{
  "type": "URL",
  "indicator": "https://ws01.static-verizon.com/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://ws01.static-verizon.com/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4102705261,
      "indicator": "https://ws01.static-verizon.com/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 7,
      "pulses": [
        {
          "id": "6a1172cd479d8218e859db0c",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:36:11.136000",
          "created": "2026-05-23T09:26:37.608000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 96,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 998,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cb47ba739f26d5dbd6",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:28:45.751000",
          "created": "2026-05-23T09:26:35.365000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 101,
            "hostname": 295,
            "URL": 290,
            "IPv4": 8,
            "email": 12,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 1043,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cd04ed75967ff3ffc5",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:26:37.004000",
          "created": "2026-05-23T09:26:37.004000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 95,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 997,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a1172cc0a8d5c02b90c7abf",
          "name": "Rain + Acid; Questionable Civil Rights Violations.",
          "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
          "modified": "2026-05-23T09:26:36.279000",
          "created": "2026-05-23T09:26:36.279000",
          "tags": [
            "akamai",
            "orgid",
            "akamai ref",
            "net173",
            "net1730000",
            "orgtechhandle",
            "steven jay",
            "orgname",
            "cidr",
            "noc united",
            "orgabusehandle",
            "nethandle",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus cndigicert",
            "tls rsa",
            "sha256",
            "ca1 odigicert",
            "inc validity",
            "city",
            "kam sze",
            "verisign",
            "date",
            "server",
            "data",
            "whois database",
            "whois",
            "registrar abuse",
            "repackaging",
            "registrars",
            "icann whois",
            "form",
            "email",
            "request email",
            "stateprovince",
            "whois status",
            "tech",
            "address range",
            "network name",
            "type",
            "status",
            "whois server",
            "entity akamai",
            "handle",
            "orgtechref",
            "akamai address",
            "broadway city",
            "postalcode",
            "orgtechphone",
            "label akamai",
            "arin country",
            "us continent",
            "services",
            "net192",
            "net1920000",
            "as14153",
            "as15133",
            "edgec25",
            "w jefferson",
            "blvd",
            "algorithm",
            "cus odigicert",
            "cngeotrust tls",
            "rsa ca",
            "g1 validity",
            "subject public",
            "serving ip",
            "address",
            "status code",
            "body length",
            "kb body",
            "responsibility",
            "learn",
            "citizen verizon",
            "drupal",
            "corporate",
            "utc google",
            "tag manager",
            "gtmpz6697q",
            "utc g22l6jkpfvc",
            "utc linkedin",
            "insight tag",
            "utc adobe",
            "dynamic tag",
            "sameorigin",
            "date wed",
            "miss setcookie",
            "secure",
            "httponly",
            "unix",
            "cachecontrol",
            "html info",
            "title",
            "ip address",
            "stworld",
            "stworld og",
            "uetsid",
            "sctr",
            "pinunauth",
            "awsalb",
            "udnsntcsession",
            "tdid",
            "qplatform mfapp",
            "adrollfpc",
            "arv4",
            "udnsntcs",
            "interim sim",
            "newegg",
            "verizon",
            "buy verizon",
            "card",
            "newegg shopping",
            "ver2",
            "vids1",
            "msclkidn"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "CIDR": 3,
            "FileHash-SHA256": 316,
            "FileHash-SHA1": 4,
            "domain": 95,
            "hostname": 279,
            "URL": 267,
            "IPv4": 8,
            "email": 11,
            "FileHash-MD5": 12,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 997,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f2fff74afb88c843c8e2",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:15.970000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f3013ab8f8fb20d6f6cc",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:17.251000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 69,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6882b365b45b9c6ee0eb7abc",
          "name": "Mold and Water Damage | Botnet - every search will remit false results",
          "description": "Mold and Water Damage | Botnet - every search will remit false results. In this instance it was a lawfirm. https://www.wshblaw.com/\n#malware #packed #botnetresults #likely #botnettester",
