{ "type": "Domain", "indicator": "users-facebook.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/users-facebook.com", "alexa": "http://www.alexa.com/siteinfo/users-facebook.com", "indicator": "users-facebook.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 208999955, "indicator": "users-facebook.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "5c9bb407e5a06b014da016e3", "name": "Microsoft uses court order to shut down APT35 websites", "description": "Microsoft has used a court order to wrest control of 99 websites from suspected Iranian hackers that were using them to conduct cyberattacks, court documents unsealed Wednesday show.\n\nThe tech giant last week took down websites that were \u201ccore to [the] operations\u201d of an Iranian hacking group known as APT35 or Phosphorus, Tom Burt, a Microsoft vice president, wrote in a blog post.\n\nAPT35, also known as Charming Kitten, used spoofed websites of well-known companies, including Microsoft and Yahoo, to conduct their malicious activity, he said. But the court order will force the group to recreate some of that infrastructure.", "modified": "2019-10-02T15:33:20.427000", "created": "2019-03-27T17:33:59.004000", "tags": [ "iran", "APT25" ], "references": [ "https://www.cyberscoop.com/microsoft-uses-court-order-shut-apt-linked-websites/" ], "public": 1, "adversary": "Charming Kitten", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 136, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 36, "FileHash-SHA256": 2, "URL": 124, "domain": 140, "FileHash-MD5": 2 }, "indicator_count": 304, "is_author": false, "is_subscribing": null, "subscriber_count": 386688, "modified_text": "2433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5a26d621cdfd16043af60a9a", "name": "Iranian cyber espionage against HBO, human rights activists, academic researchers and media outlets", "description": "Charming Kitten is an Iranian cyberespionage group operating since approximately 2014. This report exposes\ntheir vast espionage apparatus, active during 2016-2017. We present incidents of company impersonation,\nmade up organizations and individuals, spear phishing and watering hole attacks. We analyze their\nexploitation, delivery, and command-and-control infrastructure, and expose DownPaper, a malware\ndeveloped by the attackers, which has not been publicly documented to date.", "modified": "2017-12-05T17:23:45.194000", "created": "2017-12-05T17:23:45.194000", "tags": [ "rocket kitten", "Turk Black Hat", "irgc", "iran" ], "references": [ "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "public": 1, "adversary": "Charming Kitten", "targeted_countries": [ "Israel" ], "malware_families": [], "attack_ids": [], "industries": [ "Media", "NGO", "Human Rights", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 87, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 28, "domain": 219, "FileHash-SHA256": 6, "URL": 4, "hostname": 216, "FileHash-MD5": 45, "FileHash-SHA1": 8 }, "indicator_count": 526, "is_author": false, "is_subscribing": null, "subscriber_count": 386729, "modified_text": "3099 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68650f1136a4ca758ba1611a", "name": "Iranian APT actor-APT35 pt2", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:50:57.084000", "tags": [], "references": [ "APT35 pt2.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "domain": 331, "email": 5, "hostname": 412 }, "indicator_count": 760, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686510765c13a0e97e20cb9c", "name": "Iranian APT actor-APT35 pt3", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:56:54.075000", "tags": [], "references": [ "APT35 pt3.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 103, "FileHash-SHA256": 106, "CVE": 6, "domain": 337, "email": 4, "hostname": 229 }, "indicator_count": 909, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62da2a443f27d56616b9a530", "name": "Charming Kitten", "description": "A report by ClearSky Cyber Security, 2017, exposes a vast Iranian cyberespionage apparatus, which targets human rights activists, academic researchers and media outlets, and exposes the connection between an Iranian national recently indicted for hacking HBO.", "modified": "2022-08-20T00:02:32.698000", "created": "2022-07-22T04:40:36.129000", "tags": [ "downpaper", "magichound.retriever", "rocket kitten", "flying kitten" ], "references": [ "https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "public": 1, "adversary": "Rocket Kitten", "targeted_countries": [ "Saudi Arabia", "Denmark", "India", "United Arab Emirates", "Switzerland", "Germany", "France", "Turkey", "Israel", "United States of America", "Iran, Islamic Republic of" ], "malware_families": [ { "id": "DownPaper", "display_name": "DownPaper", "target": null }, { "id": "MAGICHOUND.RETRIEVER", "display_name": "MAGICHOUND.RETRIEVER", "target": null } ], "attack_ids": [ { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" } ], "industries": [ "Technology", "Government", "Energy", "Journalists", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 45, "FileHash-SHA256": 45, "URL": 9, "domain": 313, "email": 5, "hostname": 224 }, "indicator_count": 686, "is_author": false, "is_subscribing": null, "subscriber_count": 280, "modified_text": "1381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.cyberscoop.com/microsoft-uses-court-order-shut-apt-linked-websites/", "APT35 pt2.pdf", "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", "https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf", "APT35 pt3.pdf" ], "related": { "alienvault": { "adversary": [ "Charming Kitten" ], "malware_families": [], "industries": [ "Media", "Education", "Ngo", "Human rights" ] }, "other": { "adversary": [ "Rocket Kitten", "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage" ], "malware_families": [ "Downpaper", "Magichound.retriever" ], "industries": [ "Defense", "Energy", "Technology", "Media", "Government", "Industrial", "Journalists" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "5c9bb407e5a06b014da016e3", "name": "Microsoft uses court order to shut down APT35 websites", "description": "Microsoft has used a court order to wrest control of 99 websites from suspected Iranian hackers that were using them to conduct cyberattacks, court documents unsealed Wednesday show.