{ "type": "Domain", "indicator": "f.open", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/f.open", "alexa": "http://www.alexa.com/siteinfo/f.open", "indicator": "f.open", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 995041512, "indicator": "f.open", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 49, "pulses": [ { "id": "69d2274c68bc029b77ff8b2c", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:40.830000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d2273d57ede103894c1943", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:25.506000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d2272769a32400c257e7e7", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:03.976000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "159 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664bd9b732ecaf1b3c3beddf", "name": "Found some problems - Files from the UAlberta Google Drive Archive", "description": "Been looking for these...Gifts from the University of Alberta to the World apparently\n*Please note: I emptied out the Drive, however, there was a significant amount of abuse re: Google and Microsoft Accounts at the University of Alberta (reported).\n*On the Google side I utilized: Drive (a little), Docs/Slides/Sheets (when groupwork was required)\n*On the Microsoft side I utilized: OneDrive, Office 365 (Word, PPT, Excel, and OneNote). I used to also have a personal microsoft account (OneNote, OneDrive, Skype).\nThese were the applications I lived on for my studies. I could access the Gmail/Microsoft accounts for the University (however - 'bad things' usually happen because of this). I have no access to my personal Microsoft Account (i.e. myself and other affected student(s) do not have access to our personal stuff.", "modified": "2024-09-03T00:02:13.980000", "created": "2024-05-20T23:16:07.255000", "tags": [ "contact", "quick", "destination", "entry", "safety", "local", "health", "travel", "notification", "considerations", "service", "criminal", "showit", "click", "outcome", "step", "please", "class", "questions set", "question set", "unlock", "continue", "jointfilingyes", "jointfilingno", "minimum req", "domicileresusno", "joint sponsor", "sponsorjoint", "path", "href", "span", "activetab", "starton", "newpage", "searchq", "datasia", "datacon", "segfilter", "subsite", "issuance agency", "visas", "null", "state", "dialog field", "tabpanel", "recaptcha", "nameinputvisa", "fullnameinput1", "license headers", "tools", "templates", "sia contact", "visa", "website", "phoneregexp", "emailregexp", "azaz", "urlpattern", "example starter", "javascript", "fetch", "comptwo", "compone", "dateofbirth", "function", "date", "passport", "nameinput", "fullnameinput", "adult passport", "child passport", "new child", "new adult", "new passport", "datepicker", "ds5504", "hideit", "infinity", "false", "jquery", "error", "body", "trident", "simple", "turn", "back", "calendar", "format", "february", "april", "june", "august", "show", "page has", "bcdate", "col1child", "col2child", "coldatechild", "rowdisplay", "val1", "val2", "repaginate", "grab", "jandec", "86400000", "current", "namerbcontactme", "agency", "compliment", "complaint", "passportfees", "customerservice", "bymail", "namerbcategory", "brokenlink", "search", "departuredate", "calendar date", "picker", "change", "month", "vital", "records form", "component js", "select", "please enter", "azaz09", "dddddd", "woff2", "woff", "truetype", "css document", "efefef", "ffffff", "gradienttype0", "galaxy", "nexus", "iphone5", "abtn", "bbtn", "cbtn", "dbtn", "ebtn", "fbtn", "gbtn", "hbtn", "ibtn", "media query", "from", "fce68e", "font family", "bold", "document", "cc3333", "b7b7b7", "e2edff", "ced9ea", "pm author", "ipca csi", "helvetica", "arial", "cq aem", "feed classes", "f2cd54", "f4d97e", "portrait", "landscape", "ipad", "declare", "immigrant", "visa navigation", "navigation css", "georgia", "times new", "roman", "times", "verdana", "photomodal", "styles media", "ff0000", "queries", "form component", "typetext", "queries media", "phone media", "tablet styles", "media queries", "jumbo sized", "copyright", "gpl version", "http", "alpha", "button", "out width", "ui css", "framework", "icons", "misc", "mini", "input", "label", "textarea", "overlays", "csi page", "embassy info", "embassy data", "embassy names", "end adjust", "embassy nameso", "pages", "e1a04d", "c0c0c0", "ffffff url", "us survey", "component css", "country list", "e7eceb", "important", "additional css", "wizard", "corner radius", "f97800", "c61700", "largestbox", "thisbox", "csi navigation", "ui autocomplete", "ui menu", "noticeid", "countnote", "largestnote", "thisnote", "desktops", "43px", "42px", "large", "aem interface", "styles", "web email", "ytconfig", "typeerror", "facebook pixel", "pixel code", "symbol", "fblog", "typeof", "iterator", "pageview", "pixel", "facebook", "config", "meta", "propname", "dpjquerydpuuid", "this", "next", "atom", "cookie", "iframe", "close", "string", "number", "edge", "regexp", "silk", "sxa0", "object", "opera", "android", "void", "form", "UAlberta", "Android", "Mac", "iPhone", "Gov Alberta", "AWS", "AZURE", "ENTRA", "iCloud", "Telus", "Bitdefender", "Norton" ], "references": [ "Copy of clientlib.js(1).download", "Copy of clientlib.js(2).download", "Copy of clientlib.js(5).download", "Copy of clientlib.js(7).download", "Copy of clientlib.js(4).download", "Copy of clientlib.js(10).download", "Copy of clientlib.js(8).download", "Copy of clientlib.js(11).download", "Copy of clientlib.js(12).download", "Copy of clientlib.js(13).download", "Copy of clientlib.js(14).download", "Copy of clientlib.js(9).download", "Copy of clientlib.js(16).download", "Copy of clientlib.js(17).download", "Copy of clientlib.js(18).download", "Copy of clientlib.js(3).download", "Copy of clientlib.js(19).download", "Copy of clientlib.js(15).download", "Copy of clientlib.js(22).download", "Copy of clientlib.js(23).download", "Copy of clientlib.js(21).download", "Copy of clientlib.js(26).download", "Copy of clientlib.js(25).download", "Copy of clientlib.js(24).download", "Copy of clientlib.js(31).download", "Copy of clientlib.js(28).download", "Copy of clientlib.js(30).download", "Copy of clientlib.js(32).download", "Copy of clientlib.js(29).download", "Copy of clientlib.js(34).download", "Copy of clientlib.js(35).download", "Copy of clientlib.js(37).download", "Copy of clientlib.js(36).download", "Copy of clientlib.js(38).download", "Copy of clientlib.js(39).download", "Copy of clientlib.js(33).download", "Copy of clientlib.js(44).download", "Copy of clientlib.js(43).download", "Copy of clientlib.js(41).download", "Copy of clientlib.js(42).download", "Copy of clientlib.js(45).download", "Copy of clientlib.js(51).download", "Copy of clientlib.js(56).download", "Copy of clientlib.js(55).download", "Copy of clientlib.js(54).download", "Copy of clientlib.js(57).download", "Copy of clientlib.js(52).download", "Copy of clientlib.js(53).download", "Copy of clientlib.js(60).download", "Copy of clientlib(1).css", "Copy of clientlib.js(59).download", "Copy of clientlib(3).css", "Copy of clientlib(2).css", "Copy of clientlib(5).css", "Copy of clientlib.js(58).download", "Copy of clientlib(8).css", "Copy of clientlib(10).css", "Copy of clientlib(7).css", "Copy of clientlib(6).css", "Copy of clientlib(12).css", "Copy of clientlib(13).css", "Copy of clientlib(9).css", "Copy of clientlib(4).css", "Copy of clientlib(14).css", "Copy of clientlib(17).css", "Copy of clientlib(15).css", "Copy of clientlib(19).css", "Copy of clientlib(18).css", "Copy of clientlib(11).css", "Copy of clientlib(20).css", "Copy of clientlib(16).css", "Copy of clientlib(23).css", "Copy of clientlib(24).css", "Copy of clientlib(26).css", "Copy of clientlib(25).css", "Copy of clientlib(28).css", "Copy of clientlib(22).css", "Copy of clientlib(27).css", "Copy of clientlib(31).css", "Copy of clientlib(29).css", "Copy of clientlib(30).css", "Copy of clientlib(32).css", "Copy of clientlib(34).css", "Copy of clientlib(35).css", "Copy of clientlib(33).css", "Copy of clientlib(38).css", "Copy of clientlib(37).css", "Copy of clientlib(36).css", "Copy of clientlib(40).css", "Copy of clientlib(39).css", "Copy of clientlib(43).css", "Copy of clientlib(21).css", "Copy of clientlib(41).css", "Copy of clientlib(44).css", "Copy of clientlib(42).css", "Copy of clientlib(46).css", "Copy of clientlib(45).css", "Copy of clientlib(47).css", "Copy of clientlib(48).css", "Copy of clientlib(49).css", "Copy of clientlib(50).css", "Copy of clientlib(52).css", "Copy of clientlib(54).css", "Copy of clientlibs.js(3).download", "Copy of clientlib(53).css", "Copy of clientlibs.js(2).download", "Copy of clientlibs(3).css", "Copy of clientlib(51).css", "Copy of clientlibs(1).css", "Copy of clientlibs(2).css", "Copy of clientlibs.js.download", "Copy of clientlibs.js(4).download", "Copy of clientlibs(5).css", "Copy of clientlibs.css", "Copy of clientlibs(4).css", "Copy of dir (1).c9r", "Copy of clientlib(55).css", "Copy of iframe_api", "Copy of fbevents.js.download", "Copy of clientlibs.js(1).download", "Copy of js", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "hxxps://portal[.]office[.]com/Account", "hxxps://myapplications[.]microsoft[.]com/", "https://tria.ge/240521-rvybaahb79", "https://tria.ge/240521-rxpf6ahd6w", "https://tria.ge/240521-r1yh8shd44", "https://tria.ge/240521-ry949ahe2z/behavioral1", "https://tria.ge/240521-r3mvhshd83" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Mexico", "Anguilla", "Aruba", "Panama", "Ukraine", "Trinidad and Tobago", "Saint Vincent and the Grenadines", "Saint Martin (French part)", "Sint Maarten (Dutch part)", "Philippines", "Netherlands", "Cura\u00e7ao", "Georgia", "Tanzania, United Republic of", "Costa Rica", "Guatemala", "Japan", "Barbados" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" } ], "industries": [ "Education", "Technology", "Government", "Healthcare", "Biotechnology", "Telecommunications", "Energy", "Construction", "Chemical", "Agriculture", "Finance", "Media", "Defense", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 251, "hostname": 188, "FileHash-SHA256": 142, "URL": 69, "FileHash-MD5": 77, "FileHash-SHA1": 77 }, "indicator_count": 804, "is_author": false, "is_subscribing": null, "subscriber_count": 134, "modified_text": "636 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e0d95a8c74cc715f7a2", "name": "West.cn", "description": "", "modified": "2023-12-06T15:06:53.350000", "created": "2023-12-06T15:06:53.350000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "domain": 533, "hostname": 757, "URL": 1861, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c8f50527fb73205bfca", "name": "Dreamhost.com - Drift Widget", "description": "", "modified": "2023-12-06T15:00:31.809000", "created": "2023-12-06T15:00:31.809000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 174, "domain": 464, "URL": 1119, "hostname": 156, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 1916, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c57c7b19b62c501601a", "name": "Hurricane Electric - csp.he.net :)", "description": "", "modified": "2023-12-06T14:59:35.479000", "created": "2023-12-06T14:59:35.