{ "type": "Domain", "indicator": "element.style", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/element.style", "alexa": "http://www.alexa.com/siteinfo/element.style", "indicator": "element.style", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2811728935, "indicator": "element.style", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 45, "pulses": [ { "id": "6963596c4cd594b77b4675ec", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - PalantirFoundry | The State of Colorado | ", "description": "", "modified": "2026-02-10T06:05:39.764000", "created": "2026-01-11T08:03:56.534000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": "693cdc5b8ebc10664439c2fb", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "693cdc5b8ebc10664439c2fb", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - Freeman Mathis & Gary for The State of Colorado", "description": "State of Colorado attackers use DGA domains set up multiple Law Firms.. Christopher P. \u2019Buzz\u2019 Ahmann Is a legal consultant / attorney./ hacker \nWorks for the State of Colorado/ quasi. Is malicious and doesn\u2019t work alone. Continues to target \nState had relative contacted by a fake entity \u2018Goodness Health\u2019\nLeft vague VM for relative message \u201cWe work on the Medicare side of things.\u201d and? \nSocial engineering call , malicious domain. The State of Colorado has been on a relentless pursuit against target. Fully compromised targets relatives brand new phone. Hacked target since 10/2013.\nMultiple cyber and physical attacks carried out against target and family members.. There are attacks make to look like accidents or malfunctions. This harmful, silencing behavior is somehow illegal for anyone else.", "modified": "2026-02-10T06:05:39.764000", "created": "2025-12-13T03:24:11.414000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 146, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "159 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "352 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ed8f7d4b5483117bb66", "name": "abuse.ch", "description": "", "modified": "2023-12-06T15:10:16.397000", "created": "2023-12-06T15:10:16.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 223, "domain": 383, "URL": 1639, "hostname": 560, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708eb824dc4c51811f6de9", "name": "Indusface - in YOUR face ;)", "description": "", "modified": "2023-12-06T15:09:44.273000", "created": "2023-12-06T15:09:44.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 307, "hostname": 333, "domain": 192, "URL": 1143, "FileHash-MD5": 1 }, "indicator_count": 1976, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bbc4c8bf557c17688e1", "name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51", "description": "", "modified": "2023-12-06T14:57:00.280000", "created": "2023-12-06T14:57:00.280000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 233, "domain": 361, "hostname": 563, "URL": 1374, "FileHash-SHA1": 1, "FileHash-MD5": 1 }, "indicator_count": 2534, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b72abe90961af1737c9", "name": "reCAPTCHA", "description": "", "modified": "2023-12-06T14:55:46.172000", "created": "2023-12-06T14:55:46.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 362, "domain": 330, "URL": 1790, "hostname": 586, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657083e146e5b101fdbf176d", "name": "fb_stringify_congress", "description": "", "modified": "2023-12-06T14:23:29.639000", "created": "2023-12-06T14:23:29.639000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 213, "domain": 118, "hostname": 232, "URL": 823 }, "indicator_count": 1386, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657081d6ab82e2a5046133ad", "name": "maxcdn.bootstrapcdn.com:bootstrap:4.0.0:js:bootstrap.min.js%22,.", "description": "", "modified": "2023-12-06T14:14:46.566000", "created": "2023-12-06T14:14:46.566000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 83, "hostname": 93, "URL": 170, "domain": 61, "FileHash-MD5": 3 }, "indicator_count": 410, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62d5dbe2b3fe8238f80b1fb5", "name": "Rogue Instagram Account photos and videos", "description": "Rogue Instagram account used to troll and phish.", "modified": "2022-08-17T00:02:07.076000", "created": "2022-07-18T22:17:06.045000", "tags": [ "instagram" ], "references": [ "https://www.instagram.com/melindaa.rivera_/?igshid=YmMyMTA2M2Y%3D", "report-668597.pdf", "https://linkin.click/melindaa.rivera_" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "v1gil0x", "id": "4651", "avatar_url": "/otxapi/users/avatar_image/media/avatars/v1gil0x/resized/80/vigilox_logo.jpg", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 142, "FileHash-SHA1": 84, "FileHash-SHA256": 84, "URL": 68, "domain": 45, "hostname": 25 }, "indicator_count": 448, "is_author": false, "is_subscribing": null, "subscriber_count": 77, "modified_text": "1384 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626d5deabac11a947774de99", "name": "http://gczlau.com/c3af94f661", "description": "Live link sent via sms", "modified": "2022-05-29T00:01:17.829000", "created": "2022-04-30T16:03:54.153000", "tags": [ "move", "typetext", "typeemail", "typetel", "eace", "eacb", "aaed", "eachb", "yaay", "event", "cacb", "cacf", "typeof t", "text", "function", "load snowplow", "checks", "gets", "getmainpageub", "page", "clkg", "creates custom", "use visitor", "track form", "form", "support", "typeof", "text display", "typeof q", "typeof d", "post", "anura", "display support", "sympathizing", "quaker", "webview", "trident", "android", "date", "snowplow", "array", "anthon pang", "typeof e", "version", "author", "alex dean", "simon andersson", "fred blundun", "enter their", "phone number", "strong", "backstory", "privacy", "policy", "partner lookup", "partnerlookup", "diego", "new york", "contact", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "typeerror", "clickdataapi", "hidden", "typeof n", "bootstrap", "regexp", "error", "mouseleave", "click", "dataspy", "body", "pseudo", "child", "sufeffxa0", "class", "attr", "null", "this", "guide my", "yes no", "male female", "romance", "analyzing", "get started", "enter", "your partner", "number" ], "references": [ "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://guidemyrelationship.com/assets/js/main.js", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 333, "FileHash-SHA256": 106, "domain": 170, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1611, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b070ed44bcc9ad7b76bab", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:28:46.014000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b06ae6171c5d04f1bab38", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:27:10.738000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266e05eead46d425dff53c2", "name": "inap.com - Drift Widget", "description": "function R(a,b,c,d,e,f) is a new type of JavaScript, which allows the browser to control its browser without a set of buttons or controls..", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T17:54:38.551000", "tags": [ "drift widget", "javascript", "typeerror", "name", "typeof t", "getconfig", "default", "typeof e", "area", "event", "shadowroot", "boolean", "error", "shown", "click", "null", "window", "trident", "body", "formdata", "property", "377867625", "script", "textjavascript", "piscriptnum", "function", "regexp", "class", "attr", "pseudo", "child", "typeof module", "reduceright", "vd", "number", "string", "trackevent", "copyright", "standard", "pageview", "hpgform", "hpgdownload", "path", "download", "derek", "void", "date", "code", "ieproto", "object", "typeof", "typeof n", "widgetrootqa", "driftconductor", "license", "small batch", "apache license", "version", "unless", "as is", "basis", "without", "warranties or", "apache", "sessionid", "session", "post", "contenttype", "snull" ], "references": [ "xfe-URL-Inap.com-stix2-2.1-export.json", "https://ws.zoominfo.com/pixel/1FBtpCEkYmFObuGSt7zC", "https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js", "https://js.driftt.com/include/1650908400000/puh6a6h2pc6k.js", "https://www.googletagmanager.com/gtm.js?id=GTM-KPQ5FFK", "https://www.inap.com/inap/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=28453&account_id=235392&title=Hybrid%20IT%20%26%20Enterprise%20Cloud%20Solutions%20-%20INAP&url=https%3A%2F%2Fwww.inap.com%2F&referrer=", "https://go.inap.com/analytics?conly=true&visitor_id=377865231&visitor_id_sign=fcd1b8a6054d2c2490cb77f4d0581558910b2792df8a7d07c6a0b0282eba2cd0db306c84706e8688a4165a4437c383a8e130703a&pi_opt_in=&campaign_id=28453&account_id=235392&title=Hybrid%20IT%20%26%20Enterprise%20Cloud%20Solutions%20-%20INAP&url=https%3A%2F%2Fwww.inap.com%2F&referrer=", "https://js.driftt.com/conductor/assets/4.fa5fc959.chunk.js", "https://www.inap.com/inap/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=3.2.4", "https://www.inap.com/inap/wp-content/themes/inap/assets/js/bootstrap.bundle.min.js?ver=2.0.0", "https://8794842.fls.doubleclick.net/activityi;src=8794842;type=front;cat=newun0;ord=1047846285161;gtm=2wg4k0;auiddc=1226623845.1650908333;~oref=https%3A%2F%2Fwww.inap.com%2F", "https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1650908332393", "https://js.driftt.com/core?embedId=puh6a6h2pc6k®ion=US&forceShow=false&skipCampaigns=false&sessionId=34bf8b51-4431-413e-ac31-6833e0d5600c&sessionStarted=1650908334.439&campaignRefreshToken=6e5a949b-b933-4b76-8614-902cd18d34a6&hideController=false&pageLoadStartTime=1650908332393&mode=CHAT&driftEnableLog=false" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1239, "URL": 