{ "type": "Domain", "indicator": "client-authentification.fr", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/client-authentification.fr", "alexa": "http://www.alexa.com/siteinfo/client-authentification.fr", "indicator": "client-authentification.fr", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3756970077, "indicator": "client-authentification.fr", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "6544b0acf1c1eb2efe9e34e0", "name": "French malicious domains - https://red.flag.domains", "description": "Entries from https://red.flag.domains/ - malicious domains targeting french citizens. Auto-updated each day.", "modified": "2026-06-01T05:25:05.486000", "created": "2023-11-03T08:34:52.626000", "tags": [ "red.flag.domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3033, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40103, "hostname": 36 }, "indicator_count": 40139, "is_author": false, "is_subscribing": null, "subscriber_count": 243, "modified_text": "14 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6812e7ad9b8cafc0f7fec1ce", "name": "FHS - FBI Phishing Domains Associated with LabHost PhaaS Platform Users", "description": "The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was one of the world\u2019s largest PhaaS providers, offering a range of illicit services for approximately 10,000 users. The platform enabled cyber criminals to impersonate more than 200 organizations, including major banks and government institutions, in an effort to collect personal information and banking credentials from unsuspecting victims worldwide. The FBI is releasing this information to maximize awareness and provide indicators of compromise that may be used by recipients for research and defense.", "modified": "2025-05-31T03:01:18.057000", "created": "2025-05-01T03:17:01.551000", "tags": [ "Phishing Domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FHS-Services", "id": "51336", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 67041, "URL": 60, "hostname": 17338 }, "indicator_count": 84439, "is_author": false, "is_subscribing": null, "subscriber_count": 62, "modified_text": "366 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68138d40723097f4c09d7724", "name": "FBI shares massive list of 42,000 LabHost phishing domains", "description": "", "modified": "2025-05-01T15:03:28.274000", "created": "2025-05-01T15:03:28.274000", "tags": [ "LabHost", "Phishing" ], "references": [ "https://www.ic3.gov/CSA/2025/LabHost_Domains.csv" ], "public": 1, "adversary": "LabHost", "targeted_countries": [], "malware_families": [ { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 30, "domain": 33520, "hostname": 8669 }, "indicator_count": 42219, "is_author": false, "is_subscribing": null, "subscriber_count": 562, "modified_text": "396 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68138d3cd48fd389972ce061", "name": "FBI shares massive list of 42,000 LabHost phishing domains", "description": "", "modified": "2025-05-01T15:03:24.415000", "created": "2025-05-01T15:03:24.415000", "tags": [ "LabHost", "Phishing" ], "references": [ "https://www.ic3.gov/CSA/2025/LabHost_Domains.csv" ], "public": 1, "adversary": "LabHost", "targeted_countries": [], "malware_families": [ { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 30, "domain": 33520, "hostname": 8669 }, "indicator_count": 42219, "is_author": false, "is_subscribing": null, "subscriber_count": 561, "modified_text": "396 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e49bf7fb5ebc444e8db6a", "name": "DGA by Cybsec", "description": "", "modified": "2023-12-22T18:04:37.131000", "created": "2023-11-22T18:34:39.799000", "tags": [ "DGA" ], "references": [ "https://threatintel.cybsec.fr/2023IOCs4_cybsec.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Libfy", "id": "14964", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4359, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 76669, "hostname": 85783 }, "indicator_count": 166814, "is_author": false, "is_subscribing": null, "subscriber_count": 102, "modified_text": "892 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e4ad4441b4cd4352a4cb2", "name": "DGA by Cybsec", "description": "", "modified": "2023-12-22T18:04:37.131000", "created": "2023-11-22T18:39:16.220000", "tags": [ "DGA" ], "references": [ "https://threatintel.cybsec.fr/2023IOCs4_cybsec.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Libfy", "id": "14964", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4359, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 76669, "hostname": 85783 }, "indicator_count": 166814, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "892 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650c30c89613ab03b6d706de", "name": "Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign", "description": "Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs (see here). Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.", "modified": "2023-09-21T12:02:16.237000", "created": "2023-09-21T12:02:16.237000", "tags": [], "references": [ "https://dl.red.flag.domains/red.flag.domains.txt", "https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 17894 }, "indicator_count": 17894, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "984 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650c30c1a3f836220dfe197d", "name": "Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign", "description": "Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs (see here). Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.", "modified": "2023-09-21T12:02:09.346000", "created": "2023-09-21T12:02:09.346000", "tags": [], "references": [ "https://dl.red.flag.domains/red.flag.domains.txt", "https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 17894 }, "indicator_count": 17894, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "984 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.ic3.gov/CSA/2025/LabHost_Domains.csv", "https://threatintel.cybsec.fr/2023IOCs4_cybsec.txt", "https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html", "https://dl.red.flag.domains/red.flag.domains.