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 186, "hostname": 490, "URL": 1339, "domain": 311 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b7bb1d8a5ad0edc6615", "name": "Lh , ReduceRight Malware", "description": "", "modified": "2023-12-06T14:55:55.190000", "created": "2023-12-06T14:55:55.190000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 167, "domain": 249, "URL": 1152, "hostname": 391, "FileHash-MD5": 45 }, "indicator_count": 2004, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b6e599404c47f2aba15", "name": "Malware", "description": "", "modified": "2023-12-06T14:55:42.864000", "created": "2023-12-06T14:55:42.864000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 268, "domain": 202, "FileHash-SHA256": 154, "URL": 845, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1476, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b5e9b8ce0f5fd87fb98", "name": "ewqopweowia543.ga", "description": "", "modified": "2023-12-06T14:55:26.621000", "created": "2023-12-06T14:55:26.621000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "hostname": 706, "domain": 234, "FileHash-SHA256": 238, "URL": 1386 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ea8bf5508d5839c2e68b66", "name": "This what you dont see your browser doing in the background", "description": "", "modified": "2022-08-03T14:53:41.744000", "created": "2022-08-03T14:53:41.744000", "tags": [ "regexp", "array", "attr", "class", "css1compat", "null", "string", "error", "function", "invalid json", "text", "date", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "classspan", "span", "typecheckbox", "gradienttype0", "typeradio", "classicon", "typesearch", "typesubmit", "href", "typebutton", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js" ], "references": [ "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "bootstrap.min.css", "ga.js", "bootmin-2013092601 2.js", "bootmin-2013092601.js", "jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 193, "hostname": 384, "domain": 146, "URL": 972 }, "indicator_count": 1695, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1398 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1439 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280398780fbe64692dd54fd", "name": "West.cn", "description": "If you want to know more about Shockwave Flash, spare a thought for the members of your own storage system:mt.co.g.o.mimeTypes.com, mime", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-14T23:21:43.936000", "tags": [ "jquery", "date", "vue jquery", "template", "layer", "paas", "dist", "wjf3m", "ajax", "business", "string", "number", "regexp", "copyright", "uint8array", "fnumber", "aw1045757556", "closure library", "xdfunction", "code", "ddos", "image", "script", "document", "unescape", "msie", "canvas", "domain", "click", "input", "label", "jdomname", "strong", "jactive15toast", "jclearinput", "case", "datatarget", "jdomainregcount", "span", "function", "x786e", "x53d6", "cite", "x4fe1", "iframe", "null", "prompt", "x6700", "x591a", "array", "numarray", "data", "midsize", "action", "keyword", "firstfix", "object", "5n3j", "3f4r", "5p3s", "1f5m", "hhe2", "bbf2", "3y3z", "1223", "6q6m", "zfunction", "psettimeout", "tsettimeout", "hsetinterval", "iparseint", "hnull", "pnull", "tnull", "lv1s", "efunction", "typeof t", "typeof e", "adobeedge", "typeof r", "webkittransform", "moztransform", "body", "this", "notifier", "invert", "name", "param", "value", "error", "false", "trigger", "restart", "form", "config", "constants", "true", "modalhelper", "relative", "fixed", "account login", "activexobject", "haslocation", "xmlhttprequest", "xmlregexp", "temp", "extpart", "foundation", "mit license", "write", "rhino", "mark", "import", "classnamedom", "onbeforedestroy", "login", "auto", "init", "typeof b", "width", "pseudo", "child", "enulle", "class", "accept", "shockwave flash", "new date1e3", "ka6e5", "la10" ], "references": [ "xfe-IP-103.24.249.209-stix2-2.1-export.json", "xfe-URL-West.cn-stix2-2.1-export.json", "https://m.west.cn/jscripts/baidutj/hm.js", "http://m.west.cn/jscripts/baidutj/hm.js", "https://www.west.cn/js2016/lib/jquery.SuperSlide/jquery.SuperSlide.2.1.1.x.js", "https://www.west.cn/js2016/root/jqinclude.js?t=20211126a", "https://www.googletagmanager.com/gtag/js?id=AW-1045757556" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 533, "URL": 1861, "hostname": 757, "FileHash-SHA256": 208, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628077c330f33dfd254e5a8b", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-15T03:47:15.835000", "tags": [ "bomboraconsent", "gdpr", "ccpa", "date", "nthis", "array", "typeof e", "typeerror", "class", "image", "typeof symbol", "afsh", "copyright", "rights reserved", "comscore", "typeof o", "uspapi", "null", "s271733878", "secure hash", "algorithm", "sha1", "a1732584193", "1518500249", "imgurl", "oiqfpsjs", "script", "iframe", "oiqaddpagecat", "inte", "oiqdotag", "track", "regexp", "pseudo", "child", "typeof b", "error", "sufeffxa0", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75", "wpbruiserclient", "browserinfo", "mozinnerscreenx", "xmlhttprequest", "activexobject", "bf7e56f2f3", "zpbcat", "zcluidkrs", "promise", "boolean", "verification", "object", "reflect", "typeof proxy", "demo", "shareaholic", "sfunction", "bearer", "patch", "accept", "function", "symbol", "weakmap", "dataview", "typeof module", "cfunction", "event", "afunction", "efunction", "mfunction", "binnerheightc", "number", "string", "trackevent", "click", "uint8array", "gtmng3vqql", "classes", "path", "code", "typeof r", "function code", "typeof n", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "vd", "utmb", "firefox", "shockwave flash", "utma", "utmz", "ieproto", "typeof", "widgetrootqa", "driftconductor", "addcookiedomain", "hubspot", "typeof t", "quora pixel", "4294967295", "uint32array", "viewcontent", "infinity", "register domain names", "domain registration", "business web hosting services", "web hosting provider", "business email accounts", "web site hosting", "domain name registration", "ecommerce hosting services", "buy domains", "bulk domain search", "domain name search", "domain hosting", "registrations", "websites", "whois", "registrar", "registry", "domainpeople", "domain name", "registration", "year discount", "web hosting", "us whois", "us contact", "lookup alerts", "support login", "call" ], "references": [ "https://domainpeople.com", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://js.hubspot.com/analytics/1652585100000/210895.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://js-agent.newrelic.com/nr-1216.min.js", "https://js-na1.hs-scripts.com/210895.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://px.owneriq.net/stas/s/sholic.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://sb.scorecardresearch.com/beacon.js", "https://cdn.tynt.com/afsh.js", "xfe-URL-ml314.com-stix2-2.1-export.json", "xfe-URL-bombora.com-stix2-2.1-export.json", "xfe-URL-Owneriq.net-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BomboraConsent", "display_name": "BomboraConsent", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4185, "URL": 12454, "FileHash-SHA256": 1329, "CVE": 2, "domain": 2068, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6271740be1d2d55007677274", "name": "Fiberhub.com and versaweb.com", "description": "The following is the full text of the code used to create Twitter's new web-based \"bootstrap\" - a guide to what to do if you want to use it in your browser.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T18:27:23.636000", "tags": [ "html5 shiv", "jdalton", "jonneal", "mitgpl2", "typeof c", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "error", "click", "open", "next", "target", "trigger", "config", "checkbox", "delta", "false", "scroll", "vd", "number", "string", "ienew ca", "date", "closure library", "quota", "aafunction", "dafunction", "fbcd", "328373057580084", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "accept", "please", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again" ], "references": [ "xfe-IP-76.164.203.68-stix2-2.1-export.json", "http://www.versaweb.com/js/bootstrap.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "http://www.versaweb.com/css/1024.css", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://www.fiberhub.com/js/bootstrap.js", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 590, "URL": 1312, "domain": 376, "FileHash-SHA256": 203 }, "indicator_count": 2481, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1460 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626a8a564da0d5b27dc02619", "name": "App By Web", "description": "Israeli malware hosting", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T12:36:38.103000", "tags": [ "hebrew", "truetype", "woff2", "woff", "body", "fh5cooffcanvas", "function", "click", "main menu", "superfish var", "parallax", "offcanvas", "mobile menu", "animations var", "mstouchaction", "superfish menu", "plugin", "copyright", "joel birch", "dual", "fill", "touchaction", "y position", "hoverintent", "brian cherne", "param", "threshold", "mit license", "or selector", "author", "1parseint", "mark dalgleish", "http", "webkitopacity", "webkit", "khtmlopacity", "khtml", "typeof d", "error", "this", "caleb troughton", "typeof f", "adapter", "bootstrap", "javascript", "typeof c", "twitter", "focus", "azaz", "including", "this software", "but not", "limited to", "terms of", "open", "bsd license", "redistribution", "redistributions", "neither", "direct", "gc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "date", "accept", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "documenttouch", "websocket", "string", "silk", "script", "arial", "edge", "iframe", "promise", "void", "android", "trident", "embed", "meta", "roboto", "term", "\u05d4\u05d6\u05de\u05e0\u05ea \u05de\u05d5\u05e0\u05d9\u05ea", "wtaxi", "wapp", "app by web ltd", "03-5115656", "03-5109109", "+97235115656", "\u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e1\u05e2\u05d9\u05dd", "\u05db\u05e8\u05d8\u05d9\u05e1 \u05d0\u05e9\u05e8\u05d0\u05d9 \u05d1\u05de\u05d5\u05e0\u05d9\u05ea", "web ltd", "reserved" ], "references": [ "xfe-URL-appbyweb.net-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "http://appbyweb.net/AppByWeb/js/superfish.js", "http://appbyweb.net/AppByWeb/js/main.js", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1554, "hostname": 533, "domain": 211, "FileHash-SHA256": 199 }, "indicator_count": 2497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62676c65b80720b582b46037", "name": "Dreamhost.com - Drift Widget", "description": "function.1, a new version of JavaScript, has been added to the end of the year to make it easier for users to keep up with the latest developments in the search for a specific date.