{ "type": "Domain", "indicator": "div.id", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/div.id", "alexa": "http://www.alexa.com/siteinfo/div.id", "indicator": "div.id", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3155077408, "indicator": "div.id", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "65709120ed2b0db3696f67ac", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2023-12-06T15:20:00.123000", "created": "2023-12-06T15:20:00.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-SHA256": 1579, "hostname": 625, "domain": 298, "URL": 1124, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62efae65aff064cd7700bd70", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2022-09-06T00:02:32.372000", "created": "2022-08-07T12:21:57.669000", "tags": [ "apt", "data", "decrypted ssl", "windows nt", "okdate", "gmtetag", "iframe", "null", "cookie", "next", "twitter", "push", "code", "logic", "format", "apache", "jquery", "loader", "target", "canvas", "footer", "mark", "ruby", "facebook", "alexa", "screen", "infinity", "prop", "freeze", "dummy", "august", "local", "mozilla", "CVE-2017-11882", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "CVE-2021-22941", "CVE-2020-11023", "CVE-2020-11022", "CVE-2017-11882" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 625, "URL": 1124, "domain": 298, "FileHash-SHA256": 1579, "CVE": 4, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1364 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62630579f28f0ade0c9fb8fb", "name": "Cera networks , hive, hurricane electric ..etc\u2026 \u201ccolos\u201d(plural) or \u201ccolocation\u201d", "description": "function lz_jssess, a new type of browser, is a two-way system, which allows the browser to talk to the other side of the screen.. the following:", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:43:53.501000", "tags": [ "ovlcwm", "activedocument", "null", "span", "date", "file", "livezilladata", "regexp", "amount", "email", "function", "filereader", "checkbox", "window", "false", "path", "trident", "template", "typeof define", "typeof", "lztextlink", "script", "lzrscr", "scrb64d", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "void", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023" ], "references": [ "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 306, "URL": 753, "FileHash-SHA256": 42, "domain": 114 }, "indicator_count": 1215, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=", "CVE-2021-22941", "https://fm.ipinyou.com/j/a.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "https://www.yunshipei.com/", "https://www.yunshipei.com/assets/js/app.min.js", "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "CVE-2017-11882", "CVE-2020-11023", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "CVE-2020-11022", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Activedocument", "Ovlcwm" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "65709120ed2b0db3696f67ac", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2023-12-06T15:20:00.123000", "created": "2023-12-06T15:20:00.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-SHA256": 1579, "hostname": 625, "domain": 298, "URL": 1124, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62efae65aff064cd7700bd70", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2022-09-06T00:02:32.372000", "created": "2022-08-07T12:21:57.669000", "tags": [ "apt", "data", "decrypted ssl", "windows nt", "okdate", "gmtetag", "iframe", "null", "cookie", "next", "twitter", "push", "code", "logic", "format", "apache", "jquery", "loader", "target", "canvas", "footer", "mark", "ruby", "facebook", "alexa", "screen", "infinity", "prop", "freeze", "dummy", "august", "local", "mozilla", "CVE-2017-11882", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "CVE-2021-22941", "CVE-2020-11023", "CVE-2020-11022", "CVE-2017-11882" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 625, "URL": 1124, "domain": 298, "FileHash-SHA256": 1579, "CVE": 4, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1364 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62630579f28f0ade0c9fb8fb", "name": "Cera networks , hive, hurricane electric ..etc\u2026 \u201ccolos\u201d(plural) or \u201ccolocation\u201d", "description": "function lz_jssess, a new type of browser, is a two-way system, which allows the browser to talk to the other side of the screen.. the following:", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:43:53.501000", "tags": [ "ovlcwm", "activedocument", "null", "span", "date", "file", "livezilladata", "regexp", "amount", "email", "function", "filereader", "checkbox", "window", "false", "path", "trident", "template", "typeof define", "typeof", "lztextlink", "script", "lzrscr", "scrb64d", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "void", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023" ], "references": [ "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 306, "URL": 753, "FileHash-SHA256": 42, "domain": 114 }, "indicator_count": 1215, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "div.id", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "div.id", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780322820.4417932 }