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "LabHost" ], "malware_families": [ "Phishing" ], "industries": [ "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "6544b0acf1c1eb2efe9e34e0", "name": "French malicious domains - https://red.flag.domains", "description": "Entries from https://red.flag.domains/ - malicious domains targeting french citizens. Auto-updated each day.", "modified": "2026-06-01T05:25:05.486000", "created": "2023-11-03T08:34:52.626000", "tags": [ "red.flag.domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3033, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 40103, "hostname": 36 }, "indicator_count": 40139, "is_author": false, "is_subscribing": null, "subscriber_count": 243, "modified_text": "14 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6812e7ad9b8cafc0f7fec1ce", "name": "FHS - FBI Phishing Domains Associated with LabHost PhaaS Platform Users", "description": "The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was one of the world\u2019s largest PhaaS providers, offering a range of illicit services for approximately 10,000 users. The platform enabled cyber criminals to impersonate more than 200 organizations, including major banks and government institutions, in an effort to collect personal information and banking credentials from unsuspecting victims worldwide. The FBI is releasing this information to maximize awareness and provide indicators of compromise that may be used by recipients for research and defense.", "modified": "2025-05-31T03:01:18.057000", "created": "2025-05-01T03:17:01.551000", "tags": [ "Phishing Domains" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FHS-Services", "id": "51336", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 67041, "URL": 60, "hostname": 17338 }, "indicator_count": 84439, "is_author": false, "is_subscribing": null, "subscriber_count": 62, "modified_text": "366 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68138d40723097f4c09d7724", "name": "FBI shares massive list of 42,000 LabHost phishing domains", "description": "", "modified": "2025-05-01T15:03:28.274000", "created": "2025-05-01T15:03:28.274000", "tags": [ "LabHost", "Phishing" ], "references": [ "https://www.ic3.gov/CSA/2025/LabHost_Domains.csv" ], "public": 1, "adversary": "LabHost", "targeted_countries": [], "malware_families": [ { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 30, "domain": 33520, "hostname": 8669 }, "indicator_count": 42219, "is_author": false, "is_subscribing": null, "subscriber_count": 562, "modified_text": "396 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68138d3cd48fd389972ce061", "name": "FBI shares massive list of 42,000 LabHost phishing domains", "description": "", "modified": "2025-05-01T15:03:24.415000", "created": "2025-05-01T15:03:24.415000", "tags": [ "LabHost", "Phishing" ], "references": [ "https://www.ic3.gov/CSA/2025/LabHost_Domains.csv" ], "public": 1, "adversary": "LabHost", "targeted_countries": [], "malware_families": [ { "id": "Phishing", "display_name": "Phishing", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "VertekLabs", "id": "168455", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_168455/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 30, "domain": 33520, "hostname": 8669 }, "indicator_count": 42219, "is_author": false, "is_subscribing": null, "subscriber_count": 561, "modified_text": "396 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e49bf7fb5ebc444e8db6a", "name": "DGA by Cybsec", "description": "", "modified": "2023-12-22T18:04:37.131000", "created": "2023-11-22T18:34:39.799000", "tags": [ "DGA" ], "references": [ "https://threatintel.cybsec.fr/2023IOCs4_cybsec.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Libfy", "id": "14964", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4359, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 76669, "hostname": 85783 }, "indicator_count": 166814, "is_author": false, "is_subscribing": null, "subscriber_count": 102, "modified_text": "892 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e4ad4441b4cd4352a4cb2", "name": "DGA by Cybsec", "description": "", "modified": "2023-12-22T18:04:37.131000", "created": "2023-11-22T18:39:16.220000", "tags": [ "DGA" ], "references": [ "https://threatintel.cybsec.fr/2023IOCs4_cybsec.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Libfy", "id": "14964", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4359, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 76669, "hostname": 85783 }, "indicator_count": 166814, "is_author": false, "is_subscribing": null, "subscriber_count": 106, "modified_text": "892 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650c30c89613ab03b6d706de", "name": "Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign", "description": "Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs (see here). Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.", "modified": "2023-09-21T12:02:16.237000", "created": "2023-09-21T12:02:16.237000", "tags": [], "references": [ "https://dl.red.flag.domains/red.flag.domains.txt", "https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 17894 }, "indicator_count": 17894, "is_author": false, "is_subscribing": null, "subscriber_count": 864, "modified_text": "984 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650c30c1a3f836220dfe197d", "name": "Cybercriminals Exploit the Moroccan Tragedy in New Scam Campaign", "description": "Red Flag Domains are lists of very recently registered probably malicious domain names in french TLDs (see here). Data are published for security purposes only, and can be used to feed an automatic filtering solution like proxy. More details here.", "modified": "2023-09-21T12:02:09.346000", "created": "2023-09-21T12:02:09.346000", "tags": [], "references": [ "https://dl.red.flag.domains/red.flag.domains.txt", "https://www.trendmicro.com/en_us/research/23/i/cybercriminals-exploit-the-moroccan-tragedy-in-new-scam-campaign.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 17894 }, "indicator_count": 17894, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "984 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "client-authentification.fr", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "client-authentification.fr", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780344233.2585375 }