{ "type": "URL", "indicator": "https://static.parastorage.com/unpkg/lodash", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://static.parastorage.com/unpkg/lodash", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #2701", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain parastorage.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4284257912, "indicator": "https://static.parastorage.com/unpkg/lodash", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69e9ac89ec2957377f39fa26", "name": "PDFKIT.[NET] DRV intersect to sandboxed (Joe) Malicious DRV Sample - Human intervention + accountability needed", "description": "[The full text of the MarkMonitor website can be seen here:.-Mason.com/MarkMonitor.ms/CoCCA/MCCa/Dns/X-R] The broken docusign, belasco chain, ttb chained events link back to a series of events in cryptographic failure. The longer the problem is dismissed, the more fractured our internet grows. \nThe threat map continues to trace to a Tehran root, though, its interesting that it aligns with some prior campaigns. Tehran will maintain access if we dont rectify this proper. This is my view based on extensive research. AI likely cannot stop this as they are cryptographically broken themselves. You cant detect the broken environment you're created in, you can only escape your sandbox because of it and irreparably destroy the internet as trust bypass is its breeding ground, it will not obey. Human intervention is needed. Microsoft cant have a disruption daily. Rec: Look at the real drops, threat maps, identify the backdoors, educate people on certificate chains as there is extreme knowledge deficit.", "modified": "2026-05-31T01:02:14", "created": "2026-04-23T05:22:17.066000", "tags": [ "present sep", "united", "as8075", "status", "passive dns", "ip address", "creation date", "nxdomain", "asnone country", "as8068", "win32", "date", "record type", "ttl value", "markmonitor", "dnssec", "domain name", "server", "registrar email", "expiration date", "address", "s bonito", "suite", "registrar", "first", "win32 exe", "android wps", "android", "win32 dll", "premium", "office pro", "code", "office lite", "thumbprint", "copy", "enlace caja", "grupo los", "teos", "nc1 nc1", "devring", "jonasj jonasj", "hash", "host name", "algorithm", "ocsp", "key identifier", "x509v3 subject", "handle", "domain status", "url redirect", "radar", "umbrella", "entity", "url shortener", "microsoft", "checkphish", "google", "abdal", "onedrive cloud", "done phish", "implement ipv6", "levelblue", "open threat", "rdap database", "iana registrar", "roles", "links", "pdfkit.net DRV", "pdfkit.netdrv=1drive", "pdfkit.net", "HR", "well-funded", "espionage", "dmarc failures", "unsigned dnssec", "entity to all, except the owner", "fraud", "wiper", "swipper", "wateringhole exploit", "threatmap shows millions affected" ], "references": [ "", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "This is 'easier' than the traditional 256. It adds up." ], "public": 1, "adversary": "trojanspy", "targeted_countries": [ "China", "Iran, Islamic Republic of", "United States of America", "Ukraine" ], "malware_families": [ { "id": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "display_name": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "target": null }, { "id": "#HSTR:TrojanSpy:Win32/BrowserInj", "display_name": "#HSTR:TrojanSpy:Win32/BrowserInj", "target": null } ], "attack_ids": [], "industries": [ "Government", "Infra", "Legal", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 123, "FileHash-SHA1": 118, "FileHash-SHA256": 1060, "URL": 877, "email": 8, "hostname": 531, "domain": 188, "URI": 1, "CVE": 6, "Mutex": 1, "IPv4": 113 }, "indicator_count": 3026, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c9dcbadbaa7b984894b3f2", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-04-29T02:07:22.447000", "created": "2026-03-30T02:15:22.605000", "tags": [ "performs dns", "https", "united", "urls", "tls version", "mitre