{ "type": "Domain", "indicator": "first-tweets.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/first-tweets.com", "alexa": "http://www.alexa.com/siteinfo/first-tweets.com", "indicator": "first-tweets.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2719032239, "indicator": "first-tweets.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "682ec20b31f362e2b1146339", "name": "Isolated & related Twitter / Apple IOCs | Pegasus related attacks -ongoing", "description": "TwitterX.com migration | Unknown Running on: Tsa B CMS: Express Powered by: Express\nBlock ID: EVA120 ?\nInteresting relationships: \nappleid.com \u2022\napple.com \u2022\napple.twitter.com | #whitelisting #twitter #apple #pegasus #targeting #redirects #remotely #rmsmodule", "modified": "2025-06-21T05:04:45.181000", "created": "2025-05-22T06:19:55.837000", "tags": [ "hostname", "no expiration", "expiration", "filehashsha256", "url http", "type indicator", "role title", "related pulses", "ipv4", "urls show", "date checked", "url hostname", "server response", "ip address", "google safe", "results apr", "present jan", "present apr", "entries related", "domains show", "search", "domain related", "b cms", "block id", "url https", "added active", "dns endpoint", "security scan", "iocs", "learn more", "domain", "indicators show" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 15, "domain": 277, "email": 3, "URL": 46, "hostname": 193 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "347 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66b4f1234e20d1551dd7647a", "name": "Boratoken - x.com | Ransom | SnakeKeylogger | X.com redirect | Brian Sabey search results", "description": "Aggressively malicious x.com template.\nIntroduction: ' I was surprised to find this' regarding Google Phish of a 'Samuel Tulach' @X.Com Discussion: Exodus/ Cellebrite/Pegasus/NSO, Brian Sabey,etc,.\nImpacts at least 1 single individual, virustotal, Twitter/x.com.", "modified": "2024-09-07T22:38:23.513000", "created": "2024-08-08T16:24:02.550000", "tags": [ "no expiration", "filehashmd5", "iocs", "next", "all scoreblue", "pulse use", "domain", "ipv4", "url http", "url https", "cidr", "email", "ipv6", "code", "pdf report", "contact", "contacted", "registrar abuse", "phishing", "malware beacon", "x com", "twitter", "ransomware", "pyinstaller", "trojanspy", "trojan", "borpa", "samas", "formbook", "formbook cnc", "vtflooder", "namecheap", "'m nudie", "remote job", "get her work", "false files", "pornhub", "aaaa", "proofpoint", "are you hiring", "unknown", "united", "asnone united", "creation date", "search", "germany unknown", "expiration date", "date", "showing", "as61969 team", "body", "meta", "code", "screenshot", "servers", "server", "web attack" ], "references": [ "https://twitter.com/ootiosum/status/1812208222150726029a4dmHAxV0M0QIHawADl4Qr4kDegUI-QEQAA&usg=AOvVaw37yALadqlgoR9_xlQ5B4Hm", "http://borpatoken.com/", "netflix.com Akamai rank: #6", "phyn.app", "https://phyn.app/assets/images/Netflix-Background-phyn-dark.png", "pornhero.net 'we don't need another hero, hero, hero...' No Expiration\t0\t URL https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian No Expiration\t0\t Hostname www.pornhub.com No Expiration\t0\t URL https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/ No Expiration\t14\t URL https://8muses.info/simpsons-porn/simpsons-special-bigboy/", "https://twitter.com/PORNO_SEXYBABES [Twitter Tsara Brashears related]", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "x.com related: www.pornhub.com", "Twitter/ X.xom related: https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/", "TAGS: api call app store as13414 twitter as15133 verizon as16625 akamai as18450 as20940 as2914 ntt as397240 as397241 asnone ca issuers", "TAGS: camaro dragon canada click cloudfront cname co number code contact content content gmt copy crlf line cyber defense", "TAGS: email expiry gmt false file files final url for privacy form format malware beacon meta http meta tags namecheap inc", "TAGS: passive dns pattern match title page trojandropper