{ "type": "URL", "indicator": "https://www.cohassetlibrary.org/352/Ancestrycom", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.cohassetlibrary.org/352/Ancestrycom", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4289235521, "indicator": "https://www.cohassetlibrary.org/352/Ancestrycom", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69cc876e1a85eb578af3460c", "name": "Gatsby.", "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access. A collection from U or Oreg. - thanks to the tipster. While the dates askew from cert. abuse the overall Month/day appear aligned, however the diff year predated to invalid certs (suspect- more than a theory). Interesting, research subjects pii on pdx flight aligns.\nConsistent \"Research time signed outside timestamp\" burden of proof has been met, goodnight. \nSecond Write- Can read a malicious pdf docs quicker than anyone. Thank you Second Write Sandbox", "modified": "2026-05-12T14:28:43.689000", "created": "2026-04-12T12:51:59.240000", "tags": [ "file type", "united", "json", "com executable", "network info", "malicious", "urls", "t1055 process", "ascii", "mitre attack", "phishing", "next", "windows sandbox", "calls process", "foxpro fpt", "links file", "152 x", "sqlite version", "utf8", "sqlite rollback", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "library", "win1", "cultureneutral", "accept", "shutdown", "back", "msie", "windows nt", "wow64", "slcc2", "media center", "get http", "type annot", "subtype link", "rect", "stream", "xport", "possible", "matrix", "packer", "strings", "enterprise", "sandbox", "title", "core", "agent", "snort", "context", "destination ip", "http requests", "dns resolutions", "acrongl integ", "adc4240758", "sha1", "potential pdx intersect", "spellbound. librarian things" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997378&Signature=KsJYbpoN6hteGv0hQe%2B7MgknKi2y7G9y%2Bv0JJZqMcuUdnf3gyNBPBzyKTVuoWOtaG8ix3%2BctGPzbrSe5UI3cg4Z0gK%2B6X75apikmjWPqBKofhIc5BqSpHspjoDYtiKLxroPreiitG4QqViG8yPq7ZCkMLfT71MSIE9dJ9XhV4fO2MSLHJA0qzdykwolGgi0i5r12p1nNsE1eHXJY0HwJl%2Fqka%2FKRtekjeEG1K1qHo6QJlzKhiCRubQwgU7", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997612&Signature=l%2FoIF7cZSCGanh2IyxGroiq3YNwdCp9oVTfF02Zi7d4yp4LMuvnnLFWqVzfWbvIHB94EaU0ICQHP6MwgUb5Z4bF2OVcHxdHieB3iTKEX6sGurBIeKYNAPuakGTzCRv%2FSnZJHpZbsoH11i%2F%2BIwHQLGAKerBuNCuq%2FDi8tvVKCDiF9JQGxOYhQsjlzQJtUBiVEVnBTKbjIdeg9iAMES8qHj0eAglff6gxDk1t%2FU5HmKB1T", "https://vtbehaviour.commondatastorage.googleapis.com/26b3bfa810cd37fe4046221ab2269b360e9a6c51961db6fd95e7499e2d76d544_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997821&Signature=IjR3qiuvOqpJ0ChD%2FQ%2B0