{ "type": "URL", "indicator": "https://learn.microsoft.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://learn.microsoft.com/", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #19", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #4", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain microsoft.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain microsoft.com", "name": "Whitelisted domain" }, { "source": "newssite", "message": "Whitelisted news domain microsoft.com", "name": "Whitelisted newssite network domain" } ], "base_indicator": { "id": 4216503073, "indicator": "https://learn.microsoft.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69ccd2f7984fad6feebb4ca4", "name": "VirusTotal report\n for index.html", "description": "The full text of the full report-to-gws, which was published on 1 April 2026, has been published online by the Csp website, following a request from the BBC>pretext .", "modified": "2026-04-01T08:44:36.825000", "created": "2026-04-01T08:10:31.621000", "tags": [ "self", "downlink rtt", "html document", "ascii text", "crlf line", "windows", "linux", "build web", "html", "javascript", "https", "acceptencoding", "cookie", "dynamic", "authorization", "contentmd5", "wp engine", "xmsedgeref ref", "bl2edge1520 ref", "expires sun", "gmt date", "gmt xcache", "tcphit", "gmt etag", "b8glwd", "afeap", "bmxagc", "e5bfse", "bgs6mb", "bjwmce", "ciztgb", "kqhykb", "cxxawb", "fevhcf", "code", "server", "registrar abuse", "admin country", "expiration date", "registry domain", "registrar iana", "creation date", "admin city", "redmond tech", "samesitelax", "path", "httponly", "secure", "priorityhigh", "gmt contenttype", "contentlength", "connection", "cfray", "accept", "anycast", "wifi display", "android", "hdtv", "anycast og", "anything", "big screen", "mobileoptimized", "try shopify", "platform", "businesses", "shopify fb", "shopify og", "snapchat", "chat", "snaps", "a snap", "utc google", "adobe dynamic", "tag management", "amazon", "utc amazon", "utc facebook", "connect na", "analytics na", "tag manager", "gdlname", "miss", "drupal", "miss xtimer", "ve9 xcache", "miss date", "gmt link", "build", "home og", "cloudfront", "iad6", "kb body", "sha256", "aspen", "aspen one", "return", "transformed og", "aioseo", "site kit", "google", "file type", "name file", "html internet", "unicode text", "utf8 text" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "URL": 367, "domain": 80, "hostname": 155, "FileHash-MD5": 115, "FileHash-SHA1": 105, "email": 5, "IPv4": 40, "SSLCertFingerprint": 4 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ccd2f93b5cf1fa8fcb0810", "name": "VirusTotal report\n for index.html", "description": "The full text of the full report-to-gws, which was published on 1 April 2026, has been published online by the Csp website, following a request from the BBC>pretext .", "modified": "2026-04-01T08:41:56.177000", "created": "2026-04-01T08:10:33.232000", "tags": [ "self", "downlink rtt", "html document", "ascii text", "crlf line", "windows", "linux", "build web", "html", "javascript", "https", "acceptencoding", "cookie", "dynamic", "authorization", "contentmd5", "wp engine", "xmsedgeref ref", "bl2edge1520 ref", "expires sun", "gmt date", "gmt xcache", "tcphit", "gmt etag", "b8glwd", "afeap", "bmxagc", "e5bfse", "bgs6mb", "bjwmce", "ciztgb", "kqhykb", "cxxawb", "fevhcf", "code", "server", "registrar abuse", "admin country", "expiration date", "registry domain", "registrar iana", "creation date", "admin city", "redmond tech", "samesitelax", "path", "httponly", "secure", "priorityhigh", "gmt contenttype", "contentlength", "connection", "cfray", "accept", "anycast", "wifi display", "android", "hdtv", "anycast og", "anything", "big screen", "mobileoptimized", "try shopify", "platform", "businesses", "shopify fb", "shopify og", "snapchat", "chat", "snaps", "a snap", "utc google", "adobe dynamic", "tag management", "amazon", "utc amazon", "utc facebook", "connect na", "analytics