{ "type": "URL", "indicator": "https://www.verizon.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.verizon.com/", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #491", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #1797", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain verizon.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain verizon.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4281741523, "indicator": "https://www.verizon.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69f30ef4033560d49d39ac55", "name": "VirusTotal report\n for executable.exe", "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.780000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 196, "hostname": 128, "domain": 4, "FileHash-SHA256": 90, "FileHash-MD5": 6, "FileHash-SHA1": 1, "CVE": 1 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d79c38e0a059039b475ebe", "name": "CAPE Sandbox", "description": "Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.495000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 772, "hostname": 706, "domain": 875, "FileHash-SHA256": 2348, "FileHash-MD5": 2237, "FileHash-SHA1": 2260, "CVE": 1, "email": 9 }, "indicator_count": 9208, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd28734208fedcdfa689b6", "name": "VirusTotal Windows Sandbox", "description": "TCP 3.229.2.7:80 (issuu.com) is the most popular language on the net, but it's not the only one where you've heard of it.>govzw", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:15:15.393000", "tags": [ "windows sandbox", "calls process", "pdf document", "adobe portable", "document format", "microsoft", "prefs", "ytdsetup", "mpty", "sqlexprx64enu", "verizon hanover", "hanover loading" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/002235e5c2b3bafc960441890550e54a9b71fc087d9e89034b2ab481cc7e4e6f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775052813&Signature=Ulu9XVJQE8IdEmqueYvE7%2FFmH2OEsSOyicYIwDiX70dy7IXqyS%2FlT7fwx7FnGTqVtNnmtW7KYEJ%2BJhC5RDjtA1Ygz0x%2Btppo2ztNjYhFuyEuyIv6GJiR8Lv6120%2FLoGHl%2BuUAwQsMTh2DRUaMAGmnFwqEUe9sxzvh5aXZ2ACClmOj5XVdRNI0Ke%2BuX9Q4t6cjdZdBV1%2FwS0snaUZm%2F7P1UF4dGmz%2FTRFQdmO", "https://www.verizon.com/stores/details/massachusetts/hanover/hanover-ii-1261522/?CMP=seo_b_x_vz_gbp_ot_2022_08_website" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 8, "URL": 248, "domain": 29, "hostname": 39, "FileHash-SHA1": 2, "FileHash-SHA256": 260 }, "indicator_count": 586, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2d25ae4bbf9b7767b402", "name": "VirusTotal report\n for index.html", "description": "540cebc26f3837a40ab7286955cd0d98\n6f54c2880e9a9458548feff2a15dff359340ca47\n0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b\nf8cad1e437f98bd3e9425cb2f58d0d94\n1536:/Zr2xDgpbPAlKq6i1Lbe0DZ+4XdpuuRlJsRG6a2Q/0DdQAghkwRExbvcQcF7BTLJ:gDgplc3Mk5\nT1FB9322B3438C1C3A46428395266C778D537FCE77C9A1A0D3B2BB8A1C6FC29915B1DC69\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text, with very long lines (4054u)\nfile seems to be plain text/ASCII (0%)\n86.83 KB (88910 bytes) verizon hanoverhttps://media.evolv.ai/asset-manager/releases/latest/webloader.min.js\ntext/javascript\nb02d16aa80", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:35:17.852000", "tags": [ "performs dns", "urls", "united", "https", "mitre attack", "network