3619, "domain": 565, "FileHash-SHA256": 300 }, "indicator_count": 5723, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266c416c4598fa139868c64", "name": "\u05de\u05e9\u05e8\u05d3 \u05e4\u05e8\u05e1\u05d5\u05dd \u05d5\u05d1\u05e0\u05d9\u05d9\u05ea \u05d0\u05ea\u05e8\u05d9\u05dd | TOPWEB - \u05d8\u05d5\u05e4 \u05d5\u05d5\u05d1- \u05d4\u05d5\u05e4\u05db\u05d9\u05dd \u05e2\u05e1\u05e7\u05d9\u05dd \u05dc\u05de\u05d5\u05ea\u05d2\u05d9\u05dd \u05d1\u05d3\u05d9\u05d2\u05d9\u05d8\u05dc", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T15:53:58.206000", "tags": [ "init", "803911410135716", "pageview", "date", "datalayer", "gtmnqnvc6k", "copyright", "closure library", "facebook", "google", "linkedin", "reddit", "tumblr", "digg", "stumbleupon", "telegram", "whatsapp", "email", "kfunction", "u05deu05dcu05d0", "aw363516812", "error", "promise", "inull", "webfontconfig", "webfont", "gc", "number", "string", "uint8array", "regexp", "xhfunction", "yhfunction", "host", "path", "code", "topweb", "top web", "beyond", "forex", "hackeru", "one stop", "shop", "bgroup", "typesubmit", "datasecret", "shape", "html", "span", "false", "scrl", "haschildren", "zoomindown", "show hide", "dark", "checkbox", "back", "light", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "reflect", "math", "array", "object", "typeerror", "symbol", "function", "null", "title", "body", "click", "lecount", "count", "typeof define", "typeof t", "this", "close", "twitter", "open", "next", "blank", "xpercent0", "failure", "xpercent50", "essential grid", "blackberry", "author", "themepunch", "android", "typeof module", "tweenlite", "version", "onull", "updates and", "tools", "linear", "ticker", "bounce", "alpha", "fancybox", "plugin", "janis skarnelis", "100n", "right", "bottom", "left", "html tags", "ox20trnf", "dom element", "class", "attr", "pseudo", "child", "js foundation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c" ], "references": [ "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "https://topweb.co.il/", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1158, "FileHash-SHA256": 671, "hostname": 304, "domain": 329, "email": 2 }, "indicator_count": 2464, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628d21a4558f3ccf49c07931", "name": "abuse.ch", "description": "Looking for wizard spider. Some domains have .ru and .su (Soviet Union)", "modified": "2022-05-24T18:19:16.027000", "created": "2022-05-24T18:19:16.027000", "tags": [ "twitter follow", "button follow", "reduceright", "number", "string", "regexp", "error", "f420", "gmzsj4f05dr", "copyright", "deviceandgeo", "googlesignals", "json", "date", "void", "sxa0", "typeerror", "cbfunction", "deferred", "closure library", "b1342177279", "this", "infinity", "iframe", "trident", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "button", "tridentmsieedge", "linux", "twttr", "area", "false", "twitter", "blank", "gvjsj", "gvjsyt", "license", "small batch", "apache license", "unless", "as is", "basis", "without", "warranties or", "null", "node", "dan vanderkam", "dygraph", "gc", "gvjs8s", "mmm dd", "infinity0", "gvjs6s", "mmm d", "axis", "cell", "column", "arial", "drawingframe", "select", "textarea", "line", "inside", "gvjsih", "rnrn", "roboto", "body", "template", "outside", "rial", "gvjsob", "azaz09", "array", "april", "june", "august", "february", "span", "android", "christ", "bbfunction", "twitter tweet", "font awesome", "free", "cc by", "sil ofl", "code", "mit license", "brands", "segoe ui", "emoji", "helvetica neue", "noto", "apple color", "symbol", "noto color", "typebutton", "sprymedia ltd", "datatables", "typeof f", "without any", "warranty", "merchantability", "fitness", "a particular", "adata", "first", "next", "typeof", "typeof n", "hide", "focusin", "focusout", "shown", "js foundation", "g5gqv3cj17n" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N", "https://bazaar.abuse.ch/js/jquery-3.5.1.min.js", "https://bazaar.abuse.ch/js/bootstrap.min.js", "https://bazaar.abuse.ch/js/datatables.min.js", "https://bazaar.abuse.ch/css/bootstrap.min.css", "https://bazaar.abuse.ch/css/all.min.css", "https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js", "https://www.gstatic.com/charts/50/loader.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js", "https://www.gstatic.com/charts/50/third_party/dygraphs/dygraph-tickers-combined.js", "https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_line_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js", "https://abuse.ch/js/twitter_widget.js", "https://abuse.ch/js/jquery-3.6.0.min.js", "https://abuse.ch/js/bootstrap.min.js", "https://abuse.ch/js/google-charts.js", "https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR", "https://platform.twitter.com/widgets/follow_button.f8c8d971a6ac545cf416e3c1ad4bbc65.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=abuse_ch&show_count=false&show_screen_name=true&size=l&time=1653415551742" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1639, "FileHash-SHA256": 223, "domain": 383, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628c310ac9ae8e3e8f352e3d", "name": "Indusface - in YOUR face ;)", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-24T01:12:42.216000", "created": "2022-05-24T01:12:42.216000", "tags": [ "fontawesome", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "uf007", "uf017", "segoe ui", "emoji", "woff2", "roboto", "helvetica neue", "arial", "apple color", "symbol", "noto color", "type", "getcookie", "mxqueryparams", "samesitenone", "secure", "mxcookie", "date", "null", "domain", "orgcode", "message", "apino", "allow", "close", "safari", "large safari", "subscribe", "segment1", "segment2", "pushengage", "click", "scroll", "body", "iframe", "false", "typeof e", "array", "typeof t", "swiper", "most", "copyright", "july", "android", "win32", "version", "typeof n", "typeerror", "startr", "endr", "default", "typeof", "defaulttype", "function", "error", "shown", "flip", "regexp", "mozt", "mstransitionend", "webkitt", "dom element", "ua83948896", "gtmpf7h94q", "vendor site", "widget id", "page url", "write", "message api", "february", "april", "june", "august", "fbcd", "398410357733708", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "26015787", "reduceright", "tracking file", "number", "string", "aw827450946", "uint8array", "fnumber", "dustmap", "void", "class", "attr", "pseudo", "child", "typeof module", "trackevent", "trackpageview", "register", "path", "download", "verify", "xsnull", "script", "closure library", "xdfunction", "typeof window", "syntaxerror", "xmlhttprequest", "samesitelax", "innull", "ennull", "typeof symbol", "boolean", "circular", "customevent", "cuxref", "new r", "infinity", "image", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "ynull", "config", "meta", "accept" ], "references": [ "https://k.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/26015787", "https://dc.cux.io/analyzer.js", "https://sc.lfeeder.com/lftracker_v1_kn9Eq4R1l2K7RlvP.js", "https://www.google-analytics.com/gtm/js?id=GTM-PF7H94Q&t=gartner&cid=559436367.1653353775", "https://www.googletagmanager.com/gtm.js?id=GTM-PMC6JX", "https://www.indusface.com/js/fontawesome.js.pagespeed.jm.X4kSHwBNxI.js", "https://www.indusface.com/js/jquery.3.5.1.min.js.pagespeed.jm.A8biqtTJrt.js", "https://www.googletagmanager.com/gtag/js?id=AW-827450946", "https://tracking.g2crowd.com/attribution_tracking/conversions/2226.js?p=https://www.indusface.com/&e=", "https://bat.bing.com/p/action/26015787.js", "https://s.adroll.com/j/pre/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR/index.js", "https://d.adroll.com/consent/check/Q7CW4G7ZJJGWDLUB76P5IV?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&_s=1316674c131c34cc157a9ad9119512a2&_b=2", "https://d.adroll.com/pixel/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&pv=54603716107.79724&cookie=BIJ6M3OZKNCW7OIMIJSZED%3A2%7CWH2M5MREOVC4HNKNZPPJZR%3A2%7CQ7CW4G7ZJJGWDLUB76P5IV%3A2&adroll_s_ref=&keyw=&adroll_external_data=", "https://s.adroll.com/j/sendrolling.js", "https://web.mxradon.com/t/WebTracker.aspx?p1=18917&p2=Web%20Application%20Security%2C%20WAF%2C%20SSL%20Certificates&p3=-1&p4=&p5=1&p6=8415a029-248f-4eeb-bc18-338560430ff7&p7=&p8=&p9=0", "https://trackcmp.net/visit?actid=223422163&e=&r=&u=https%3A%2F%2Fwww.indusface.com%2F", "https://www.gartner.com/reviews/public/Widget/js/widget.js", "https://www.indusface.com/js/cookieconsent.min.js.pagespeed.jm.FCA-2RWV9s.js", "https://www.indusface.com/js/popper.min.js+bootstrap.min.js+modernizr-custom.js+menu.js.pagespeed.jc.WlixBHq4Fv.js", "https://www.indusface.com/js/swiper.min.js.pagespeed.jm.47RtcloJQ-.js", "https://clientcdn.pushengage.com/core/80780b73b5a3f4655fee62041e51f1be.js", "https://web.mxradon.com/t/Tracker.js", "https://www.indusface.com/css/A.font-styles1.css+bootstrap.css+skin.css+responsive.css+menu.css+swiper.min.css,Mcc.nAV12exFII.css.pagespeed.cf.a_yWJedOjY.css", "https://kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css", "https://www.indusface.com/css/A.cookieconsent.min.css.pagespeed.cf.t1fRd9Ouvj.