na", "tag manager", "gdlname", "miss", "drupal", "miss xtimer", "ve9 xcache", "miss date", "gmt link", "build", "home og", "cloudfront", "iad6", "kb body", "sha256", "aspen", "aspen one", "return", "transformed og", "aioseo", "site kit", "google", "file type", "name file", "html internet", "unicode text", "utf8 text" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 181, "URL": 262, "domain": 28, "hostname": 114, "FileHash-MD5": 105, "FileHash-SHA1": 93, "email": 3, "IPv4": 34 }, "indicator_count": 820, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698904c316bc7710b967d01d", "name": "Rare Tier 1 Persistence - Critical \"Patched\", Non Patched Vulnerabilities Remain bypassing Lockdown Mode", "description": "Researcher Note (Feb 08, 2026):\nThis artifact represents a sophisticated Cross-Protocol Mesh. Observations confirm that the Cymt/Nemucod wrapper is being utilized as a delivery vehicle for a Firmware-resident ELF binary (Mirai variant).\nThe persistence is notable for its ability to survive Full DFU Restores and Faraday-isolated states, likely due to JTAG-level interaction with the Power Management IC (Chip 4799). This is not a standard opportunistic infection; it is a targeted provisioning event leveraging IDMSA (Identity Management) bridges and Verizon/Akamai Edge infrastructure.\nThe integration with CalendarKit and Maps for geofenced execution suggests a highly coordinated surveillance objective. Forensic analysts should pay specific attention to the sizeofrawdata_antidbg anomalies, which indicate a focus on bypassing Apple Lockdown Mode and Secure Enclave. \nresearcher credit: msudoSOS", "modified": "2026-03-27T09:05:26.285000", "created": "2026-02-08T21:48:49.147000", "tags": [ "#supportsitewebsiteabuse #rootcertificatefailure #cryptographicf" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 909, "URL": 1779, "CVE": 126, "domain": 659, "email": 23, "JA3": 1, "FileHash-MD5": 230, "FileHash-SHA1": 227, "FileHash-SHA256": 934, "CIDR": 13 }, "indicator_count": 4901, "is_author": false, "is_subscribing": null, "subscriber_count": 54, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 5634 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/microsoft.com", "whois": "http://whois.domaintools.com/microsoft.com", "domain": "microsoft.com", "hostname": "learn.microsoft.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69ccd2f7984fad6feebb4ca4", "name": "VirusTotal report\n for index.html", "description": "The full text of the full report-to-gws, which was published on 1 April 2026, has been published online by the Csp website, following a request from the BBC>pretext .", "modified": "2026-04-01T08:44:36.825000", "created": "2026-04-01T08:10:31.621000", "tags": [ "self", "downlink rtt", "html document", "ascii text", "crlf line", "windows", "linux", "build web", "html", "javascript", "https", "acceptencoding", "cookie", "dynamic", "authorization", "contentmd5", "wp engine", "xmsedgeref ref", "bl2edge1520 ref", "expires sun", "gmt date", "gmt xcache", "tcphit", "gmt etag", "b8glwd", "afeap", "bmxagc", "e5bfse", "bgs6mb", "bjwmce", "ciztgb", "kqhykb", "cxxawb", "fevhcf", "code", "server", "registrar abuse", "admin country", "expiration date", "registry domain", "registrar iana", "creation date", "admin city", "redmond tech", "samesitelax", "path", "httponly", "secure", "priorityhigh", "gmt contenttype", "contentlength", "connection", "cfray", "accept", "anycast", "wifi display", "android", "hdtv", "anycast og", "anything", "big screen", "mobileoptimized", "try shopify", "platform", "businesses", "shopify fb", "shopify og", "snapchat", "chat", "snaps", "a snap", "utc google", "adobe dynamic", "tag management", "amazon", "utc amazon", "utc facebook", "connect na", "analytics na", "tag manager", "gdlname", "miss", "drupal", "miss xtimer", "ve9 xcache", "miss date", "gmt link", "build", "home og", "cloudfront", "iad6", "kb body", "sha256", "aspen", "aspen one", "return", "transformed og", "aioseo", "site