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-26T03:52:05.599000", "tags": [ "template7class", "regexp", "root", "context", "match", "body", "template7", "error", "prop", "function", "date", "null", "slice", "void", "factory", "window", "find", "simple", "false", "hj", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "scroll", "keypress", "trident", "live", "fullscreen", "generic", "widget", "ciudad", "adore", "experiment", "mutation", "click", "pluginname", "hidden", "nttt", "fieldset", "class", "form", "fast", "jquery", "format", "february", "april", "june", "august", "nova", "paris", "tokyo", "easy", "speed", "back", "target", "copy", "kill", "this", "infinity", "accept", "locale", "custom build", "https", "boolean", "new boolean", "typeof", "typeerror", "bootstrap", "typeof t", "javascript", "show", "drift widget", "segoe ui", "emoji", "type", "copyright", "browse", "roboto", "helvetica neue", "arial", "noto", "apple color", "twitter", "typeof require", "modulenotfound", "font awesome", "typeof define", "script", "new date", "number", "trackevent", "string", "watched", "search", "clicked", "path", "starter", "download", "derek", "code", "esnull", "gtmphvk7ln", "closure library", "xdfunction", "reduceright", "vd", "g1f7wlmm0k2", "r420", "uint8array", "typeof d", "ieproto", "typeof n", "widgetrootqa", "driftconductor" ], "references": [ "xfe-URL-Dreamhost.com-stix2-2.1-export.json", "https://js.driftt.com/include/1650944100000/2y43hyefanc8.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.googletagmanager.com/gtag/js?id=G-1F7WLMM0K2&l=dataLayer&cx=c", "https://www.google-analytics.com/gtm/optimize.js?id=GTM-PHVK7LN", "https://www.googletagmanager.com/gtm.js?id=GTM-TLN654", "https://kit.fontawesome.com/7d998cc9b7.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://www.dreamhost.com/assets/bootstrap-aa47564acfdf18ce859b8e1fd130d889920ae66415b3db4de8505d42a0477b09.css", "https://js.driftt.com/core?embedId=2y43hyefanc8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5a8c1b8d-2626-4a43-a7a6-76e9416f2f52&sessionStarted=1650943819.009&campaignRefreshToken=a2d9846a-8932-4e3c-a8d5-878681a555e0&hideController=false&pageLoadStartTime=1650943817154&mode=CHAT&driftEnableLog=false", "https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1650943817154", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://www.dreamhost.com/assets/scripts/bootstrap-7670fc8587f9fd0608d2af67f392281a9a4fbf4cb4252952ecb8d34f6ee286b3.js", "https://www.dreamhost.com/assets/scripts/webp-support-1dd791309dc3fa5b166a0a326e49345fe5acb5acbc1831f4c7be87efce1abf51.js", "https://www.dreamhost.com/assets/site-75a1aba399db4de4e4093997b8fc8ff8ec5e65b5f4258c9a658a5cacacbf6e0d.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://cdn.abrankings.com/js/client.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 174, "URL": 1119, "domain": 464, "hostname": 156, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 1916, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6262fc8eadd28fedcc1f00f0", "name": "RoLR: Stichting Registrar of Last Resort Foundation", "description": "Regulator of Last Resort (RoLR) has announced that it has incorporated into the European Union (EU) and will begin registering domains in the next few weeks, with the aim of providing a range of services.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:05:50.548000", "tags": [ "regexp", "function", "typeof b", "error", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "rolr", "registrar", "welcome", "eu corporation", "icann", "whois lookup" ], "references": [ "xfe-URL-netsol.com-stix2-2.1-export.json", "https://www.rolr.eu/", "http://www.rolr.eu/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 498, "URL": 1105, "domain": 179, "FileHash-SHA256": 23 }, "indicator_count": 1805, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62618afdab12239895b96788", "name": "nocix malware Qe", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:49:01.885000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "typeof e", "typeof symbol", "regexp", "hotjar", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "number", "aa6060", "ui function", "e0e0e0", "eeeeee", "code for", "gauges function", "ui code", "abort", "worker", "allow", "body", "oldvalue", "transtion type", "datafield", "name", "minus", "plus", "ctrla", "click", "function", "error", "bootstrap", "javascript", "typeof c", "copyright", "twitter", "focus", "azaz", "typeof b", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "qe", "string", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw701859743", "code", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "typeerror", "symbol", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.nocix.net/js/bootstrap.min.js", "https://www.nocix.net/js/nocix.js", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 507, "URL": 1232, "domain": 170, "FileHash-SHA256": 125, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260d13ab57ec96e24359914", "name": "Malware - reliablesite.net", "description": "VUE-DEVTOOLs_GLOBAL_Hook__, a description of what it will look like when it comes to testing software, is based on the type of Object.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-21T03:36:26.313000", "tags": [ "date", "swiper", "value", "trigger", "gbps", "typeof define", "typeof module", "roboto", "helvetica neue", "arial", "small", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeerror", "typeof", "regexp", "tether error", "typeof rnullr", "anull", "typeof b", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "null", "void", "65536", "typeof f", "vd", "function", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "online", "livechat", "refreshurl", "title", "imageurl", "cssclass", "chat", "object", "string", "typeof t", "incorrect", "xfunction", "target", "typeof p", "typeof btoa", "vnode", "boolean", "typeof symbol" ], "references": [ "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://code.jquery.com/jquery-1.12.0.min.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2233, "hostname": 827, "domain": 565, "FileHash-SHA256": 238 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62608b1b8d323a111026565a", "name": "Malware hosting - freebit.com freebit.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=v, v.b, and b.d(d) for all of its value.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T22:37:15.955000", "tags": [ "getstate", "filter", "regexp", "function", "typeof b", "error", "null", "width", "pseudo", "child", "array", "sufeffxa0", "date", "class", "accept", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "u1ea01ef9", "e9edee", "ea3d31", "45deg", "import", "fontawesome", "html", "pron w3", "hiragino kaku", "gothic pron", "meiryo", "ir side", "menu", "hidden", "select", "click", "mspointerdown", "list", "grid", "changelayout", "40deg", "100px", "logrid", "lolist", "mstransitionend", "xfunction", "bxslider", "copyright", "written", "mit license", "next", "prev", "start", "stop", "section", "alert", "author", "link", "license", "commercial use", "noncommercial", "ccbync license", "targetsbound0", "targetsdone0" ], "references": [ "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "xfe-URL-freebit.com-stix2-2.1-export.json", "xfe-URL-Freebit.net-stix2-2.1-export.json", "http://freebit.com/common/js/jquery.mixitup.min.js", "http://freebit.com/common/js/slide.js", "http://freebit.com/common/js/jquery.bxslider.min.js", "http://freebit.com/common/js/variablelist_top.js?v=2", "http://freebit.com/common/js/function.js", "http://freebit.com/common/css/reset.css", "http://freebit.com/common/css/common.css", "http://freebit.com/common/css/top.css", "http://freebit.com/topnews.css", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 187, "URL": 1132, "hostname": 428, "FileHash-SHA256": 40 }, "indicator_count": 1787, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625eff927c93e3e5cd50e191", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:38.810000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f2b6a1f2c9d5631d261d5", "name": "Choopa.com - vultr", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T21:36:42.286000", "tags": [ "regexp", "typeof e", "typeof t", "function", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "680876936", "389564586", "17606105819", "1044525330", "176418897", "121200080426", "1473231341", "45705983", "71770035416", "1958414417", "copyright", "closure library", "trunc", "msie", "tagpath", "fbcd", "body", "html", "gettarget", "571256413046247", "prop", "click", "typeof l", "json", "array", "string", "8760", "image", "adveid", "typeof c", "typeerror", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "service", "phonenumber", "meta", "invalid uuid", "uint8array", "nullu", "1099511627776", "t4294967296", "typeof symbol", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "reduceright", "number", "gk6536fhn4d", "r300", "typeof d", "path", "caca", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "javascript", "code", "hoverpopup", "please", "output", "popupmodal", "country", "checkall", "invcid", "base64", "score", "attr", "js foundation", "typeof module", "ffffff", "acce22", "f0f0f0", "dadada", "typesubmit", "typebutton", "f4f4f4", "trebuchet ms", "tahoma", "woff", "footer", "segoe ui", "emoji", "tbody", "roboto", "helvetica neue", "arial", "apple color", "noto color", "type", "twitter", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "onclickpopup", "discountmonthly", "grayoverlay", "popup into", "popup var", "center", "price", "first", "classname", "eventkey", "event", "selector", "name", "datakey", "version", "default", "shown", "target", "close", "false", "trigger", "jquery", "delta", "open", "arrow", "protected", "leave", "dataspy", "typeof define", "eventlistener" ], "references": [ "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://www.choopa.com/css/bootstrap.css", "https://www.choopa.com/css/global.css?v=209", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://my.choopa.com/js/global.js?v=41", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.google-analytics.com/analytics.