united 12110kb aaaa add tag adversary tags", "TAGS: all scoreblue analyzer apache autoit borpa browser canada cidr ck id ck matrix code code contact contacted", "TAGS: create new domain email expiration filehashmd5 formbook cnc get google phish green hackers hackers heroku hostname", "TAGS: iocs layoutid8 malware nameaul namecheap next no expiration pcap pdf report pegasus topic phish phishing", "TAGS: photoshop prefs privacy service provider public tlp pulse provide pulse use pyinstaller", "TAGS: ransom ransomware red team registrar abuse roboto samas samuel tulach scan endpoints", "TAGS: screenshot snake snake keylogger suspicious template trojan downloader trojanspy tulach url http url https x template x verce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 500, "FileHash-SHA1": 485, "FileHash-SHA256": 1177, "URL": 1033, "SSLCertFingerprint": 4, "domain": 801, "hostname": 1139, "email": 14, "CIDR": 2 }, "indicator_count": 5155, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "633 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709650a15a2c71ea7d2a81", "name": "iPhone 23_01_2023 16_08.chlsj - Ref otx indicator url and its contained strings/ip's", "description": "", "modified": "2023-12-06T15:42:06.201000", "created": "2023-12-06T15:42:06.201000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 388, "URL": 351, "domain": 36, "hostname": 153, "FileHash-MD5": 5, "FileHash-SHA1": 2, "SSLCertFingerprint": 2 }, "indicator_count": 937, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d125de2d5234198f9a7eb5", "name": "iPhone 23_01_2023 16_08.chlsj - Ref otx indicator url and its contained strings/ip's", "description": "As unable to extract this 3.8mb data file directly to otx, hybrid and vt, so via submit file as linked in references", "modified": "2023-02-24T12:01:57.417000", "created": "2023-01-25T12:51:42.344000", "tags": [ "sha1", "sha256", "log id", "gmtn", "geotrust ev", "rsa ca", "organization", "tls web", "digicert inc", "london", "ca issuers", "bd6en timestamp", "false", "json", "proxy settings", "host", "scan endpoints", "create pulse", "submit sample", "api integration", "all callmedoris", "filehash", "pulse pulses", "strings", "path" ], "references": [ "https://otx.alienvault.com/indicator/file/7989730738aeb80f64192cbaa8f289efaca313a3f32a9e3034b89140c45d2e9a", "The full text of the full report on the \u00c2\u00a31.2m \"Pulses\" that can detect and identify malware has been published on Facebook, Twitter and Facebook.", "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT", "\u817e\u8baf\u5fae\u4e91", "iPhone 23_01_2023 16_08.chlsj" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 388, "URL": 351, "hostname": 153, "domain": 36, "FileHash-MD5": 5, "FileHash-SHA1": 2, "SSLCertFingerprint": 2 }, "indicator_count": 937, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1194 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "TAGS: passive dns pattern match title page trojandropper united 12110kb aaaa add tag adversary tags", "x.com related: www.pornhub.com", "\u817e\u8baf\u5fae\u4e91", "TAGS: api call app store as13414 twitter as15133 verizon as16625 akamai as18450 as20940 as2914 ntt as397240 as397241 asnone ca issuers", "TAGS: ransom ransomware red team registrar abuse roboto samas samuel tulach scan endpoints", "TAGS: camaro dragon canada click cloudfront cname co number code contact content content gmt copy crlf line cyber defense", "TAGS: iocs layoutid8 malware nameaul namecheap next no expiration pcap pdf report pegasus topic phish phishing", "https://phyn.app/assets/images/Netflix-Background-phyn-dark.png", "The full text of the full report on the \u00c2\u00a31.2m \"Pulses\" that can detect and identify malware has been published on Facebook, Twitter and Facebook.", "https://twitter.com/ootiosum/status/1812208222150726029a4dmHAxV0M0QIHawADl4Qr4kDegUI-QEQAA&usg=AOvVaw37yALadqlgoR9_xlQ5B4Hm", "http://borpatoken.com/", "pornhero.net 'we don't need another hero, hero, hero...' No Expiration\t0\t URL https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian No