{ "type": "Domain", "indicator": "zohom.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/zohom.com", "alexa": "http://www.alexa.com/siteinfo/zohom.com", "indicator": "zohom.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4345261772, "indicator": "zohom.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69fa4cc388e82992fbdf9413", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-06T08:26:49.994000", "created": "2026-05-05T20:02:11.801000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 388, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1801, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fa4cc3743bae4c3ab037b9", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-05T20:02:11.255000", "created": "2026-05-05T20:02:11.255000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 387, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1800, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fa4cc26ebab11465ff8916", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-05T20:02:10.709000", "created": "2026-05-05T20:02:10.709000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 387, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1800, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69fa4cc388e82992fbdf9413", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-06T08:26:49.994000", "created": "2026-05-05T20:02:11.801000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 388, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1801, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fa4cc3743bae4c3ab037b9", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-05T20:02:11.255000", "created": "2026-05-05T20:02:11.255000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 387, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1800, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fa4cc26ebab11465ff8916", "name": "Iocs & anti forgery cert", "description": "Leaving this one brief for now. I will note the antigorgery very exp is dangerous and rec exp it from any domain.", "modified": "2026-05-05T20:02:10.709000", "created": "2026-05-05T20:02:10.709000", "tags": [ "kisa", "creation date", "servers", "date", "name servers", "songpagu", "seoul", "security agency", "found date", "gmt server", "url analysis", "title", "cname", "ttl value", "aaaa", "key identifier", "x509v3 subject", "v3 serial", "number", "cus odigicert", "cnthawte tls", "rsa ca", "g1 validity", "lnajusi okorea", "internet", "info", "ip address", "registrant zip", "code", "algorithm", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "server", "registrar abuse", "domain status", "registrar", "dnssec", "domain name", "status", "in registrant", "email", "contact", "key algorithm", "x509v3 key", "registrant", "ac email", "host name", "read", "new york", "korea", "korea internet", "allen street", "kisa sikdang", "korea stop", "mosaic venues", "turkish", "asylum", "service", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "okorea internet", "iana id", "contact email", "contact phone", "registrar url", "registrar whois", "expiration date", "zoho cares", "tr li", "google", "reply", "overview", "chia s", "onpremise", "language test", "file format", "tom jack", "private limited", "stateprovince", "organization", "registrar iana", "tech country", "krnic person", "kr phone", "ip manager", "database", "bundanggu", "kt head", "office country", "whois", "samsungsds", "refer", "team", "telecom", "hack", "online", "south korea", "survey", "internet usage", "behav" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 9, "URL": 387, "domain": 205, "email": 8, "hostname": 688, "IPv4": 28, "FileHash-SHA256": 466, "IPv6": 1, "FileHash-MD5": 7, "CIDR": 1 }, "indicator_count": 1800, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "zohom.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "zohom.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780225669.5794756 }