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://static.ads-twitter.com/uwt.js", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://js.partnerstack.com/v1/", "https://bat.bing.com/p/action/17528422.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/sendrolling.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1241, "URL": 3454, "domain": 430, "FileHash-SHA256": 453 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625effa1c4edcef37385c4eb", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:53.960000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625614852d13a468fd3f7ef9", "name": "Malware and bots", "description": "function se(t,e,n, r, n; if you want to know what type of document you are, you can use the new RegExp(M) to set it.", "modified": "2022-05-12T00:04:24.089000", "created": "2022-04-13T00:08:37.870000", "tags": [ "bygmo", "gmohd", "dx gmo", "nftadam", "iosandroid gmo", "csr sdgs", "english", "4444 gmo2020417", "developers gmo", "devsecopsthon", "tech", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "brands", "fliph", "google", "import", "acbac1", "typeemail", "2deg", "1deg", "4deg", "css3", "animation cheat", "sheet", "justin aguilar", "questions", "slideexpandup", "expandup", "gradienttype0", "false", "copyright", "twitter", "f56505", "font", "font path", "woff", "truetype", "fontawesome", "unicode private", "tbody", "tfoot", "thead", "span", "multiple", "type", "href", "input", "halflings", "gradienttype1", "please", "function", "param", "method", "value", "target", "null", "array", "validator", "select", "checkbox", "date", "body", "error", "form", "meta", "class", "regexp", "typeof b", "width", "pseudo", "child", "sufeffxa0", "accept", "20px", "24px", "45deg", "typesubmit", "typenumber", "helvetica", "timelimit", "dialog", "content", "callback", "bodynoscroll", "click", "html", "confirm", "notice", "typeof e", "typeof t", "attr", "js foundation", "typeof module" ], "references": [ "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "http://imhrzluowdso.gq/i/css/font-awesome.css", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "http://imhrzluowdso.gq/i/css/animations.css", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://use.fontawesome.com/releases/v5.0.6/css/all.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1188, "domain": 214, "hostname": 427, "FileHash-SHA256": 168, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6253871aa38954c4426d475e", "name": "http://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "description": "In e, a new RegExp, has been added to the list of properties that can be used to store information in a single place, as well as a \"sizzle\" on the side of the page.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-11T01:40:42.011000", "tags": [ "strong", "imprint", "price", "address", "prima abnehmen", "usage return", "contact", "packs", "card", "digit code", "date", "back", "later", "function", "regexp", "edge", "elem", "webpackrequire", "return", "null", "handle", "expando", "match", "android", "target", "error", "false", "class", "mark", "harmony", "copy", "capture", "seed", "pass", "enough", "code", "never", "core", "local", "verify", "fall", "accept", "done", "find", "internal", "inject", "possible", "prop", "trigger", "typeof t", "typeof symbol", "typeerror", "object", "typeof e", "pseudo", "child", "this", "void", "array", "typeof n", "boolean", "messagechannel", "string", "symbol", "seventracker", "post", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "typedarraytag", "blink", "gecko", "webkit", "trident", "the author", "this software", "copyright", "software is", "provided", "as is", "disclaims all", "warranties with", "regard to", "including all", "direct", "generator", "backspace", "select", "uint8array", "math", "number", "iframe", "span", "form", "click", "enterprise", "infinity", "template", "next", "body", "typeof r", "64e3", "urlsearchparams", "ofunction", "pfunction", "bfunction", "ffunction", "ifunction", "load", "sans", "woff2", "semibold", "bold", "italic", "semibold italic", "bold italic", "u20b4", "u2de02dff", "ua640a69f", "sufeffxa0", "attr" ], "references": [ "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "https://tracking.premiumhealtheurope.com/code.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "https://js.mollie.com/v1/mollie.js", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "https://tracking.premiumhealth.eu/code.js", "https://eu-library.klarnaservices.com/lib.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 640, "URL": 1862, "FileHash-SHA256": 149, "domain": 341 }, "indicator_count": 2992, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6253010ef22c26bcdba2869a", "name": "Lh , ReduceRight Malware", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T16:08:46.450000", "tags": [ "reduceright", "number", "string", "gztj64z90qf", "regexp", "r300", "error", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "fontface", "woff", "woff2", "sans", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "lh", "trackevent", "onceperelement", "u003e div", "xgfunction", "gtmk6chb3b", "query", "form", "click", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "fragment", "xdfunction", "light", "regular", "bold", "verdana", "sansserif", "helvetica", "sltb", "slsavebutton2", "arial", "slh2", "slh3", "slsavebutton", "xrt2", "version", "xparsefloat", "typeof b", "function", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "accept" ], "references": [ "xfe-URL-ketoluqidslim.us-stix2-2.1-export.json", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/63c9d725454afa40dc86453f4a52812f.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/a36a95c9dccfd8d0b6ccb62ed162150a.css", "https://www.googletagmanager.com/gtag/js?id=G-ZTJ64Z90QF&l=dataLayer&cx=c", "https://www.googleoptimize.com/optimize.js?id=OPT-MTGSVG5", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtm.js?id=GTM-K6CHB3B", "https://fonts.googleapis.com/css2?family=Open+Sans&family=Oswald:wght@400;600;700&family=Roboto+Condensed:wght@400;700&display=swap", "xfe-URL-nertiob.pw-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1153, "hostname": 391, "FileHash-SHA256": 167, "domain": 249, "FileHash-MD5": 45 }, "indicator_count": 2005, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62526269ae126bddc2a926db", "name": "Malware", "description": "", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T04:51:53.521000", "tags": [ "webkitkeyframes", "20deg", "5deg", "45deg", "10px00", "2000px00", "2000px", "2000px0", "30deg", "60px0", "input", "typecheckbox", "typeof r", "64e3", "urlsearchparams", "ofunction", "function", "pfunction", "bfunction", "ffunction", "ifunction", "load", "date", "hj", "object", "hotjar", "email", "typeof symbol", "error", "typeof e", "telefon", "regexp", "surveys", "survey", "meta", "cookie", "keypress", "null", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "click", "samesitelax", "tbet", "token1", "token2", "token3", "token4", "token5", "number", "html", "button", "zip code", "lh", "string", "copyright", "xgfunction", "closure library", "xdfunction", "ydfunction", "adfunction", "cdfunction", "typeof t", "class", "attr", "pseudo", "child", "typeof module", "gtmmlvpdtj", "host", "path", "image", "promise", "error send", "subscription", "indexes", "s2no", "trackdata", "push", "unable", "registration", "array", "typeof enulle", "chrome", "view", "welcome", "ad blocker", "safari browser", "phone", "send", "whatsapp", "datasmart", "blank", "amazing body", "level hardcore", "bulking", "cutting", "no side", "effects free", "workout guides", "every", "item free", "click here", "sans", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "ratio", "apple iphone", "apple ipad", "apple ipod", "xmlhttprequest", "post", "contenttype", "text", "symbol", "typeof", "macintel" ], "references": [ "http://nvqonvfylkxdjc.com/", "https://unekds98kksw.com/2022/player_default1/current-device.min.js", "https://unekds98kksw.com/2022/player_default1/send.js", "https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800", "https://youridealbody.xyz/lp6?bemobdata=c%3D752f3aef-dd8a-4507-a8cd-fe0f9b15c4e5..l%3D94aed4ec-30ac-424c-9e71-bf528195b1d7..f%3D928350ba-6450-412a-8ac7-3ee25ff4287e..a%3D2..b%3D1..z%3D0.00031..e%3D536878068779029425..c1%3D2627325..c2%3D2001342..c3%3DUS..c4%3Dios..c5%3Dios15..c6%3Dmobile..c7%3Dverizon-us..c8%3Dsafari..c10%3Den", "https://cpatools.cc/js/linksmart.js", "https://adsiblocker.com/index.php?key=sh3en4m6rxvscfptoc65&visitor_id=536878455372222772&cost=0.000501&zoneid=2627325&campaignid=5420841&device=iphone&browser=safari&os=ios&osversion=ios15&country=US&language=en&isp=verizon%20business&source=propellerads", "https://adsiblocker.com/index.php?lp=1&uclick=sc46oji4", "https://www.flirt4fuck.com/c/1de75401f8c75130?s1=181_4239973_cfa_mob_US_pop&s2=8639661&s3=2627325", "https://www.flirt4fuck.com/js/pushjs/1.0.0/utils.js", "https://www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js", "https://www.flirt4fuck.com/js/pushjs/1.0.0/subscriber.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ", "https://code.jquery.com/jquery-3.6.0.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-145157900-3", "https://onenightflirt.com/lps/jumps/2/script.js", "https://assets.topsrcs.com/js/script_wf.js", "https://static.hotjar.com/c/hotjar-2908146.js?sv=6", "https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js", "https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194", "https://onenightflirt.com/lps/jumps/2/style.css", "https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html", "https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css", "xfe-URL-nvqonvfylkxdjc.