Expiration\t0\t Hostname www.pornhub.com No Expiration\t0\t URL https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/ No Expiration\t14\t URL https://8muses.info/simpsons-porn/simpsons-special-bigboy/", "TAGS: photoshop prefs privacy service provider public tlp pulse provide pulse use pyinstaller", "netflix.com Akamai rank: #6", "Twitter/ X.xom related: https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "TAGS: all scoreblue analyzer apache autoit borpa browser canada cidr ck id ck matrix code code contact contacted", "TAGS: create new domain email expiration filehashmd5 formbook cnc get google phish green hackers hackers heroku hostname", "TAGS: email expiry gmt false file files final url for privacy form format malware beacon meta http meta tags namecheap inc", "phyn.app", "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT", "https://twitter.com/PORNO_SEXYBABES [Twitter Tsara Brashears related]", "iPhone 23_01_2023 16_08.chlsj", "TAGS: screenshot snake snake keylogger suspicious template trojan downloader trojanspy tulach url http url https x template x verce", "https://otx.alienvault.com/indicator/file/7989730738aeb80f64192cbaa8f289efaca313a3f32a9e3034b89140c45d2e9a" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "682ec20b31f362e2b1146339", "name": "Isolated & related Twitter / Apple IOCs | Pegasus related attacks -ongoing", "description": "TwitterX.com migration | Unknown Running on: Tsa B CMS: Express Powered by: Express\nBlock ID: EVA120 ?\nInteresting relationships: \nappleid.com \u2022\napple.com \u2022\napple.twitter.com | #whitelisting #twitter #apple #pegasus #targeting #redirects #remotely #rmsmodule", "modified": "2025-06-21T05:04:45.181000", "created": "2025-05-22T06:19:55.837000", "tags": [ "hostname", "no expiration", "expiration", "filehashsha256", "url http", "type indicator", "role title", "related pulses", "ipv4", "urls show", "date checked", "url hostname", "server response", "ip address", "google safe", "results apr", "present jan", "present apr", "entries related", "domains show", "search", "domain related", "b cms", "block id", "url https", "added active", "dns endpoint", "security scan", "iocs", "learn more", "domain", "indicators show" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 15, "FileHash-SHA1": 15, "FileHash-SHA256": 15, "domain": 277, "email": 3, "URL": 46, "hostname": 193 }, "indicator_count": 564, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "347 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66b4f1234e20d1551dd7647a", "name": "Boratoken - x.com | Ransom | SnakeKeylogger | X.com redirect | Brian Sabey search results", "description": "Aggressively malicious x.com template.\nIntroduction: ' I was surprised to find this' regarding Google Phish of a 'Samuel Tulach' @X.Com Discussion: Exodus/ Cellebrite/Pegasus/NSO, Brian Sabey,etc,.\nImpacts at least 1 single individual, virustotal, Twitter/x.com.", "modified": "2024-09-07T22:38:23.513000", "created": "2024-08-08T16:24:02.550000", "tags": [ "no expiration", "filehashmd5", "iocs", "next", "all scoreblue", "pulse use", "domain", "ipv4", "url http", "url https", "cidr", "email", "ipv6", "code", "pdf report", "contact", "contacted", "registrar abuse", "phishing", "malware beacon", "x com", "twitter", "ransomware", "pyinstaller", "trojanspy", "trojan", "borpa", "samas", "formbook", "formbook cnc", "vtflooder", "namecheap", "'m nudie", "remote job", "get her work", "false files", "pornhub", "aaaa", "proofpoint", "are you hiring", "unknown", "united", "asnone united", "creation date", "search", "germany unknown", "expiration date", "date", "showing", "as61969 team", "body", "meta", "code", "screenshot", "servers", "server", "web attack" ], "references": [ "https://twitter.com/ootiosum/status/1812208222150726029a4dmHAxV0M0QIHawADl4Qr4kDegUI-QEQAA&usg=AOvVaw37yALadqlgoR9_xlQ5B4Hm", "http://borpatoken.com/", "netflix.com Akamai rank: #6", "phyn.app", "https://phyn.app/assets/images/Netflix-Background-phyn-dark.png", "pornhero.net 'we don't need another hero, hero, hero...' No Expiration\t0\t