary": "The Gentlemen, Augmented Marauder, Yurei Ransomware, Xloader, ClickFix campaign delivering XWorm V5.", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 77, "FileHash-MD5": 180, "FileHash-SHA1": 136, "FileHash-SHA256": 280, "CVE": 2, "domain": 162, "hostname": 56 }, "indicator_count": 893, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cbc6492c8a6ccc5c214092", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "", "modified": "2026-04-30T13:11:24.721000", "created": "2026-03-31T13:04:09.103000", "tags": [ "cofense", "platform", "new era", "ai download", "linkedin", "defense center", "click away", "aidriven", "cofense cofense", "grow", "demo", "attack", "phishme", "accept" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2, "domain": 3, "hostname": 1 }, "indicator_count": 6, "is_author": false, "is_subscribing": null, "subscriber_count": 865, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cca04c3ef3980619e6bcb0", "name": "One Click Away: Inside a LinkedIn Phishing Attack", "description": "", "modified": "2026-04-01T04:34:20.828000", "created": "2026-04-01T04:34:20.828000", "tags": [ "credential theft", "social engineering", "email spoofing", "notification imitation", "domain spoofing", "fake login page", "linkedin", "phishing" ], "references": [ "https://cofense.com/blog/one-click-away-inside-a-linkedin-phishing-attack" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1585.001", "name": "Social Media Accounts", "display_name": "T1585.001 - Social Media Accounts" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" } ], "industries": [], "TLP": "white", "cloned_from": "69cbf2dc8db31bdbd9069344", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "59 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "singletoncop.info", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "singletoncop.info", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780173776.6781127 }