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "Lh", "display_name": "Lh", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 202, "URL": 846, "FileHash-SHA256": 154, "hostname": 268, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6250b15f2509705305127d3d", "name": "Unnamed Malware", "description": "This is the full text of an online forum for people under the age of 18, set up in the United States, and published on the website of the site's founder, JK Rowling.", "modified": "2022-05-08T22:03:06.754000", "created": "2022-04-08T22:04:15.223000", "tags": [ "error", "modulenotfound", "infinite", "function", "mouseevent", "dommousescroll", "date", "event", "bscroll", "u200", "typeof s", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "cookie", "slice", "open", "code", "path", "info", "null", "this", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "canvas", "tencent", "barrio", "regexp", "typeof b", "width", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "arisa bd", "director", "uncut bd", "4 bd", "milk1 bd", "cage1 bd", "discodepart1 bd", "discodepart2 bd", "milk4 bd", "wife", "mother", "shown", "meta", "viewport" ], "references": [ "xfe-IP-103.120.25.185-stix2-2.1-export.json", "http://www.yichenghy.com/common.js", "http://www.yichenghy.com/tj.js", "https://yeyeai3.xyz/", "https://www.2610.app:5766/?agent=7762453360", "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "http://v8714.com/", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 903, "hostname": 370, "domain": 112, "FileHash-SHA256": 20, "FileHash-MD5": 3 }, "indicator_count": 1408, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625045b8e764847c54ed286e", "name": "ewqopweowia543.ga", "description": "If you want to know what type of Touches you will get when you get stuck in the middle of a page, then ask for a random number of letters or numbers, or, if you can't find one.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T14:24:56.301000", "tags": [ "90deg", "250px", "helvetica neue", "helvetica", "roboto", "georgia", "typesearch", "typecheckbox", "label", "liberation mono", "function", "constructor", "param", "object", "class", "event", "abide", "number", "initializes", "drilldown", "window", "sticky", "false", "null", "body", "this", "date", "path", "anchor", "open", "trigger", "small", "close", "void", "form", "fast", "prop", "error", "shift", "test", "burn", "android", "back", "killswitch", "find", "desktop", "fall", "linear", "value", "webpackrequire", "return", "mouse", "factory", "moduleid", "apple cmd", "regexp", "elem", "handle", "expando", "match", "selector", "type", "sizzle", "target", "mark", "copy", "capture", "seed", "pass", "code", "bind", "core", "local", "verify", "accept", "done", "internal", "inject", "possible", "hold", "camel", "first", "middle", "gc", "eq", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "65535", "boolean", "counter", "segoe ui", "typeerror", "lucida", "ecommerce", "ext link", "comic", "impact", "light" ], "references": [ "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "https://mc.yandex.ru/metrika/watch.js", "https://ssl.google-analytics.com/ga.js", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "https://vestacp.com/js/app.js", "https://vestacp.com/css/app.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Eq", "display_name": "Eq", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 706, "URL": 1386, "CVE": 1, "FileHash-SHA256": 238, "domain": 234 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624f2e8aebe8893d7e4f68d5", "name": "IBM EARLY WARNING URL - ketoqitugslim.us", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-07T00:03:18.570000", "created": "2022-04-07T18:33:46.056000", "tags": [ "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "multiple", "href", "typesearch", "helvetica", "typemonth", "typebutton", "typereset", "typesubmit", "arial", "date", "version", "xparsefloat", "regexp", "error", "typeof b", "function", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "accept" ], "references": [ "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/23190726c18d12eb341ebb4c6d4573ab.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/89782cd052fb72c4f9df6bd5644f2afb.css", "xfe-URL-ketoqitugslim.us-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 659, "hostname": 266, "domain": 112, "FileHash-MD5": 5 }, "indicator_count": 1042, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62617d42a6121d5abd3c6942", "name": "Hurricane Electric - csp.he.net :)", "description": "Here is the full text of the code that Google.com used to create its search engine, \"search.cse\", for the first time. and, in the event, it is:", "modified": "2022-04-21T15:50:26.260000", "created": "2022-04-21T15:50:26.260000", "tags": [ "flexslider", "target", "boolean", "slideshow", "next", "integer", "prev", "smooth height", "sync", "prevent ios", "pause", "date", "null", "privat", "leave", "sans", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "navtop", "currentdiv", "validation", "drop down", "collapse", "tool tips", "popovers", "fix navbar", "click", "scroll", "begin", "regexp", "span", "xmpb", "onwss", "styless", "mstransitionend", "text", "error", "infinity", "false", "february", "april", "june", "august", "gray", "e00000", "replaced", "gene", "dc143c", "align buttons", "for stuff", "inside this", "blockform", "woo hoo", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "string", "object", "number", "azaz09", "copyright", "closure library", "typeerror", "symbol", "vd", "silk", "edge", "style", "google", "android", "form", "trident", "template", "embed", "iframe", "keygen", "meta", "acronym", "code", "legend", "main", "mark", "small", "class", "close", "blank", "array", "attr", "function", "invalid json", "domparser", "ffffff", "cccccc", "c41130", "f6f6f6", "knew w", "hnew w", "lnew w" ], "references": [ "https://csp.he.net/styles/style.css", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://www.googleadservices.com/pagead/conversion.js", "https://ssl.google-analytics.com/ga.js", "http://fonts.googleapis.com/css?family=Open+Sans:300" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "FlexSlider", "display_name": "FlexSlider", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 490, "URL": 1339, "FileHash-SHA256": 186 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1502 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624fed60bce30600620313bb", "name": "malware-porcelinux.com", "description": "var Ta,Ua, Va, Ra, Qa - a list of names, terms, phrases, symbols, numbers, characters - for all types of search, as well as the search engine.", "modified": "2022-04-08T08:08:00.818000", "created": "2022-04-08T08:08:00.818000", "tags": [ "helvetica", "ffffff", "verdana", "index", "eeeeee", "top100px", "yincr", "inurl", "xincr", "faction", "contenttype", "activexobject", "posttext", "xmlhttp", "xmlhttprequest", "fotorandom", "zxmlhttp", "line number", "column", "domparser", "null", "array", "drag", "drop", "ddobj", "walter zorn", "function", "resetz", "resizable", "resize", "body", "copy", "window", "alpha", "false", "date", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva" ], "references": [ "https://ssl.google-analytics.com/ga.js", "https://porcelinux.com/js/wz_dragdrop.js", "https://porcelinux.com/js/zxml.js", "https://porcelinux.com/js/myhome.js", "http://codice.shinystat.com/cgi-bin/getcod.cgi?USER=adgweb", "https://porcelinux.com/estilo.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 387, "domain": 58, "hostname": 250, "FileHash-SHA256": 23 }, "indicator_count": 718, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1515 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249a9e497137f9627e5a794", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:09:48.093000", "created": "2022-04-03T14:06:28.503000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1048, "domain": 132, "hostname": 311 }, "indicator_count": 1491, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249a9e3fcaee2fb956ffacc", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:06:27.271000", "created": "2022-04-03T14:06:27.271000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1047, "domain": 132, "hostname": 311 }, "indicator_count": 1490, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62497a9c72edc277fb20e52f", "name": "'+titlestr+'", "description": "If you want to see what is going on at this time of year, spare a thought for T.t.m.T.g.ts.com; T-t=t,", "modified": "2022-04-03T10:44:44.074000", "created": "2022-04-03T10:44:44.074000", "tags": [ "typeof t", "typeof symbol", "nthis", "msger", "typeof e", "image", "error", "typeerror", "new date", "codeverify", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "date", "cookie", "slice", "open", "code", "path", "info", "null", "this", "webpackrequire", "othis", "object", "array", "executor", "canvas", "function", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "click", "typeof", "typeof define", "typeof c", "copyright", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "james levine", "udid", "x61x70x70x6cx79", "azaz", "0x5372", "0x19", "0x3de55b", "0x24a5d4", "0x5c", "0x19c89f", "0x2f1b4a", "0x4d1e1f", "0x1a", "0x29", "window", "honor", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "onload", "android", "regexp", "x20trnf", "class", "attr", "pseudo", "child", "swiper", "most", "mit license", "january", "typeof b", "sufeffxa0", "void", "typeof n", "appappapp", "next", "toh5", "channelcode", "androidos", "linux", "ipad", "macintosh", "promise", "xmlhttprequest", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "width", "accept", "cnzzdata", "czuuid", "umdistinctid", "version", "october", "win32", "name", "html", "meta", "viewport" ], "references": [ "http://www.laijcm.com/common.js", "http://www.laijcm.com/tj.js", "http://kk164.xyz/", "https://x4707.com:5443/?register=1", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://www.xvsgwa.com/qz1IJUpc.html", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://www.bibo14.app:2611/css/h5/reset.css", "https://www.dongtiankuangye.com/a002/config.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://sdk.51.la/js-sdk-pro.