{
  "type": "URL",
  "indicator": "https://account.civicplus.com",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://account.civicplus.com",
    "type": "url",
    "type_title": "URL",
    "validation": [
      {
        "source": "whitelist",
        "message": "Whitelisted domain civicplus.com",
        "name": "Whitelisted domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain civicplus.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 3163753763,
      "indicator": "https://account.civicplus.com",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 17,
      "pulses": [
        {
          "id": "699bf39a4b96d1d4236cf91f",
          "name": "Suspicious PDF Analysis+Behavioral Summary",
          "description": "Analysis of network and process logs indicates an attempt to undermine the system\u2019s Root of Trust by manipulating certificate validation files. The attacker is likely using Man-in-the-Middle techniques to force the system to accept revoked or fraudulent certificates. Additionally, suspicious activity within Adobe processes suggests that software update mechanisms are being hijacked to execute malicious code. Immediate isolation is required to prevent the installation of unauthorized software or the interception of encrypted data.",
          "modified": "2026-05-15T17:51:27.499000",
          "created": "2026-02-23T06:28:42.282000",
          "tags": [
            ""
          ],
          "references": [
            "",
            "TLP: AMBER"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            ""
          ],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": true,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 1892,
            "FileHash-SHA256": 9944,
            "FileHash-MD5": 1802,
            "URL": 225,
            "hostname": 445,
            "domain": 284,
            "CVE": 91,
            "SSLCertFingerprint": 2,
            "email": 14,
            "CIDR": 5
          },
          "indicator_count": 14704,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 70,
          "modified_text": "16 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dde8e68ac7a2840b6bdd2c",
          "name": "certs validating exp",
          "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
          "modified": "2026-05-14T07:02:49.006000",
          "created": "2026-04-14T07:12:38.854000",
          "tags": [
            "united",
            "a domains",
            "function",
            "javascript type",
            "script endif",
            "megamenutext",
            "script script",
            "link",
            "passive dns",
            "ip address",
            "date",
            "body",
            "config",
            "window",
            "title",
            "target",
            "encrypt"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 1,
            "URL": 55,
            "domain": 27,
            "hostname": 23
          },
          "indicator_count": 106,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "17 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dde8e68ac7a2840b6bdd2b",
          "name": "certs validating exp",
          "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
          "modified": "2026-05-14T07:02:49.006000",
          "created": "2026-04-14T07:12:38.474000",
          "tags": [
            "united",
            "a domains",
            "function",
            "javascript type",
            "script endif",
            "megamenutext",
            "script script",
            "link",
            "passive dns",
            "ip address",
            "date",
            "body",
            "config",
            "window",
            "title",
            "target",
            "encrypt"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 1,
            "URL": 56,
            "domain": 27,
            "hostname": 23
          },
          "indicator_count": 107,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "17 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dde8e61e9d84a49e7404e9",
          "name": "certs validating exp",
          "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
          "modified": "2026-05-14T07:02:49.006000",
          "created": "2026-04-14T07:12:38.096000",
          "tags": [
            "united",
            "a domains",
            "function",
            "javascript type",
            "script endif",
            "megamenutext",
            "script script",
            "link",
            "passive dns",
            "ip address",
            "date",
            "body",
            "config",
            "window",
            "title",
            "target",
            "encrypt"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 4,
            "URL": 206,
            "domain": 96,
            "hostname": 107
          },
          "indicator_count": 413,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "17 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dde8e5a8942bd5ac1fbcee",
          "name": "certs validating exp",
          "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
          "modified": "2026-05-14T07:02:49.006000",
          "created": "2026-04-14T07:12:37.635000",
          "tags": [
            "united",
            "a domains",
            "function",