QKlCAsWejT6Ei8KIh27ZO2t%2BnO1oDrCrR7D3x3lf6xKLr93CFw7bU1IUQONv3WbJ%2BJ0oyQ0yhyalr5VTTy1mHEphjCvObM%2B8PPv6o5cjYXYDpKVcQjBFrkgGvJxrleE5kQvx6irIRcFMTUdnDVuNEcV6sALKN3oYRo%2B%2Fvk7TA%2FfAVTtpBhUfsC4dvVAJnRQgBC4gEzEYuZN3oaDzlYUCoghsW5", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997952&Signature=Pc%2FXTIxysZhpywMxwwW%2BrBcX9VHIrYH%2BL3sUsVHUCm1TUbCCtQe7ZIpfTtqIl%2FWLsaehPWv%2FBt4Q6PbZH1IFYbFrKet6C2NOwwOh9WtZQ0cak9wRRun6IjZTU33hWBk4GyEAh%2FpE5nF4ND%2BQSOQuZ5DiMtHeXRlWjRI6KwJ8ApdtNpccNlYGYGKmqj%2BLK7CZTI%2FmpO8GkbS2UkwUwBa6TFoYFvBiQ5SHdRUJ2MT7t3RzWvn8hGyb", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998043&Signature=atj43IFZmS1xhCQtPEtGr1gjAzp5YJ5SAqKqPXrExtpioezLoyIJKw91Cc1EPO9Ff86CNaeS%2BNKNidgGEvFkAFNQpY8CEvbl7dcNVj3FUVUS3ybBoI8xLShMhwUy%2F0aYbXdMfYG3KdE%2FXDvt56Et6LjAj6N0lh1mp0m48Zz2hNTlghpHTSGlP3SY1VjfKxBYwh%2BWAJOSrHiXvzeVhuN5Qj6JWU%2FLg824mJRsUPe7iyNe2u", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998118&Signature=oZItRZYU06S7GWIVhygTK0XUPoeDlmpVWee4ri8K1nSYOFjKP7WjYTzw03EoC6pzqFjdjNKm2lQytBKbv%2BcMJT%2F%2BWZ7nF71PUUmExKgSsvfD6PXKzUcX8vuHnJwcu3NlTOuhNKNfed2iOEAGybINfsgUO6DFzlTsGd51hjV3I%2BT4t%2FTn1aszBeDzRu01gkhvTI5%2BmXmxZfhYmVTFVADNEociZ8DSGmafzUamrXrSTRcAurmFTNmC4", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998463&Signature=qYYMHcxIAT2xuxsg%2F5YbX%2B0y0xuq1Bdd9afbiFWSZHWHsm16y4KPWqE8YDY6heMDu8H6K1bmLZjUn59Bei5cJgnVJtX4Qv6%2FJ9i%2FJXNS6kxDf5xDJvv%2FF%2FcK%2FVKyZS%2BVYzAwJ2OLrXxw4BNVIrT4nxtE34M2lc%2FjwH6H%2FLWNBighCC1k8cvWNbNJkBtGmfWtAfK%2FueAgi5glMRbAmq7xAC5XJGlhgUzo%2Fu2U9N", "" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 458, "FileHash-MD5": 575, "FileHash-SHA1": 478, "FileHash-SHA256": 1401, "domain": 96, "hostname": 235, "email": 6, "CVE": 3 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cc7c56a6de2ada64f680a3", "name": "VirusTotal report\n for index.html", "description": "A full report on an attack on the Windows operating system: Google Tag Manager for GA4, a search engine for web addresses, and the results of an investigation into a malicious web address. https://www.virustotal.com/gui/file/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4/behavior", "modified": "2026-05-01T02:13:09.867000", "created": "2026-04-01T02:00:54.253000", "tags": [ "performs dns", "file type", "https", "united", "urls", "unix", "cache entry", "tls version", "mitre attack", "network info", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 12, "URL": 62, "domain": 12, "hostname": 56 }, "indicator_count": 146, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997612&Signature=l%2FoIF7cZSCGanh2IyxGroiq3YNwdCp9oVTfF02Zi7d4yp4LMuvnnLFWqVzfWbvIHB94EaU0ICQHP6MwgUb5Z4bF2OVcHxdHieB3iTKEX6sGurBIeKYNAPuakGTzCRv%2FSnZJHpZbsoH11i%2F%2BIwHQLGAKerBuNCuq%2FDi8tvVKCDiF9JQGxOYhQsjlzQJtUBiVEVnBTKbjIdeg9iAMES8qHj0eAglff6gxDk1t%2FU5HmKB1T", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998118&Signature=oZItRZYU06S7GWIVhygTK0XUPoeDlmpVWee4ri8K1nSYOFjKP7WjYTzw03EoC6pzqFjdjNKm2lQytBKbv%2BcMJT%2F%2BWZ7nF71PUUmExKgSsvfD6PXKzUcX8vuHnJwcu3NlTOuhNKNfed2iOEAGybINfsgUO6DFzlTsGd51hjV3I%2BT4t%2FTn1aszBeDzRu01gkhvTI5%2BmXmxZfhYmVTFVADNEociZ8DSGmafzUamrXrSTRcAurmFTNmC4", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998043&Signature=atj43IFZmS1xhCQtPEtGr1gjAzp5YJ5SAqKqPXrExtpioezLoyIJKw91Cc1EPO9Ff86CNaeS%2BNKNidgGEvFkAFNQpY8CEvbl7dcNVj3FUVUS3ybBoI8xLShMhwUy%2F0aYbXdMfYG3KdE%2FXDvt56Et6LjAj6N0lh1mp0m48Zz2hNTlghpHTSGlP3SY1VjfKxBYwh%2BWAJOSrHiXvzeVhuN5Qj6JWU%2FLg824mJRsUPe7iyNe2u", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998463&Signature=qYYMHcxIAT2xuxsg%2F5YbX%2B0y0xuq1Bdd9afbiFWSZHWHsm16y4KPWqE8YDY6heMDu8H6K1bmLZjUn59Bei5cJgnVJtX4Qv6%2FJ9i%2FJXNS6kxDf5xDJvv%2FF%2FcK%2FVKyZS%2BVYzAwJ2OLrXxw4BNVIrT4nxtE34M2lc%2FjwH6H%2FLWNBighCC1k8cvWNbNJkBtGmfWtAfK%2FueAgi5glMRbAmq7xAC5XJGlhgUzo%2Fu2U9N", "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH", "https://vtbehaviour.commondatastorage.googleapis.com/26b3bfa810cd37fe4046221ab2269b360e9a6c51961db6fd95e7499e2d76d544_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997821&Signature=IjR3qiuvOqpJ0ChD%2FQ%2B0QKlCAsWejT6Ei8KIh27ZO2t%2BnO1oDrCrR7D3x3lf6xKLr93CFw7bU1IUQONv3WbJ%2BJ0oyQ0yhyalr5VTTy1mHEphjCvObM%2B8PPv6o5cjYXYDpKVcQjBFrkgGvJxrleE5kQvx6irIRcFMTUdnDVuNEcV6sALKN3oYRo%2B%2Fvk7TA%2FfAVTtpBhUfsC4dvVAJnRQgBC4gEzEYuZN3oaDzlYUCoghsW5", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997378&Signature=KsJYbpoN6hteGv0hQe%2B7MgknKi2y7G9y%2Bv0JJZqMcuUdnf3gyNBPBzyKTVuoWOtaG8ix3%2BctGPzbrSe5UI3cg4Z0gK%2B6X75apikmjWPqBKofhIc5BqSpHspjoDYtiKLxroPreiitG4QqViG8yPq7ZCkMLfT71MSIE9dJ9XhV4fO2MSLHJA0qzdykwolGgi0i5r12p1nNsE1eHXJY0HwJl%2Fqka%2FKRtekjeEG1K1qHo6QJlzKhiCRubQwgU7", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997952&Signature=Pc%2FXTIxysZhpywMxwwW%2BrBcX9VHIrYH%2BL3sUsVHUCm1TUbCCtQe7ZIpfTtqIl%2FWLsaehPWv%2FBt4Q6PbZH1IFYbFrKet6C2NOwwOh9WtZQ0cak9wRRun6IjZTU33hWBk4GyEAh%2FpE5nF4ND%2BQSOQuZ5DiMtHeXRlWjRI6KwJ8ApdtNpccNlYGYGKmqj%2BLK7CZTI%2FmpO8GkbS2UkwUwBa6TFoYFvBiQ5SHdRUJ2MT7t3RzWvn8hGyb" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 7254 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cohassetlibrary.org", "whois": "http://whois.domaintools.com/cohassetlibrary.org", "domain": "cohassetlibrary.org", "hostname": "www.cohassetlibrary.org" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69cc876e1a85eb578af3460c", "name": "Gatsby.", "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access. A collection from U or Oreg. - thanks to the tipster. While the dates askew from cert. abuse the overall Month/day appear aligned, however the diff year predated to invalid certs (suspect- more than a theory). Interesting, research subjects pii on pdx flight aligns.