{ "type": "Domain", "indicator": "header.data", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/header.data", "alexa": "http://www.alexa.com/siteinfo/header.data", "indicator": "header.data", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3207567550, "indicator": "header.data", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6861a5d05c5fc6fc4fefee3d", "name": "Threat Actors abuse signed ConnectWise application as malware builder", "description": "Since March 2025, there has been a notable rise in malware infections utilizing validly signed ConnectWise software, indicative of bad signing practices exploited by threat actors. This trend is linked to a resurgence of abuse surrounding two vulnerabilities identified in February 2024, specifically CVE-2024-1708 and CVE-2024-1709. The current wave of malicious activities is attributable to a new strain of malware, termed \"EvilConwi\", which leverages these valid signatures to distribute fraudulent applications. Victims often report infections originating from phishing emails that lead to fake pages masquerading as legitimate applications. For instance, one prevalent scenario involved a user clicking on a OneDrive link that redirected them to a Canva page hiding a malicious ConnectWise installer within a download. Reports indicate that users experience symptoms such as their mouse moving erratically and fake Windows Update prompts during active remote connections, signaling a compromise.", "modified": "2025-06-29T20:45:04.278000", "created": "2025-06-29T20:45:04.278000", "tags": [ "connectwise", "value", "windows update", "g data", "supportaccess", "accesssupport", "fake", "sample", "authenticode", "little", "june", "february", "facebook", "unknown", "dump", "silent", "launch", "back" ], "references": [ "https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 29, "YARA": 1, "domain": 4 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "336 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b06ae6171c5d04f1bab38", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:27:10.738000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b070ed44bcc9ad7b76bab", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:28:46.014000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware", "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Wipes", "Selectedindex" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6861a5d05c5fc6fc4fefee3d", "name": "Threat Actors abuse signed ConnectWise application as malware builder", "description": "Since March 2025, there has been a notable rise in malware infections utilizing validly signed ConnectWise software, indicative of bad signing practices exploited by threat actors. This trend is linked to a resurgence of abuse surrounding two vulnerabilities identified in February 2024, specifically CVE-2024-1708 and CVE-2024-1709. The current wave of malicious activities is attributable to a new strain of malware, termed \"EvilConwi\", which leverages these valid signatures to distribute fraudulent applications. Victims often report infections originating from phishing emails that lead to fake pages masquerading as legitimate applications. For instance, one prevalent scenario involved a user clicking on a OneDrive link that redirected them to a Canva page hiding a malicious ConnectWise installer within a download. Reports indicate that users experience symptoms such as their mouse moving erratically and fake Windows Update prompts during active remote connections, signaling a compromise.", "modified": "2025-06-29T20:45:04.278000", "created": "2025-06-29T20:45:04.278000", "tags": [ "connectwise", "value", "windows update", "g data", "supportaccess", "accesssupport", "fake", "sample", "authenticode", "little", "june", "february", "facebook", "unknown", "dump", "silent", "launch", "back" ], "references": [ "https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1553.006", "name": "Code Signing Policy Modification", "display_name": "T1553.006 - Code Signing Policy Modification" }, { "id": "T1567.002", "name": "Exfiltration to Cloud Storage", "display_name": "T1567.002 - Exfiltration to Cloud Storage" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 19, "FileHash-SHA1": 19, "FileHash-SHA256": 29, "YARA": 1, "domain": 4 }, "indicator_count": 74, "is_author": false, "is_subscribing": null, "subscriber_count": 541, "modified_text": "336 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b06ae6171c5d04f1bab38", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:27:10.738000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b070ed44bcc9ad7b76bab", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:28:46.014000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "header.data", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "header.data", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780338702.0226166 }