{ "type": "Domain", "indicator": "dhtech.ae", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/dhtech.ae", "alexa": "http://www.alexa.com/siteinfo/dhtech.ae", "indicator": "dhtech.ae", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3757272296, "indicator": "dhtech.ae", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "6579e4751017c5fa367db6b5", "name": "Recent DarkGate Activity & Trends", "description": "DarkGate is a malware family, dating back to 2018, that gained prominence after the demise of Qakbot with a Malware-as-a-Service (MaaS) offering advertised in underground cybercrime forums starting in the summer of 2023. This blog examines DarkGate intrusion trends observed by ThreatLabz between June and October 2023.", "modified": "2024-01-12T17:02:47.443000", "created": "2023-12-13T17:05:57.957000", "tags": [ "darkgate", "iab", "maas" ], "references": [ "https://www.zscaler.com/blogs/security-research/recent-darkgate-activity-trends" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1024", "name": "Custom Cryptographic Protocol", "display_name": "T1024 - Custom Cryptographic Protocol" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 378, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 73, "FileHash-MD5": 20 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 386647, "modified_text": "870 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "352 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657157656ae65719e1ae44a4", "name": "Recent DarkGate Activity & Trends", "description": "DarkGate is a malware family, dating back to 2018, that gained prominence after the demise of Qakbot with a Malware-as-a-Service (MaaS) offering advertised in underground cybercrime forums starting in the summer of 2023. This report examines DarkGate intrusion trends observed by ThreatLabz between June and October 2023. DarkGate activity surged in late September and early October 2023. According to zScaler's customer telemetry, the technology sector is the most impacted by DarkGate attack campaigns. Most DarkGate domains are 50 to 60 days old, which may indicate a deliberate approach where threat actors create and rotate domains at specific intervals.", "modified": "2024-01-06T05:02:33.698000", "created": "2023-12-07T05:25:57.914000", "tags": [ "darkgate" ], "references": [ "https://www.zscaler.com/blogs/security-research/recent-darkgate-activity-trends" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "DarkGate", "display_name": "DarkGate", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Technology", "Food, beverage, tobacco", "Finance", "Insurance", "Manufacturing", "Construction", "Agriculture" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "goatluxy", "id": "207695", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 1, "domain": 72 }, "indicator_count": 106, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "877 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651367ff756328f788ae7a3e", "name": "URLHaus data - 26-09-2023", "description": "", "modified": "2023-10-26T23:03:16.623000", "created": "2023-09-26T23:23:43.253000", "tags": [ "hajime", "exe", "njRAT", "elf", "Mozi", "32-bit", "mips", "dcrat", "mirai", "SocGholish", "IcedID", "PDF", "pw341", "TR", "djvu", "dropped-by-PrivateLoader", "encrypted", "Vidar", "android", "apk", "IRATA", "script", "AgentTesla", "SnakeKeylogger", "LummaStealer", "AsyncRAT", "StormKitty", "DarkGate", "xll", "PrivateLoader", "Amadey", "glupteba", "smokeloader", "xmrig", "RedLine", "USA", "zip", "msi", "ua-curl", "geofenced", "RemcosRAT", "stego", "arkei", "gmail booking", "pw-123456", "stealer", "Unknown Loader", "RedLineStealer", "dll", "Stealc", "RecordBreaker" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 580, "domain": 247, "hostname": 18 }, "indicator_count": 845, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650cd0f36c127252fa8982ef", "name": "URLHaus data - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:39.564000", "tags": [ "32-bit", "elf", "mips", "Mozi", "SocGholish", "hajime", "mirai", "x86-32", "AgentTesla", "DarkGate", "PDF", "USA", "xll", "exe", "VoidRAT", "ascii", "Encoded", "GuLoader", "opendir", "RecordBreaker", "encrypted", "rat", "RemcosRAT", "dll", "dropped-by-PrivateLoader", "PrivateLoader", "RedLine", "dropped-by-amadey", "RedLineStealer", "Smoke Loader", "dropped-by-SmokeLoader", "android", "apk", "IRATA", "discord", "EpsilonStealer", "infostealer", "pwd-latsunabeta", "ddos", "Agenttelsa", "vbs", "Formbook", "CoinMiner", "xmrig" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 67, "domain": 202 }, "indicator_count": 649, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "https://urlhaus.abuse.ch/browse/", "https://www.zscaler.com/blogs/security-research/recent-darkgate-activity-trends", "https://threatfox.abuse.ch/export/csv/recent/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Darkgate" ], "industries": [ "Agriculture", "Food, beverage, tobacco", "Construction", "Manufacturing", "Insurance", "Finance", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "6579e4751017c5fa367db6b5", "name": "Recent DarkGate Activity & Trends", "description": "DarkGate is a malware family, dating back to 2018, that gained prominence after the demise of Qakbot with a Malware-as-a-Service (MaaS) offering advertised in underground cybercrime forums starting in the summer of 2023. This blog examines DarkGate intrusion trends observed by