{
  "type": "URL",
  "indicator": "https://www.sec.state.ma.us/cor/corpweb/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://www.sec.state.ma.us/cor/corpweb/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4332399935,
      "indicator": "https://www.sec.state.ma.us/cor/corpweb/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 2,
      "pulses": [
        {
          "id": "69f3322b53bd6368005d9ac9",
          "name": "Sinkholes, Backdoors, Trojans, and Exploits.",
          "description": "[ full text of this article, which has now been published, is published on the website of the European Union, the EU and the United Arab Emirates (UAE), and can be viewed here.]<not relevant pretext except for perhaps the certificate chain. Cryptographic Validation is imperitive for all agencies, especially those who are hosting a person known or unknown, on their server. Trust bypass opens a giant watering hole that systemically can compromise the entire internet. This is an epic failure in all things IT and a destructive cover for the lifelong of residual internet failures and probelms it will have.",
          "modified": "2026-05-30T13:26:53.645000",
          "created": "2026-04-30T10:42:51.884000",
          "tags": [
            "ipv4",
            "filehashmd5",
            "filehashsha256",
            "show",
            "search",
            "type indicator",
            "role title",
            "added active",
            "related pulses",
            "united",
            "pdfkit.net",
            "sinkhole",
            "backdoor",
            "trojan",
            "exploit",
            "server misuse",
            "entity misappropriation",
            "unsigned certificates",
            "? of apple jailbreak",
            "telecom insider",
            "spyware gone wrong",
            "negligent",
            "stalkerware",
            "retrieval of sent evidence",
            "misuse of systems",
            "hiding malicious artifacts on muni pages exploiting the mass",
            "intentional watering hole",
            "unsigned DNSSEC*",
            "known malic pdfs left open for public clickbait",
            "pdfs connect to a cryptomine",
            "hx of cryptomine",
            "IT abuse",
            "siloh on purpose",
            "active bystander",
            "whistleblower",
            "failed PD intervention",
            "failure to investigate"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 2356,
            "FileHash-SHA1": 2407,
            "FileHash-SHA256": 2479,
            "email": 2,
            "domain": 169,
            "URL": 1549,
            "hostname": 1516,
            "URI": 1,
            "CIDR": 7
          },
          "indicator_count": 10486,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "1 day ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69f094876e771316d0e3a415",
          "name": "VirusTotal report         Fraud, Forgery & Magic           for System32.zip",
          "description": "Further research highlights how important certificates still are. An ai will NEVER detect this, ever, as they are built on 'once' trusted roots. This does not have a trusted along with the other 5 that are distrusted. This allows for old models, in this instance, edge,  to be weaponized by really anyone at this point since everything fails cryptography + we are what truly seems like a short ways away from the entire internet demise based on how many of these I see. This one is extra special, not only is it built with Magic, its primary cert is a crypto domain. Client has brought forward these concerns to most agencies since Sept. 2025. Ignored. Identity stolen.\n-The digital signature of the object did not verify.\n-File distributed by Parted Magic LLC\n-(prime) Code Signing, WHQL Crypto \nrec: expiring the certificates wont work at this point, but its worth a shot. Rec: revoke Code Signing, WHQL Crypto (2012 exp still working!)  The other 5 to revoke are in ref.",
          "modified": "2026-05-29T00:06:38.152000",
          "created": "2026-04-28T11:05:43.436000",
          "tags": [
            "catalog",
            "pkcs",
            "signature",
            "file type",
            "pe file",
            "pe32",
            "ms windows",
            "found",
            "intel",
            "drops pe",
            "ascii text",
            "crlf line",
            "creates",
            "defense evasion",
            "code",
            "persistence",
            "fraud",
            "malicious",
            "next",
            "valid from",
            "valid",
            "valid usage",
            "code signing",
            "whql crypto",
            "algorithm",
            "thumbprint",
            "serial number",
            "pca status",
            "root authority",
            "all algorithm",
            "microsoft root",
            "ec df",
            "service status",
            "forgery",
            "trusted root, failed int.&prime",
            "magic",
            "internet is imploding",
            "cooked",
            "cryptographic failures",
            "IP mismanagement",
            "Horrible Oversight, Truly horrible",
            "Circus with Magic",
            "Pdfkit.net",
            "doomsday"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya",
            "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1040",
              "name": "Network Sniffing",
              "display_name": "T1040 - Network Sniffing"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1553",
              "name": "Subvert Trust Controls",
              "display_name": "T1553 - Subvert Trust Controls"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 163,
            "FileHash-SHA1": 170,
            "FileHash-SHA256": 1421,
            "domain": 122,
            "hostname": 291,
            "URL": 133,
            "CIDR": 2,
            "email": 4
          },
          "indicator_count": 2306,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "2 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419",
        "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 3945
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/state.ma.us",
    "whois": "http://whois.domaintools.com/state.ma.us",
    "domain": "state.ma.us",