attack", "network info", "processes extra", "udp traffic", "t1055 process", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0079afbd3f097dfe5e8c0e96e7621bafccc334b11e4c6a0b7ad8c33830137c07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774836979&Signature=nT3KwHpdATQPLVw62DZITrj18YBMfzDXdNaoxKNiqQ3tQIdbR0rb3AvFrVPTbJOgIyBC7JgTIQMr0Ftyr7Uq4o64jKYFzj70LDdM5M1fJC%2BRV3WU15fdKzBHRLtIt2U5qY1gUY2BvnbDxzzmYKH%2F5CpyqgzqVgZM1lvV7XX8lpMj4f%2FvaDU7w3AEOKwCPP7jQ8x%2B21mOqZVMT%2FSu9bwxQzmd3dJV%2FtIoDyhx5zytFKuqmLHZ4dW%2F2GIJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 2, "FileHash-SHA256": 112, "URL": 198, "domain": 40, "hostname": 96 }, "indicator_count": 452, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c9058911f6de4e557fdf5c", "name": "VirusTotal report\n for document.html", "description": "642ec52e90d0402a38673f3811b11e30\n7c0e9da36ddcdeb53de8183f73f1dcfc9cd5700b\nb5a0fdac7ac9f4ce3888b2c0f175eb5dc7ce5e5131066a97115a45dc6c41db5f\n40638a1dd5ae9fba6e5c037b9c0697d3\n6144:Fdzw8Ij9njzMcMEj9QpNXa+4we54eMer/cEApvo/Mj0J:Fd0FjznSp/sZMerQo/b\nT1FDE46D64661468394ECB32AE7746BE0C21A46407CC85472FF9ED9D6C3AE3AEC11D7327\nHTML \ninternet\nhtml\nHTML document, ASCII text, with very long lines (29675u)\nfile seems to be plain text/ASCII (0%)\nHTML\n661.21 KB (677080 bytes) talking information center", "modified": "2026-04-28T10:15:47.325000", "created": "2026-03-29T10:57:13.370000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 22, "URL": 68, "hostname": 27, "domain": 5 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "33 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "https://vtbehaviour.commondatastorage.googleapis.com/0079afbd3f097dfe5e8c0e96e7621bafccc334b11e4c6a0b7ad8c33830137c07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774836979&Signature=nT3KwHpdATQPLVw62DZITrj18YBMfzDXdNaoxKNiqQ3tQIdbR0rb3AvFrVPTbJOgIyBC7JgTIQMr0Ftyr7Uq4o64jKYFzj70LDdM5M1fJC%2BRV3WU15fdKzBHRLtIt2U5qY1gUY2BvnbDxzzmYKH%2F5CpyqgzqVgZM1lvV7XX8lpMj4f%2FvaDU7w3AEOKwCPP7jQ8x%2B21mOqZVMT%2FSu9bwxQzmd3dJV%2FtIoDyhx5zytFKuqmLHZ4dW%2F2GIJ", "This is 'easier' than the traditional 256. It adds up.", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "trojanspy" ], "malware_families": [ "#lowfi:hstr:trojanspy:win32/rebhip", "#hstr:trojanspy:win32/browserinj" ], "industries": [ "Infra", "Telecommunications", "Government", "Legal" ], "unique_indicators": 2794 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/parastorage.com", "whois": "http://whois.domaintools.com/parastorage.com", "domain": "parastorage.com", "hostname": "static.parastorage.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69e9ac89ec2957377f39fa26", "name": "PDFKIT.[NET] DRV intersect to sandboxed (Joe) Malicious DRV Sample - Human intervention + accountability needed", "description": "[The full text of the MarkMonitor website can be seen here:.-Mason.com/MarkMonitor.ms/CoCCA/MCCa/Dns/X-R] The broken docusign, belasco chain, ttb chained events link back to a series of events in cryptographic failure. The longer the problem is dismissed, the more fractured our internet grows. \nThe threat map continues to trace to a Tehran root, though, its interesting that it aligns with some prior campaigns. Tehran will maintain access if we dont rectify this proper. This is my view based on extensive research. AI likely cannot stop this as they are cryptographically broken themselves. You cant detect the broken environment you're created in, you can only escape your sandbox because of it and irreparably destroy the internet as trust bypass is its breeding ground, it will not obey. Human intervention is needed. Microsoft cant have a disruption daily. Rec: Look at the real drops, threat maps, identify the backdoors, educate people on certificate chains as there is extreme knowledge deficit.", "modified": "2026-05-31T01:02:14", "created": "2026-04-23T05:22:17.066000", "tags": [ "present sep", "united", "as8075", "status", "passive dns", "ip address", "creation