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://ty66as.jxdysw.cn/1whpv", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1528, "hostname": 543, "domain": 209, "FileHash-SHA256": 127, "email": 1, "FileHash-MD5": 4 }, "indicator_count": 2412, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249330bfdce75b6a0667154", "name": "Malware cont..", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-04-03T05:39:23.816000", "created": "2022-04-03T05:39:23.816000", "tags": [ "2000px", "120deg", "10px", "e9e7e7", "b2b2b2", "webkitkeyframes", "f8f8f8", "d3d4d3", "c9c5c5", "alpha", "web mit", "license http", "invalid", "activexobject", "msies", "msanimationend", "typeof e", "typeof f", "typeof y", "typeof define", "function", "null", "typeof t", "array", "value", "regexp", "textarea", "azaz", "typeof n", "this", "date", "infinity", "iframe", "error", "typeof b", "pseudo", "child", "width", "sufeffxa0", "class", "accept" ], "references": [ "https://cdn.staticfile.org/jquery/2.1.4/jquery.min.js", "https://cdn.staticfile.org/vue/1.0.21/vue.min.js", "https://cdn.staticfile.org/layer/3.1.1/layer.js", "https://cdn.staticfile.org/layer/3.1.1/theme/default/layer.css?v=3.1.1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 914, "FileHash-SHA256": 23, "hostname": 339, "domain": 126 }, "indicator_count": 1402, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1525 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "Copy of clientlib.js(36).download", "Copy of clientlib(48).css", "Copy of clientlib.js(18).download", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://vestacp.com/css/app.css", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://s.adroll.com/j/sendrolling.js", "xfe-URL-nertiob.pw-stix2-2.1-export.json", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://onenightflirt.com/lps/jumps/2/style.css", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js", "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://px.owneriq.net/stas/s/sholic.js", "http://imhrzluowdso.gq/i/css/font-awesome.css", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "https://sofire.bdstatic.com/js/dfxaf.js", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=G-1F7WLMM0K2&l=dataLayer&cx=c", "Copy of clientlib(25).css", "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://my.choopa.com/js/jquery-3.5.1.min.js", "Copy of clientlib(13).css", "https://www.dreamhost.com/assets/bootstrap-aa47564acfdf18ce859b8e1fd130d889920ae66415b3db4de8505d42a0477b09.css", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "xfe-URL-ml314.com-stix2-2.1-export.json", "https://js.mollie.com/v1/mollie.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://www.cloudron.io/3rdparty/slick.js", "Copy of clientlib(30).css", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap", "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://eu-library.klarnaservices.com/lib.js", "Copy of clientlib.js(34).download", "https://m9277.com/tsnew-download/index.html", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://www.fiberhub.com/js/bootstrap.js", "https://assets.topsrcs.com/js/script_wf.js", "Copy of clientlib.js(38).download", "xfe-URL-West.cn-stix2-2.1-export.json", "Copy of clientlib(3).css", "Copy of clientlib.js(1).download", "https://youridealbody.xyz/lp6?bemobdata=c%3D752f3aef-dd8a-4507-a8cd-fe0f9b15c4e5..l%3D94aed4ec-30ac-424c-9e71-bf528195b1d7..f%3D928350ba-6450-412a-8ac7-3ee25ff4287e..a%3D2..b%3D1..z%3D0.00031..e%3D536878068779029425..c1%3D2627325..c2%3D2001342..c3%3DUS..c4%3Dios..c5%3Dios15..c6%3Dmobile..c7%3Dverizon-us..c8%3Dsafari..c10%3Den", "https://www.flirt4fuck.com/js/pushjs/1.0.0/utils.js", "Copy of clientlib(5).css", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "bootstrap.min.css", "Copy of clientlib.js(30).download", "Copy of clientlib(44).css", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.dreamhost.com/assets/scripts/webp-support-1dd791309dc3fa5b166a0a326e49345fe5acb5acbc1831f4c7be87efce1abf51.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "Copy of clientlib.js(4).download", "Copy of clientlib.js(28).download", "Copy of clientlibs(4).css", "https://www.googleoptimize.com/optimize.js?id=OPT-MTGSVG5", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "http://www.yichenghy.com/tj.js", "https://www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://porcelinux.com/js/zxml.js", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "http://kk164.xyz/", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "Copy of clientlib(47).css", "https://www.cloudron.io/3rdparty/angular.min.js", "https://cpatools.cc/js/linksmart.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "https://js-na1.hs-scripts.com/210895.js", "Copy of clientlib.js(25).download", "https://tria.ge/240521-rxpf6ahd6w", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "Copy of clientlibs.css", "https://www.cloudron.io/3rdparty/bootstrap.min.css", "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "https://www.googletagmanager.com/gtag/js?id=G-ZTJ64Z90QF&l=dataLayer&cx=c", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "Copy of clientlib.js(9).download", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "Copy of clientlib.js(33).download", "Copy of clientlibs.js(2).download", "https://client.crisp.chat/l.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "Copy of clientlib(1).css", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://cdn.staticfile.org/vue/1.0.21/vue.min.js", "Copy of clientlib.js(13).download", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://kit.fontawesome.com/7d998cc9b7.js", "Copy of clientlib.js(42).download", "xfe-URL-appbyweb.net-stix2-2.1-export.json", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "https://www.bibo14.app:2611/css/h5/reset.css", "Copy of clientlib.js(52).download", "zetalytics .pdf", "https://www.google-analytics.com/analytics.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "Copy of clientlib(20).css", "Copy of clientlib(51).css", "Copy of clientlib.js(56).download", "Copy of clientlib(49).css", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "Copy of js", "http://imhrzluowdso.gq/i/css/animations.css", "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://www.versaweb.com/js/bootstrap.js", "https://mc.yandex.ru/metrika/watch.js", "Copy of clientlibs.js(3).download", "xfe-URL-Zhuzi.me-stix2-2.1-export.json", "Copy of clientlib(32).css", "https://my.choopa.com/js/global.js?v=41", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "Copy of clientlib(50).css", "https://m2855.com:35003/", "Copy of clientlib.js(12).download", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "https://cdn.abrankings.com/js/client.js", "http://push.zhanzhang.baidu.com/push.js", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "Copy of clientlib(54).css", "https://porcelinux.com/estilo.css", "http://www.yichenghy.com/common.js", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css", "https://s.adroll.com/j/roundtrip.js", "https://adsiblocker.com/index.php?key=sh3en4m6rxvscfptoc65&visitor_id=536878455372222772&cost=0.000501&zoneid=2627325&campaignid=5420841&device=iphone&browser=safari&os=ios&osversion=ios15&country=US&language=en&isp=verizon%20business&source=propellerads", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://www.choopa.com/css/bootstrap.css", "https://tracking.premiumhealtheurope.com/code.js", "https://js.partnerstack.com/v1/", "https://adsiblocker.com/index.php?lp=1&uclick=sc46oji4", "Copy of clientlib(33).css", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://yeyeai3.xyz/", "Copy of clientlib.js(15).download", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "Copy of clientlib(19).css", "xfe-URL-Freebit.net-stix2-2.1-export.json", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "Copy of clientlib.js(3).download", "xfe-URL-ketoluqidslim.us-stix2-2.1-export.json", "https://m.west.cn/jscripts/baidutj/hm.js", "xfe-URL-Owneriq.net-stix2-2.1-export.json", "https://www.bibo14.app:2611/js/down.js?v=1022", "Copy of clientlib.js(8).download", "https://6112.hnsstjc.com/a002/xpj.php", "Copy of clientlib(4).css", "https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html", "https://mgttse001.vip/static/js/jquery.js", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "Copy of clientlib.js(39).download", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "http://slulutz02.com/", "https://www.googletagmanager.com/gtm.js?id=GTM-TLN654", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "Copy of clientlib(29).css", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "Copy of clientlib.js(16).download", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "Copy of clientlib(41).css", "Copy of clientlibs(5).css", "https://connect.facebook.net/en_US/fbevents.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://bat.bing.com/bat.js", "Copy of clientlib(53).css", "https://tria.ge/240521-ry949ahe2z/behavioral1", "https://analytics.cloudron.io/piwik.js", "Copy of fbevents.js.download", "Copy of clientlib.js(11).download", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "Copy of clientlib.js(60).download", "http://freebit.com/common/js/slide.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&", "http://fonts.googleapis.com/css?family=Open+Sans:300", "https://www.choopa.com/_js/global.js?v=209", "Copy of clientlib.js(41).download", "https://static.ads-twitter.com/uwt.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "http://freebit.com/topnews.css", "https://tria.ge/240521-r3mvhshd83", "https://static.hotjar.com/c/hotjar-2908146.js?sv=6", "Copy of clientlib(8).css", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "https://fonts.googleapis.com/css2?family=Open+Sans&family=Oswald:wght@400;600;700&family=Roboto+Condensed:wght@400;700&display=swap", "https://www.google-analytics.com/gtm/optimize.js?id=GTM-PHVK7LN", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "Copy of clientlib.js(24).download", "xfe-URL-freebit.com-stix2-2.1-export.json", "Copy of clientlib.js(37).download", "https://www.west.cn/js2016/lib/jquery.SuperSlide/jquery.SuperSlide.2.1.1.x.js", "Copy of clientlib.js(17).download", "Copy of clientlib(45).css", "https://tracking.premiumhealth.eu/code.js", "https://unekds98kksw.com/2022/player_default1/current-device.min.js", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/89782cd052fb72c4f9df6bd5644f2afb.css", "Copy of clientlib.js(29).download", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "Copy of clientlib(10).css", "Copy of clientlib(18).css", "https://www.bibo14.app:2611/js/cncc.js", "https://csp.he.net/styles/style.css", "Copy of clientlib.js(35).download", "https://cstaticdun.126.net/load.min.js?t=202007291602", "Copy of clientlib.js(22).download", "Copy of clientlib(22).css", "Copy of clientlib.js(23).download", "Copy of clientlib(6).css", "Copy of clientlib(28).css", "xfe-IP-103.120.25.185-stix2-2.1-export.json", "https://porcelinux.com/js/myhome.js", "https://www.googleadservices.com/pagead/conversion_async.js", "Copy of iframe_api", "https://onenightflirt.com/lps/jumps/2/script.js", "Copy of clientlib.js(19).download", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "Copy of clientlib(46).css", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "https://code.jquery.com/jquery-1.12.0.min.js", "Copy of clientlibs(1).css", "Copy of clientlibs.js(1).download", "https://www.googletagmanager.com/gtm.js?id=GTM-K6CHB3B", "Copy of clientlib.js(59).download", "https://www.nocix.net/js/bootstrap.min.js", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://ty66as.jxdysw.cn/1whpv", "Copy of clientlib(15).css", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "Copy of clientlibs(3).css", "Copy of clientlib.js(51).download", "https://www.nocix.net/js/nocix.js", "http://freebit.com/common/css/common.css", "https://www.choopa.com/_js/bootstrap.