info", "processes extra", "meta", "found", "html page", "phishing", "next", "script", "hanover", "washington st", "cdata", "index", "follow", "open", "massachusetts", "r00000257559", "wireless", "title", "direct", "friday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054228&Signature=r5virEXGjsBOF3mEo%2BicxO1PS%2Bs3UkQ%2Bdi%2BxbmOXbllhiqeb5X1KAgTqfWbbP4CahjSIU%2FsXAx1G1hCRKA39zGyvuP%2BlU%2FjyEg%2F7c%2FdZVBnnnkgdzY5j19osgH9P469%2BGRtxwL160VAROsFluRzdggCVRYvcIMfs07qEuU94FMAglR3OwggkH82SM0Pihxeq64d2mEKzqeBDEYFu2q7Et%2BQWen2YIdhUHA2YLhP9rc3ke3%2", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054290&Signature=pNWm4zuJ3NbEVCyqNonX24f7L356W31m1h5Rr3fd00KFtbBsoY%2BkSSIxHXVjSbN5eYyi%2Fu%2BpIejFBnqr4K733N%2F3fh94YH0udfFvzHtfNK3SvAU8cUHJPIcF%2B5FDgup7gK3l%2FLGnr6CB2cnb7000ERnofAiVW0p4JNgARs7UctQHOKy%2BopXQmXdsG7VCDYYbYikN3uRzqRwv0kCuiEatO3IO4vH%2BRQoLuKFdo6rZS1rjlf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 161, "hostname": 89, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3 }, "indicator_count": 256, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2d25ce5465066880b306", "name": "VirusTotal report\n for index.html", "description": "540cebc26f3837a40ab7286955cd0d98\n6f54c2880e9a9458548feff2a15dff359340ca47\n0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b\nf8cad1e437f98bd3e9425cb2f58d0d94\n1536:/Zr2xDgpbPAlKq6i1Lbe0DZ+4XdpuuRlJsRG6a2Q/0DdQAghkwRExbvcQcF7BTLJ:gDgplc3Mk5\nT1FB9322B3438C1C3A46428395266C778D537FCE77C9A1A0D3B2BB8A1C6FC29915B1DC69\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text, with very long lines (4054u)\nfile seems to be plain text/ASCII (0%)\n86.83 KB (88910 bytes) verizon hanoverhttps://media.evolv.ai/asset-manager/releases/latest/webloader.min.js\ntext/javascript\nb02d16aa80", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:35:17.426000", "tags": [ "performs dns", "urls", "united", "https", "mitre attack", "network info", "processes extra", "meta", "found", "html page", "phishing", "next", "script", "hanover", "washington st", "cdata", "index", "follow", "open", "massachusetts", "r00000257559", "wireless", "title", "direct", "friday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054228&Signature=r5virEXGjsBOF3mEo%2BicxO1PS%2Bs3UkQ%2Bdi%2BxbmOXbllhiqeb5X1KAgTqfWbbP4CahjSIU%2FsXAx1G1hCRKA39zGyvuP%2BlU%2FjyEg%2F7c%2FdZVBnnnkgdzY5j19osgH9P469%2BGRtxwL160VAROsFluRzdggCVRYvcIMfs07qEuU94FMAglR3OwggkH82SM0Pihxeq64d2mEKzqeBDEYFu2q7Et%2BQWen2YIdhUHA2YLhP9rc3ke3%2", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054290&Signature=pNWm4zuJ3NbEVCyqNonX24f7L356W31m1h5Rr3fd00KFtbBsoY%2BkSSIxHXVjSbN5eYyi%2Fu%2BpIejFBnqr4K733N%2F3fh94YH0udfFvzHtfNK3SvAU8cUHJPIcF%2B5FDgup7gK3l%2FLGnr6CB2cnb7000ERnofAiVW0p4JNgARs7UctQHOKy%2BopXQmXdsG7VCDYYbYikN3uRzqRwv0kCuiEatO3IO4vH%2BRQoLuKFdo6rZS1rjlf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 169, "hostname": 95, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 5, "domain": 3 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c3ad6cd7339102c784f0ed", "name": "CAPE Sandbox", "description": "T1071 - Application Layer Protocol\nnetwork_http\nstealth_network\nbinary_yara\nT1095 - Non-Application Layer Protocol\nnetwork_icmp\nT1055 - Process Injection\ncreates_suspended_process\nT1070.006 - Timestomp\nstealth_network\nbinary_yara\nT1070 - Indicator Removal\nstealth_network\nbinary_yara\nT1055 - Process Injection\ncreates_suspended_process", "modified": "2026-04-24T09:05:32.065000", "created": "2026-03-25T09:39:56.566000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 7, "URL": 52, "hostname": 119, "domain": 1 }, "indicator_count": 181, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c3ae1330d15db50468488c", "name": "CAPE Sandbox", "description": "T1071 - Application Layer Protocol\nnetwork_http\nstealth_network\nbinary_yara\nT1095 - Non-Application Layer Protocol\nnetwork_icmp\nT1055 - Process Injection\ncreates_suspended_process\nT1070.006 - Timestomp\nstealth_network\nbinary_yara\nT1070 - Indicator Removal\nstealth_network\nbinary_yara\nT1055 - Process Injection\ncreates_suspended_process", "modified": "2026-04-24T09:05:32.065000", "created": "2026-03-25T09:42:43.664000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 40, "hostname": 107, "domain": 1 }, "indicator_count": 151, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.verizon.com/stores/details/massachusetts/hanover/hanover-ii-1261522/?CMP=seo_b_x_vz_gbp_ot_2022_08_website", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054228&Signature=r5virEXGjsBOF3mEo%2BicxO1PS%2Bs3UkQ%2Bdi%2BxbmOXbllhiqeb5X1KAgTqfWbbP4CahjSIU%2FsXAx1G1hCRKA39zGyvuP%2BlU%2FjyEg%2F7c%2FdZVBnnnkgdzY5j19osgH9P469%2BGRtxwL160VAROsFluRzdggCVRYvcIMfs07qEuU94FMAglR3OwggkH82SM0Pihxeq64d2mEKzqeBDEYFu2q7Et%2BQWen2YIdhUHA2YLhP9rc3ke3%2", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054290&Signature=pNWm4zuJ3NbEVCyqNonX24f7L356W31m1h5Rr3fd00KFtbBsoY%2BkSSIxHXVjSbN5eYyi%2Fu%2BpIejFBnqr4K733N%2F3fh94YH0udfFvzHtfNK3SvAU8cUHJPIcF%2B5FDgup7gK3l%2FLGnr6CB2cnb7000ERnofAiVW0p4JNgARs7UctQHOKy%2BopXQmXdsG7VCDYYbYikN3uRzqRwv0kCuiEatO3IO4vH%2BRQoLuKFdo6rZS1rjlf", "https://vtbehaviour.commondatastorage.googleapis.com/002235e5c2b3bafc960441890550e54a9b71fc087d9e89034b2ab481cc7e4e6f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775052813&Signature=Ulu9XVJQE8IdEmqueYvE7%2FFmH2OEsSOyicYIwDiX70dy7IXqyS%2FlT7fwx7FnGTqVtNnmtW7KYEJ%2BJhC5RDjtA1Ygz0x%2Btppo2ztNjYhFuyEuyIv6GJiR8Lv6120%2FLoGHl%2BuUAwQsMTh2DRUaMAGmnFwqEUe9sxzvh5aXZ2ACClmOj5XVdRNI0Ke%2BuX9Q4t6cjdZdBV1%2FwS0snaUZm%2F7P1UF4dGmz%2FTRFQdmO", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 8326 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/verizon.com", "whois": "http://whois.domaintools.com/verizon.com", "domain": "verizon.com", "hostname": "www.verizon.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69f30ef4033560d49d39ac55", "name": "VirusTotal report\n for executable.exe", "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.780000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 196, "hostname": 128, "domain": 4, "FileHash-SHA256": 90, "FileHash-MD5": 6, "FileHash-SHA1": 1, "CVE": 1 }, "indicator_count": 426, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d79c38e0a059039b475ebe", "name": "CAPE Sandbox", "description": "Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.495000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 772, "hostname": 706, "domain": 875, "FileHash-SHA256": 2348, "FileHash-MD5": 2237, "FileHash-SHA1": 2260, "CVE": 1, "email": 9 }, "indicator_count": 9208, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd28734208fedcdfa689b6", "name": "VirusTotal Windows Sandbox", "description": "TCP 3.229.2.7:80 (issuu.com) is the most popular language on the net, but it's not the only one where you've heard of it.