{ "type": "Domain", "indicator": "dn.call", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/dn.call", "alexa": "http://www.alexa.com/siteinfo/dn.call", "indicator": "dn.call", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3212168082, "indicator": "dn.call", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "65708c01dca4e6c505e4fca0", "name": "Hostgator - whitelisted", "description": "", "modified": "2023-12-06T14:58:09.135000", "created": "2023-12-06T14:58:09.135000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 692, "hostname": 1339, "domain": 1260, "URL": 4622, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 7917, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dd17695f7673d2dcee65", "name": "v3 Hybrid scan uploaded - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:16:07.144000", "created": "2023-03-31T13:16:07.144000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 43, "domain": 193, "URL": 64, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f112112bb456382bee7c9", "name": "Hostgator - whitelisted", "description": "Firing Rule, IRF.util.com, is set to go live on the internet after it was triggered by a new rule, but if it is not already in place, it will not load.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T19:44:33.964000", "tags": [ "webkitkeyframes", "helvetica neue", "helvetica", "arial", "45deg", "100vw", "typetext", "copyright", "closure library", "affiliatepage", "tospage", "banner", "iab2", "acceptall", "rejectall", "genven", "expecting iab", "iab tcf", "oldcctid", "newdomainid", "unknown", "checkbox", "date", "component", "apptree", "hnull", "fcee", "typeof t", "typeerror", "qss7", "error", "promise", "hfunction", "typeof e", "rfc3986", "string", "array", "rfc1738", "object", "sr1t", "typeof symbol", "animation", "null", "rnull", "forwardref", "typeof n", "nullt", "cxlc", "dptw", "dtha", "gdzw", "gurp", "w0b4", "kjy9", "uigm", "ve6h", "event", "currency", "currencysymbol", "ucvw", "ofunction", "ocsf", "xfunction", "urlsearchparams", "open", "symbol", "nfunction", "lfunction", "ufunction", "typeof window", "typeof self", "hj", "09af", "regexp", "irmstevent", "bad expr", "hotjar", "email", "telefon", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "n color", "number", "customevent", "n strictly", "hostn host", "button", "cookie tracking", "close", "campaign", "decision", "action", "page", "controller", "must", "visitor", "groupstart", "info", "obsolete", "false", "reduceright", "portland", "trackevent", "query", "u003cu003e", "trackpageview", "code", "path", "click", "derek", "void", "gsxr89skrrs", "r300", "uint8array", "typeof d", "caca", "typeof", "facebook pixel", "pixel code", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "function", "service", "phonenumber", "ver0", "tag0", "extdata0", "ua ch", "invalid", "which", "thank", "hostgator", "poll", "primary intent", "iwe didn", "f39c11", "team", "script", "array int8array", "caregexp", "legacy", "irfcd", "error setting", "irgbd", "outer", "dynamic tag", "variable", "rule", "expr", "inline script" ], "references": [ "xfe-URL-hostgator.com-stix2-2.1-export.json", "https://a.impactradius-tag.com/foundation-tags-SD382-d393-452e-9c15-ac1e4a6fc6fb1.js", "https://d3cxv97fi8q177.cloudfront.net/foundation-A122588-852f-4501-9972-9515a4f53da31.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://static.hotjar.com/c/hotjar-23213.js?sv=7", "https://bat.bing.com/bat.js", "https://connect.facebook.net/signals/config/393095817498804?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://www.googletagmanager.com/gtag/js?id=G-SXR89SKRRS&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-PPNLL2", "https://cdn3.optimizely.com/js/geo4.js", "https://cdn.optimizely.com/js/13477600374.js", "https://bat.bing.com/p/action/5797759.js", "https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://a.impactradius-tag.com/mediasource-A122588-852f-4501-9972-9515a4f53da31.js", "https://www.hostgator.com/_next/static/runtime/polyfills-31f3ad766330c3157d95.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/_app.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/index.js", "https://www.hostgator.com/_next/static/runtime/webpack-83bd83ab777f80a6c75c.js", "https://www.hostgator.com/_next/static/chunks/framework.4fc08a4a599cac03ddf5.js", "https://www.hostgator.com/_next/static/chunks/60aafdb66a57b57b76936ce193fee053374e679c.cdd375bd63e4f4a5a41b.js", "https://www.hostgator.com/_next/static/runtime/main-a00d7acfcccd82e343f6.