          "modified": "2025-08-23T20:02:25.025000",
          "created": "2025-07-24T22:27:49.105000",
          "tags": [
            "redacted for",
            "name servers",
            "united",
            "date",
            "passive dns",
            "urls",
            "pulse submit",
            "url analysis",
            "files",
            "domain",
            "unknown",
            "etpro trojan",
            "possible virut",
            "dga nxdomain",
            "responses",
            "entries",
            "search",
            "read c",
            "show",
            "read",
            "win32",
            "copy",
            "write",
            "malware",
            "next",
            "files ip",
            "address",
            "date hash",
            "domain related",
            "showing",
            "ip address",
            "ip related",
            "pulses none",
            "related tags",
            "none indicator",
            "facts domain",
            "poland unknown",
            "aaaa",
            "present apr",
            "domain add",
            "pulse pulses",
            "windows",
            "windows nt",
            "medium",
            "high",
            "cnc beacon",
            "trojan",
            "present may",
            "present jun",
            "present sep",
            "present nov",
            "present feb",
            "present aug",
            "present oct",
            "backdoor",
            "msil",
            "united kingdom",
            "great britain",
            "susp",
            "win64",
            "content type",
            "trojandropper",
            "worm",
            "ransom",
            "expiration",
            "no expiration",
            "hostname",
            "url http",
            "embeddedwb",
            "shellexecuteexw",
            "whitelisted",
            "msie",
            "service",
            "cloud",
            "hostname add",
            "extraction",
            "data upload",
            "enter soukue",
            "url uk",
            "teukau",
            "drup uk",
            "drows type",
            "extre",
            "include review",
            "exclude sugges",
            "find",
            "a domains",
            "gmt content",
            "ipv4 add",
            "canada unknown",
            "meta",
            "cloudflare",
            "status",
            "span",
            "reverse dns",
            "asn as13335",
            "dns resolutions",
            "domains top",
            "body",
            "apache",
            "delete",
            "ukraine",
            "registrar",
            "creation date",
            "servers",
            "present jul",
            "self",
            "date tue",
            "gmt server",
            "expires wed",
            "apache vary",
            "server google",
            "tag manager",
            "gmt etag",
            "acceptranges",
            "contentlength",
            "pragma",
            "learn",
            "ck id",
            "name tactics",
            "suspicious",
            "informative",
            "adversaries",
            "command",
            "defense evasion",
            "spawns",
            "itre att",
            "unicode text",
            "utf8 text",
            "crlf",
            "lf line",
            "copy md5",
            "sha1",
            "copy sha1",
            "sha256",
            "copy sha256",
            "size",
            "truetype",
            "ascii text",
            "pattern match",
            "mitre att",
            "format",
            "general",
            "local",
            "path",
            "encrypt",
            "click",
            "strings"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1480",
              "name": "Execution Guardrails",
              "display_name": "T1480 - Execution Guardrails"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 10,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 1326,
            "URL": 3745,
            "domain": 778,
            "email": 2,
            "FileHash-SHA256": 2360,
            "FileHash-MD5": 355,
            "FileHash-SHA1": 347,
            "SSLCertFingerprint": 3,
            "CVE": 1
          },
          "indicator_count": 8917,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 143,
          "modified_text": "282 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 11809
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/static-verizon.com",
    "whois": "http://whois.domaintools.com/static-verizon.com",
    "domain": "static-verizon.com",
    "hostname": "ws01.static-verizon.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 7,
  "pulses": [
    {
      "id": "6a1172cd479d8218e859db0c",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:36:11.136000",
      "created": "2026-05-23T09:26:37.608000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 96,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 998,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cb47ba739f26d5dbd6",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:28:45.751000",
      "created": "2026-05-23T09:26:35.365000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 101,
        "hostname": 295,
        "URL": 290,
        "IPv4": 8,
