{ "type": "URL", "indicator": "https://jhews.xyz", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://jhews.xyz", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4352920067, "indicator": "https://jhews.xyz", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a009e2d25595b3d89057042", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.797000", "created": "2026-05-10T15:03:09.026000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 508, "domain": 139, "hostname": 317, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1642, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2c69cc5c3b5aa7185e", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.327000", "created": "2026-05-10T15:03:08.205000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 512, "domain": 141, "hostname": 323, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1655 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/jhews.xyz", "whois": "http://whois.domaintools.com/jhews.xyz", "domain": "jhews.xyz", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a009e2d25595b3d89057042", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.797000", "created": "2026-05-10T15:03:09.026000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 508, "domain": 139, "hostname": 317, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1642, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2c69cc5c3b5aa7185e", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.327000", "created": "2026-05-10T15:03:08.205000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 512, "domain": 141, "hostname": 323, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://jhews.xyz", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://jhews.xyz", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780224977.5420477 }