ThreatLabz between June and October 2023.", "modified": "2024-01-12T17:02:47.443000", "created": "2023-12-13T17:05:57.957000", "tags": [ "darkgate", "iab", "maas" ], "references": [ "https://www.zscaler.com/blogs/security-research/recent-darkgate-activity-trends" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1024", "name": "Custom Cryptographic Protocol", "display_name": "T1024 - Custom Cryptographic Protocol" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 378, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 73, "FileHash-MD5": 20 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 386647, "modified_text": "870 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "672f6ed2b564f00b7c5cb13f", "name": "Threatfox Recent Additions", "description": "", "modified": "2025-06-13T19:00:02.811000", "created": "2024-11-09T14:16:50.032000", "tags": [], "references": [ "", "https://threatfox.abuse.ch/export/csv/recent/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ameermane", "id": "77501", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 47587, "URL": 18714, "FileHash-SHA256": 36311, "FileHash-MD5": 1630, "FileHash-SHA1": 418, "hostname": 18190 }, "indicator_count": 122850, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "352 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657157656ae65719e1ae44a4", "name": "Recent DarkGate Activity & Trends", "description": "DarkGate is a malware family, dating back to 2018, that gained prominence after the demise of Qakbot with a Malware-as-a-Service (MaaS) offering advertised in underground cybercrime forums starting in the summer of 2023. This report examines DarkGate intrusion trends observed by ThreatLabz between June and October 2023. DarkGate activity surged in late September and early October 2023. According to zScaler's customer telemetry, the technology sector is the most impacted by DarkGate attack campaigns. Most DarkGate domains are 50 to 60 days old, which may indicate a deliberate approach where threat actors create and rotate domains at specific intervals.", "modified": "2024-01-06T05:02:33.698000", "created": "2023-12-07T05:25:57.914000", "tags": [ "darkgate" ], "references": [ "https://www.zscaler.com/blogs/security-research/recent-darkgate-activity-trends" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "DarkGate", "display_name": "DarkGate", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Technology", "Food, beverage, tobacco", "Finance", "Insurance", "Manufacturing", "Construction", "Agriculture" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "goatluxy", "id": "207695", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 21, "FileHash-SHA1": 6, "FileHash-SHA256": 6, "URL": 1, "domain": 72 }, "indicator_count": 106, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "877 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651367ff756328f788ae7a3e", "name": "URLHaus data - 26-09-2023", "description": "", "modified": "2023-10-26T23:03:16.623000", "created": "2023-09-26T23:23:43.253000", "tags": [ "hajime", "exe", "njRAT", "elf", "Mozi", "32-bit", "mips", "dcrat", "mirai", "SocGholish", "IcedID", "PDF", "pw341", "TR", "djvu", "dropped-by-PrivateLoader", "encrypted", "Vidar", "android", "apk", "IRATA", "script", "AgentTesla", "SnakeKeylogger", "LummaStealer", "AsyncRAT", "StormKitty", "DarkGate", "xll", "PrivateLoader", "Amadey", "glupteba", "smokeloader", "xmrig", "RedLine", "USA", "zip", "msi", "ua-curl", "geofenced", "RemcosRAT", "stego", "arkei", "gmail booking", "pw-123456", "stealer", "Unknown Loader", "RedLineStealer", "dll", "Stealc", "RecordBreaker" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 66, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 580, "domain": 247, "hostname": 18 }, "indicator_count": 845, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650cd0f36c127252fa8982ef", "name": "URLHaus data - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:39.564000", "tags": [ "32-bit", "elf", "mips", "Mozi", "SocGholish", "hajime", "mirai", "x86-32", "AgentTesla", "DarkGate", "PDF", "USA", "xll", "exe", "VoidRAT", "ascii", "Encoded", "GuLoader", "opendir", "RecordBreaker", "encrypted", "rat", "RemcosRAT", "dll", "dropped-by-PrivateLoader", "PrivateLoader", "RedLine", "dropped-by-amadey", "RedLineStealer", "Smoke Loader", "dropped-by-SmokeLoader", "android", "apk", "IRATA", "discord", "EpsilonStealer", "infostealer", "pwd-latsunabeta", "ddos", "Agenttelsa", "vbs", "Formbook", "CoinMiner", "xmrig" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 67, "domain": 202 }, "indicator_count": 649, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "dhtech.ae", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "dhtech.ae", "found": true, "verdict": "malicious", "url_count": 3, "online_count": 0, "blacklists": { "spamhaus_dbl": "not listed", "surbl": "not listed" }, "urls": [ { "url": "https://dhtech.ae/nii/", "status": "offline", "threat": "malware_download", "date_added": "2023-09-26", "tags": [ "DarkGate", "USA", "xll", "zip" ] }, { "url": "http://dhtech.ae/dqo/", "status": "offline", "threat": "malware_download", "date_added": "2023-09-21", "tags": [ "DarkGate", "PDF", "USA", "xll" ] }, { "url": "https://dhtech.ae/dqo/", "status": "offline", "threat": "malware_download", "date_added": "2023-09-21", "tags": [ "DarkGate", "PDF", "USA", "xll" ] } ], "error": null }, "from_cache": true, "_cached_at": 1780306920.441151 }