        "email": 12,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 1043,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cd04ed75967ff3ffc5",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:26:37.004000",
      "created": "2026-05-23T09:26:37.004000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 95,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 997,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a1172cc0a8d5c02b90c7abf",
      "name": "Rain + Acid; Questionable Civil Rights Violations.",
      "description": "[The full list of names and addresses for Akamai, the world's largest web hosting company, has been released..and it is not clear how many of them have been registered or used] <the first time I agree with pretext.",
      "modified": "2026-05-23T09:26:36.279000",
      "created": "2026-05-23T09:26:36.279000",
      "tags": [
        "akamai",
        "orgid",
        "akamai ref",
        "net173",
        "net1730000",
        "orgtechhandle",
        "steven jay",
        "orgname",
        "cidr",
        "noc united",
        "orgabusehandle",
        "nethandle",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus cndigicert",
        "tls rsa",
        "sha256",
        "ca1 odigicert",
        "inc validity",
        "city",
        "kam sze",
        "verisign",
        "date",
        "server",
        "data",
        "whois database",
        "whois",
        "registrar abuse",
        "repackaging",
        "registrars",
        "icann whois",
        "form",
        "email",
        "request email",
        "stateprovince",
        "whois status",
        "tech",
        "address range",
        "network name",
        "type",
        "status",
        "whois server",
        "entity akamai",
        "handle",
        "orgtechref",
        "akamai address",
        "broadway city",
        "postalcode",
        "orgtechphone",
        "label akamai",
        "arin country",
        "us continent",
        "services",
        "net192",
        "net1920000",
        "as14153",
        "as15133",
        "edgec25",
        "w jefferson",
        "blvd",
        "algorithm",
        "cus odigicert",
        "cngeotrust tls",
        "rsa ca",
        "g1 validity",
        "subject public",
        "serving ip",
        "address",
        "status code",
        "body length",
        "kb body",
        "responsibility",
        "learn",
        "citizen verizon",
        "drupal",
        "corporate",
        "utc google",
        "tag manager",
        "gtmpz6697q",
        "utc g22l6jkpfvc",
        "utc linkedin",
        "insight tag",
        "utc adobe",
        "dynamic tag",
        "sameorigin",
        "date wed",
        "miss setcookie",
        "secure",
        "httponly",
        "unix",
        "cachecontrol",
        "html info",
        "title",
        "ip address",
        "stworld",
        "stworld og",
        "uetsid",
        "sctr",
        "pinunauth",
        "awsalb",
        "udnsntcsession",
        "tdid",
        "qplatform mfapp",
        "adrollfpc",
        "arv4",
        "udnsntcs",
        "interim sim",
        "newegg",
        "verizon",
        "buy verizon",
        "card",
        "newegg shopping",
        "ver2",
        "vids1",
        "msclkidn"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "CIDR": 3,
        "FileHash-SHA256": 316,
        "FileHash-SHA1": 4,
        "domain": 95,
        "hostname": 279,
        "URL": 267,
        "IPv4": 8,
        "email": 11,
        "FileHash-MD5": 12,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 997,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0f2fff74afb88c843c8e2",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
      "modified": "2026-05-04T11:07:34.307000",
      "created": "2026-04-04T11:16:15.970000",
      "tags": [
        "log id",
        "gmtn",
        "digicert global",
        "g2 tls",
        "rsa sha256",
        "tls web",
        "full name",
        "digicert inc",
        "florida",
        "terrace",
        "path",
        "false",
        "linkedin",
        "scituate",
        "town",
        "location",
        "plymouth",
        "view erica",
        "souris",
        "erica souris",
        "souris al",
        "erica og",
        "iframe tags",
        "google tag",
        "manager",
        "status code",
        "body length",
        "kb body"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 298,
        "FileHash-SHA256": 602,
        "SSLCertFingerprint": 2,
        "hostname": 278,
        "URL": 441,
        "domain": 106,
        "FileHash-SHA1": 29,
        "email": 1,
        "CVE": 1
      },
      "indicator_count": 1758,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "28 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0f3013ab8f8fb20d6f6cc",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
      "modified": "2026-05-04T11:07:34.307000",
      "created": "2026-04-04T11:16:17.251000",
      "tags": [
        "log id",
        "gmtn",
        "digicert global",
        "g2 tls",
        "rsa sha256",
        "tls web",
        "full name",
        "digicert inc",
        "florida",
        "terrace",
        "path",
        "false",
        "linkedin",
        "scituate",
        "town",
        "location",
        "plymouth",
        "view erica",
        "souris",
        "erica souris",
        "souris al",
        "erica og",
        "iframe tags",
        "google tag",
        "manager",
        "status code",
        "body length",
