{ "type": "Domain", "indicator": "ga.select", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ga.select", "alexa": "http://www.alexa.com/siteinfo/ga.select", "indicator": "ga.select", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2701644975, "indicator": "ga.select", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 22, "pulses": [ { "id": "673dc97604d5c7076da96877", "name": "https://www.vgt.pl/js/jquery-3.2.1.min.js", "description": "JQuery v3.2.1 is released by the JS Foundation and is based on the code written by Jeremy Chilcot, the co-creator of the popular web browser, JQuery.", "modified": "2025-07-31T22:43:55.771000", "created": "2024-11-20T11:35:18.167000", "tags": [ "regexp", "error", "pseudo", "child", "sufeffxa0", "class", "attr", "js foundation", "typeof module", "object", "date", "null" ], "references": [ "https://www.vgt.pl/js/jquery-3.2.1.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 172, "hostname": 404, "URL": 969, "domain": 98, "FileHash-MD5": 178, "FileHash-SHA256": 355, "IPv4": 3 }, "indicator_count": 2179, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664b74b2683dec84891aef96", "name": "PrivateLoader is a malware with a module structure that has the capability is to download and execute one or several payloads", "description": "http://185.172.128.69/batushka/inte.exe \nhttp://185.172.128.69/allnewumm.exe\nhttp://185.172.128.69/brandumma.exe\nhttp://185.172.128.69/files\nhttp://185.172.128.69/files/US.file\nhttp://185.172.128.69/latestumma.exe\nhttp://185.172.128.69/newumma.exe\nhttp://185.172.128.69/sekundumma.exe\nhttp://185.172.128.69/ummanew.exe", "modified": "2024-10-14T20:36:05.361000", "created": "2024-05-20T16:05:06.313000", "tags": [ "stdin via", "nextron", "powershell id", "powershell", "tim rauch", "elastic", "script block", "logging", "pe32", "ms windows", "intel", "nazwa typ", "md5 nazwa", "procesu" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7268, "domain": 1310, "URL": 8101, "FileHash-SHA1": 1615, "hostname": 2590, "FileHash-MD5": 1852, "email": 267, "SSLCertFingerprint": 3, "CIDR": 38, "CVE": 7, "IPv4": 15, "YARA": 4 }, "indicator_count": 23070, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b7bb1d8a5ad0edc6615", "name": "Lh , ReduceRight Malware", "description": "", "modified": "2023-12-06T14:55:55.190000", "created": "2023-12-06T14:55:55.190000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 167, "domain": 249, "URL": 1152, "hostname": 391, "FileHash-MD5": 45 }, "indicator_count": 2004, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626acbf5b18bf4679059431e", "name": "BLNWX.COM", "description": "Users of the Internet Archive are being asked to login to the service to access the archive's archive, or PURL, and to view the Archive's collection of archived material. \u00c2\u00a31.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T17:16:37.507000", "tags": [ "error", "modulenotfound", "knew promise", "parseint", "date", "fsettimeout", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "regexp", "pseudo", "child", "sufeffxa0", "class", "attr", "foundation", "close", "user login", "cancel", "close user", "complete", "come", "sign", "cancel toggle", "purl", "administration" ], "references": [ "xfe-IP-193.149.176.62-stix2-2.1-export.json", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://purl.archive.org/", "https://purl.archive.org/static/jquery/jquery.js", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://purl.archive.org/static/app.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://modernizr.com/js/build.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1905, "hostname": 707, "domain": 494, "FileHash-SHA256": 400 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626a8a564da0d5b27dc02619", "name": "App By Web", "description": "Israeli malware hosting", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T12:36:38.103000", "tags": [ "hebrew", "truetype", "woff2", "woff", "body", "fh5cooffcanvas", "function", "click", "main menu", "superfish var", "parallax", "offcanvas", "mobile menu", "animations var", "mstouchaction", "superfish menu", "plugin", "copyright", "joel birch", "dual", "fill", "touchaction", "y position", "hoverintent", "brian cherne", "param", "threshold", "mit license", "or selector", "author", "1parseint", "mark dalgleish", "http", "webkitopacity", "webkit", "khtmlopacity", "khtml", "typeof d", "error", "this", "caleb troughton", "typeof f", "adapter", "bootstrap", "javascript", "typeof c", "twitter", "focus", "azaz", "including", "this software", "but not", "limited to", "terms of", "open", "bsd license", "redistribution", "redistributions", "neither", "direct", "gc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "date", "accept", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "documenttouch", "websocket", "string", "silk", "script", "arial", "edge", "iframe", "promise", "void", "android", "trident", "embed", "meta", "roboto", "term", "\u05d4\u05d6\u05de\u05e0\u05ea \u05de\u05d5\u05e0\u05d9\u05ea", "wtaxi", "wapp", "app by web ltd", "03-5115656", "03-5109109", "+97235115656", "\u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e1\u05e2\u05d9\u05dd", "\u05db\u05e8\u05d8\u05d9\u05e1 \u05d0\u05e9\u05e8\u05d0\u05d9 \u05d1\u05de\u05d5\u05e0\u05d9\u05ea", "web ltd", "reserved" ], "references": [ "xfe-URL-appbyweb.net-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "http://appbyweb.net/AppByWeb/js/superfish.js", "http://appbyweb.net/AppByWeb/js/main.js", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1554, "hostname": 