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1144, "hostname": 333, "FileHash-SHA256": 307, "domain": 192, "FileHash-MD5": 1 }, "indicator_count": 1977, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1469 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6263b3b617c33c9a7644a9c6", "name": "psychz.net - malware", "description": "function:function t(t)var e.handleObj, a new type of JavaScript, for all types of window.. and data-api, in the form of \"transition end\".", "modified": "2022-05-23T00:00:56.946000", "created": "2022-04-23T08:07:18.262000", "tags": [ "error", "typeof e", "object", "typeof", "array", "typeof n", "typeof t", "boolean", "typeof r", "uff5c", "null", "date", "meta", "this", "scroll", "backspace", "insert", "unknown", "4096", "void", "copyright", "closure library", "reduceright", "vd", "number", "string", "regexp", "pageview", "uint8array", "gtm5pbn7g", "host", "path", "code", "typeerror", "version", "clickdataapi", "hidden", "show", "bootstrap", "click", "dataspy", "body", "mouseleave" ], "references": [ "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 120, "URL": 681, "domain": 192, "FileHash-SHA256": 188 }, "indicator_count": 1181, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62634f4db80546374654f4c4", "name": "frantech.ca - malware", "description": "T,t.F, t.f, is written in the same place as the following:t, d. F, has been added to the end of the document, as well as its own propertyDescriptor.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-23T00:58:53.444000", "tags": [ "overview", "typeof symbol", "error", "typeerror", "object", "typeof t", "string", "typeof e", "function", "array", "promise", "date", "target", "class", "path", "back", "bounce", "this", "iframe", "null", "0x105684", "0xb66229", "0xb9b329", "0x3eed40", "0x2923e0", "cookie", "0x1d2d25", "0x2d6b", "0x538ea5", "0x240c1a", "push", "shift", "open" ], "references": [ "xfe-URL-https___my.frantech.ca_-stix2-2.1-export.json", "xfe-URL-frantech.ca-stix2-2.1-export.json", "https://my.frantech.ca/templates/lagom/assets/js/lagom-app.min.js?v=1.4.3", "https://my.frantech.ca/templates/lagom/assets/js/whmcs-custom.min.js?v=1.4.3" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 757, "hostname": 498, "domain": 311, "FileHash-SHA256": 21 }, "indicator_count": 1587, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261873303497c0dd414ef10", "name": "Jquery and 1api.net", "description": "var Cd, Zd.com, \"G1\", \"g1\" and \" G2\" are all part of the new code for Google's tag management system, which is based on the word \"tag\".", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:32:51.012000", "tags": [ "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "regexp", "pseudo", "child", "ajax", "ajaxjsonp", "ajaxload", "ajaxparsexml", "ajaxscript", "ajaxxhr", "class", "date", "null", "number", "string", "copyright", "gtmnl3llhs", "host", "path", "closure library", "xdfunction", "adfunction" ], "references": [ "xfe-URL-Jquery.com-stix2-2.1-export.json", "xfe-URL-1api.net-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NL3LLHS", "https://code.jquery.com/jquery-3.1.1.slim.min.js", "https://1api.net/js/bootstrap.min.js", "https://1api.net/css/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1235, "domain": 192, "FileHash-SHA256": 267 }, "indicator_count": 2188, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62616627ee302d24b23523c3", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T14:11:51.629000", "tags": [ "tbody", "span", "thead", "tfoot", "multiple", "type", "href", "input", "halflings", "gradienttype1", "twitter", "false", "fontface", "fatface", "woff2", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "typesubmit", "function", "typeof c", "formdata", "this", "typeof define", "null", "typeof f", "object", "boolean", "typeof module", "error", "reflect", "math", "regexp", "number", "array", "typeerror", "string", "symbol", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "account", "open", "navitem", "text", "mainnav", "click", "blank", "copyright", "u0027", "value", "body", "firefox", "enum", "html", "msie", "applewebkit", "traceconsole", "form", "iframe", "legend", "nonmsdombrowser", "callbackindex", "callbackframeid", "eventtarget", "eventargument", "validation", "explorer", "target", "plugin", "bootstrap", "https", "conflict", "focus", "next", "trigger", "checkbox", "delta", "scroll", "sourceid", "date", "sessiontoken", "sessionexpires", "void", "rangeerror", "utf16", "illegal input", "global", "chrome", "opredge", "opera", "safari", "version", "sxa0", "browser", "typeof require", "dom node", "typeof d", "component", "typeof h", "bubble", "reduceright", "script", "typeof n", "jhnew ia", "gtm5sn6brv", "path", "host", "trackpageview", "gw8yd4p2eny", "select", "strong", "uint8array", "android", "verify", "stop", "enterprise", "widget", "window", "generator", "reload", "r300", "caca", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "please", "typeemail", "email", "jarallaxinner", "webkit", "property", "transform", "trident", "edge", "ipodi", "ipadi", "androidi", "blackberryi", "windows phonei", "xfunction", "pfunction", "wfunction", "show navigation", "mjquery", "typeof", "defaulttype", "hidden", "show", "shown", "startr", "endr", "federico zivolo", "distributed", "mit license", "statict", "flip" ], "references": [ "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export.json", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://4vendeta.com/assets/js/popper.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://cp.enom.com/js/global-functions.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://cp.enom.com/js/openWin.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://cdn.optimizely.com/js/26241557.js", "https://cp.enom.com/verisign-seal.htm", "https://cp.enom.com/global/TopMenu.ascx.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2989, "hostname": 1208, "domain": 634, "FileHash-SHA256": 302 }, "indicator_count": 5133, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260d13ab57ec96e24359914", "name": "Malware - reliablesite.net", "description": "VUE-DEVTOOLs_GLOBAL_Hook__, a description of what it will look like when it comes to testing software, is based on the type of Object.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-21T03:36:26.313000", "tags": [ "date", "swiper", "value", "trigger", "gbps", "typeof define", "typeof module", "roboto", "helvetica neue", "arial", "small", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeerror", "typeof", "regexp", "tether error", "typeof rnullr", "anull", "typeof b", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "null", "void", "65536", "typeof f", "vd", "function", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "online", "livechat", "refreshurl", "title", "imageurl", "cssclass", "chat", "object", "string", "typeof t", "incorrect", "xfunction", "target", "typeof p", "typeof btoa", "vnode", "boolean", "typeof symbol" ], "references": [ "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://code.jquery.com/jquery-1.12.0.min.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2233, "hostname": 827, "domain": 565, "FileHash-SHA256": 238 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626078c9aeb1f4837a1bfc7e", "name": "Malware hosting - allwest.com", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T21:19:05.670000", "tags": [ "guji", "regexp", "cfunction", "event", "afunction", "efunction", "function", "xfunction", "jnull", "yefunction", "customevent", "typeof n", "typeof wpcf7", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "filter", "typenumber", "totalvalue", "linear", "secs", "index", "nameregion", "typevalue", "rangeto", "customuserspeed", "code", "typeof define", "date", "click", "smoothscroll", "number", "property", "fancybox", "null", "false", "scroll", "stop", "speed", "body", "error", "this", "typeerror", "symbol", "generator", "typeof e", "copyright", "closure library", "reduceright", "string", "aw981889198", "uint8array", "quota", "aafunction", "void", "hj", "object", "hotjar", "email", "typeof symbol", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "qe", "fnumber", "xhfunction", "yhfunction", "awconversionid", "g0cbkgbkb3j", "xdfunction", "adfunction", "cdfunction", "ddfunction", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "ua411335272", "gfvhxsm5zyl", "xmlhttprequest", "domparser", "typeof module", "html tags", "ox20trnf", "dom element", "typeof t", "class", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c", "bsnull", "gtmmwm9r93", "typeof", "facebook pixel", "pixel code", "iterator", "constantvalue", "globalvariable", "facebook", "service", "phonenumber", "boolean", "select", "strong", "input", "iframe", "android", "verify", "span", "enterprise", "form", "reload", "adwords", "linkedin", "hs pixel", "loader", "addcookiedomain", "hubspot", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "helvetica neue", "helvetica", "arial", "accept", "n nn", "policy", "done", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "captcha", "please", "april", "august", "close", "february", "june", "klik", "download", "next", "blank", "este", "rserver", "mais", "r300", "typeof