            "javascript type",
            "script endif",
            "megamenutext",
            "script script",
            "link",
            "passive dns",
            "ip address",
            "date",
            "body",
            "config",
            "window",
            "title",
            "target",
            "encrypt"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 3,
            "URL": 58,
            "domain": 29,
            "hostname": 24,
            "YARA": 1,
            "FileHash-MD5": 2,
            "FileHash-SHA256": 2
          },
          "indicator_count": 119,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "17 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cec51dd4caf951207fb1a8",
          "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
          "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
          "modified": "2026-05-02T19:36:13.629000",
          "created": "2026-04-02T19:35:57.845000",
          "tags": [
            "file type",
            "chrome cache",
            "entry",
            "cache entry",
            "jpeg image",
            "jfif",
            "png image",
            "ascii text",
            "json",
            "united",
            "malicious",
            "code",
            "persistence",
            "phishing",
            "next",
            "10px",
            "ad code",
            "please",
            "antiddos",
            "firewall",
            "helvetica",
            "noscript",
            "request",
            "doctype html",
            "ieedge",
            "title",
            "body",
            "span",
            "android",
            "gmt p3p",
            "idc dsp",
            "cor adm",
            "devi taii",
            "psa psd",
            "ivai ivdi",
            "coni his",
            "our ind",
            "data",
            "contenttype",
            "performs dns",
            "https",
            "mitre attack",
            "network info",
            "processes extra",
            "html page",
            "t1055 process",
            "layer protocol",
            "overview",
            "overview zenbox"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 281,
            "URL": 91,
            "FileHash-MD5": 9,
            "FileHash-SHA1": 8,
            "domain": 8,
            "hostname": 102
          },
          "indicator_count": 499,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "29 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cec51dc2c14c906bce0b67",
          "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
          "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
          "modified": "2026-05-02T19:36:13.629000",
          "created": "2026-04-02T19:35:57.899000",
          "tags": [
            "file type",
            "chrome cache",
            "entry",
            "cache entry",
            "jpeg image",
            "jfif",
            "png image",
            "ascii text",
            "json",
            "united",
            "malicious",
            "code",
            "persistence",
            "phishing",
            "next",
            "10px",
            "ad code",
            "please",
            "antiddos",
            "firewall",
            "helvetica",
            "noscript",
            "request",
            "doctype html",
            "ieedge",
            "title",
            "body",
            "span",
            "android",
            "gmt p3p",
            "idc dsp",
            "cor adm",
            "devi taii",
            "psa psd",
            "ivai ivdi",
            "coni his",
            "our ind",
            "data",
            "contenttype",
            "performs dns",
            "https",
            "mitre attack",
            "network info",
            "processes extra",
            "html page",
            "t1055 process",
            "layer protocol",
            "overview",
            "overview zenbox"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 281,
            "URL": 91,
            "FileHash-MD5": 9,
            "FileHash-SHA1": 8,
            "domain": 8,
            "hostname": 102
          },
          "indicator_count": 499,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "29 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cec51c08c81128a8e46bd9",
          "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
          "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
          "modified": "2026-05-02T19:36:13.629000",
          "created": "2026-04-02T19:35:56.216000",
          "tags": [
            "file type",
            "chrome cache",
            "entry",
            "cache entry",
            "jpeg image",
            "jfif",
            "png image",
            "ascii text",
            "json",
            "united",
            "malicious",
            "code",
            "persistence",
            "phishing",
            "next",
            "10px",
            "ad code",
            "please",
            "antiddos",
            "firewall",
            "helvetica",
            "noscript",
            "request",
            "doctype html",
            "ieedge",
            "title",
            "body",
            "span",
            "android",
            "gmt p3p",
            "idc dsp",