>govzw", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:15:15.393000", "tags": [ "windows sandbox", "calls process", "pdf document", "adobe portable", "document format", "microsoft", "prefs", "ytdsetup", "mpty", "sqlexprx64enu", "verizon hanover", "hanover loading" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/002235e5c2b3bafc960441890550e54a9b71fc087d9e89034b2ab481cc7e4e6f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775052813&Signature=Ulu9XVJQE8IdEmqueYvE7%2FFmH2OEsSOyicYIwDiX70dy7IXqyS%2FlT7fwx7FnGTqVtNnmtW7KYEJ%2BJhC5RDjtA1Ygz0x%2Btppo2ztNjYhFuyEuyIv6GJiR8Lv6120%2FLoGHl%2BuUAwQsMTh2DRUaMAGmnFwqEUe9sxzvh5aXZ2ACClmOj5XVdRNI0Ke%2BuX9Q4t6cjdZdBV1%2FwS0snaUZm%2F7P1UF4dGmz%2FTRFQdmO", "https://www.verizon.com/stores/details/massachusetts/hanover/hanover-ii-1261522/?CMP=seo_b_x_vz_gbp_ot_2022_08_website" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 8, "URL": 248, "domain": 29, "hostname": 39, "FileHash-SHA1": 2, "FileHash-SHA256": 260 }, "indicator_count": 586, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2d25ae4bbf9b7767b402", "name": "VirusTotal report\n for index.html", "description": "540cebc26f3837a40ab7286955cd0d98\n6f54c2880e9a9458548feff2a15dff359340ca47\n0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b\nf8cad1e437f98bd3e9425cb2f58d0d94\n1536:/Zr2xDgpbPAlKq6i1Lbe0DZ+4XdpuuRlJsRG6a2Q/0DdQAghkwRExbvcQcF7BTLJ:gDgplc3Mk5\nT1FB9322B3438C1C3A46428395266C778D537FCE77C9A1A0D3B2BB8A1C6FC29915B1DC69\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text, with very long lines (4054u)\nfile seems to be plain text/ASCII (0%)\n86.83 KB (88910 bytes) verizon hanoverhttps://media.evolv.ai/asset-manager/releases/latest/webloader.min.js\ntext/javascript\nb02d16aa80", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:35:17.852000", "tags": [ "performs dns", "urls", "united", "https", "mitre attack", "network info", "processes extra", "meta", "found", "html page", "phishing", "next", "script", "hanover", "washington st", "cdata", "index", "follow", "open", "massachusetts", "r00000257559", "wireless", "title", "direct", "friday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054228&Signature=r5virEXGjsBOF3mEo%2BicxO1PS%2Bs3UkQ%2Bdi%2BxbmOXbllhiqeb5X1KAgTqfWbbP4CahjSIU%2FsXAx1G1hCRKA39zGyvuP%2BlU%2FjyEg%2F7c%2FdZVBnnnkgdzY5j19osgH9P469%2BGRtxwL160VAROsFluRzdggCVRYvcIMfs07qEuU94FMAglR3OwggkH82SM0Pihxeq64d2mEKzqeBDEYFu2q7Et%2BQWen2YIdhUHA2YLhP9rc3ke3%2", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054290&Signature=pNWm4zuJ3NbEVCyqNonX24f7L356W31m1h5Rr3fd00KFtbBsoY%2BkSSIxHXVjSbN5eYyi%2Fu%2BpIejFBnqr4K733N%2F3fh94YH0udfFvzHtfNK3SvAU8cUHJPIcF%2B5FDgup7gK3l%2FLGnr6CB2cnb7000ERnofAiVW0p4JNgARs7UctQHOKy%2BopXQmXdsG7VCDYYbYikN3uRzqRwv0kCuiEatO3IO4vH%2BRQoLuKFdo6rZS1rjlf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 161, "hostname": 89, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "domain": 3 }, "indicator_count": 256, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2d25ce5465066880b306", "name": "VirusTotal report\n for index.html", "description": "540cebc26f3837a40ab7286955cd0d98\n6f54c2880e9a9458548feff2a15dff359340ca47\n0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b\nf8cad1e437f98bd3e9425cb2f58d0d94\n1536:/Zr2xDgpbPAlKq6i1Lbe0DZ+4XdpuuRlJsRG6a2Q/0DdQAghkwRExbvcQcF7BTLJ:gDgplc3Mk5\nT1FB9322B3438C1C3A46428395266C778D537FCE77C9A1A0D3B2BB8A1C6FC29915B1DC69\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text, with