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "Copy of clientlib(21).css", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "Copy of dir (1).c9r", "https://www.googletagmanager.com/gtag/js?id=UA-145157900-3", "http://freebit.com/common/js/jquery.bxslider.min.js", "https://use.fontawesome.com/releases/v5.0.6/css/all.css", "xfe-URL-Dreamhost.com-stix2-2.1-export.json", "Copy of clientlibs.js.download", "https://www.flirt4fuck.com/js/pushjs/1.0.0/subscriber.js", "https://js-agent.newrelic.com/nr-1216.min.js", "Copy of clientlib.js(58).download", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/a36a95c9dccfd8d0b6ccb62ed162150a.css", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "Copy of clientlibs.js(4).download", "Copy of clientlib.js(26).download", "https://www.2610.app:5766/?agent=7762453360", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "Copy of clientlib.js(5).download", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "Copy of clientlib(9).css", "https://www.dreamhost.com/assets/site-75a1aba399db4de4e4093997b8fc8ff8ec5e65b5f4258c9a658a5cacacbf6e0d.js", "xfe-IP-103.24.249.209-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "http://codice.shinystat.com/cgi-bin/getcod.cgi?USER=adgweb", "https://sb.scorecardresearch.com/beacon.js", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://js.driftt.com/include/1650944100000/2y43hyefanc8.js", "Copy of clientlib(31).css", "Copy of clientlib.js(32).download", "https://www.cloudron.io/index.js", "https://www.dreamhost.com/assets/scripts/bootstrap-7670fc8587f9fd0608d2af67f392281a9a4fbf4cb4252952ecb8d34f6ee286b3.js", "http://freebit.com/common/js/jquery.mixitup.min.js", "Copy of clientlib(27).css", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.west.cn/js2016/root/jqinclude.js?t=20211126a", "xfe-URL-netsol.com-stix2-2.1-export.json", "https://code.jquery.com/jquery-3.6.0.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://cdn.staticfile.org/layer/3.1.1/layer.js", "Copy of clientlib.js(57).download", "ga.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://ssl.google-analytics.com/ga.js", "Copy of clientlib.js(7).download", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "Copy of clientlibs(2).css", "Copy of clientlib(38).css", "Copy of clientlib(24).css", "Copy of clientlib(36).css", "https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "Copy of clientlib(40).css", "https://unekds98kksw.com/2022/player_default1/send.js", "Copy of clientlib(52).css", "Copy of clientlib(43).css", "https://cdn.staticfile.org/layer/3.1.1/theme/default/layer.css?v=3.1.1", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "http://www.laijcm.com/tj.js", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "hxxps://myapplications[.]microsoft[.]com/", "https://m9277.com/tsnew-download/js/jquery.min.js", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "Copy of clientlib.js(55).download", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json", "https://www.virustotal.com/static/js/base.min-2013121902.js", "Copy of clientlib.js(53).download", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "xfe-IP-76.164.203.68-stix2-2.1-export.json", "https://sdk.51.la/js-sdk-pro.min.js", "http://www.versaweb.com/css/1024.css", "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion.js", "Copy of clientlib(39).css", "xfe-URL-versaweb.com-stix2-2.1-export.json", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "Copy of clientlib.js(44).download", "http://nvqonvfylkxdjc.com/", "https://porcelinux.com/js/wz_dragdrop.js", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "http://www.laijcm.com/common.js", "https://x4707.com:5443/?register=1", "https://domainpeople.com", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/23190726c18d12eb341ebb4c6d4573ab.css", "Copy of clientlib.js(54).download", "http://imhrzluowdso.gq/i/css/style.css", "https://ssl.captcha.qq.com/TCaptcha.js", "xfe-URL-Nocix.net-stix2-2.1-export.json", "Copy of clientlib.js(31).download", "https://my.choopa.com/js/desktop.js?v=41", "https://www.choopa.com/css/global.css?v=209", "Copy of clientlib(16).css", "Copy of clientlib(11).css", "https://vestacp.com/js/app.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://www.xvsgwa.com/qz1IJUpc.html", "hxxps://portal[.]office[.]com/Account", "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js", "http://www.rolr.eu/js/jquery.min.js", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1650943817154", "Copy of clientlib(17).css", "https://js.driftt.com/core?embedId=2y43hyefanc8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5a8c1b8d-2626-4a43-a7a6-76e9416f2f52&sessionStarted=1650943819.009&campaignRefreshToken=a2d9846a-8932-4e3c-a8d5-878681a555e0&hideController=false&pageLoadStartTime=1650943817154&mode=CHAT&driftEnableLog=false", "Copy of clientlib(12).css", "Copy of clientlib.js(10).download", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "xfe-URL-bombora.com-stix2-2.1-export.json", "Copy of clientlib(34).css", "bootmin-2013092601.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://bat.bing.com/p/action/17528422.js", "Copy of clientlib.js(21).download", "https://cdn.staticfile.org/jquery/2.1.4/jquery.min.js", "https://www.dongtiankuangye.com/a002/config.js", "Copy of clientlib(26).css", "https://www.rolr.eu/", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "Copy of clientlib(7).css", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://www.flirt4fuck.com/c/1de75401f8c75130?s1=181_4239973_cfa_mob_US_pop&s2=8639661&s3=2627325", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194", "Copy of clientlib(35).css", "Copy of clientlib(42).css", "http://freebit.com/common/css/reset.css", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "Copy of clientlib.js(43).download", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "http://m.west.cn/jscripts/baidutj/hm.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ", "http://appbyweb.net/AppByWeb/js/main.js", "Copy of clientlib(14).css", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "Copy of clientlib.js(2).download", "https://cstaticdun.126.net/load.min.js?v=2203141811", "Copy of clientlib(55).css", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "jquery.min.js", "https://js.hubspot.com/analytics/1652585100000/210895.js", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://pojd783.cc:8443/js/sharetrace.min.js", "Copy of clientlib.js(14).download", "http://appbyweb.net/AppByWeb/js/superfish.js", "xfe-URL-ketoqitugslim.us-stix2-2.0-export.json", "http://appbyweb.net/AppByWeb", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js", "https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800", "Copy of clientlib(37).css", "https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css", "http://freebit.com/common/css/top.css", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/63c9d725454afa40dc86453f4a52812f.css", "https://tria.ge/240521-rvybaahb79", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://6112.hnsstjc.com/a002/xpjtz.php", "xfe-URL-nvqonvfylkxdjc.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1045757556", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://tria.ge/240521-r1yh8shd44", "http://v8714.com/", "https://6112.hnsstjc.com/a002/js/fontSize.js", "bootmin-2013092601 2.js", "Copy of clientlib(23).css", "Copy of clientlib.js(45).download", "http://freebit.com/common/js/variablelist_top.js?v=2", "https://cdn.tynt.com/afsh.js", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "Copy of clientlib(2).css", "http://freebit.com/common/js/function.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Win.virus.polyransom-5704625-0", "Reduceright", "Vd", "Gc", "Flexslider", "Eq", "Backdoor:win32/poison.e", "Trojan:win32/danabot.g", "Bomboraconsent", "Alf:pua:block:iobit.r!mtb", "Qe", "Hj", "Lh", "Telper:cert:softwarebundler:win32/bunpredelt", "Win32:cryptor" ], "industries": [ "Defense", "Construction", "Telecommunications", "Finance", "Chemical", "Media", "Agriculture", "Healthcare", "Education", "Biotechnology", "Technology", "Energy", "Transportation", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 49, "pulses": [ { "id": "69d2274c68bc029b77ff8b2c", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:40.830000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d2273d57ede103894c1943", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:25.506000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d2272769a32400c257e7e7", "name": "CAPE Sandbox", "description": "The full text of the full translation of this article:..2.4.3.7.8.6.1.9.5.0., the first of its kind.>>", "modified": "2026-05-05T09:01:42.428000", "created": "2026-04-05T09:11:03.976000", "tags": [ "aaaa", "algorithm", "number", "cgb osectigo", "public server", "ov r36", "validity", "cus sttexas", "oforcepoint llc", "public key", "info", "host name", "handle", "rdap database", "iana registrar", "entity", "dnssec", "yes conformance", "redacted for", "server", "domain status", "privacy billing", "privacy tech", "privacy admin", "email", "postal code", "date", "registrar abuse", "code", "dspm", "forcepoint dlp", "forcepoint", "login", "password", "austin", "texas", "hub customer", "data security", "protect", "organization", "stateprovince", "attempts", "reads", "sha1", "sha256", "mwdb", "bazaar", "sha3384", "crc32", "ssdeep", "checks" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 3, "FileHash-SHA256": 685, "domain": 205, "hostname": 426, "FileHash-MD5": 722, "FileHash-SHA1": 348, "URL": 438, "email": 3 }, "indicator_count": 2830, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "159 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664bd9b732ecaf1b3c3beddf", "name": "Found some problems - Files from the UAlberta Google Drive Archive", "description": "Been looking for these...Gifts from the University of Alberta to the World apparently\n*Please note: I emptied out the Drive, however, there was a significant amount of abuse re: Google and Microsoft Accounts at the University of Alberta (reported).