            "cor adm",
            "devi taii",
            "psa psd",
            "ivai ivdi",
            "coni his",
            "our ind",
            "data",
            "contenttype",
            "performs dns",
            "https",
            "mitre attack",
            "network info",
            "processes extra",
            "html page",
            "t1055 process",
            "layer protocol",
            "overview",
            "overview zenbox"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
            "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 281,
            "URL": 91,
            "FileHash-MD5": 9,
            "FileHash-SHA1": 8,
            "domain": 8,
            "hostname": 102
          },
          "indicator_count": 499,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "29 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c9f04fda51a74fa94942e5",
          "name": "US Bases 202 google drop to icloud infostealer/wiper",
          "description": "A complete analysis of Pulse, a collection of user-created Pulses, has been published on the website of Inomanliner.net. and it is not possible to access the full archive.",
          "modified": "2026-04-29T03:09:49.528000",
          "created": "2026-03-30T03:38:55.602000",
          "tags": [
            "pulse pulses",
            "http",
            "passive dns",
            "urls",
            "files related",
            "pulses otx",
            "pulses",
            "related tags",
            "acrstealer",
            "clearfake",
            "zip archive",
            "php script",
            "ascii text"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 367,
            "domain": 60,
            "FileHash-SHA256": 166,
            "FileHash-MD5": 8,
            "FileHash-SHA1": 4,
            "hostname": 53,
            "SSLCertFingerprint": 4,
            "email": 1
          },
          "indicator_count": 663,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "32 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c38daf71dc209ac52c5160",
          "name": "Snakebyte  Parallels Panel 46a40bd64233b1838740a5d8e7dc68a363125537",
          "description": "A complete list of names, locations and details for a new website:.com, a group of companies, groups, organisations, and a third of the world's largest web service, known as Whois.<<<pretext \nParallels Panel\nhttps://www.virustotal.com/gui/file/7869ad003b36bae2c02ff5a57727211b842de3fd0a84b3a0d94beb6466548ccb/behavior\n46a40bd64233b1838740a5d8e7dc68a363125537\nRegistrant Organization: 87276c494833bf00\nRegistrant Name: 1f8f4166599d23ee\nAdmin Organization: REDACTED FOR PRIVACY\nRegistrar Registration Expiration Date: 2023-03-30T08:31:23.932Z\nRegistry Domain ID: 811ba92d31e04ce8b49661f66bfb43bc-DONUTS | 811ba92d31e04ce8b49661f66bfb43bc-donuts\nTech Organization: REDACTED FOR PRIVACY\nRegistrar IANA ID: 83\nDNSSEC: Unsigned | unsigned\nCreation Date: 2022-03-30T08:31:23.932Z | 2022-03-30T08:31:23Z\nUpdated Date: 2022-03-30T08:31:26.098Z | 2022-03-30T08:31:26Z",
          "modified": "2026-04-24T08:06:37.823000",
          "created": "2026-03-25T07:24:31.790000",
          "tags": [
            "as8560",
            "a domains",
            "germany unknown",
            "date",
            "status",
            "passive dns",
            "ip address",
            "creation date",
            "for privacy",
            "name servers",
            "body",
            "apache",
            "accept",
            "redacted for",
            "privacy tech",
            "postal code",
            "email",
            "privacy admin",
            "stateprovince",
            "server",
            "registrar abuse",
            "code",
            "admin country",
            "unsigned-DNSSEC",
            "Snakebyte",
            "donuts",
            "us",
            "key logger",
            "parrallels-panel",
            "MA"
          ],
          "references": [
            ""
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Infra",
            "",
            "Telecommunications",
            "Government"
          ],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 1991,
            "domain": 840,
            "email": 49,
            "hostname": 625,
            "FileHash-SHA256": 1437,
            "FileHash-SHA1": 43,
            "FileHash-MD5": 283
          },
          "indicator_count": 5268,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "37 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c1fc5f5341c3688a2fde14",
          "name": "CVE-2020-0796 CREATION DATE: Mar. 12, 2020, 4:15 PM",
          "description": "The vulnerability identified by mudoSO is a security hole that could be exploited by anyone who has access to the system, but who cannot access it, and who may not be aware of it.",
          "modified": "2026-04-23T05:24:28.093000",
          "created": "2026-03-24T02:52:15.605000",
          "tags": [
            "scoring system",
            "epss",
            "creation date",
            "pm last",
            "modified date",
            "pm exploit",
            "threat actors",
            "salt typhoon",
            "alignment",
            "dun industries"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CVE": 20,
            "domain": 65,