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_ssgManifest.js", "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_buildManifest.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1650396033510&cv=9&fst=1650396033510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.hostgator.com%2F&tiba=Web%20Hosting%20-%202022%27s%20Best%20Website%20Hosting%20%7C%20HostGator&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.hostgator.com/_next/static/css/1746e01e071caaad90f08af905f64c7649b9fd98_CSS.27b3968e.chunk.css", "https://6241250.fls.doubleclick.net/activityi;src=6241250;type=remar0;cat=hg-al0;ord=1;num=152669004837;gtm=2wg4i1;auiddc=30830049.1650396032;u1=prospect;u2=%2F;u5=noConsent-none;~oref=https%3A%2F%2Fwww.hostgator.com%2F", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1339, "URL": 4622, "domain": 1260, "FileHash-SHA256": 692, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 7917, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1475 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_ssgManifest.js", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js", "https://connect.facebook.net/signals/config/393095817498804?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://static.hotjar.com/c/hotjar-23213.js?sv=7", "https://www.hostgator.com/_next/static/chunks/framework.4fc08a4a599cac03ddf5.js", "https://www.googletagmanager.com/gtm.js?id=GTM-PPNLL2", "https://www.hostgator.com/_next/static/runtime/polyfills-31f3ad766330c3157d95.js", "https://www.hostgator.com/_next/static/chunks/60aafdb66a57b57b76936ce193fee053374e679c.cdd375bd63e4f4a5a41b.js", "https://www.googletagmanager.com/gtag/js?id=G-SXR89SKRRS&l=dataLayer&cx=c", "https://a.impactradius-tag.com/foundation-tags-SD382-d393-452e-9c15-ac1e4a6fc6fb1.js", "https://www.hostgator.com/_next/static/runtime/webpack-83bd83ab777f80a6c75c.js", "https://bat.bing.com/p/action/5797759.js", "https://www.hostgator.com/_next/static/css/1746e01e071caaad90f08af905f64c7649b9fd98_CSS.27b3968e.chunk.css", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1650396033510&cv=9&fst=1650396033510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.hostgator.com%2F&tiba=Web%20Hosting%20-%202022%27s%20Best%20Website%20Hosting%20%7C%20HostGator&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_buildManifest.js", "https://cdn.optimizely.com/js/13477600374.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/_app.js", "https://a.impactradius-tag.com/mediasource-A122588-852f-4501-9972-9515a4f53da31.js", "https://6241250.fls.doubleclick.net/activityi;src=6241250;type=remar0;cat=hg-al0;ord=1;num=152669004837;gtm=2wg4i1;auiddc=30830049.1650396032;u1=prospect;u2=%2F;u5=noConsent-none;~oref=https%3A%2F%2Fwww.hostgator.com%2F", "https://www.googleadservices.com/pagead/conversion_async.js", "https://d3cxv97fi8q177.cloudfront.net/foundation-A122588-852f-4501-9972-9515a4f53da31.js", "https://connect.facebook.net/en_US/fbevents.js", "https://cdn3.optimizely.com/js/geo4.js", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "xfe-URL-hostgator.com-stix2-2.1-export.json", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/index.js", "https://www.hostgator.com/_next/static/runtime/main-a00d7acfcccd82e343f6.js", "https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Hj", "Reduceright" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "65708c01dca4e6c505e4fca0", "name": "Hostgator - whitelisted", "description": "", "modified": "2023-12-06T14:58:09.135000", "created": "2023-12-06T14:58:09.135000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 692, "hostname": 1339, "domain": 1260, "URL": 4622, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 7917, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dd17695f7673d2dcee65", "name": "v3 Hybrid scan uploaded - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:16:07.144000", "created": "2023-03-31T13:16:07.144000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 43, "domain": 193, "URL": 64, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f112112bb456382bee7c9", "name": "Hostgator - whitelisted", "description": "Firing Rule, IRF.util.com, is set to go live on the internet after it was triggered by a new rule, but if it is not already in place, it will not load.