\n\nThe tech giant last week took down websites that were \u201ccore to [the] operations\u201d of an Iranian hacking group known as APT35 or Phosphorus, Tom Burt, a Microsoft vice president, wrote in a blog post.\n\nAPT35, also known as Charming Kitten, used spoofed websites of well-known companies, including Microsoft and Yahoo, to conduct their malicious activity, he said. But the court order will force the group to recreate some of that infrastructure.", "modified": "2019-10-02T15:33:20.427000", "created": "2019-03-27T17:33:59.004000", "tags": [ "iran", "APT25" ], "references": [ "https://www.cyberscoop.com/microsoft-uses-court-order-shut-apt-linked-websites/" ], "public": 1, "adversary": "Charming Kitten", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 136, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "hostname": 36, "FileHash-SHA256": 2, "URL": 124, "domain": 140, "FileHash-MD5": 2 }, "indicator_count": 304, "is_author": false, "is_subscribing": null, "subscriber_count": 386688, "modified_text": "2433 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "5a26d621cdfd16043af60a9a", "name": "Iranian cyber espionage against HBO, human rights activists, academic researchers and media outlets", "description": "Charming Kitten is an Iranian cyberespionage group operating since approximately 2014. This report exposes\ntheir vast espionage apparatus, active during 2016-2017. We present incidents of company impersonation,\nmade up organizations and individuals, spear phishing and watering hole attacks. We analyze their\nexploitation, delivery, and command-and-control infrastructure, and expose DownPaper, a malware\ndeveloped by the attackers, which has not been publicly documented to date.", "modified": "2017-12-05T17:23:45.194000", "created": "2017-12-05T17:23:45.194000", "tags": [ "rocket kitten", "Turk Black Hat", "irgc", "iran" ], "references": [ "http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "public": 1, "adversary": "Charming Kitten", "targeted_countries": [ "Israel" ], "malware_families": [], "attack_ids": [], "industries": [ "Media", "NGO", "Human Rights", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 87, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "email": 28, "domain": 219, "FileHash-SHA256": 6, "URL": 4, "hostname": 216, "FileHash-MD5": 45, "FileHash-SHA1": 8 }, "indicator_count": 526, "is_author": false, "is_subscribing": null, "subscriber_count": 386729, "modified_text": "3099 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63456c2a30b92337ea1670e0", "name": "IOC Records Provided by @NextRayAI", "description": "This IOC report provided and daily updated by NextRay AI Detection & Response Inc.", "modified": "2026-06-01T00:38:49.108000", "created": "2022-10-11T13:14:18.676000", "tags": [ "Nextray", "cyber security", "ioc", "phishing", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Turkey", "Ukraine", "Romania", "Czechia", "United Kingdom of Great Britain and Northern Ireland", "Norway", "Lithuania", "Estonia", "Latvia", "Poland", "Germany", "Canada", "France", "Denmark" ], "malware_families": [], "attack_ids": [], "industries": [ "Defense", "Industrial", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 1330, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "NextRay-AI", "id": "210822", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_210822/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 498917, "IPv4": 64327, "IPv6": 459, "hostname": 59385, "URL": 166783, "CIDR": 5266, "FileHash-MD5": 29699, "FileHash-SHA256": 50449, "CVE": 348, "email": 914, "Mutex": 49, "FileHash-SHA1": 3453, "FilePath": 34 }, "indicator_count": 880083, "is_author": false, "is_subscribing": null, "subscriber_count": 300, "modified_text": "4 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68650f1136a4ca758ba1611a", "name": "Iranian APT actor-APT35 pt2", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:50:57.084000", "tags": [], "references": [ "APT35 pt2.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "domain": 331, "email": 5, "hostname": 412 }, "indicator_count": 760, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "686510765c13a0e97e20cb9c", "name": "Iranian APT actor-APT35 pt3", "description": "", "modified": "2025-08-01T10:03:06.225000", "created": "2025-07-02T10:56:54.075000", "tags": [], "references": [ "APT35 pt3.pdf" ], "public": 1, "adversary": "APT35, Charming Kitten, Mint Sandstorm, Cobalt Mirage", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 103, "FileHash-SHA256": 106, "CVE": 6, "domain": 337, "email": 4, "hostname": 229 }, "indicator_count": 909, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "303 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62da2a443f27d56616b9a530", "name": "Charming Kitten", "description": "A report by ClearSky Cyber Security, 2017, exposes a vast Iranian cyberespionage apparatus, which targets human rights activists, academic researchers and media outlets, and exposes the connection between an Iranian national recently indicted for hacking HBO.", "modified": "2022-08-20T00:02:32.698000", "created": "2022-07-22T04:40:36.129000", "tags": [ "downpaper", "magichound.retriever", "rocket kitten", "flying kitten" ], "references": [ "https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf" ], "public": 1, "adversary": "Rocket Kitten", "targeted_countries": [ "Saudi Arabia", "Denmark", "India", "United Arab Emirates", "Switzerland", "Germany", "France", "Turkey", "Israel", "United States of America", "Iran, Islamic Republic of" ], "malware_families": [ { "id": "DownPaper", "display_name": "DownPaper", "target": null }, { "id": "MAGICHOUND.RETRIEVER", "display_name": "MAGICHOUND.RETRIEVER", "target": null } ], "attack_ids": [ { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" } ], "industries": [ "Technology", "Government", "Energy", "Journalists", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 45, "FileHash-SHA256": 45, "URL": 9, "domain": 313, "email": 5, "hostname": 224 }, "indicator_count": 686, "is_author": false, "is_subscribing": null, "subscriber_count": 280, "modified_text": "1381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "users-facebook.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "users-facebook.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780292098.5189414 }