            "URL": 381,
            "FileHash-MD5": 186,
            "FileHash-SHA1": 204,
            "FileHash-SHA256": 713,
            "hostname": 257,
            "email": 5,
            "SSLCertFingerprint": 2
          },
          "indicator_count": 1833,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "38 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69a9c35548c480bb6e797c02",
          "name": "acdf0355a4d8db8075002c982e6c30a2149ae2a4762e157d08e977be36ef24b0",
          "description": "",
          "modified": "2026-04-04T17:31:40.283000",
          "created": "2026-03-05T17:54:29.653000",
          "tags": [
            "utf8 unicode",
            "english text"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 70,
            "FileHash-SHA1": 70,
            "FileHash-SHA256": 283,
            "URL": 154,
            "domain": 222,
            "email": 4,
            "hostname": 99
          },
          "indicator_count": 902,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "57 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6998d15c75b59044877602c1",
          "name": "Corrupt.... Files",
          "description": "beaware",
          "modified": "2026-04-01T00:44:45.494000",
          "created": "2026-02-20T21:25:48.559000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 706,
            "FileHash-SHA1": 859,
            "FileHash-SHA256": 1480,
            "URL": 743,
            "domain": 1565,
            "email": 55,
            "hostname": 912,
            "CVE": 54,
            "CIDR": 27
          },
          "indicator_count": 6401,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "60 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "65707fe17dfdfe16066d16de",
          "name": "Bexar.org",
          "description": "",
          "modified": "2023-12-06T14:06:25.800000",
          "created": "2023-12-06T14:06:25.800000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 1735,
            "hostname": 1833,
            "domain": 1025,
            "URL": 4668,
            "email": 4,
            "FileHash-MD5": 133,
            "FileHash-SHA1": 6,
            "CIDR": 5
          },
          "indicator_count": 9409,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 110,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "621fff12d2c54f70fea90576",
          "name": "Bexar.org",
          "description": "",
          "modified": "2022-04-01T00:01:54.852000",
          "created": "2022-03-02T23:34:42.531000",
          "tags": [],
          "references": [
            "www.bexar.org - urlscan.io.pdf",
            "bexar api 4.pdf",
            "bexar api 8.pdf",
            "bexar 6.pdf",
            "bexar api 2.pdf",
            "bexar api 7.pdf",
            "bexar api 3.pdf",
            "bexar api 9.pdf",
            "bexar api 12.pdf",
            "bexar api 17.pdf",
            "bexar api 15.pdf",
            "bexar api 18.pdf",
            "bexar api 10.pdf",
            "bexar api 19.pdf",
            "bexar api 20.pdf",
            "bexar api 13.pdf",
            "bexar api 21.pdf",
            "bexar api 14.pdf",
            "bexar api 22.pdf",
            "bexar1.pdf",
            "bexar api5.pdf",
            "bexar2.pdf",
            "bexar3.pdf",
            "bexar.org 3.2.22.pdf",
            "bexar6.pdf",
            "bexar5.pdf",
            "bexar api_1.pdf",
            "bexar10.pdf",
            "bexar api.pdf",
            "bexar_v1df.pdf",
            "bexarv4df.pdf",
            "bexarv2df.pdf",
            "bexarv6df.pdf",
            "bexasv3df.pdf",
            "bexarv7df.pdf",
            "bear_v apidf.pdf"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Government"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 7,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 1833,
            "URL": 4669,
            "domain": 1025,
            "FileHash-SHA256": 1735,
            "email": 4,
            "FileHash-MD5": 133,
            "FileHash-SHA1": 6,
            "CIDR": 5
          },
          "indicator_count": 9410,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 406,
          "modified_text": "1521 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "62214789815329b562a3f785",
          "name": "https://www.hidalgocounty.us/161/County",
          "description": "",
          "modified": "2022-03-03T22:56:09.152000",
          "created": "2022-03-03T22:56:09.152000",
          "tags": [
            "data",
            "object",
            "clerks office",
            "response code",
            "gmt contenttype",
            "idc dsp",
            "cor adm",
            "devi taii",
            "psa psd",
            "ivai ivdi",
            "body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 10,
            "hostname": 5,
            "domain": 1,
            "URL": 6
          },
          "indicator_count": 22,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 405,
          "modified_text": "1549 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "622115003db2fd8e61639629",
          "name": "https://www.hidalgocounty.us/DocumentCenter/View/37165/Second",
          "description": "",
          "modified": "2022-03-03T19:20:32.969000",
          "created": "2022-03-03T19:20:32.969000",
          "tags": [
            "data",