d", "path", "caca", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-allwest.com-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", "https://js.hsleadflows.net/leadflows.js", "https://js.hs-banner.com/9251231.js", "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", "https://js.hsadspixel.net/fb.js", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "https://connect.facebook.net/en_US/fbevents.js", "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.googletagmanager.com/gtag/js?id=AW-981889198", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0", "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", "https://js.hs-scripts.com/9251231.js" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 821, "URL": 1568, "domain": 251, "FileHash-SHA256": 70, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2715, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f2b6a1f2c9d5631d261d5", "name": "Choopa.com - vultr", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T21:36:42.286000", "tags": [ "regexp", "typeof e", "typeof t", "function", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "680876936", "389564586", "17606105819", "1044525330", "176418897", "121200080426", "1473231341", "45705983", "71770035416", "1958414417", "copyright", "closure library", "trunc", "msie", "tagpath", "fbcd", "body", "html", "gettarget", "571256413046247", "prop", "click", "typeof l", "json", "array", "string", "8760", "image", "adveid", "typeof c", "typeerror", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "service", "phonenumber", "meta", "invalid uuid", "uint8array", "nullu", "1099511627776", "t4294967296", "typeof symbol", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "reduceright", "number", "gk6536fhn4d", "r300", "typeof d", "path", "caca", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "javascript", "code", "hoverpopup", "please", "output", "popupmodal", "country", "checkall", "invcid", "base64", "score", "attr", "js foundation", "typeof module", "ffffff", "acce22", "f0f0f0", "dadada", "typesubmit", "typebutton", "f4f4f4", "trebuchet ms", "tahoma", "woff", "footer", "segoe ui", "emoji", "tbody", "roboto", "helvetica neue", "arial", "apple color", "noto color", "type", "twitter", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "onclickpopup", "discountmonthly", "grayoverlay", "popup into", "popup var", "center", "price", "first", "classname", "eventkey", "event", "selector", "name", "datakey", "version", "default", "shown", "target", "close", "false", "trigger", "jquery", "delta", "open", "arrow", "protected", "leave", "dataspy", "typeof define", "eventlistener" ], "references": [ "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://www.choopa.com/css/bootstrap.css", "https://www.choopa.com/css/global.css?v=209", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://my.choopa.com/js/global.js?v=41", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.google-analytics.com/analytics.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://static.ads-twitter.com/uwt.js", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://js.partnerstack.com/v1/", "https://bat.bing.com/p/action/17528422.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/sendrolling.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1241, "URL": 3454, "domain": 430, "FileHash-SHA256": 453 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6256f92778c2f2177bdd4de9", "name": "\u9ad8\u5c71tv,\u9ad8\u5c71tv,\u9ad8\u5c71tv\u5f71\u9662,\u9ad8\u5c71tv\u770b\u7247\u7f51", "description": "Here is a full list of highlights from the Chinese TV series, which began in 2011 and has now been broadcast on Chinese television, online and mobile devices, and is now available to watch online.", "modified": "2022-05-13T00:03:35.765000", "created": "2022-04-13T16:24:07.391000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "typeof symbol", "https", "zeno rocha", "typeof", "typeof define", "error", "array", "12863", "qrcode", "2g2g2h2h0g", "dhdh", "exptable", "logtable", "string", "typeof j", "regexp", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "ahgr", "0x40", "h0x1", "mm32", "indexof", "length", "h0x0", "0x248", "h0x2", "0x17b", "webpackrequire", "webpackexports", "object", "default", "hn return", "importsnvar", "truennnn", "iostf", "android", "nvar", "clickdownload", "this", "path", "service", "roboto", "boolean", "number", "createnamespace", "n default", "nn return", "null", "click", "void", "istanbul", "false", "close", "window", "info", "target", "find", "footer", "delta", "generator", "cascade", "code", "trigger", "next", "arrow", "slice", "checkbox", "body", "green", "phase", "copy", "infinity", "middle", "open", "calendar", "flex", "fail", "shift", "super", "internal", "form", "locale", "spinner", "spin", "multi", "mask", "write", "flip", "logic", "patch", "abcd", "skew", "main", "rest", "trim", "dark", "canvas", "facebook", "executor", "span", "tips", "sticky", "uploader", "bind", "config", "startpage", "speed", "toolbar", "refresh", "done", "format", "cardinal", "outside", "install", "public", "github", "vuejs", "jump", "browser", "sign", "view", "sponsor", "github sponsors", "mit license", "contact", "star", "stars", "javascript", "please", "strong", "\u9ad8\u5c71tv", "\u9ad8\u5c71tv\u5f71\u9662", "\u9ad8\u5c71tv\u770b\u7247\u7f51", "hd 20210830", "hd mu", "hd heydouga", "poro", "tv tv", "hd ok", "hd fol", "hd nanami2", "hd \uff13", "hd 20210927" ], "references": [ "http://www.bbbbop13.com:1313/", "xfe-URL-hyqxsnjj.com-stix2-2.1-export.json", "https://web.op39v.xyz/?channelCode=pingguo", "https://github.com/vuejs/vue-devtools", "https://web.op39v.xyz/js/chunk-vendors.js", "https://web.op39v.xyz/js/chunk-common.js", "https://res-1257422681.file.myqcloud.com/assets/yeyue/boinstall.js", "https://cdn.staticfile.org/jquery/3.6.0/jquery.min.js", "https://cdn.staticfile.org/qrcodejs/1.0.0/qrcode.min.js", "https://cdn.staticfile.org/clipboard.js/2.0.8/clipboard.min.js", "https://s9.cnzz.com/z_stat.php?id=1280740152&web_id=1280740152", "https://c.cnzz.com/core.php?web_id=1280740152&t=z" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1374, "hostname": 563, "CVE": 1, "domain": 361, "FileHash-SHA256": 233, "FileHash-SHA1": 1, "FileHash-MD5": 1 }, "indicator_count": 2534, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1480 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6252df03791ceb2df29742fe", "name": "reCAPTCHA", "description": "var a,r, i,o, r, c+(((s>>>16)*c&65535)<<16, as well as the Object, to be used as a decoder.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T13:43:30.961000", "tags": [ "arial", "roboto", "helvetica neue", "typesubmit", "webkitkeyframes", "typeerror", "typeof t", "string", "object", "typeof e", "symbol", "typeof symbol", "typeof window", "typeof self", "typeof r", "date", "body", "html", "typeof n", "error", "version", "shown", "click", "dataspy", "trident", "window", "lpmlightbox", "messaging1", "chat0", "href", "tabindex", "copyright", "closure library", "info", "smsclientapi", "null", "typeof", "regexp", "debug", "chat", "scraper", "cookie", "stop", "iframe", "explorer", "small", "seppuku", "jsloader", "token", "viewed", "kbcontentclick", "blank", "post", "document", "typeof storage", "unknownerror", "element", "overquerylimit", "requestdenied", "zeroresults", "notfound", "node", "edge", "android", "unknown", "false", "june", "generator", "marker", "hybrid", "month", "azaz09", "hours", "function", "number", "fullyear", "controller", "christ", "sufeffxa0", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "directclick", "x22loansx22", "x221x22", "9o7nxzt", "x22applyx22", "x3dw", "x3dnew", "x22pageloadx22", "x22scriptx22", "x22uetqx22", "viewcontent", "addtocart", "purchase", "array", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "license", "calltrkswap", "typeof s", "xmlhttprequest", "65535", "awindow", "cwm fjordbank", "activexobject", "tfunction", "sfunction", "yfunction", "googlendt" ], "references": [ "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "http://instantfwding.com/px.js?ch=1", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "https://bat.bing.com/bat.js", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "https://bat.bing.com/p/action/56358236.