{
  "type": "Domain",
  "indicator": "shoolman.ca",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/shoolman.ca",
    "alexa": "http://www.alexa.com/siteinfo/shoolman.ca",
    "indicator": "shoolman.ca",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 2603115075,
      "indicator": "shoolman.ca",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "5f5120c23b86bf1880a2ba7c",
          "name": "Salfram: malicious documents hosted on legitimate file-sharing platforms",
          "description": "\"Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.\"",
          "modified": "2020-10-03T00:03:45.161000",
          "created": "2020-09-03T16:58:42.847000",
          "tags": [
            "maldoc",
            "Gozi ISFB",
            "ZLoader",
            "SmokeLoader",
            "AveMaria"
          ],
          "references": [
            "https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 119,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "AlienVault",
            "id": "2",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
            "is_subscribed": true,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 95,
            "FileHash-SHA256": 164,
            "hostname": 14,
            "FileHash-MD5": 99,
            "FileHash-SHA1": 99
          },
          "indicator_count": 471,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 386576,
          "modified_text": "2066 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "5f5120c23b86bf1880a2ba7c",
      "name": "Salfram: malicious documents hosted on legitimate file-sharing platforms",
      "description": "\"Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.\"",
      "modified": "2020-10-03T00:03:45.161000",
      "created": "2020-09-03T16:58:42.847000",
      "tags": [
        "maldoc",
        "Gozi ISFB",
        "ZLoader",
        "SmokeLoader",
        "AveMaria"
      ],
      "references": [
        "https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 119,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "AlienVault",
        "id": "2",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
        "is_subscribed": true,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 95,
        "FileHash-SHA256": 164,
        "hostname": 14,
        "FileHash-MD5": 99,
        "FileHash-SHA1": 99
      },
      "indicator_count": 471,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 386576,
      "modified_text": "2066 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "shoolman.ca",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "shoolman.ca",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780258969.3615193
}