            "cpismobilefalse",
            "object",
            "a public",
            "faqs",
            "april",
            "server response",
            "response code",
            "miss vary",
            "gmt p3p",
            "body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 10,
            "hostname": 5,
            "domain": 1,
            "URL": 6,
            "FileHash-MD5": 1
          },
          "indicator_count": 23,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 405,
          "modified_text": "1550 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "",
        "bexar api 2.pdf",
        "bear_v apidf.pdf",
        "bexar5.pdf",
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
        "bexar3.pdf",
        "bexar10.pdf",
        "bexar1.pdf",
        "bexar api 21.pdf",
        "bexar api 9.pdf",
        "bexar api5.pdf",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe",
        "bexar6.pdf",
        "bexar_v1df.pdf",
        "bexar api 12.pdf",
        "bexar api 14.pdf",
        "bexar api 10.pdf",
        "bexar api 15.pdf",
        "bexar api 3.pdf",
        "bexar api_1.pdf",
        "bexar api 20.pdf",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
        "bexar api 7.pdf",
        "bexar api 17.pdf",
        "bexar api 22.pdf",
        "TLP: AMBER",
        "www.bexar.org - urlscan.io.pdf",
        "bexarv2df.pdf",
        "bexar api 8.pdf",
        "bexasv3df.pdf",
        "bexar api 13.pdf",
        "bexar.org 3.2.22.pdf",
        "bexarv4df.pdf",
        "bexarv7df.pdf",
        "bexar2.pdf",
        "bexar api 19.pdf",
        "bexar api 18.pdf",
        "bexar api.pdf",
        "bexarv6df.pdf",
        "bexar api 4.pdf",
        "bexar 6.pdf"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "",
            "Infra",
            "Telecommunications",
            "Government"
          ],
          "unique_indicators": 26861
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/civicplus.com",
    "whois": "http://whois.domaintools.com/civicplus.com",
    "domain": "civicplus.com",
    "hostname": "account.civicplus.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 17,
  "pulses": [
    {
      "id": "699bf39a4b96d1d4236cf91f",
      "name": "Suspicious PDF Analysis+Behavioral Summary",
      "description": "Analysis of network and process logs indicates an attempt to undermine the system\u2019s Root of Trust by manipulating certificate validation files. The attacker is likely using Man-in-the-Middle techniques to force the system to accept revoked or fraudulent certificates. Additionally, suspicious activity within Adobe processes suggests that software update mechanisms are being hijacked to execute malicious code. Immediate isolation is required to prevent the installation of unauthorized software or the interception of encrypted data.",
      "modified": "2026-05-15T17:51:27.499000",
      "created": "2026-02-23T06:28:42.282000",
      "tags": [
        ""
      ],
      "references": [
        "",
        "TLP: AMBER"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        ""
      ],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": true,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 1892,
        "FileHash-SHA256": 9944,
        "FileHash-MD5": 1802,
        "URL": 225,
        "hostname": 445,
        "domain": 284,
        "CVE": 91,
        "SSLCertFingerprint": 2,
        "email": 14,
        "CIDR": 5
      },
      "indicator_count": 14704,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 70,
      "modified_text": "16 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dde8e68ac7a2840b6bdd2c",
      "name": "certs validating exp",
      "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
      "modified": "2026-05-14T07:02:49.006000",
      "created": "2026-04-14T07:12:38.854000",
      "tags": [
        "united",
        "a domains",
        "function",
        "javascript type",
        "script endif",
        "megamenutext",
        "script script",
        "link",
        "passive dns",
        "ip address",
        "date",
        "body",
        "config",
        "window",
        "title",
        "target",
        "encrypt"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 1,
        "URL": 55,
        "domain": 27,
        "hostname": 23
      },
      "indicator_count": 106,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "17 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dde8e68ac7a2840b6bdd2b",
      "name": "certs validating exp",
      "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
      "modified": "2026-05-14T07:02:49.006000",
      "created": "2026-04-14T07:12:38.474000",
      "tags": [
        "united",
        "a domains",
        "function",
        "javascript type",
        "script endif",
        "megamenutext",
        "script script",
        "link",
        "passive dns",
        "ip address",
        "date",
        "body",
        "config",
        "window",
        "title",
        "target",
        "encrypt"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 1,
        "URL": 56,
        "domain": 27,
        "hostname": 23
      },
      "indicator_count": 107,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "17 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dde8e61e9d84a49e7404e9",