kit", "google", "file type", "name file", "html internet", "unicode text", "utf8 text" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "URL": 367, "domain": 80, "hostname": 155, "FileHash-MD5": 115, "FileHash-SHA1": 105, "email": 5, "IPv4": 40, "SSLCertFingerprint": 4 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ccd2f93b5cf1fa8fcb0810", "name": "VirusTotal report\n for index.html", "description": "The full text of the full report-to-gws, which was published on 1 April 2026, has been published online by the Csp website, following a request from the BBC>pretext .", "modified": "2026-04-01T08:41:56.177000", "created": "2026-04-01T08:10:33.232000", "tags": [ "self", "downlink rtt", "html document", "ascii text", "crlf line", "windows", "linux", "build web", "html", "javascript", "https", "acceptencoding", "cookie", "dynamic", "authorization", "contentmd5", "wp engine", "xmsedgeref ref", "bl2edge1520 ref", "expires sun", "gmt date", "gmt xcache", "tcphit", "gmt etag", "b8glwd", "afeap", "bmxagc", "e5bfse", "bgs6mb", "bjwmce", "ciztgb", "kqhykb", "cxxawb", "fevhcf", "code", "server", "registrar abuse", "admin country", "expiration date", "registry domain", "registrar iana", "creation date", "admin city", "redmond tech", "samesitelax", "path", "httponly", "secure", "priorityhigh", "gmt contenttype", "contentlength", "connection", "cfray", "accept", "anycast", "wifi display", "android", "hdtv", "anycast og", "anything", "big screen", "mobileoptimized", "try shopify", "platform", "businesses", "shopify fb", "shopify og", "snapchat", "chat", "snaps", "a snap", "utc google", "adobe dynamic", "tag management", "amazon", "utc amazon", "utc facebook", "connect na", "analytics na", "tag manager", "gdlname", "miss", "drupal", "miss xtimer", "ve9 xcache", "miss date", "gmt link", "build", "home og", "cloudfront", "iad6", "kb body", "sha256", "aspen", "aspen one", "return", "transformed og", "aioseo", "site kit", "google", "file type", "name file", "html internet", "unicode text", "utf8 text" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 181, "URL": 262, "domain": 28, "hostname": 114, "FileHash-MD5": 105, "FileHash-SHA1": 93, "email": 3, "IPv4": 34 }, "indicator_count": 820, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698904c316bc7710b967d01d", "name": "Rare Tier 1 Persistence - Critical \"Patched\", Non Patched Vulnerabilities Remain bypassing Lockdown Mode", "description": "Researcher Note (Feb 08, 2026):\nThis artifact represents a sophisticated Cross-Protocol Mesh. Observations confirm that the Cymt/Nemucod wrapper is being utilized as a delivery vehicle for a Firmware-resident ELF binary (Mirai variant).\nThe persistence is notable for its ability to survive Full DFU Restores and Faraday-isolated states, likely due to JTAG-level interaction with the Power Management IC (Chip 4799). This is not a standard opportunistic infection; it is a targeted provisioning event leveraging IDMSA (Identity Management) bridges and Verizon/Akamai Edge infrastructure.\nThe integration with CalendarKit and Maps for geofenced execution suggests a highly coordinated surveillance objective. Forensic analysts should pay specific attention to the sizeofrawdata_antidbg anomalies, which indicate a focus on bypassing Apple Lockdown Mode and Secure Enclave. \nresearcher credit: msudoSOS", "modified": "2026-03-27T09:05:26.285000", "created": "2026-02-08T21:48:49.147000", "tags": [ "#supportsitewebsiteabuse #rootcertificatefailure #cryptographicf" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 909, "URL": 1779, "CVE": 126, "domain": 659, "email": 23, "JA3": 1, "FileHash-MD5": 230, "FileHash-SHA1": 227, "FileHash-SHA256": 934, "CIDR": 13 }, "indicator_count": 4901, "is_author": false, "is_subscribing": null, "subscriber_count": 54, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://learn.microsoft.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://learn.microsoft.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776631351.4115956 }