    "hostname": "www.sec.state.ma.us"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 2,
  "pulses": [
    {
      "id": "69f3322b53bd6368005d9ac9",
      "name": "Sinkholes, Backdoors, Trojans, and Exploits.",
      "description": "[ full text of this article, which has now been published, is published on the website of the European Union, the EU and the United Arab Emirates (UAE), and can be viewed here.]<not relevant pretext except for perhaps the certificate chain. Cryptographic Validation is imperitive for all agencies, especially those who are hosting a person known or unknown, on their server. Trust bypass opens a giant watering hole that systemically can compromise the entire internet. This is an epic failure in all things IT and a destructive cover for the lifelong of residual internet failures and probelms it will have.",
      "modified": "2026-05-30T13:26:53.645000",
      "created": "2026-04-30T10:42:51.884000",
      "tags": [
        "ipv4",
        "filehashmd5",
        "filehashsha256",
        "show",
        "search",
        "type indicator",
        "role title",
        "added active",
        "related pulses",
        "united",
        "pdfkit.net",
        "sinkhole",
        "backdoor",
        "trojan",
        "exploit",
        "server misuse",
        "entity misappropriation",
        "unsigned certificates",
        "? of apple jailbreak",
        "telecom insider",
        "spyware gone wrong",
        "negligent",
        "stalkerware",
        "retrieval of sent evidence",
        "misuse of systems",
        "hiding malicious artifacts on muni pages exploiting the mass",
        "intentional watering hole",
        "unsigned DNSSEC*",
        "known malic pdfs left open for public clickbait",
        "pdfs connect to a cryptomine",
        "hx of cryptomine",
        "IT abuse",
        "siloh on purpose",
        "active bystander",
        "whistleblower",
        "failed PD intervention",
        "failure to investigate"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 2356,
        "FileHash-SHA1": 2407,
        "FileHash-SHA256": 2479,
        "email": 2,
        "domain": 169,
        "URL": 1549,
        "hostname": 1516,
        "URI": 1,
        "CIDR": 7
      },
      "indicator_count": 10486,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "1 day ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69f094876e771316d0e3a415",
      "name": "VirusTotal report         Fraud, Forgery & Magic           for System32.zip",
      "description": "Further research highlights how important certificates still are. An ai will NEVER detect this, ever, as they are built on 'once' trusted roots. This does not have a trusted along with the other 5 that are distrusted. This allows for old models, in this instance, edge,  to be weaponized by really anyone at this point since everything fails cryptography + we are what truly seems like a short ways away from the entire internet demise based on how many of these I see. This one is extra special, not only is it built with Magic, its primary cert is a crypto domain. Client has brought forward these concerns to most agencies since Sept. 2025. Ignored. Identity stolen.\n-The digital signature of the object did not verify.\n-File distributed by Parted Magic LLC\n-(prime) Code Signing, WHQL Crypto \nrec: expiring the certificates wont work at this point, but its worth a shot. Rec: revoke Code Signing, WHQL Crypto (2012 exp still working!)  The other 5 to revoke are in ref.",
      "modified": "2026-05-29T00:06:38.152000",
      "created": "2026-04-28T11:05:43.436000",
      "tags": [
        "catalog",
        "pkcs",
        "signature",
        "file type",
        "pe file",
        "pe32",
        "ms windows",
        "found",
        "intel",
        "drops pe",
        "ascii text",
        "crlf line",
        "creates",
        "defense evasion",
        "code",
        "persistence",
        "fraud",
        "malicious",
        "next",
        "valid from",
        "valid",
        "valid usage",
        "code signing",
        "whql crypto",
        "algorithm",
        "thumbprint",
        "serial number",
        "pca status",
        "root authority",
        "all algorithm",
        "microsoft root",
        "ec df",
        "service status",
        "forgery",
        "trusted root, failed int.&prime",
        "magic",
        "internet is imploding",
        "cooked",
        "cryptographic failures",
        "IP mismanagement",
        "Horrible Oversight, Truly horrible",
        "Circus with Magic",
        "Pdfkit.net",
        "doomsday"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/50997cb5658dd4a8c6738e0be4b63ff937feb84207489681889c6700d6e93d79_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777373051&Signature=eMaEnBhSHcPRkNEsAbbcQS9TO5zUnrBYbvGr91OhKPFfvDsPIdJULxArlfI6%2BS%2BYthAwd%2FDmsOgpoqvoyzq6CHsPaEIcMsjuM5VQVFshm8olODXIo55xagQcZ6vcJWm%2BiNJ%2F3F1gnID7UHS%2B%2Fl6eWWzPWTh0biIyMyIpm%2BBhw%2BRLnfx%2FqRLrRKBpDtqyOogwbJgqELHtnuXA3r3xx7RRYbWcPIrFZitv%2BC6wlgSJ4vq7Jbya",
        "DC03161C91D83C296E8CEE9B87B9FF371FA05FA4(2015 still works w a trusted root), 3EA99A60058275E0ED83B892A909449F8C33B245 (exp2019 \"\") a timestamper, another time exp 2013 05FECB745F7F3B1A0E262A73435CCB7EAAED8B37-- and lastly the one that haunts my entire life which you cant expire because it did in 2020 and its hollow and will forever bypass trust: A43489159A520F0D93D032CCAF37E7FE20A8B419"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1040",
          "name": "Network Sniffing",
          "display_name": "T1040 - Network Sniffing"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1553",
          "name": "Subvert Trust Controls",
          "display_name": "T1553 - Subvert Trust Controls"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 163,
        "FileHash-SHA1": 170,
        "FileHash-SHA256": 1421,
        "domain": 122,
        "hostname": 291,
        "URL": 133,
        "CIDR": 2,
        "email": 4
      },
      "indicator_count": 2306,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "2 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://www.sec.state.ma.us/cor/corpweb/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://www.sec.state.ma.us/cor/corpweb/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780247117.648473
}