{
"type": "URL",
"indicator": "https://www.fidelitysms.help/",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://www.fidelitysms.help/",
"type": "url",
"type_title": "URL",
"validation": [],
"base_indicator": {
"id": 4302611162,
"indicator": "https://www.fidelitysms.help/",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 4,
"pulses": [
{
"id": "69ddc6c9f25c71625fb0b9e6",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:47.333000",
"created": "2026-04-14T04:47:05.317000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 2,
"IPv4": 42,
"hostname": 461,
"FileHash-SHA256": 603,
"domain": 128,
"FileHash-MD5": 63,
"FileHash-SHA1": 74,
"URL": 721
},
"indicator_count": 2094,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69ddc674d6814ef6ff10b49a",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:36.465000",
"created": "2026-04-14T04:45:40.694000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 10,
"IPv4": 58,
"hostname": 513,
"FileHash-SHA256": 807,
"domain": 136,
"FileHash-MD5": 335,
"FileHash-SHA1": 278,
"URL": 721
},
"indicator_count": 2858,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69ddc67ab71a32bb4cd407ca",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:32.943000",
"created": "2026-04-14T04:45:46.815000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 2,
"IPv4": 42,
"hostname": 461,
"FileHash-SHA256": 603,
"domain": 128,
"FileHash-MD5": 63,
"FileHash-SHA1": 74,
"URL": 721
},
"indicator_count": 2094,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69d87573143e567e8503beda",
"name": "CAPE Sandbox - Google Domain Browser",
"description": " Some insight on a browser sandbox. mitm.",
"modified": "2026-04-10T04:08:36.918000",
"created": "2026-04-10T03:58:43.549000",
"tags": [
"title",
"doctype html",
"google",
"ce62bb",
"style",
"error",
"image",
"mitre attack",
"network info",
"performs dns",
"urls",
"t1055 process",
"overview",
"processes extra",
"overview zenbox",
"verdict",
"phishing",
"next",
"ip traffic",
"msft",
"msft nethandle",
"net1500000",
"server",
"corporation",
"chaturmohta",
"orgroutingref",
"orgabusehandle",
"microsoft abuse",
"orgabuseref",
"microsoft",
"orgid",
"msft address",
"microsoft way",
"city",
"stateprov",
"postalcode",
"thumbprint"
],
"references": [
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT",
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 1,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 119,
"IPv4": 81,
"FileHash-SHA1": 114,
"FileHash-SHA256": 543,
"domain": 122,
"hostname": 411,
"URL": 721,
"CIDR": 3,
"email": 6
},
"indicator_count": 2120,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "10 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"references": [
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7",
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": [],
"unique_indicators": 0
},
"other": {
"adversary": [],
"malware_families": [],
"industries": [],
"unique_indicators": 3694
}
}
},
"false_positive": [],
"alexa": "http://www.alexa.com/siteinfo/fidelitysms.help",
"whois": "http://whois.domaintools.com/fidelitysms.help",
"domain": "fidelitysms.help",
"hostname": "www.fidelitysms.help"
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 4,
"pulses": [
{
"id": "69ddc6c9f25c71625fb0b9e6",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:47.333000",
"created": "2026-04-14T04:47:05.317000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 2,
"IPv4": 42,
"hostname": 461,
"FileHash-SHA256": 603,
"domain": 128,
"FileHash-MD5": 63,
"FileHash-SHA1": 74,
"URL": 721
},
"indicator_count": 2094,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69ddc674d6814ef6ff10b49a",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:36.465000",
"created": "2026-04-14T04:45:40.694000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 10,
"IPv4": 58,
"hostname": 513,
"FileHash-SHA256": 807,
"domain": 136,
"FileHash-MD5": 335,
"FileHash-SHA1": 278,
"URL": 721
},
"indicator_count": 2858,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69ddc67ab71a32bb4cd407ca",
"name": "CAPE Sandbox",
"description": "<>",
"modified": "2026-04-14T04:52:32.943000",
"created": "2026-04-14T04:45:46.815000",
"tags": [
"network info",
"url info",
"domain info",
"domain ip",
"performs dns"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1010",
"name": "Application Window Discovery",
"display_name": "T1010 - Application Window Discovery"
},
{
"id": "T1018",
"name": "Remote System Discovery",
"display_name": "T1018 - Remote System Discovery"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information",
"display_name": "T1027 - Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1047",
"name": "Windows Management Instrumentation",
"display_name": "T1047 - Windows Management Instrumentation"
},
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1056",
"name": "Input Capture",
"display_name": "T1056 - Input Capture"
},
{
"id": "T1057",
"name": "Process Discovery",
"display_name": "T1057 - Process Discovery"
},
{
"id": "T1070",
"name": "Indicator Removal on Host",
"display_name": "T1070 - Indicator Removal on Host"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1082",
"name": "System Information Discovery",
"display_name": "T1082 - System Information Discovery"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1518",
"name": "Software Discovery",
"display_name": "T1518 - Software Discovery"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1560",
"name": "Archive Collected Data",
"display_name": "T1560 - Archive Collected Data"
},
{
"id": "T1562",
"name": "Impair Defenses",
"display_name": "T1562 - Impair Defenses"
},
{
"id": "T1571",
"name": "Non-Standard Port",
"display_name": "T1571 - Non-Standard Port"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1203",
"name": "Exploitation for Client Execution",
"display_name": "T1203 - Exploitation for Client Execution"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
},
{
"id": "T1218",
"name": "Signed Binary Proxy Execution",
"display_name": "T1218 - Signed Binary Proxy Execution"
}
],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 0,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"IPv6": 2,
"IPv4": 42,
"hostname": 461,
"FileHash-SHA256": 603,
"domain": 128,
"FileHash-MD5": 63,
"FileHash-SHA1": 74,
"URL": 721
},
"indicator_count": 2094,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "6 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "69d87573143e567e8503beda",
"name": "CAPE Sandbox - Google Domain Browser",
"description": " Some insight on a browser sandbox. mitm.",
"modified": "2026-04-10T04:08:36.918000",
"created": "2026-04-10T03:58:43.549000",
"tags": [
"title",
"doctype html",
"google",
"ce62bb",
"style",
"error",
"image",
"mitre attack",
"network info",
"performs dns",
"urls",
"t1055 process",
"overview",
"processes extra",
"overview zenbox",
"verdict",
"phishing",
"next",
"ip traffic",
"msft",
"msft nethandle",
"net1500000",
"server",
"corporation",
"chaturmohta",
"orgroutingref",
"orgabusehandle",
"microsoft abuse",
"orgabuseref",
"microsoft",
"orgid",
"msft address",
"microsoft way",
"city",
"stateprov",
"postalcode",
"thumbprint"
],
"references": [
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT",
"https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol",
"display_name": "T1095 - Non-Application Layer Protocol"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 1,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 119,
"IPv4": 81,
"FileHash-SHA1": 114,
"FileHash-SHA256": 543,
"domain": 122,
"hostname": 411,
"URL": 721,
"CIDR": 3,
"email": 6
},
"indicator_count": 2120,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 48,
"modified_text": "10 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "https://www.fidelitysms.help/",
"type": "URL"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "https://www.fidelitysms.help/",
"type": "URL",
"found": false,
"verdict": "clean",
"error": null
},
"from_cache": true,
"_cached_at": 1776661057.9532394
}