{ "type": "URL", "indicator": "https://des-cinema-democrat-san.trycloudflare.com/server", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://des-cinema-democrat-san.trycloudflare.com/server", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4056358485, "indicator": "https://des-cinema-democrat-san.trycloudflare.com/server", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "67f82020a26d2eb2bb6d4f1e", "name": "Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "Russian-linked cyber-espionage group Shuckworm appears to be targeting a Western military mission based in Ukraine, according to research by Symantec and its partner, the UK-based security firm.", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-10T19:46:39.271000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Gamaredon Group", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 387179, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684150f8ab8fe1229def2bea", "name": "Analysis of the APT-C-53 (Gamaredon) organization's attack operations.", "description": "APT-C-53, also known as Gamaredon, is a persistent advanced persistent threat group that has been operational since 2013, primarily targeting government and military sectors to acquire intelligence. Recent activities indicate that Gamaredon is not diminishing despite ongoing disclosures of its methodologies by security vendors; rather, it appears to be escalating its attacks. The group predominantly utilizes malicious VBS scripts characterized by high obfuscation techniques, including code fragmentation and Base64 encoding, to enhance its evasion tactics. A notable aspect of their strategy involves using military-related themes in social engineering attempts, which helps lower the vigilance of potential victims and increases the likelihood of successful malware execution.", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-05T08:10:32.633000", "tags": [ "public", "temp", "appdata", "windowsresponby", "gamaredon", "windowsdetect", "windowstelegra", "https", "aptc53gamaredon", "ocwstwz5hzufor", "cookie" ], "references": [ "https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506191&idx=1&sn=89db49b84b7462bbf8731dbcc787e8c4&chksm=f9c1ea06ceb6631006eec73a1129db88dcbce705fd5bbfefe4eba48b5d4db5ed5017e34c9669&scene=178&cur_album_id=1955835290309230595&search_click_id=&poc_token=HGZOQWijOCtBLbeOZNmKXb_11l0WZ77aAMufwFqO" ], "public": 1, "adversary": "APT-C-53", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-MD5": 1, "URL": 48, "hostname": 36 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 544, "modified_text": "333 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f88169e4967373ac5a40c8", "name": "IOC - Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-11T02:41:45.430000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67fcba8757bfd7e7144150c3", "name": "Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-14T07:34:31.211000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 280, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67fe004dfe97e2f0ffb5f30c", "name": "Simon Gareis", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-15T06:44:29.041000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Dallasone85@", "id": "260675", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel", "https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506191&idx=1&sn=89db49b84b7462bbf8731dbcc787e8c4&chksm=f9c1ea06ceb6631006eec73a1129db88dcbce705fd5bbfefe4eba48b5d4db5ed5017e34c9669&scene=178&cur_album_id=1955835290309230595&search_click_id=&poc_token=HGZOQWijOCtBLbeOZNmKXb_11l0WZ77aAMufwFqO" ], "related": { "alienvault": { "adversary": [ "Gamaredon Group" ], "malware_families": [ "Gammasteel" ], "industries": [], "unique_indicators": 56 }, "other": { "adversary": [ "APT-C-53", "Shuckworm" ], "malware_families": [ "", "Gammasteel" ], "industries": [], "unique_indicators": 145 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/trycloudflare.com", "whois": "http://whois.domaintools.com/trycloudflare.com", "domain": "trycloudflare.com", "hostname": "des-cinema-democrat-san.trycloudflare.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "67f82020a26d2eb2bb6d4f1e", "name": "Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "Russian-linked cyber-espionage group Shuckworm appears to be targeting a Western military mission based in Ukraine, according to research by Symantec and its partner, the UK-based security firm.", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-10T19:46:39.271000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Gamaredon Group", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 96, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 387179, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684150f8ab8fe1229def2bea", "name": "Analysis of the APT-C-53 (Gamaredon) organization's attack operations.", "description": "APT-C-53, also known as Gamaredon, is a persistent advanced persistent threat group that has been operational since 2013, primarily targeting government and military sectors to acquire intelligence. Recent activities indicate that Gamaredon is not diminishing despite ongoing disclosures of its methodologies by security vendors; rather, it appears to be escalating its attacks. The group predominantly utilizes malicious VBS scripts characterized by high obfuscation techniques, including code fragmentation and Base64 encoding, to enhance its evasion tactics. A notable aspect of their strategy involves using military-related themes in social engineering attempts, which helps lower the vigilance of potential victims and increases the likelihood of successful malware execution.", "modified": "2025-07-05T08:00:58.306000", "created": "2025-06-05T08:10:32.633000", "tags": [ "public", "temp", "appdata", "windowsresponby", "gamaredon", "windowsdetect", "windowstelegra", "https", "aptc53gamaredon", "ocwstwz5hzufor", "cookie" ], "references": [ "https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506191&idx=1&sn=89db49b84b7462bbf8731dbcc787e8c4&chksm=f9c1ea06ceb6631006eec73a1129db88dcbce705fd5bbfefe4eba48b5d4db5ed5017e34c9669&scene=178&cur_album_id=1955835290309230595&search_click_id=&poc_token=HGZOQWijOCtBLbeOZNmKXb_11l0WZ77aAMufwFqO" ], "public": 1, "adversary": "APT-C-53", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036.002", "name": "Right-to-Left Override", "display_name": "T1036.002 - Right-to-Left Override" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1074.001", "name": "Local Data Staging", "display_name": "T1074.001 - Local Data Staging" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5, "FileHash-MD5": 1, "URL": 48, "hostname": 36 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 544, "modified_text": "333 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67f88169e4967373ac5a40c8", "name": "IOC - Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-11T02:41:45.430000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67fcba8757bfd7e7144150c3", "name": "Shuckworm Targets Foreign Military Mission Based in Ukraine", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-14T07:34:31.211000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 280, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67fe004dfe97e2f0ffb5f30c", "name": "Simon Gareis", "description": "", "modified": "2025-05-10T19:02:37.781000", "created": "2025-04-15T06:44:29.041000", "tags": [ "c server", "shuckworm", "ukraine", "gammasteel", "powershell", "desktop folder", "gamaredon", "armageddon", "infostealer" ], "references": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel" ], "public": 1, "adversary": "Shuckworm", "targeted_countries": [ "Ukraine" ], "malware_families": [ { "id": "GammaSteel", "display_name": "GammaSteel", "target": null } ], "attack_ids": [ { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "67f82020a26d2eb2bb6d4f1e", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Dallasone85@", "id": "260675", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "URL": 6, "hostname": 41 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "389 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://des-cinema-democrat-san.trycloudflare.com/server", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://des-cinema-democrat-san.trycloudflare.com/server", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780517838.1634514 }