      "name": "certs validating exp",
      "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
      "modified": "2026-05-14T07:02:49.006000",
      "created": "2026-04-14T07:12:38.096000",
      "tags": [
        "united",
        "a domains",
        "function",
        "javascript type",
        "script endif",
        "megamenutext",
        "script script",
        "link",
        "passive dns",
        "ip address",
        "date",
        "body",
        "config",
        "window",
        "title",
        "target",
        "encrypt"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 4,
        "URL": 206,
        "domain": 96,
        "hostname": 107
      },
      "indicator_count": 413,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "17 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dde8e5a8942bd5ac1fbcee",
      "name": "certs validating exp",
      "description": "date: Wed 13 Aug 2025 18:27:37 GMT\n443 Certificate Issuer\tUS\n443 Certificate Issuer\tLet's Encrypt\n443 Certificate Issuer\tR11\n443 Certificate Version\t3\n443 Certificate Serialnumber\t06E70A00F1A7ECC718E549DFC033670782FD\n443 Certificate Notbefore\tJun 27 22:43:23 2025 GMT\n443 Certificate Notafter\tSep 25 22:43:22 2025 GMT\n443 Certificate Subjectaltname\tfirestoneco.gov\n443 Certificate Caissuers\thttp://r11.i.lencr.org/\n443 Certificate Crldistributionpoints\thttp://r11.c.lencr.org/126.crl\n443 Certificate Sha1\t947ab069c85d001d60febdc3c2205bbb75ad7c0b>>>>",
      "modified": "2026-05-14T07:02:49.006000",
      "created": "2026-04-14T07:12:37.635000",
      "tags": [
        "united",
        "a domains",
        "function",
        "javascript type",
        "script endif",
        "megamenutext",
        "script script",
        "link",
        "passive dns",
        "ip address",
        "date",
        "body",
        "config",
        "window",
        "title",
        "target",
        "encrypt"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 3,
        "URL": 58,
        "domain": 29,
        "hostname": 24,
        "YARA": 1,
        "FileHash-MD5": 2,
        "FileHash-SHA256": 2
      },
      "indicator_count": 119,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "17 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cec51dd4caf951207fb1a8",
      "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
      "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
      "modified": "2026-05-02T19:36:13.629000",
      "created": "2026-04-02T19:35:57.845000",
      "tags": [
        "file type",
        "chrome cache",
        "entry",
        "cache entry",
        "jpeg image",
        "jfif",
        "png image",
        "ascii text",
        "json",
        "united",
        "malicious",
        "code",
        "persistence",
        "phishing",
        "next",
        "10px",
        "ad code",
        "please",
        "antiddos",
        "firewall",
        "helvetica",
        "noscript",
        "request",
        "doctype html",
        "ieedge",
        "title",
        "body",
        "span",
        "android",
        "gmt p3p",
        "idc dsp",
        "cor adm",
        "devi taii",
        "psa psd",
        "ivai ivdi",
        "coni his",
        "our ind",
        "data",
        "contenttype",
        "performs dns",
        "https",
        "mitre attack",
        "network info",
        "processes extra",
        "html page",
        "t1055 process",
        "layer protocol",
        "overview",
        "overview zenbox"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 281,
        "URL": 91,
        "FileHash-MD5": 9,
        "FileHash-SHA1": 8,
        "domain": 8,
        "hostname": 102
      },
      "indicator_count": 499,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "29 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cec51dc2c14c906bce0b67",
      "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
      "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
      "modified": "2026-05-02T19:36:13.629000",
      "created": "2026-04-02T19:35:57.899000",
      "tags": [
        "file type",
        "chrome cache",
        "entry",
        "cache entry",
        "jpeg image",
        "jfif",
        "png image",
        "ascii text",
        "json",
        "united",
        "malicious",
        "code",
        "persistence",
        "phishing",
        "next",
        "10px",
        "ad code",
        "please",
        "antiddos",
        "firewall",
        "helvetica",
        "noscript",
        "request",
        "doctype html",
        "ieedge",
        "title",
        "body",
        "span",
        "android",
        "gmt p3p",
        "idc dsp",
        "cor adm",
        "devi taii",
        "psa psd",
        "ivai ivdi",
        "coni his",
        "our ind",
        "data",
        "contenttype",
        "performs dns",
        "https",
        "mitre attack",
        "network info",
        "processes extra",
        "html page",
        "t1055 process",
        "layer protocol",
        "overview",
        "overview zenbox"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 281,
        "URL": 91,
        "FileHash-MD5": 9,
        "FileHash-SHA1": 8,
        "domain": 8,
        "hostname": 102
      },