\n*On the Google side I utilized: Drive (a little), Docs/Slides/Sheets (when groupwork was required)\n*On the Microsoft side I utilized: OneDrive, Office 365 (Word, PPT, Excel, and OneNote). I used to also have a personal microsoft account (OneNote, OneDrive, Skype).\nThese were the applications I lived on for my studies. I could access the Gmail/Microsoft accounts for the University (however - 'bad things' usually happen because of this). I have no access to my personal Microsoft Account (i.e. myself and other affected student(s) do not have access to our personal stuff.", "modified": "2024-09-03T00:02:13.980000", "created": "2024-05-20T23:16:07.255000", "tags": [ "contact", "quick", "destination", "entry", "safety", "local", "health", "travel", "notification", "considerations", "service", "criminal", "showit", "click", "outcome", "step", "please", "class", "questions set", "question set", "unlock", "continue", "jointfilingyes", "jointfilingno", "minimum req", "domicileresusno", "joint sponsor", "sponsorjoint", "path", "href", "span", "activetab", "starton", "newpage", "searchq", "datasia", "datacon", "segfilter", "subsite", "issuance agency", "visas", "null", "state", "dialog field", "tabpanel", "recaptcha", "nameinputvisa", "fullnameinput1", "license headers", "tools", "templates", "sia contact", "visa", "website", "phoneregexp", "emailregexp", "azaz", "urlpattern", "example starter", "javascript", "fetch", "comptwo", "compone", "dateofbirth", "function", "date", "passport", "nameinput", "fullnameinput", "adult passport", "child passport", "new child", "new adult", "new passport", "datepicker", "ds5504", "hideit", "infinity", "false", "jquery", "error", "body", "trident", "simple", "turn", "back", "calendar", "format", "february", "april", "june", "august", "show", "page has", "bcdate", "col1child", "col2child", "coldatechild", "rowdisplay", "val1", "val2", "repaginate", "grab", "jandec", "86400000", "current", "namerbcontactme", "agency", "compliment", "complaint", "passportfees", "customerservice", "bymail", "namerbcategory", "brokenlink", "search", "departuredate", "calendar date", "picker", "change", "month", "vital", "records form", "component js", "select", "please enter", "azaz09", "dddddd", "woff2", "woff", "truetype", "css document", "efefef", "ffffff", "gradienttype0", "galaxy", "nexus", "iphone5", "abtn", "bbtn", "cbtn", "dbtn", "ebtn", "fbtn", "gbtn", "hbtn", "ibtn", "media query", "from", "fce68e", "font family", "bold", "document", "cc3333", "b7b7b7", "e2edff", "ced9ea", "pm author", "ipca csi", "helvetica", "arial", "cq aem", "feed classes", "f2cd54", "f4d97e", "portrait", "landscape", "ipad", "declare", "immigrant", "visa navigation", "navigation css", "georgia", "times new", "roman", "times", "verdana", "photomodal", "styles media", "ff0000", "queries", "form component", "typetext", "queries media", "phone media", "tablet styles", "media queries", "jumbo sized", "copyright", "gpl version", "http", "alpha", "button", "out width", "ui css", "framework", "icons", "misc", "mini", "input", "label", "textarea", "overlays", "csi page", "embassy info", "embassy data", "embassy names", "end adjust", "embassy nameso", "pages", "e1a04d", "c0c0c0", "ffffff url", "us survey", "component css", "country list", "e7eceb", "important", "additional css", "wizard", "corner radius", "f97800", "c61700", "largestbox", "thisbox", "csi navigation", "ui autocomplete", "ui menu", "noticeid", "countnote", "largestnote", "thisnote", "desktops", "43px", "42px", "large", "aem interface", "styles", "web email", "ytconfig", "typeerror", "facebook pixel", "pixel code", "symbol", "fblog", "typeof", "iterator", "pageview", "pixel", "facebook", "config", "meta", "propname", "dpjquerydpuuid", "this", "next", "atom", "cookie", "iframe", "close", "string", "number", "edge", "regexp", "silk", "sxa0", "object", "opera", "android", "void", "form", "UAlberta", "Android", "Mac", "iPhone", "Gov Alberta", "AWS", "AZURE", "ENTRA", "iCloud", "Telus", "Bitdefender", "Norton" ], "references": [ "Copy of clientlib.js(1).download", "Copy of clientlib.js(2).download", "Copy of clientlib.js(5).download", "Copy of clientlib.js(7).download", "Copy of clientlib.js(4).download", "Copy of clientlib.js(10).download", "Copy of clientlib.js(8).download", "Copy of clientlib.js(11).download", "Copy of clientlib.js(12).download", "Copy of clientlib.js(13).download", "Copy of clientlib.js(14).download", "Copy of clientlib.js(9).download", "Copy of clientlib.js(16).download", "Copy of clientlib.js(17).download", "Copy of clientlib.js(18).download", "Copy of clientlib.js(3).download", "Copy of clientlib.js(19).download", "Copy of clientlib.js(15).download", "Copy of clientlib.js(22).download", "Copy of clientlib.js(23).download", "Copy of clientlib.js(21).download", "Copy of clientlib.js(26).download", "Copy of clientlib.js(25).download", "Copy of clientlib.js(24).download", "Copy of clientlib.js(31).download", "Copy of clientlib.js(28).download", "Copy of clientlib.js(30).download", "Copy of clientlib.js(32).download", "Copy of clientlib.js(29).download", "Copy of clientlib.js(34).download", "Copy of clientlib.js(35).download", "Copy of clientlib.js(37).download", "Copy of clientlib.js(36).download", "Copy of clientlib.js(38).download", "Copy of clientlib.js(39).download", "Copy of clientlib.js(33).download", "Copy of clientlib.js(44).download", "Copy of clientlib.js(43).download", "Copy of clientlib.js(41).download", "Copy of clientlib.js(42).download", "Copy of clientlib.js(45).download", "Copy of clientlib.js(51).download", "Copy of clientlib.js(56).download", "Copy of clientlib.js(55).download", "Copy of clientlib.js(54).download", "Copy of clientlib.js(57).download", "Copy of clientlib.js(52).download", "Copy of clientlib.js(53).download", "Copy of clientlib.js(60).download", "Copy of clientlib(1).css", "Copy of clientlib.js(59).download", "Copy of clientlib(3).css", "Copy of clientlib(2).css", "Copy of clientlib(5).css", "Copy of clientlib.js(58).download", "Copy of clientlib(8).css", "Copy of clientlib(10).css", "Copy of clientlib(7).css", "Copy of clientlib(6).css", "Copy of clientlib(12).css", "Copy of clientlib(13).css", "Copy of clientlib(9).css", "Copy of clientlib(4).css", "Copy of clientlib(14).css", "Copy of clientlib(17).css", "Copy of clientlib(15).css", "Copy of clientlib(19).css", "Copy of clientlib(18).css", "Copy of clientlib(11).css", "Copy of clientlib(20).css", "Copy of clientlib(16).css", "Copy of clientlib(23).css", "Copy of clientlib(24).css", "Copy of clientlib(26).css", "Copy of clientlib(25).css", "Copy of clientlib(28).css", "Copy of clientlib(22).css", "Copy of clientlib(27).css", "Copy of clientlib(31).css", "Copy of clientlib(29).css", "Copy of clientlib(30).css", "Copy of clientlib(32).css", "Copy of clientlib(34).css", "Copy of clientlib(35).css", "Copy of clientlib(33).css", "Copy of clientlib(38).css", "Copy of clientlib(37).css", "Copy of clientlib(36).css", "Copy of clientlib(40).css", "Copy of clientlib(39).css", "Copy of clientlib(43).css", "Copy of clientlib(21).css", "Copy of clientlib(41).css", "Copy of clientlib(44).css", "Copy of clientlib(42).css", "Copy of clientlib(46).css", "Copy of clientlib(45).css", "Copy of clientlib(47).css", "Copy of clientlib(48).css", "Copy of clientlib(49).css", "Copy of clientlib(50).css", "Copy of clientlib(52).css", "Copy of clientlib(54).css", "Copy of clientlibs.js(3).download", "Copy of clientlib(53).css", "Copy of clientlibs.js(2).download", "Copy of clientlibs(3).css", "Copy of clientlib(51).css", "Copy of clientlibs(1).css", "Copy of clientlibs(2).css", "Copy of clientlibs.js.download", "Copy of clientlibs.js(4).download", "Copy of clientlibs(5).css", "Copy of clientlibs.css", "Copy of clientlibs(4).css", "Copy of dir (1).c9r", "Copy of clientlib(55).css", "Copy of iframe_api", "Copy of fbevents.js.download", "Copy of clientlibs.js(1).download", "Copy of js", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "hxxps://portal[.]office[.]com/Account", "hxxps://myapplications[.]microsoft[.]com/", "https://tria.ge/240521-rvybaahb79", "https://tria.ge/240521-rxpf6ahd6w", "https://tria.ge/240521-r1yh8shd44", "https://tria.ge/240521-ry949ahe2z/behavioral1", "https://tria.ge/240521-r3mvhshd83" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Mexico", "Anguilla", "Aruba", "Panama", "Ukraine", "Trinidad and Tobago", "Saint Vincent and the Grenadines", "Saint Martin (French part)", "Sint Maarten (Dutch part)", "Philippines", "Netherlands", "Cura\u00e7ao", "Georgia", "Tanzania, United Republic of", "Costa Rica", "Guatemala", "Japan", "Barbados" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" } ], "industries": [ "Education", "Technology", "Government", "Healthcare", "Biotechnology", "Telecommunications", "Energy", "Construction", "Chemical", "Agriculture", "Finance", "Media", "Defense", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 251, "hostname": 188, "FileHash-SHA256": 142, "URL": 69, "FileHash-MD5": 77, "FileHash-SHA1": 77 }, "indicator_count": 804, "is_author": false, "is_subscribing": null, "subscriber_count": 134, "modified_text": "636 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "755 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e0d95a8c74cc715f7a2", "name": "West.cn", "description": "", "modified": "2023-12-06T15:06:53.350000", "created": "2023-12-06T15:06:53.350000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "domain": 533, "hostname": 757, "URL": 1861, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c8f50527fb73205bfca", "name": "Dreamhost.com - Drift Widget", "description": "", "modified": "2023-12-06T15:00:31.809000", "created": "2023-12-06T15:00:31.809000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 174, "domain": 464, "URL": 1119, "hostname": 156, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 1916, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "f.open", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "f.open", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780336456.9909046 }