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1790, "hostname": 586, "FileHash-SHA256": 362, "domain": 330, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624dbf64e7682b3bf049129c", "name": "Malware-USA", "description": "Shopseg Sistemas, a company specialising in software and equipamentos for supermercados, wedi dweud eu s\u00f4n i'n \u00f4l.", "modified": "2022-05-06T16:01:29.122000", "created": "2022-04-06T16:27:16.842000", "tags": [ "dataaos", "100px00", "dataaosfade", "100px0", "dataaoszoom", "dataaosflip", "woff2", "fontface", "sans", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "reduceright", "number", "string", "gtl5jtn10ss", "regexp", "error", "r300", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "const", "click", "select", "scroll", "mobile", "template", "template url", "license", "easy selector", "easy event", "easy", "back", "typeof e", "typeof t", "this", "main", "swiper", "button", "most", "mit license", "android", "win32", "null", "dblock", "email form", "validation", "action", "formdata", "api url", "typeof define", "typeof module", "gplv3", "metafizzy", "math", "plyr", "typeof symbol", "typeerror", "tnull", "cnull", "typeof", "inject", "playbook", "name", "getconfig", "default", "area", "event", "shadowroot", "boolean", "window", "trident", "body", "ofunction", "symbol", "mfunction", "sfunction", "quando", "quem", "fundada em", "informtica", "sistemas", "segurana", "softwares", "supermercados", "lojas", "restaurantes", "padarias" ], "references": [ "http://www.shopsegsistemas.com.br/", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "http://www.shopsegsistemas.com.br/assets/js/main.js", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "xfe-IP-50.116.87.164-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Quando", "display_name": "Quando", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 254, "URL": 815, "FileHash-SHA256": 168, "domain": 174 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624dbf641e6a04169629e662", "name": "Malware-USA", "description": "Shopseg Sistemas, a company specialising in software and equipamentos for supermercados, wedi dweud eu s\u00f4n i'n \u00f4l.", "modified": "2022-05-06T16:01:29.122000", "created": "2022-04-06T16:27:16.093000", "tags": [ "dataaos", "100px00", "dataaosfade", "100px0", "dataaoszoom", "dataaosflip", "woff2", "fontface", "sans", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "reduceright", "number", "string", "gtl5jtn10ss", "regexp", "error", "r300", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "const", "click", "select", "scroll", "mobile", "template", "template url", "license", "easy selector", "easy event", "easy", "back", "typeof e", "typeof t", "this", "main", "swiper", "button", "most", "mit license", "android", "win32", "null", "dblock", "email form", "validation", "action", "formdata", "api url", "typeof define", "typeof module", "gplv3", "metafizzy", "math", "plyr", "typeof symbol", "typeerror", "tnull", "cnull", "typeof", "inject", "playbook", "name", "getconfig", "default", "area", "event", "shadowroot", "boolean", "window", "trident", "body", "ofunction", "symbol", "mfunction", "sfunction", "quando", "quem", "fundada em", "informtica", "sistemas", "segurana", "softwares", "supermercados", "lojas", "restaurantes", "padarias" ], "references": [ "http://www.shopsegsistemas.com.br/", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "http://www.shopsegsistemas.com.br/assets/js/main.js", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "xfe-IP-50.116.87.164-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Quando", "display_name": "Quando", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 254, "URL": 815, "FileHash-SHA256": 168, "domain": 174 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6230162630e9d8a21c43726e", "name": "maxcdn.bootstrapcdn.com:bootstrap:4.0.0:js:bootstrap.min.js%22,.", "description": "", "modified": "2022-04-13T00:01:48.292000", "created": "2022-03-15T04:29:26.334000", "tags": [], "references": [ "maxcdn.bootstrapcdn.com:bootstrap:4.0.0:js:bootstrap.min.js%22,.pdf", "MAxbootstrap1df.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 170, "domain": 61, "hostname": 93, "FileHash-SHA256": 83, "FileHash-MD5": 3 }, "indicator_count": 410, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1510 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1516 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62473e18ca238fc532a1ab62", "name": "popper", "description": "scripting:.0.2.1.3.6.4.5.9, is the first version of the JavaScript operating system to be installed in its current form, following its introduction in 2011.", "modified": "2022-04-01T18:02:00.570000", "created": "2022-04-01T18:02:00.570000", "tags": [ "value", "language", "type", "response", "state", "previds", "password", "fields", "currencycode", "param", "open", "terminal", "monitoring", "info", "silence", "false", "body", "error", "config", "model", "reload", "assembly", "typeof n", "version", "typeerror", "typeof", "typeof t", "defaulttype", "boolean", "regexp", "shadowroot", "click", "script", "typeof define" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 262, "hostname": 115, "domain": 48 }, "indicator_count": 425, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1521 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62473620478b74d489679104", "name": "js.snippet", "description": "The following is a full list of key snippets from the latest version of the web browser, which has been released by the Spanish language, as well as its English translation, for use in the English language.", "modified": "2022-04-01T17:28:00.862000", "created": "2022-04-01T17:28:00.862000", "tags": [ "typeof n", "version", "typeerror", "typeof", "script", "typeof t", "error", "defaulttype", "boolean", "regexp", "click", "body", "head" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 219, "hostname": 91, "domain": 32 }, "indicator_count": 342, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1521 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62316de6f16f2373aef19725", "name": "fb_stringify_congress", "description": "", "modified": "2022-03-16T04:56:06.960000", "created": "2022-03-16T04:56:06.960000", "tags": [], "references": [ "fb_stringify_congress.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 823, "hostname": 232, "FileHash-SHA256": 213, "domain": 118 }, "indicator_count": 1386, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1538 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "common.js.pobrane", "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", "djimageslider.css", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "animate.min.css", "map.js.pobrane", "https://cp.enom.com/js/jquery.cookie.min.js", "https://www.indusface.com/css/A.font-styles1.css+bootstrap.css+skin.css+responsive.css+menu.css+swiper.min.css,Mcc.nAV12exFII.css.pagespeed.cf.a_yWJedOjY.css", "https://www.google-analytics.com/plugins/ua/linkid.js", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "bootstrap.min.js.pobrane", "xfe-URL-frantech.ca-stix2-2.1-export.json", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "xfe-URL-Vultr.com-stix2-2.1-export.json", "TarrantCounty10df.pdf", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://cp.enom.com/js/global-functions.js", "https://www.indusface.com/js/popper.min.js+bootstrap.min.js+modernizr-custom.js+menu.js.pagespeed.jc.WlixBHq4Fv.js", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js", "https://c.cnzz.com/core.php?web_id=1280740152&t=z", "https://js.hsleadflows.net/leadflows.js", "https://www.google-analytics.com/gtm/js?id=GTM-PF7H94Q&t=gartner&cid=559436367.1653353775", "https://www.choopa.com/css/global.css?v=209", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "saved_resource.html", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "remote.js.pobrane", "xfe-URL-Inap.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js", "https://linkin.click/melindaa.rivera_", "tarrantcounty8df.pdf", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "https://munchkin.marketo.net/munchkin.js", "responsive.bootstrap4.js.pobrane", "style.css", "https://cdn.staticfile.org/jquery/3.6.0/jquery.min.js", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "https://bat.bing.com/p/action/5602105.js", "popper.js.pobrane", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "https://www.choopa.com/css/bootstrap.css", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "https://my.choopa.com/js/desktop.js?v=41", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", "https://www.indusface.com/js/cookieconsent.min.js.pagespeed.jm.FCA-2RWV9s.js", "daterangepicker.css", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/pre/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR/index.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N", "jcemediabox.js.pobrane", "dataTables.bootstrap4.js.pobrane", "https://1api.net/css/bootstrap.min.css", "fb_stringify_congress.pdf", "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", "https://js.partnerstack.com/v1/", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", "https://accounts.hetzner.com/login", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "UE_pl_top_sm.svg", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D", "https://github.com/vuejs/vue-devtools", "https://www.googleadservices.com/pagead/conversion_async.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "offcanvas.js.pobrane", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "jquery.feedbackBadge.min.js.pobrane", "template.26.css", "https://www.inap.com/inap/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=3.2.4", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://maps.googleapis.com/maps/api/js?sensor=false", "template_responsive.26.css", "offcanvas.26.css", "search_impl.js.pobrane", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_line_module.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "f5Y41t9wqY4.html", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "ui.notify.css", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "TarantCounty2df.pdf", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "embed.js.pobrane", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "Attacks are being carried out by The State of Colorado", "dataTables.input.js.pobrane", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "ScriptResource.axd", "https://bat.bing.com/p/action/56358236.js", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0", "jquery.countTo.js.pobrane", "https://khmerpornvideo.signup0.y.id/", "jquery.djmobilemenu.js.pobrane", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "xfe-URL-hyqxsnjj.com-stix2-2.1-export.json", "xfe-URL-allwest.com-stix2-2.1-export.json", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://platform.twitter.com/widgets/follow_button.f8c8d971a6ac545cf416e3c1ad4bbc65.