      "indicator_count": 499,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "29 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cec51c08c81128a8e46bd9",
      "name": "VirusTotal report\n                    for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf",
      "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.",
      "modified": "2026-05-02T19:36:13.629000",
      "created": "2026-04-02T19:35:56.216000",
      "tags": [
        "file type",
        "chrome cache",
        "entry",
        "cache entry",
        "jpeg image",
        "jfif",
        "png image",
        "ascii text",
        "json",
        "united",
        "malicious",
        "code",
        "persistence",
        "phishing",
        "next",
        "10px",
        "ad code",
        "please",
        "antiddos",
        "firewall",
        "helvetica",
        "noscript",
        "request",
        "doctype html",
        "ieedge",
        "title",
        "body",
        "span",
        "android",
        "gmt p3p",
        "idc dsp",
        "cor adm",
        "devi taii",
        "psa psd",
        "ivai ivdi",
        "coni his",
        "our ind",
        "data",
        "contenttype",
        "performs dns",
        "https",
        "mitre attack",
        "network info",
        "processes extra",
        "html page",
        "t1055 process",
        "layer protocol",
        "overview",
        "overview zenbox"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd",
        "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 281,
        "URL": 91,
        "FileHash-MD5": 9,
        "FileHash-SHA1": 8,
        "domain": 8,
        "hostname": 102
      },
      "indicator_count": 499,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "29 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c9f04fda51a74fa94942e5",
      "name": "US Bases 202 google drop to icloud infostealer/wiper",
      "description": "A complete analysis of Pulse, a collection of user-created Pulses, has been published on the website of Inomanliner.net. and it is not possible to access the full archive.",
      "modified": "2026-04-29T03:09:49.528000",
      "created": "2026-03-30T03:38:55.602000",
      "tags": [
        "pulse pulses",
        "http",
        "passive dns",
        "urls",
        "files related",
        "pulses otx",
        "pulses",
        "related tags",
        "acrstealer",
        "clearfake",
        "zip archive",
        "php script",
        "ascii text"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 367,
        "domain": 60,
        "FileHash-SHA256": 166,
        "FileHash-MD5": 8,
        "FileHash-SHA1": 4,
        "hostname": 53,
        "SSLCertFingerprint": 4,
        "email": 1
      },
      "indicator_count": 663,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "32 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c38daf71dc209ac52c5160",
      "name": "Snakebyte  Parallels Panel 46a40bd64233b1838740a5d8e7dc68a363125537",
      "description": "A complete list of names, locations and details for a new website:.com, a group of companies, groups, organisations, and a third of the world's largest web service, known as Whois.<<<pretext \nParallels Panel\nhttps://www.virustotal.com/gui/file/7869ad003b36bae2c02ff5a57727211b842de3fd0a84b3a0d94beb6466548ccb/behavior\n46a40bd64233b1838740a5d8e7dc68a363125537\nRegistrant Organization: 87276c494833bf00\nRegistrant Name: 1f8f4166599d23ee\nAdmin Organization: REDACTED FOR PRIVACY\nRegistrar Registration Expiration Date: 2023-03-30T08:31:23.932Z\nRegistry Domain ID: 811ba92d31e04ce8b49661f66bfb43bc-DONUTS | 811ba92d31e04ce8b49661f66bfb43bc-donuts\nTech Organization: REDACTED FOR PRIVACY\nRegistrar IANA ID: 83\nDNSSEC: Unsigned | unsigned\nCreation Date: 2022-03-30T08:31:23.932Z | 2022-03-30T08:31:23Z\nUpdated Date: 2022-03-30T08:31:26.098Z | 2022-03-30T08:31:26Z",
      "modified": "2026-04-24T08:06:37.823000",
      "created": "2026-03-25T07:24:31.790000",
      "tags": [
        "as8560",
        "a domains",
        "germany unknown",
        "date",
        "status",
        "passive dns",
        "ip address",
        "creation date",
        "for privacy",
        "name servers",
        "body",
        "apache",
        "accept",
        "redacted for",
        "privacy tech",
        "postal code",
        "email",
        "privacy admin",
        "stateprovince",
        "server",
        "registrar abuse",
        "code",
        "admin country",
        "unsigned-DNSSEC",
        "Snakebyte",
        "donuts",
        "us",
        "key logger",
        "parrallels-panel",
        "MA"
      ],
      "references": [
        ""
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Infra",
        "",
        "Telecommunications",
        "Government"
      ],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 1991,
        "domain": 840,
        "email": 49,
        "hostname": 625,
        "FileHash-SHA256": 1437,
        "FileHash-SHA1": 43,
        "FileHash-MD5": 283
      },
      "indicator_count": 5268,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "37 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://account.civicplus.com",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://account.civicplus.com",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780261155.3734128
}