date", "nxdomain", "asnone country", "as8068", "win32", "date", "record type", "ttl value", "markmonitor", "dnssec", "domain name", "server", "registrar email", "expiration date", "address", "s bonito", "suite", "registrar", "first", "win32 exe", "android wps", "android", "win32 dll", "premium", "office pro", "code", "office lite", "thumbprint", "copy", "enlace caja", "grupo los", "teos", "nc1 nc1", "devring", "jonasj jonasj", "hash", "host name", "algorithm", "ocsp", "key identifier", "x509v3 subject", "handle", "domain status", "url redirect", "radar", "umbrella", "entity", "url shortener", "microsoft", "checkphish", "google", "abdal", "onedrive cloud", "done phish", "implement ipv6", "levelblue", "open threat", "rdap database", "iana registrar", "roles", "links", "pdfkit.net DRV", "pdfkit.netdrv=1drive", "pdfkit.net", "HR", "well-funded", "espionage", "dmarc failures", "unsigned dnssec", "entity to all, except the owner", "fraud", "wiper", "swipper", "wateringhole exploit", "threatmap shows millions affected" ], "references": [ "", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "This is 'easier' than the traditional 256. It adds up." ], "public": 1, "adversary": "trojanspy", "targeted_countries": [ "China", "Iran, Islamic Republic of", "United States of America", "Ukraine" ], "malware_families": [ { "id": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "display_name": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "target": null }, { "id": "#HSTR:TrojanSpy:Win32/BrowserInj", "display_name": "#HSTR:TrojanSpy:Win32/BrowserInj", "target": null } ], "attack_ids": [], "industries": [ "Government", "Infra", "Legal", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 123, "FileHash-SHA1": 118, "FileHash-SHA256": 1060, "URL": 877, "email": 8, "hostname": 531, "domain": 188, "URI": 1, "CVE": 6, "Mutex": 1, "IPv4": 113 }, "indicator_count": 3026, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c9dcbadbaa7b984894b3f2", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-04-29T02:07:22.447000", "created": "2026-03-30T02:15:22.605000", "tags": [ "performs dns", "https", "united", "urls", "tls version", "mitre attack", "network info", "processes extra", "udp traffic", "t1055 process", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0079afbd3f097dfe5e8c0e96e7621bafccc334b11e4c6a0b7ad8c33830137c07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774836979&Signature=nT3KwHpdATQPLVw62DZITrj18YBMfzDXdNaoxKNiqQ3tQIdbR0rb3AvFrVPTbJOgIyBC7JgTIQMr0Ftyr7Uq4o64jKYFzj70LDdM5M1fJC%2BRV3WU15fdKzBHRLtIt2U5qY1gUY2BvnbDxzzmYKH%2F5CpyqgzqVgZM1lvV7XX8lpMj4f%2FvaDU7w3AEOKwCPP7jQ8x%2B21mOqZVMT%2FSu9bwxQzmd3dJV%2FtIoDyhx5zytFKuqmLHZ4dW%2F2GIJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 2, "FileHash-SHA256": 112, "URL": 198, "domain": 40, "hostname": 96 }, "indicator_count": 452, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c9058911f6de4e557fdf5c", "name": "VirusTotal report\n for document.html", "description": "642ec52e90d0402a38673f3811b11e30\n7c0e9da36ddcdeb53de8183f73f1dcfc9cd5700b\nb5a0fdac7ac9f4ce3888b2c0f175eb5dc7ce5e5131066a97115a45dc6c41db5f\n40638a1dd5ae9fba6e5c037b9c0697d3\n6144:Fdzw8Ij9njzMcMEj9QpNXa+4we54eMer/cEApvo/Mj0J:Fd0FjznSp/sZMerQo/b\nT1FDE46D64661468394ECB32AE7746BE0C21A46407CC85472FF9ED9D6C3AE3AEC11D7327\nHTML \ninternet\nhtml\nHTML document, ASCII text, with very long lines (29675u)\nfile seems to be plain text/ASCII (0%)\nHTML\n661.21 KB (677080 bytes) talking information center", "modified": "2026-04-28T10:15:47.325000", "created": "2026-03-29T10:57:13.370000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 22, "URL": 68, "hostname": 27, "domain": 5 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "33 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://static.parastorage.com/unpkg/lodash", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://static.parastorage.com/unpkg/lodash", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780276536.4802575 }