{ "type": "Domain", "indicator": "zoom.uk", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/zoom.uk", "alexa": "http://www.alexa.com/siteinfo/zoom.uk", "indicator": "zoom.uk", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3511680766, "indicator": "zoom.uk", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69f32bff38251e177e78b526", "name": "EbeeApril2026 Pt7", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:16:31.340000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20243721 cve" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 63, "CVE": 8, "FileHash-MD5": 216, "FileHash-SHA1": 220, "FileHash-SHA256": 246, "domain": 98, "hostname": 95 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "13 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e0c75ee5ca57ac39bdda56", "name": "EbeeApril2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-22T23:04:42.859000", "created": "2026-04-16T11:26:22.347000", "tags": [], "references": [ "IOCs.April.pdf" ], "public": 1, "adversary": "STX RAT, Deploying NetSupport RAT via Compromised Websites, AngrySpark, Abusing n8n platform", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 223, "FileHash-SHA1": 235, "FileHash-SHA256": 214, "URL": 54, "domain": 70, "hostname": 64 }, "indicator_count": 868, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e6d53da1fd9eb115370ae6", "name": "UNC1069 Campaign Uses Fake Meetings to Deliver Cross Platform Malware", "description": "A sophisticated campaign targets cryptocurrency professionals through fake meeting platforms and social engineering. Victims are invited to realistic meetings then tricked into running malicious commands which install malware and allow attackers to gain access and control using tailored cross platform tools.", "modified": "2026-05-21T01:00:58.571000", "created": "2026-04-21T01:39:08.753000", "tags": [ "domains", "hashes", "sha256", "ip addresses" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 23, "hostname": 19 }, "indicator_count": 60, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62cb65b65fd35bad26a2512d", "name": "Twitter Feed - dnstwist - 10-07-2022", "description": "", "modified": "2022-07-10T23:50:14.116000", "created": "2022-07-10T23:50:14.116000", "tags": [ "phishing" ], "references": [ "https://twitter.com/dnstwist/status/1545938360983863296", "https://twitter.com/dnstwist/status/1545938361881432065", "https://twitter.com/dnstwist/status/1545940880258899969" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "1419 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/dnstwist/status/1545938361881432065", "IOCs.2026.csv", "IOCs.April.pdf", "https://twitter.com/dnstwist/status/1545938360983863296", "https://twitter.com/dnstwist/status/1545940880258899969" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "STX RAT, Deploying NetSupport RAT via Compromised Websites, AngrySpark, Abusing n8n platform" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69f32bff38251e177e78b526", "name": "EbeeApril2026 Pt7", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-30T10:03:42.474000", "created": "2026-04-30T10:16:31.340000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20243721 cve" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "GopherWhisper, Seedworm (MuddyWater), Adware Bundles Delivering RAT, Donot", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 63, "CVE": 8, "FileHash-MD5": 216, "FileHash-SHA1": 220, "FileHash-SHA256": 246, "domain": 98, "hostname": 95 }, "indicator_count": 946, "is_author": false, "is_subscribing": null, "subscriber_count": 39, "modified_text": "13 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e0c75ee5ca57ac39bdda56", "name": "EbeeApril2026 Pt4", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-22T23:04:42.859000", "created": "2026-04-16T11:26:22.347000", "tags": [], "references": [ "IOCs.April.pdf" ], "public": 1, "adversary": "STX RAT, Deploying NetSupport RAT via Compromised Websites, AngrySpark, Abusing n8n platform", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 8, "FileHash-MD5": 223, "FileHash-SHA1": 235, "FileHash-SHA256": 214, "URL": 54, "domain": 70, "hostname": 64 }, "indicator_count": 868, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e6d53da1fd9eb115370ae6", "name": "UNC1069 Campaign Uses Fake Meetings to Deliver Cross Platform Malware", "description": "A sophisticated campaign targets cryptocurrency professionals through fake meeting platforms and social engineering. Victims are invited to realistic meetings then tricked into running malicious commands which install malware and allow attackers to gain access and control using tailored cross platform tools.", "modified": "2026-05-21T01:00:58.571000", "created": "2026-04-21T01:39:08.753000", "tags": [ "domains", "hashes", "sha256", "ip addresses" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "domain": 23, "hostname": 19 }, "indicator_count": 60, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62cb65b65fd35bad26a2512d", "name": "Twitter Feed - dnstwist - 10-07-2022", "description": "", "modified": "2022-07-10T23:50:14.116000", "created": "2022-07-10T23:50:14.116000", "tags": [ "phishing" ], "references": [ "https://twitter.com/dnstwist/status/1545938360983863296", "https://twitter.com/dnstwist/status/1545938361881432065", "https://twitter.com/dnstwist/status/1545940880258899969" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 1620, "modified_text": "1419 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "zoom.uk", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "zoom.uk", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780184982.3226984 }