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T19:44:33.964000", "tags": [ "webkitkeyframes", "helvetica neue", "helvetica", "arial", "45deg", "100vw", "typetext", "copyright", "closure library", "affiliatepage", "tospage", "banner", "iab2", "acceptall", "rejectall", "genven", "expecting iab", "iab tcf", "oldcctid", "newdomainid", "unknown", "checkbox", "date", "component", "apptree", "hnull", "fcee", "typeof t", "typeerror", "qss7", "error", "promise", "hfunction", "typeof e", "rfc3986", "string", "array", "rfc1738", "object", "sr1t", "typeof symbol", "animation", "null", "rnull", "forwardref", "typeof n", "nullt", "cxlc", "dptw", "dtha", "gdzw", "gurp", "w0b4", "kjy9", "uigm", "ve6h", "event", "currency", "currencysymbol", "ucvw", "ofunction", "ocsf", "xfunction", "urlsearchparams", "open", "symbol", "nfunction", "lfunction", "ufunction", "typeof window", "typeof self", "hj", "09af", "regexp", "irmstevent", "bad expr", "hotjar", "email", "telefon", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "n color", "number", "customevent", "n strictly", "hostn host", "button", "cookie tracking", "close", "campaign", "decision", "action", "page", "controller", "must", "visitor", "groupstart", "info", "obsolete", "false", "reduceright", "portland", "trackevent", "query", "u003cu003e", "trackpageview", "code", "path", "click", "derek", "void", "gsxr89skrrs", "r300", "uint8array", "typeof d", "caca", "typeof", "facebook pixel", "pixel code", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "function", "service", "phonenumber", "ver0", "tag0", "extdata0", "ua ch", "invalid", "which", "thank", "hostgator", "poll", "primary intent", "iwe didn", "f39c11", "team", "script", "array int8array", "caregexp", "legacy", "irfcd", "error setting", "irgbd", "outer", "dynamic tag", "variable", "rule", "expr", "inline script" ], "references": [ "xfe-URL-hostgator.com-stix2-2.1-export.json", "https://a.impactradius-tag.com/foundation-tags-SD382-d393-452e-9c15-ac1e4a6fc6fb1.js", "https://d3cxv97fi8q177.cloudfront.net/foundation-A122588-852f-4501-9972-9515a4f53da31.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://static.hotjar.com/c/hotjar-23213.js?sv=7", "https://bat.bing.com/bat.js", "https://connect.facebook.net/signals/config/393095817498804?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://www.googletagmanager.com/gtag/js?id=G-SXR89SKRRS&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-PPNLL2", "https://cdn3.optimizely.com/js/geo4.js", "https://cdn.optimizely.com/js/13477600374.js", "https://bat.bing.com/p/action/5797759.js", "https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://a.impactradius-tag.com/mediasource-A122588-852f-4501-9972-9515a4f53da31.js", "https://www.hostgator.com/_next/static/runtime/polyfills-31f3ad766330c3157d95.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/_app.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/index.js", "https://www.hostgator.com/_next/static/runtime/webpack-83bd83ab777f80a6c75c.js", "https://www.hostgator.com/_next/static/chunks/framework.4fc08a4a599cac03ddf5.js", "https://www.hostgator.com/_next/static/chunks/60aafdb66a57b57b76936ce193fee053374e679c.cdd375bd63e4f4a5a41b.js", "https://www.hostgator.com/_next/static/runtime/main-a00d7acfcccd82e343f6.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_ssgManifest.js", "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js", "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_buildManifest.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1650396033510&cv=9&fst=1650396033510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.hostgator.com%2F&tiba=Web%20Hosting%20-%202022%27s%20Best%20Website%20Hosting%20%7C%20HostGator&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.hostgator.com/_next/static/css/1746e01e071caaad90f08af905f64c7649b9fd98_CSS.27b3968e.chunk.css", "https://6241250.fls.doubleclick.net/activityi;src=6241250;type=remar0;cat=hg-al0;ord=1;num=152669004837;gtm=2wg4i1;auiddc=30830049.1650396032;u1=prospect;u2=%2F;u5=noConsent-none;~oref=https%3A%2F%2Fwww.hostgator.com%2F", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1339, "URL": 4622, "domain": 1260, "FileHash-SHA256": 692, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 7917, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1475 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "dn.call", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "dn.call", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780370122.2547522 }