\nConsistent \"Research time signed outside timestamp\" burden of proof has been met, goodnight. \nSecond Write- Can read a malicious pdf docs quicker than anyone. Thank you Second Write Sandbox", "modified": "2026-05-12T14:28:43.689000", "created": "2026-04-12T12:51:59.240000", "tags": [ "file type", "united", "json", "com executable", "network info", "malicious", "urls", "t1055 process", "ascii", "mitre attack", "phishing", "next", "windows sandbox", "calls process", "foxpro fpt", "links file", "152 x", "sqlite version", "utf8", "sqlite rollback", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "library", "win1", "cultureneutral", "accept", "shutdown", "back", "msie", "windows nt", "wow64", "slcc2", "media center", "get http", "type annot", "subtype link", "rect", "stream", "xport", "possible", "matrix", "packer", "strings", "enterprise", "sandbox", "title", "core", "agent", "snort", "context", "destination ip", "http requests", "dns resolutions", "acrongl integ", "adc4240758", "sha1", "potential pdx intersect", "spellbound. librarian things" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997378&Signature=KsJYbpoN6hteGv0hQe%2B7MgknKi2y7G9y%2Bv0JJZqMcuUdnf3gyNBPBzyKTVuoWOtaG8ix3%2BctGPzbrSe5UI3cg4Z0gK%2B6X75apikmjWPqBKofhIc5BqSpHspjoDYtiKLxroPreiitG4QqViG8yPq7ZCkMLfT71MSIE9dJ9XhV4fO2MSLHJA0qzdykwolGgi0i5r12p1nNsE1eHXJY0HwJl%2Fqka%2FKRtekjeEG1K1qHo6QJlzKhiCRubQwgU7", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997612&Signature=l%2FoIF7cZSCGanh2IyxGroiq3YNwdCp9oVTfF02Zi7d4yp4LMuvnnLFWqVzfWbvIHB94EaU0ICQHP6MwgUb5Z4bF2OVcHxdHieB3iTKEX6sGurBIeKYNAPuakGTzCRv%2FSnZJHpZbsoH11i%2F%2BIwHQLGAKerBuNCuq%2FDi8tvVKCDiF9JQGxOYhQsjlzQJtUBiVEVnBTKbjIdeg9iAMES8qHj0eAglff6gxDk1t%2FU5HmKB1T", "https://vtbehaviour.commondatastorage.googleapis.com/26b3bfa810cd37fe4046221ab2269b360e9a6c51961db6fd95e7499e2d76d544_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997821&Signature=IjR3qiuvOqpJ0ChD%2FQ%2B0QKlCAsWejT6Ei8KIh27ZO2t%2BnO1oDrCrR7D3x3lf6xKLr93CFw7bU1IUQONv3WbJ%2BJ0oyQ0yhyalr5VTTy1mHEphjCvObM%2B8PPv6o5cjYXYDpKVcQjBFrkgGvJxrleE5kQvx6irIRcFMTUdnDVuNEcV6sALKN3oYRo%2B%2Fvk7TA%2FfAVTtpBhUfsC4dvVAJnRQgBC4gEzEYuZN3oaDzlYUCoghsW5", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775997952&Signature=Pc%2FXTIxysZhpywMxwwW%2BrBcX9VHIrYH%2BL3sUsVHUCm1TUbCCtQe7ZIpfTtqIl%2FWLsaehPWv%2