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=abuse_ch&show_count=false&show_screen_name=true&size=l&time=1653415551742", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css", "jquery.autocomplete.min.js.pobrane", "https://bazaar.abuse.ch/css/all.min.css", "https://static.ads-twitter.com/uwt.js", "https://my.frantech.ca/templates/lagom/assets/js/whmcs-custom.min.js?v=1.4.3", "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "jquery.inputmask.min.js.pobrane", "magnific-init.js.pobrane", "https://ssl.google-analytics.com/ga.js", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css", "https://js.hsadspixel.net/fb.js", "font_switcher.26.css", "https://bat.bing.com/p/action/26015787.js", "https://1api.net/js/bootstrap.min.js", "https://cdn.staticfile.org/clipboard.js/2.0.8/clipboard.min.js", "TarrantCounty19df.pdf", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "SessionTimeout.js.pobrane", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://cp.enom.com/verisign-seal.htm", "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "extended_layouts.26.css", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "daterangepicker.js.pobrane", "finder.css", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://4vendeta.com/assets/js/popper.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "jquery.easing.1.3.js.pobrane", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "jquery.cookie.js.pobrane", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "magnific.css", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "https://www.gstatic.com/charts/50/third_party/dygraphs/dygraph-tickers-combined.js", "https://www.googletagmanager.com/gtag/js?id=AW-981889198", "https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://js.hs-scripts.com/9251231.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js", "xfe-IP-50.116.87.164-stix2-2.0-export.json", "search.js.pobrane", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://my.choopa.com/js/global.js?v=41", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "xfe-URL-1api.net-stix2-2.1-export.json", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "TarrantCounty1df.pdf", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.googletagmanager.com/gtm.js?id=GTM-KPQ5FFK", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "jquery.ui.core.min.js.pobrane", "tarrantcounty22df.pdf", "https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "json2.js.pobrane", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://bazaar.abuse.ch/js/bootstrap.min.js", "tarrantcountydf.pdf", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "https://my.frantech.ca/templates/lagom/assets/js/lagom-app.min.js?v=1.4.3", "https://accounts.hetzner.com/build/755.5a8586e9.js", "CommonResponsive.js.pobrane", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "xfe-URL-Psi.de-stix2-2.1-export.json", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "jcemediabox.css", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://ws.zoominfo.com/pixel/1FBtpCEkYmFObuGSt7zC", "util.js.pobrane", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "jquery.alerts.js.pobrane", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "djmegamenu.26.css", "jquery-migrate-1.2.1.js.pobrane", "https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js", "https://k.clarity.ms/s/0.6.34/clarity.js", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "pagesettings.js.pobrane", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "responsive.bootstrap4.css", "http://www.shopsegsistemas.com.br/", "xfe-URL-Enom.com-stix2-2.1-export.json", "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", "https://clear.ml/infrastructure-control-plane", "TarrantCounty3df.pdf", "feedback.js.pobrane", "TarrantCounty5df.pdf", "https://www.google-analytics.com/analytics.js", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://www.instagram.com/melindaa.rivera_/?igshid=YmMyMTA2M2Y%3D", "TarrantCounty12df.pdf", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "AdminLTE.css", "ceidg.css", "animations.css", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR", "https://www.googletagmanager.com/gtm.js?id=GTM-PMC6JX", "https://www.indusface.com/js/fontawesome.js.pagespeed.jm.X4kSHwBNxI.js", "cell-0.af-south-1.prod.telemetry.console.api.aws", "https://connect.facebook.net/en_US/fbevents.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "jquery.ui.sortable.min.js.pobrane", "TarrantCounty18df.pdf", "https://bazaar.abuse.ch/css/bootstrap.min.css", "jquery.djmegamenu.js.pobrane", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "UE_pl_top.svg", "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "dataTables.bootstrap4.css", "https://s9.cnzz.com/z_stat.php?id=1280740152&web_id=1280740152", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "TarrantCounty20df.pdf", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "jquery-ui.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "https://tracking.g2crowd.com/attribution_tracking/conversions/2226.js?p=https://www.indusface.com/&e=", "https://d.adroll.com/pixel/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&pv=54603716107.79724&cookie=BIJ6M3OZKNCW7OIMIJSZED%3A2%7CWH2M5MREOVC4HNKNZPPJZR%3A2%7CQ7CW4G7ZJJGWDLUB76P5IV%3A2&adroll_s_ref=&keyw=&adroll_external_data=", "jquery-migrate.min.js.pobrane", "https://www.youtube.com/iframe_api", "http://ianswertomom.com/develop-wise-woman-within-yourself", "cast_sender.js.pobrane", "https://js.driftt.com/core?embedId=puh6a6h2pc6k®ion=US&forceShow=false&skipCampaigns=false&sessionId=34bf8b51-4431-413e-ac31-6833e0d5600c&sessionStarted=1650908334.439&campaignRefreshToken=6e5a949b-b933-4b76-8614-902cd18d34a6&hideController=false&pageLoadStartTime=1650908332393&mode=CHAT&driftEnableLog=false", "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js", "TarrantCounty15df.pdf", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "howtoworkacrickoutofyourneck2.pages.dev", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "https://www.choopa.com/_js/global.js?v=209", "dataTables.responsive.js.pobrane", "https://js.hs-banner.com/9251231.js", "moment-with-locales.min.js.pobrane", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js", "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "TarrantCounty14df.pdf", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "https://www.yunshipei.com/assets/js/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=AW-827450946", "https://cp.enom.com/scripts/Session.min.js", "https://web.op39v.xyz/js/chunk-vendors.js", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "jquery.maskedinput-1.2.2.js.pobrane", "https://www.clarity.ms/tag/uet/26015787", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "https://s.adroll.com/j/sendrolling.js", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "http://www.bbbbop13.com:1313/", "jquery-noconflict.js.pobrane", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "bootstrap.26.css", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://cp.enom.com/js/openWin.min.js", "https://go.inap.com/analytics?conly=true&visitor_id=377865231&visitor_id_sign=fcd1b8a6054d2c2490cb77f4d0581558910b2792df8a7d07c6a0b0282eba2cd0db306c84706e8688a4165a4437c383a8e130703a&pi_opt_in=&campaign_id=28453&account_id=235392&title=Hybrid%20IT%20%26%20Enterprise%20Cloud%20Solutions%20-%20INAP&url=https%3A%2F%2Fwww.inap.com%2F&referrer=", "https://www.yunshipei.com/assets/js/app.min.js", "https://www.indusface.com/js/jquery.3.5.1.min.js.pagespeed.jm.A8biqtTJrt.js", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://8794842.fls.doubleclick.net/activityi;src=8794842;type=front;cat=newun0;ord=1047846285161;gtm=2wg4k0;auiddc=1226623845.1650908333;~oref=https%3A%2F%2Fwww.inap.com%2F", "jquery.session.js.pobrane", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "https://abuse.ch/js/jquery-3.6.0.min.js", "xfe-URL-Jquery.com-stix2-2.1-export.json", "https://bat.bing.com/p/action/17528422.js", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "https://matomo.hetzner.com/matomo.js", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "stickybar.js.pobrane", "jquery-3.0.0.js.pobrane", "https://web.mxradon.com/t/WebTracker.aspx?p1=18917&p2=Web%20Application%20Security%2C%20WAF%2C%20SSL%20Certificates&p3=-1&p4=&p5=1&p6=8415a029-248f-4eeb-bc18-338560430ff7&p7=&p8=&p9=0", "https://accounts.hetzner.com/build/runtime.188fa053.js", "embed.html", "offcanvas.css", "main.js.pobrane", "https://4vendeta.com/assets/js/parallax.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "MAxbootstrap1df.pdf", "inputmask.binding.js.pobrane", "bootstrap_responsive.26.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css", "jquery.min.js.pobrane", "https://bazaar.abuse.ch/js/jquery-3.5.1.min.js", "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://js.driftt.com/conductor/assets/4.fa5fc959.chunk.