URL https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian No Expiration\t0\t Hostname www.pornhub.com No Expiration\t0\t URL https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/ No Expiration\t14\t URL https://8muses.info/simpsons-porn/simpsons-special-bigboy/", "https://twitter.com/PORNO_SEXYBABES [Twitter Tsara Brashears related]", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "x.com related: www.pornhub.com", "Twitter/ X.xom related: https://8muses.info/other/adventure-time-porn-vault-boners-3-cartoon-porn-frosty-sanchez/20/", "TAGS: api call app store as13414 twitter as15133 verizon as16625 akamai as18450 as20940 as2914 ntt as397240 as397241 asnone ca issuers", "TAGS: camaro dragon canada click cloudfront cname co number code contact content content gmt copy crlf line cyber defense", "TAGS: email expiry gmt false file files final url for privacy form format malware beacon meta http meta tags namecheap inc", "TAGS: passive dns pattern match title page trojandropper united 12110kb aaaa add tag adversary tags", "TAGS: all scoreblue analyzer apache autoit borpa browser canada cidr ck id ck matrix code code contact contacted", "TAGS: create new domain email expiration filehashmd5 formbook cnc get google phish green hackers hackers heroku hostname", "TAGS: iocs layoutid8 malware nameaul namecheap next no expiration pcap pdf report pegasus topic phish phishing", "TAGS: photoshop prefs privacy service provider public tlp pulse provide pulse use pyinstaller", "TAGS: ransom ransomware red team registrar abuse roboto samas samuel tulach scan endpoints", "TAGS: screenshot snake snake keylogger suspicious template trojan downloader trojanspy tulach url http url https x template x verce" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 500, "FileHash-SHA1": 485, "FileHash-SHA256": 1177, "URL": 1033, "SSLCertFingerprint": 4, "domain": 801, "hostname": 1139, "email": 14, "CIDR": 2 }, "indicator_count": 5155, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "633 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709650a15a2c71ea7d2a81", "name": "iPhone 23_01_2023 16_08.chlsj - Ref otx indicator url and its contained strings/ip's", "description": "", "modified": "2023-12-06T15:42:06.201000", "created": "2023-12-06T15:42:06.201000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 388, "URL": 351, "domain": 36, "hostname": 153, "FileHash-MD5": 5, "FileHash-SHA1": 2, "SSLCertFingerprint": 2 }, "indicator_count": 937, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63d125de2d5234198f9a7eb5", "name": "iPhone 23_01_2023 16_08.chlsj - Ref otx indicator url and its contained strings/ip's", "description": "As unable to extract this 3.8mb data file directly to otx, hybrid and vt, so via submit file as linked in references", "modified": "2023-02-24T12:01:57.417000", "created": "2023-01-25T12:51:42.344000", "tags": [ "sha1", "sha256", "log id", "gmtn", "geotrust ev", "rsa ca", "organization", "tls web", "digicert inc", "london", "ca issuers", "bd6en timestamp", "false", "json", "proxy settings", "host", "scan endpoints", "create pulse", "submit sample", "api integration", "all callmedoris", "filehash", "pulse pulses", "strings", "path" ], "references": [ "https://otx.alienvault.com/indicator/file/7989730738aeb80f64192cbaa8f289efaca313a3f32a9e3034b89140c45d2e9a", "The full text of the full report on the \u00c2\u00a31.2m \"Pulses\" that can detect and identify malware has been published on Facebook, Twitter and Facebook.", "http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT", "\u817e\u8baf\u5fae\u4e91", "iPhone 23_01_2023 16_08.chlsj" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 388, "URL": 351, "hostname": 153, "domain": 36, "FileHash-MD5": 5, "FileHash-SHA1": 2, "SSLCertFingerprint": 2 }, "indicator_count": 937, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1194 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "first-tweets.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "first-tweets.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780468606.2749052 }