{ "type": "Domain", "indicator": "testdisk.dev", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/testdisk.dev", "alexa": "http://www.alexa.com/siteinfo/testdisk.dev", "indicator": "testdisk.dev", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4317976262, "indicator": "testdisk.dev", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "69e4d8e980b032626e88ccd8", "name": "SEO Poisoning Attack Abuses Microsoft Signed Binary for RMM Tool Installation", "description": "SEO poisoning campaign has discovered impersonating legitimate open source data recovery tool named TestDisk. It silently installs ScreenConnect remote monitoring and management client to gain command execution, file transfer and lateral movement in the network.", "modified": "2026-04-19T13:30:17.084000", "created": "2026-04-19T13:30:17.084000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 1, "domain": 2, "hostname": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "41 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69e4d8e980b032626e88ccd8", "name": "SEO Poisoning Attack Abuses Microsoft Signed Binary for RMM Tool Installation", "description": "SEO poisoning campaign has discovered impersonating legitimate open source data recovery tool named TestDisk. It silently installs ScreenConnect remote monitoring and management client to gain command execution, file transfer and lateral movement in the network.", "modified": "2026-04-19T13:30:17.084000", "created": "2026-04-19T13:30:17.084000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 1, "domain": 2, "hostname": 2 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "41 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "testdisk.dev", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "testdisk.dev", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780211196.2288747 }