very long lines (4054u)\nfile seems to be plain text/ASCII (0%)\n86.83 KB (88910 bytes) verizon hanoverhttps://media.evolv.ai/asset-manager/releases/latest/webloader.min.js\ntext/javascript\nb02d16aa80", "modified": "2026-05-01T14:30:53.370000", "created": "2026-04-01T14:35:17.426000", "tags": [ "performs dns", "urls", "united", "https", "mitre attack", "network info", "processes extra", "meta", "found", "html page", "phishing", "next", "script", "hanover", "washington st", "cdata", "index", "follow", "open", "massachusetts", "r00000257559", "wireless", "title", "direct", "friday" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054228&Signature=r5virEXGjsBOF3mEo%2BicxO1PS%2Bs3UkQ%2Bdi%2BxbmOXbllhiqeb5X1KAgTqfWbbP4CahjSIU%2FsXAx1G1hCRKA39zGyvuP%2BlU%2FjyEg%2F7c%2FdZVBnnnkgdzY5j19osgH9P469%2BGRtxwL160VAROsFluRzdggCVRYvcIMfs07qEuU94FMAglR3OwggkH82SM0Pihxeq64d2mEKzqeBDEYFu2q7Et%2BQWen2YIdhUHA2YLhP9rc3ke3%2", "https://vtbehaviour.commondatastorage.googleapis.com/0d00f9e3bd2d68ab29ca325634e64182006281fa8412b55c2f32655e9848577b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775054290&Signature=pNWm4zuJ3NbEVCyqNonX24f7L356W31m1h5Rr3fd00KFtbBsoY%2BkSSIxHXVjSbN5eYyi%2Fu%2BpIejFBnqr4K733N%2F3fh94YH0udfFvzHtfNK3SvAU8cUHJPIcF%2B5FDgup7gK3l%2FLGnr6CB2cnb7000ERnofAiVW0p4JNgARs7UctQHOKy%2BopXQmXdsG7VCDYYbYikN3uRzqRwv0kCuiEatO3IO4vH%2BRQoLuKFdo6rZS1rjlf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 169, "hostname": 95, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 5, "domain": 3 }, "indicator_count": 274, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c3ad6cd7339102c784f0ed", "name": "CAPE Sandbox", "description": "T1071 - Application Layer Protocol\nnetwork_http\nstealth_network\nbinary_yara\nT1095 - Non-Application Layer Protocol\nnetwork_icmp\nT1055 - Process Injection\ncreates_suspended_process\nT1070.006 - Timestomp\nstealth_network\nbinary_yara\nT1070 - Indicator Removal\nstealth_network\nbinary_yara\nT1055 - Process Injection\ncreates_suspended_process", "modified": "2026-04-24T09:05:32.065000", "created": "2026-03-25T09:39:56.566000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 7, "URL": 52, "hostname": 119, "domain": 1 }, "indicator_count": 181, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69c3ae1330d15db50468488c", "name": "CAPE Sandbox", "description": "T1071 - Application Layer Protocol\nnetwork_http\nstealth_network\nbinary_yara\nT1095 - Non-Application Layer Protocol\nnetwork_icmp\nT1055 - Process Injection\ncreates_suspended_process\nT1070.006 - Timestomp\nstealth_network\nbinary_yara\nT1070 - Indicator Removal\nstealth_network\nbinary_yara\nT1055 - Process Injection\ncreates_suspended_process", "modified": "2026-04-24T09:05:32.065000", "created": "2026-03-25T09:42:43.664000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 40, "hostname": 107, "domain": 1 }, "indicator_count": 151, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "36 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.verizon.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.verizon.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780212768.3812122 }