        "kb body"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 298,
        "FileHash-SHA256": 602,
        "SSLCertFingerprint": 2,
        "hostname": 278,
        "URL": 441,
        "domain": 106,
        "FileHash-SHA1": 29,
        "email": 1,
        "CVE": 1
      },
      "indicator_count": 1758,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 69,
      "modified_text": "28 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6882b365b45b9c6ee0eb7abc",
      "name": "Mold and Water Damage | Botnet - every search will remit false results",
      "description": "Mold and Water Damage | Botnet - every search will remit false results. In this instance it was a lawfirm. https://www.wshblaw.com/\n#malware #packed #botnetresults #likely #botnettester",
      "modified": "2025-08-23T20:02:25.025000",
      "created": "2025-07-24T22:27:49.105000",
      "tags": [
        "redacted for",
        "name servers",
        "united",
        "date",
        "passive dns",
        "urls",
        "pulse submit",
        "url analysis",
        "files",
        "domain",
        "unknown",
        "etpro trojan",
        "possible virut",
        "dga nxdomain",
        "responses",
        "entries",
        "search",
        "read c",
        "show",
        "read",
        "win32",
        "copy",
        "write",
        "malware",
        "next",
        "files ip",
        "address",
        "date hash",
        "domain related",
        "showing",
        "ip address",
        "ip related",
        "pulses none",
        "related tags",
        "none indicator",
        "facts domain",
        "poland unknown",
        "aaaa",
        "present apr",
        "domain add",
        "pulse pulses",
        "windows",
        "windows nt",
        "medium",
        "high",
        "cnc beacon",
        "trojan",
        "present may",
        "present jun",
        "present sep",
        "present nov",
        "present feb",
        "present aug",
        "present oct",
        "backdoor",
        "msil",
        "united kingdom",
        "great britain",
        "susp",
        "win64",
        "content type",
        "trojandropper",
        "worm",
        "ransom",
        "expiration",
        "no expiration",
        "hostname",
        "url http",
        "embeddedwb",
        "shellexecuteexw",
        "whitelisted",
        "msie",
        "service",
        "cloud",
        "hostname add",
        "extraction",
        "data upload",
        "enter soukue",
        "url uk",
        "teukau",
        "drup uk",
        "drows type",
        "extre",
        "include review",
        "exclude sugges",
        "find",
        "a domains",
        "gmt content",
        "ipv4 add",
        "canada unknown",
        "meta",
        "cloudflare",
        "status",
        "span",
        "reverse dns",
        "asn as13335",
        "dns resolutions",
        "domains top",
        "body",
        "apache",
        "delete",
        "ukraine",
        "registrar",
        "creation date",
        "servers",
        "present jul",
        "self",
        "date tue",
        "gmt server",
        "expires wed",
        "apache vary",
        "server google",
        "tag manager",
        "gmt etag",
        "acceptranges",
        "contentlength",
        "pragma",
        "learn",
        "ck id",
        "name tactics",
        "suspicious",
        "informative",
        "adversaries",
        "command",
        "defense evasion",
        "spawns",
        "itre att",
        "unicode text",
        "utf8 text",
        "crlf",
        "lf line",
        "copy md5",
        "sha1",
        "copy sha1",
        "sha256",
        "copy sha256",
        "size",
        "truetype",
        "ascii text",
        "pattern match",
        "mitre att",
        "format",
        "general",
        "local",
        "path",
        "encrypt",
        "click",
        "strings"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1045",
          "name": "Software Packing",
          "display_name": "T1045 - Software Packing"
        },
        {
          "id": "T1060",
          "name": "Registry Run Keys / Startup Folder",
          "display_name": "T1060 - Registry Run Keys / Startup Folder"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1480",
          "name": "Execution Guardrails",
          "display_name": "T1480 - Execution Guardrails"
        },
        {
          "id": "T1553",
          "name": "Subvert Trust Controls",
          "display_name": "T1553 - Subvert Trust Controls"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1583",
          "name": "Acquire Infrastructure",
          "display_name": "T1583 - Acquire Infrastructure"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 10,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Q.Vashti",
        "id": "337942",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 1326,
        "URL": 3745,
        "domain": 778,
        "email": 2,
        "FileHash-SHA256": 2360,
        "FileHash-MD5": 355,
        "FileHash-SHA1": 347,
        "SSLCertFingerprint": 3,
        "CVE": 1
      },
      "indicator_count": 8917,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 143,
      "modified_text": "282 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://ws01.static-verizon.com/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://ws01.static-verizon.com/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780391305.0079072
}