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://bazaar.abuse.ch/js/datatables.min.js", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", "scripts.js.pobrane", "https://accounts.hetzner.com/build/app.dc073715.js", "www-embed-player.js.pobrane", "animate.ext.css", "https://code.jquery.com/jquery-3.1.1.slim.min.js", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "djmobilemenu.css", "magnific.js.pobrane", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=28453&account_id=235392&title=Hybrid%20IT%20%26%20Enterprise%20Cloud%20Solutions%20-%20INAP&url=https%3A%2F%2Fwww.inap.com%2F&referrer=", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "https://www.inap.com/inap/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://d.adroll.com/consent/check/Q7CW4G7ZJJGWDLUB76P5IV?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&_s=1316674c131c34cc157a9ad9119512a2&_b=2", "https://www.choopa.com/_js/bootstrap.js", "https://abuse.ch/js/twitter_widget.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://sc.lfeeder.com/lftracker_v1_kn9Eq4R1l2K7RlvP.js", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "jquery.dataTables.js.pobrane", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "TarrantCounty21df.pdf", "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://cdn.staticfile.org/qrcodejs/1.0.0/qrcode.min.js", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://code.jquery.com/jquery-1.12.0.min.js", "https://use.fortawesome.com/03018d9d.js", "fontswitcher.js.pobrane", "maxcdn.bootstrapcdn.com:bootstrap:4.0.0:js:bootstrap.min.js%22,.pdf", "https://js.driftt.com/include/1650908400000/puh6a6h2pc6k.js", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1650908332393", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://bat.bing.com/bat.js", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "adminlte.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "http://instantfwding.com/px.js?ch=1", "https://www.indusface.com/js/swiper.min.js.pagespeed.jm.47RtcloJQ-.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "http://www.shopsegsistemas.com.br/assets/js/main.js", "tarrant23df.pdf", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", "https://abuse.ch/js/google-charts.js", "https://res-1257422681.file.myqcloud.com/assets/yeyue/boinstall.js", "https://s.adroll.com/j/roundtrip.js", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "https://clientcdn.pushengage.com/core/80780b73b5a3f4655fee62041e51f1be.js", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "report-668597.pdf", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "layout.min.js.pobrane", "https://dc.cux.io/analyzer.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css", "https://www.indusface.com/css/A.cookieconsent.min.css.pagespeed.cf.t1fRd9Ouvj.css", "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://web.op39v.xyz/?channelCode=pingguo", "https://www.gstatic.com/charts/50/loader.js", "https://web.op39v.xyz/js/chunk-common.js", "TarrantCounty7df.pdf", "https://www.psychz.net/assets/js/bootstrap.min.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "https://cdn.optimizely.com/js/26241557.js", "dataTables.lang.js.pobrane", "https://4vendeta.com/assets/js/bootstrap.min.js", "TarrantCounty6df.pdf", "overlay.js.pobrane", "https://topweb.co.il/", "https://www.gartner.com/reviews/public/Widget/js/widget.js", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "ceidg-master.js.pobrane", "https://trackcmp.net/visit?actid=223422163&e=&r=&u=https%3A%2F%2Fwww.indusface.com%2F", "ad_status.js.pobrane", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "xfe-URL-https___my.frantech.ca_-stix2-2.1-export.json", "https://www.yunshipei.com/", "bootstrap-gov-pl.css", "onion.js.pobrane", "slider.js.pobrane", "TarrantCounty4df.pdf", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://www.inap.com/inap/wp-content/themes/inap/assets/js/bootstrap.bundle.min.js?ver=2.0.0", "https://web.mxradon.com/t/Tracker.js", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://cp.enom.com/responsive/_js/init.min.js", "bootstrap.js.pobrane", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", "https://accounts.hetzner.com/build/802.3a7546ef.js", "geometry.js.pobrane", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "content.css", "https://cp.enom.com/global/TopMenu.ascx.js", "jquery.notify.min.js.pobrane", "jquery.easing.min.js.pobrane", "js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "css", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "caption.js.pobrane", "firebase-auth-eich0v.pages.dev", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://www.googletagmanager.com/gtm.js?id=GTM-NL3LLHS", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://abuse.ch/js/bootstrap.min.js", "CommonScripts.js.pobrane", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://cp.enom.com/js/punycode.min.js", "https://guidemyrelationship.com/assets/js/main.js", "https://fm.ipinyou.com/j/a.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "xfe-IP-78.142.35.163-stix2-2.1-export.json", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0", "Legal court documented agreement to allow and pay target to hire cyber investigators", "biznes.css", "https://munchkin.marketo.net/161/munchkin.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Unix.trojan.gafgyt-6981154-0", "Win.trojan.tepfer-61", "Win.trojan.gravityrat-6511862-0", "Nids", "Buttons};kb(convertedmessage);break;case\"/sys\":var", "#lowfi:hstr:criakl.b1", "Ajax", "Trackingclient", "Kiitos", "Hj", "Trojandropper:win32/systex.a", "Rabu", "Hammer", "Alf:nid:susp_nsis_stub.a", "Activedocument", "Anda", "Srpanj", "Worm", "Win.downloader.small-4507", "Win.packed.bandook-9882274-1", "Backdoor:linux/demonbot.aa!mtb", "Ddos:linux/gafgyt.ya!mtb", "Trojandownloader:win32/cutwailransom:win32/crowti.a", "Cycbot", "Win32:botx-gen\\ [trj]", "Bnm", "Tente", "Win.malware.mikey-9949492-0", "Trojandownloader:win32/cutwail", "Ovlcwm", "Quando", "Vasaris", "Qe", "Backdoor:win32/arwobot.b", "Selectedindex", "Cve-2017-11882", "Vui", "Vd", "Alf:exploit:o97m/cve-2017-8977", "Reduceright", "Ransom:win32/crowti.a", "Mirai (elf)", "Unix.trojan.tsunami-6981155-0", "Outubro", "Acum", "Virtool:win32/vbinject.gen!mh", "Takk", "Gc", "Alf:heraklezeval:trojan:msil/gravityrat!rfn", "Trojan:win32/qbot.r!mtb" ], "industries": [ "Insurance", "Construction", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 45, "pulses": [ { "id": "6963596c4cd594b77b4675ec", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - PalantirFoundry | The State of Colorado | ", "description": "", "modified": "2026-02-10T06:05:39.764000", "created": "2026-01-11T08:03:56.534000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": "693cdc5b8ebc10664439c2fb", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "693cdc5b8ebc10664439c2fb", "name": "Project Cicada-.Christopher \u201cBuzz\u201d Ahmann - Freeman Mathis & Gary for The State of Colorado", "description": "State of Colorado attackers use DGA domains set up multiple Law Firms.. Christopher P. \u2019Buzz\u2019 Ahmann Is a legal consultant / attorney./ hacker \nWorks for the State of Colorado/ quasi. Is malicious and doesn\u2019t work alone. Continues to target \nState had relative contacted by a fake entity \u2018Goodness Health\u2019\nLeft vague VM for relative message \u201cWe work on the Medicare side of things.\u201d and? \nSocial engineering call , malicious domain. The State of Colorado has been on a relentless pursuit against target. Fully compromised targets relatives brand new phone. Hacked target since 10/2013.\nMultiple cyber and physical attacks carried out against target and family members.. There are attacks make to look like accidents or malfunctions. This harmful, silencing behavior is somehow illegal for anyone else.", "modified": "2026-02-10T06:05:39.764000", "created": "2025-12-13T03:24:11.414000", "tags": [ "colorado state", "freeman mathis", "history", "cyber risk", "aspen insureds", "gaig insureds", "landy insureds", "nip group", "purm insureds", "overview core", "united", "ip address", "present nov", "present may", "moved", "encrypt", "unknown", "backdoor", "passive dns", "ransom", "checkin", "trojandropper", "mtb nov", "twitter", "trojan", "data upload", "extraction", "failed", "united states", "server response", "google safe", "results may", "lowfi", "virtool", "mtb alf", "mh alf", "port", "windows nt", "destination", "msie", "khtml", "gecko", "unknown aaaa", "a domains", "meta", "for privacy", "cop supply", "urls", "as139646 hong", "hostname", "files", "hong kong", "domain add", "ip related", "hash avast", "avg clamav", "msdefender may", "ddos", "as13335", "ipv4", "certificate", "hostname add", "url analysis", "files ip", "name strings", "category", "united states", "pulse indicator", "address", "error", "null", "object", "string", "number", "google maps", "promise", "javascript api", "dataset", "bigint", "dark", "android", "infinity", "internal", "roboto", "trident", "void", "small", "lightrail", "false", "span", "close", "light", "hybrid", "embed", "iframe", "keygen", "this", "february", "bounce", "drop", "inside", "outside", "marker", "present dec", "pulses otx", "aaaa", "asnone country", "record value", "title", "pulse pulses", "pulses", "showing", "unknown cname", "unknown soa", "next associated", "ipv4 