{
  "type": "URL",
  "indicator": "https://www.4r-development.com/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://www.4r-development.com/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4314719289,
      "indicator": "https://www.4r-development.com/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "69e1b46238df27ff6680430a",
          "name": "Analysis- 12/12/24 Darkgate- 9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02.zip (MD5: 71E189A0B08891CFFAB6E656FC49E00A) Malicious activity - Interactive analysis ANY.RUN",
          "description": "<<Anomalous binary characteristics have been identified in a file that is being used to compile a Windows operating system for the first time in the history of the software, as well as an unauthorised virus>> Darkgate. Links wouldnt attach. User does not have whatsapp.",
          "modified": "2026-04-17T07:11:13.591000",
          "created": "2026-04-17T04:17:38.518000",
          "tags": [
            "delete",
            "yara detections",
            "high",
            "medium",
            "whatsapp plugin",
            "whatsapp",
            "read",
            "write",
            "top source",
            "top destination",
            "virustotal",
            "guard",
            "copy"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1047",
              "name": "Windows Management Instrumentation",
              "display_name": "T1047 - Windows Management Instrumentation"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 3,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 57,
            "FileHash-MD5": 54,
            "FileHash-SHA1": 50,
            "FileHash-SHA256": 431,
            "URL": 328,
            "hostname": 385,
            "domain": 409,
            "email": 51,
            "CIDR": 40
          },
          "indicator_count": 1805,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 47,
          "modified_text": "2 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 1192
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/4r-development.com",
    "whois": "http://whois.domaintools.com/4r-development.com",
    "domain": "4r-development.com",
    "hostname": "www.4r-development.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "69e1b46238df27ff6680430a",
      "name": "Analysis- 12/12/24 Darkgate- 9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02.zip (MD5: 71E189A0B08891CFFAB6E656FC49E00A) Malicious activity - Interactive analysis ANY.RUN",
      "description": "<<Anomalous binary characteristics have been identified in a file that is being used to compile a Windows operating system for the first time in the history of the software, as well as an unauthorised virus>> Darkgate. Links wouldnt attach. User does not have whatsapp.",
      "modified": "2026-04-17T07:11:13.591000",
      "created": "2026-04-17T04:17:38.518000",
      "tags": [
        "delete",
        "yara detections",
        "high",
        "medium",
        "whatsapp plugin",
        "whatsapp",
        "read",
        "write",
        "top source",
        "top destination",
        "virustotal",
        "guard",
        "copy"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1047",
          "name": "Windows Management Instrumentation",
          "display_name": "T1047 - Windows Management Instrumentation"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 3,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 57,
        "FileHash-MD5": 54,
        "FileHash-SHA1": 50,
        "FileHash-SHA256": 431,
        "URL": 328,
        "hostname": 385,
        "domain": 409,
        "email": 51,
        "CIDR": 40
      },
      "indicator_count": 1805,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 47,
      "modified_text": "2 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://www.4r-development.com/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://www.4r-development.com/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776641897.8041046
}