{ "type": "Domain", "indicator": "selectiveupload.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/selectiveupload.com", "alexa": "http://www.alexa.com/siteinfo/selectiveupload.com", "indicator": "selectiveupload.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4205349857, "indicator": "selectiveupload.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "69980ffaebc222344f6a6be6", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-22T07:13:11.297000", "created": "2026-02-20T07:40:42.022000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 779, "domain": 349, "hostname": 8 }, "indicator_count": 3399, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69980ffdaedd34bd0fe0eb0c", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-22T07:13:11.297000", "created": "2026-02-20T07:40:45.101000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 779, "domain": 349, "hostname": 8 }, "indicator_count": 3399, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69943fa4a1070dc9adb7a827", "name": "LummaStealer Is Getting a Second Life Alongside CastleLoader", "description": "LummaStealer has resurfaced with increased activity, despite previous law enforcement efforts to dismantle its infrastructure in 2022. The malware, primarily targeting Windows systems, is effective at collecting sensitive data such as credentials, session cookies, and cryptocurrency wallets. It exploits social engineering techniques rather than direct software vulnerabilities, often tricking users into executing the malware through deceptive practices like fake software downloads, CAPTCHAs, and bogus game or movie offerings.\n\nCastleLoader has emerged as the primary delivery mechanism for LummaStealer, utilizing methods such as in-memory execution and heavy obfuscation to avoid detection. This script-based loader, capable of being implemented in languages like Python and AutoIt, facilitates the loading of LummaStealer into memory. It also employs an interesting tactic where it generates failed DNS queries to non-existent domains, creating a detectable pattern that can be tracked.", "modified": "2026-03-19T10:02:24.545000", "created": "2026-02-17T10:15:00.737000", "tags": [ "castleloader", "lummastealer", "lumma", "clickfix", "captcha", "lumma stealer", "autoit script", "nsis", "windows", "steam", "autoit", "discord", "rugmi", "future", "python", "exodus", "anydesk", "crack", "powershell", "insikt", "mzpe", "selfextractor", "lumma domain", "vba script", "wscript loader", "loader file", "castle loader", "lumma ip" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "CastleLoader", "display_name": "CastleLoader", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" } ], "industries": [ "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 1302, "FileHash-SHA1": 300, "FileHash-SHA256": 300, "domain": 339, "hostname": 12 }, "indicator_count": 2254, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "31 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6993d26676219322b9471772", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-19T02:19:36.978000", "created": "2026-02-17T02:28:54.170000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 777, "domain": 349, "hostname": 8 }, "indicator_count": 3397, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6993d269cbc34c7e0a0c9c03", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-19T02:19:36.978000", "created": "2026-02-17T02:28:57.393000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 777, "domain": 349, "hostname": 8 }, "indicator_count": 3397, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "698f21fd2a5a6057c5793c63", "name": "iocsssssssssssssssssssssssss", "description": "", "modified": "2026-03-15T13:34:50.742000", "created": "2026-02-13T13:07:09.248000", "tags": [ "hashmd5", "hashsha1", "hashsha256", "domain", "url https", "ip address" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 20, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 728, "domain": 348, "hostname": 8 }, "indicator_count": 3346, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "35 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Castleloader", "Lummastealer" ], "industries": [ "Financial" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "69980ffaebc222344f6a6be6", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-22T07:13:11.297000", "created": "2026-02-20T07:40:42.022000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 779, "domain": 349, "hostname": 8 }, "indicator_count": 3399, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69980ffdaedd34bd0fe0eb0c", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-22T07:13:11.297000", "created": "2026-02-20T07:40:45.101000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 779, "domain": 349, "hostname": 8 }, "indicator_count": 3399, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69943fa4a1070dc9adb7a827", "name": "LummaStealer Is Getting a Second Life Alongside CastleLoader", "description": "LummaStealer has resurfaced with increased activity, despite previous law enforcement efforts to dismantle its infrastructure in 2022. The malware, primarily targeting Windows systems, is effective at collecting sensitive data such as credentials, session cookies, and cryptocurrency wallets. It exploits social engineering techniques rather than direct software vulnerabilities, often tricking users into executing the malware through deceptive practices like fake software downloads, CAPTCHAs, and bogus game or movie offerings.\n\nCastleLoader has emerged as the primary delivery mechanism for LummaStealer, utilizing methods such as in-memory execution and heavy obfuscation to avoid detection. This script-based loader, capable of being implemented in languages like Python and AutoIt, facilitates the loading of LummaStealer into memory. It also employs an interesting tactic where it generates failed DNS queries to non-existent domains, creating a detectable pattern that can be tracked.", "modified": "2026-03-19T10:02:24.545000", "created": "2026-02-17T10:15:00.737000", "tags": [ "castleloader", "lummastealer", "lumma", "clickfix", "captcha", "lumma stealer", "autoit script", "nsis", "windows", "steam", "autoit", "discord", "rugmi", "future", "python", "exodus", "anydesk", "crack", "powershell", "insikt", "mzpe", "selfextractor", "lumma domain", "vba script", "wscript loader", "loader file", "castle loader", "lumma ip" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LummaStealer", "display_name": "LummaStealer", "target": null }, { "id": "CastleLoader", "display_name": "CastleLoader", "target": null } ], "attack_ids": [ { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1030", "name": "Data Transfer Size Limits", "display_name": "T1030 - Data Transfer Size Limits" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1137", "name": "Office Application Startup", "display_name": "T1137 - Office Application Startup" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" } ], "industries": [ "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1, "FileHash-MD5": 1302, "FileHash-SHA1": 300, "FileHash-SHA256": 300, "domain": 339, "hostname": 12 }, "indicator_count": 2254, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "31 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6993d26676219322b9471772", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-19T02:19:36.978000", "created": "2026-02-17T02:28:54.170000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 777, "domain": 349, "hostname": 8 }, "indicator_count": 3397, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6993d269cbc34c7e0a0c9c03", "name": "TI Advisory No-ESAF-SOC-TI-2026-163", "description": "", "modified": "2026-03-19T02:19:36.978000", "created": "2026-02-17T02:28:57.393000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 21, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 777, "domain": 349, "hostname": 8 }, "indicator_count": 3397, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "698f21fd2a5a6057c5793c63", "name": "iocsssssssssssssssssssssssss", "description": "", "modified": "2026-03-15T13:34:50.742000", "created": "2026-02-13T13:07:09.248000", "tags": [ "hashmd5", "hashsha1", "hashsha256", "domain", "url https", "ip address" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "SOC__critical43", "id": "361186", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 20, "FileHash-MD5": 1121, "FileHash-SHA1": 1121, "FileHash-SHA256": 728, "domain": 348, "hostname": 8 }, "indicator_count": 3346, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "35 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "selectiveupload.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "selectiveupload.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776670106.3084354 }