add", "cycbot", "extract indic", "sneaker bots", "proxies data", "script script", "adult content", "nextimage", "porn site", "div div", "platform make", "cloudfront x", "hio52 p3", "unknown ns", "pulse submit", "title error", "reverse dns", "status", "servers", "name servers", "vashti hostname", "scan endpoints", "url http", "http", "files domain", "files related", "pulses none", "dnssec", "sec ch", "ch ua", "ua full", "ua platform", "ua bitness", "ua arch", "version sec", "mobile sec", "model sec", "version list", "domain", "emails", "cookie", "url https", "show", "filehash", "urls show", "date checked", "url hostname", "results nov", "win32", "type", "learn", "ck id", "name tactics", "suspicious", "informative", "command", "adversaries", "ssl certificate", "defense evasion", "spawns", "flag", "llc name", "server", "markmonitor", "name server", "windir", "openurl c", "prefetch2", "show technique", "mitre att", "ck matrix", "pattern match", "ascii text", "sha1", "href", "show process", "file", "general", "local", "path", "germany unknown", "date", "registrar", "ip whois", "dynamicloader", "high", "medium", "search", "displayname", "tofsee", "win64", "write", "stream", "malware", "push", "entries", "tls handshake", "failure", "forbidden", "tlsv1", "april", "next", "write c", "intel", "ms windows", "sha1 add", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "sha256 add", "present jun", "present mar", "medelln", "colombia asn", "dns resolutions", "address domain", "related tags", "none google", "safe browsing", "external", "present sep", "present aug", "as54113", "present jul", "as8068", "gmt content", "total", "read", "delete", "top source", "quasi", "murderers", "christopher ahmann", "buzz ahmann", "wow64", "slcc2", "media center", "labor", "employment", "cdle", "dowc", "colorado", "workers", "coloradoif", "independent", "state", "company", "entity type", "authorized line", "analysis", "tor analysis", "process details", "network traffic", "t1071", "potential ip", "click", "found", "t1480 execution", "bad traffic", "et info", "ck techniques", "evasion att", "t1057", "refresh", "body", "strings", "tools", "look", "verify", "restart", "cname", "form", "pulse", "script domains", "script urls", "administrator", "services llc", "dns admin", "domain admin", "global llc", "domain manager", "computer system", "ltd domain", "network", "alibaba", "facebook", "phishme", "sogou", "present jan", "present feb", "present oct" ], "references": [ "https://www.fmglaw.com/lawyers/christopher-ahmann - found in adult content pulse.", "Sneaker Bots Proxies Servers Cook Groups Cop Supply", "archive.cop.supply \u2022 dev.cop.supply \u2022 https://cop.supply/ \u2022 https://cop.supply/bot-lists/", "https://cop.supply/supreme-bots/\u2022 https://cop.supply/useful-tools/", "https://cop.supply/proxies-lists/ \u2022 https://cop.supply/shopify-bots/", "dns.army \u2022 www.dcopr.dns.army \u2022 www.glsyaiwjj.dns.army \u2022 www.wgmvk.dns.army", "https://maps.googleapis.com/maps/api/js?sensor=false", "cell-0.af-south-1.prod.telemetry.console.api.aws", "howtoworkacrickoutofyourneck2.pages.dev", "firebase-auth-eich0v.pages.dev", "http://ianswertomom.com/develop-wise-woman-within-yourself", "http://ianswertomom.com/bible-verses-struggling-contentment-mom/ I", "https://i-want-to-start-an-onlyfans.pages.dev/favicon.ico| I bet you do boo boo", "makeapornsite.com \u2022 https://pornhighschool.com/ \u2022 https://ethnicerotic.com \u2022 https://twitter.com/Make", "https://khmerpornvideo.signup0.y.id/", "https://lordseriala.life/6337-zvezdnye-vojny-opornaja-komanda.html", "https://clear.ml/infrastructure-control-plane", "dev-app.project-cicada.com \u2022 http://dev-app.project-cicada.com \u2022 https://dev-app.project-cicada.com (2014 report predates 2016 reports)", "https://amano.inboundtools.com/tpcontact URL https://armg.inboundtools.com/ URL https://gaiax.inboundtools.com/internship URL https://hmk.inboundtools.com/ URL https://hmk.inboundtools.com/form/assetview_siryo_sier", "https://download.clear.ml/cpython_builds/releases/ \u2022 https://download.clear.", "https://links.mail.samsara.com/s/c/P9R6gGlExR4nfCwqwJXUmr7NmKcMNde4ZBhCFprlVtsFNgh-4tuTWla0aXN9rIWCjrWtn0Vln7x-hexxVBlY3xxvnEevR8qJU5G5xV3__wo-X7kkpSOhJVfejac-Xk8qu6zs5Z-tILwWYRkNScZNGlAqfwQuJuRw5M-n_ZKI6tuY5XGCZAqWoQepi1NnJiW4wZJkzZlOwGtNkusbuKDcMsLVrrhji2eKh4kYgrJp_SeycJRhasLFCQ3c2bPu4sahEWpcHZrQBaxvdfQgTEno8kV-RJdTDO0zK5MyWDJLeds7mnaDrxlb0O2zmhebUdlHE0R0xHi25dympBUpMlLsQV8bx1WUTOfgK4k0ci9o_2Gbfe22-jLxsJN-msV6pxWYQMaxRNFd4iZRC9J9Z1SC5MBqbvNzqdt98kFdpibnv_QIHdhFyHOR_Ip_LX67Dncc8V8OvAi-H5phfeSyDzwdzf2FQIi82", "https://voidpet.io/invite/scaredscared/1rpzxWXa61 \u2022 https://sex-doggy.net/tag/censored", "Everyone has simply asked you alll to stop. Target never asked anyone for money.", "Legal court documented agreement to allow and pay target to hire cyber investigators", "Attacks are being carried out by The State of Colorado" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan", "France", "Ireland", "Spain", "Italy", "Aruba", "Australia", "Denmark", "United Kingdom of Great Britain and Northern Ireland", "Germany", "T\u00fcrkiye", "Indonesia" ], "malware_families": [ { "id": "Win.Trojan.GravityRAT-6511862-0", "display_name": "Win.Trojan.GravityRAT-6511862-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Unix.Trojan.Tsunami-6981155-0", "display_name": "Unix.Trojan.Tsunami-6981155-0", "target": null }, { "id": "TrojanDropper:Win32/Systex.A", "display_name": "TrojanDropper:Win32/Systex.A", "target": "/malware/TrojanDropper:Win32/Systex.A" }, { "id": "Win.Trojan.Tepfer-61", "display_name": "Win.Trojan.Tepfer-61", "target": null }, { "id": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "display_name": "TrojanDownloader:Win32/CutwailRansom:Win32/Crowti.A", "target": null }, { "id": "VirTool:Win32/VBInject.gen!MH", "display_name": "VirTool:Win32/VBInject.gen!MH", "target": "/malware/VirTool:Win32/VBInject.gen!MH" }, { "id": "ALF:NID:Susp_NSIS_Stub.A", "display_name": "ALF:NID:Susp_NSIS_Stub.A", "target": null }, { "id": "#LOWFI:HSTR:Criakl.B1", "display_name": "#LOWFI:HSTR:Criakl.B1", "target": null }, { "id": "Backdoor:Win32/Arwobot.B", "display_name": "Backdoor:Win32/Arwobot.B", "target": "/malware/Backdoor:Win32/Arwobot.B" }, { "id": "Win.Packed.Bandook-9882274-1", "display_name": "Win.Packed.Bandook-9882274-1", "target": null }, { "id": "TrojanDownloader:Win32/Cutwail", "display_name": "TrojanDownloader:Win32/Cutwail", "target": "/malware/TrojanDownloader:Win32/Cutwail" }, { "id": "Win.Downloader.Small-4507", "display_name": "Win.Downloader.Small-4507", "target": null }, { "id": "Trojan:Win32/Qbot.R!MTB", "display_name": "Trojan:Win32/Qbot.R!MTB", "target": "/malware/Trojan:Win32/Qbot.R!MTB" }, { "id": "Win.Malware.Mikey-9949492-0", "display_name": "Win.Malware.Mikey-9949492-0", "target": null }, { "id": "Ransom:Win32/Crowti.A", "display_name": "Ransom:Win32/Crowti.A", "target": "/malware/Ransom:Win32/Crowti.A" }, { "id": "Backdoor:Linux/DemonBot.Aa!MTB", "display_name": "Backdoor:Linux/DemonBot.Aa!MTB", "target": "/malware/Backdoor:Linux/DemonBot.Aa!MTB" }, { "id": "Unix.Trojan.Gafgyt-6981154-0", "display_name": "Unix.Trojan.Gafgyt-6981154-0", "target": null }, { "id": "DDOS:Linux/Gafgyt.YA!MTB", "display_name": "DDOS:Linux/Gafgyt.YA!MTB", "target": "/malware/DDOS:Linux/Gafgyt.YA!MTB" }, { "id": "CVE-2017-11882", "display_name": "CVE-2017-11882", "target": null }, { "id": "ALF:Exploit:O97M/CVE-2017-8977", "display_name": "ALF:Exploit:O97M/CVE-2017-8977", "target": null }, { "id": "Cycbot", "display_name": "Cycbot", "target": null }, { "id": "Win32:BotX-gen\\ [Trj]", "display_name": "Win32:BotX-gen\\ [Trj]", "target": null }, { "id": "NIDS", "display_name": "NIDS", "target": null }, { "id": "Mirai (ELF)", "display_name": "Mirai (ELF)", "target": null }, { "id": "Worm", "display_name": "Worm", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" } ], "industries": [ "Insurance", "Construction" ], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 54118, "domain": 11153, "hostname": 18578, "email": 21, "FileHash-SHA256": 4905, "FileHash-MD5": 548, "FileHash-SHA1": 534, "CVE": 7, "SSLCertFingerprint": 20, "CIDR": 1 }, "indicator_count": 89885, "is_author": false, "is_subscribing": null, "subscriber_count": 146, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "159 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "273 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "352 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ed8f7d4b5483117bb66", "name": "abuse.ch", "description": "", "modified": "2023-12-06T15:10:16.397000", "created": "2023-12-06T15:10:16.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 223, "domain": 383, "URL": 1639, "hostname": 560, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708eb824dc4c51811f6de9", "name": "Indusface - in YOUR face ;)", "description": "", "modified": "2023-12-06T15:09:44.273000", "created": "2023-12-06T15:09:44.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 307, "hostname": 333, "domain": 192, "URL": 1143, "FileHash-MD5": 1 }, "indicator_count": 1976, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "element.style", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "element.style", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780329332.2561066 }