FBt4Q6PbZH1IFYbFrKet6C2NOwwOh9WtZQ0cak9wRRun6IjZTU33hWBk4GyEAh%2FpE5nF4ND%2BQSOQuZ5DiMtHeXRlWjRI6KwJ8ApdtNpccNlYGYGKmqj%2BLK7CZTI%2FmpO8GkbS2UkwUwBa6TFoYFvBiQ5SHdRUJ2MT7t3RzWvn8hGyb", "https://vtbehaviour.commondatastorage.googleapis.com/f8959944c899789d1fa1a6de7c6818a37f237dd44f39e5301f755fddd64c9791_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998043&Signature=atj43IFZmS1xhCQtPEtGr1gjAzp5YJ5SAqKqPXrExtpioezLoyIJKw91Cc1EPO9Ff86CNaeS%2BNKNidgGEvFkAFNQpY8CEvbl7dcNVj3FUVUS3ybBoI8xLShMhwUy%2F0aYbXdMfYG3KdE%2FXDvt56Et6LjAj6N0lh1mp0m48Zz2hNTlghpHTSGlP3SY1VjfKxBYwh%2BWAJOSrHiXvzeVhuN5Qj6JWU%2FLg824mJRsUPe7iyNe2u", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998118&Signature=oZItRZYU06S7GWIVhygTK0XUPoeDlmpVWee4ri8K1nSYOFjKP7WjYTzw03EoC6pzqFjdjNKm2lQytBKbv%2BcMJT%2F%2BWZ7nF71PUUmExKgSsvfD6PXKzUcX8vuHnJwcu3NlTOuhNKNfed2iOEAGybINfsgUO6DFzlTsGd51hjV3I%2BT4t%2FTn1aszBeDzRu01gkhvTI5%2BmXmxZfhYmVTFVADNEociZ8DSGmafzUamrXrSTRcAurmFTNmC4", "https://vtbehaviour.commondatastorage.googleapis.com/3aefe8dfb9c99f3a84f5f74b15afeaeca682c8c50f18fa59b2e0b06da9619f1d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775998463&Signature=qYYMHcxIAT2xuxsg%2F5YbX%2B0y0xuq1Bdd9afbiFWSZHWHsm16y4KPWqE8YDY6heMDu8H6K1bmLZjUn59Bei5cJgnVJtX4Qv6%2FJ9i%2FJXNS6kxDf5xDJvv%2FF%2FcK%2FVKyZS%2BVYzAwJ2OLrXxw4BNVIrT4nxtE34M2lc%2FjwH6H%2FLWNBighCC1k8cvWNbNJkBtGmfWtAfK%2FueAgi5glMRbAmq7xAC5XJGlhgUzo%2Fu2U9N", "" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 458, "FileHash-MD5": 575, "FileHash-SHA1": 478, "FileHash-SHA256": 1401, "domain": 96, "hostname": 235, "email": 6, "CVE": 3 }, "indicator_count": 3252, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cc7c56a6de2ada64f680a3", "name": "VirusTotal report\n for index.html", "description": "A full report on an attack on the Windows operating system: Google Tag Manager for GA4, a search engine for web addresses, and the results of an investigation into a malicious web address. https://www.virustotal.com/gui/file/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4/behavior", "modified": "2026-05-01T02:13:09.867000", "created": "2026-04-01T02:00:54.253000", "tags": [ "performs dns", "file type", "https", "united", "urls", "unix", "cache entry", "tls version", "mitre attack", "network info", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 2, "FileHash-SHA256": 12, "URL": 62, "domain": 12, "hostname": 56 }, "indicator_count": 146, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.cohassetlibrary.org/352/Ancestrycom", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.cohassetlibrary.org/352/Ancestrycom", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780273416.9984338 }