533, "domain": 211, "FileHash-SHA256": 199 }, "indicator_count": 2497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261873303497c0dd414ef10", "name": "Jquery and 1api.net", "description": "var Cd, Zd.com, \"G1\", \"g1\" and \" G2\" are all part of the new code for Google's tag management system, which is based on the word \"tag\".", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:32:51.012000", "tags": [ "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "regexp", "pseudo", "child", "ajax", "ajaxjsonp", "ajaxload", "ajaxparsexml", "ajaxscript", "ajaxxhr", "class", "date", "null", "number", "string", "copyright", "gtmnl3llhs", "host", "path", "closure library", "xdfunction", "adfunction" ], "references": [ "xfe-URL-Jquery.com-stix2-2.1-export.json", "xfe-URL-1api.net-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NL3LLHS", "https://code.jquery.com/jquery-3.1.1.slim.min.js", "https://1api.net/js/bootstrap.min.js", "https://1api.net/css/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1235, "domain": 192, "FileHash-SHA256": 267 }, "indicator_count": 2188, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62618afdab12239895b96788", "name": "nocix malware Qe", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:49:01.885000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "typeof e", "typeof symbol", "regexp", "hotjar", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "number", "aa6060", "ui function", "e0e0e0", "eeeeee", "code for", "gauges function", "ui code", "abort", "worker", "allow", "body", "oldvalue", "transtion type", "datafield", "name", "minus", "plus", "ctrla", "click", "function", "error", "bootstrap", "javascript", "typeof c", "copyright", "twitter", "focus", "azaz", "typeof b", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "qe", "string", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw701859743", "code", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "typeerror", "symbol", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.nocix.net/js/bootstrap.min.js", "https://www.nocix.net/js/nocix.js", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 507, "URL": 1232, "domain": 170, "FileHash-SHA256": 125, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62608b1b8d323a111026565a", "name": "Malware hosting - freebit.com freebit.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=v, v.b, and b.d(d) for all of its value.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T22:37:15.955000", "tags": [ "getstate", "filter", "regexp", "function", "typeof b", "error", "null", "width", "pseudo", "child", "array", "sufeffxa0", "date", "class", "accept", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "u1ea01ef9", "e9edee", "ea3d31", "45deg", "import", "fontawesome", "html", "pron w3", "hiragino kaku", "gothic pron", "meiryo", "ir side", "menu", "hidden", "select", "click", "mspointerdown", "list", "grid", "changelayout", "40deg", "100px", "logrid", "lolist", "mstransitionend", "xfunction", "bxslider", "copyright", "written", "mit license", "next", "prev", "start", "stop", "section", "alert", "author", "link", "license", "commercial use", "noncommercial", "ccbync license", "targetsbound0", "targetsdone0" ], "references": [ "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "xfe-URL-freebit.com-stix2-2.1-export.json", "xfe-URL-Freebit.net-stix2-2.1-export.json", "http://freebit.com/common/js/jquery.mixitup.min.js", "http://freebit.com/common/js/slide.js", "http://freebit.com/common/js/jquery.bxslider.min.js", "http://freebit.com/common/js/variablelist_top.js?v=2", "http://freebit.com/common/js/function.js", "http://freebit.com/common/css/reset.css", "http://freebit.com/common/css/common.css", "http://freebit.com/common/css/top.css", "http://freebit.com/topnews.css", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 187, "URL": 1132, "hostname": 428, "FileHash-SHA256": 40 }, "indicator_count": 1787, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625effa1c4edcef37385c4eb", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:53.960000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625eff927c93e3e5cd50e191", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:38.810000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62549aabb033e7afc5069f98", "name": "Malware - victim=fr", "description": "Mme, Mlle, M. Compte, yn \u00f4l \u00c2\u00a31.5m (\u20ac2.4m; \u00e2\u201a\u00ac1m)", "modified": "2022-05-11T21:04:45.103000", "created": "2022-04-11T21:16:27.786000", "tags": [ "freebox", "free", "mois pendant", "sabonner voir", "fibre free", "la fibre", "votre", "wifi", "freebox en", "offre", "delta", "face", "prix", "date", "this", "typeof e", "true", "function", "left", "bottom", "html", "nullt", "false", "next", "february", "april", "june", "august", "atom", "cookie", "close", "null", "back", "bounce", "kolab", "target", "object", "tcfuiservice", "reflect", "typeof proxy", "boolean", "agree", "disagree", "select", "save", "learn", "click", "gnu gpl", "copyright", "javascript code", "license", "extwin1", "framed1", "roundcube", "webmail client", "script", "team", "format", "regexp", "software", "error", "pseudo", "child", "the software", "sufeffxa0", "class", "attr", "javascript", "express", "nous", "didomi", "typeof t", "hmuvfyyh", "sekindo", "lkqd", "aol cdn", "ffffff", "montserrat", "adsl", "offres adsl", "internet", "t\u00e9l\u00e9phone", "t\u00e9l\u00e9phonie", "mobiles", "forfaits mobiles", "tv", "t\u00e9l\u00e9vision", "vod", "vid\u00e9o \u00e0 la demande", "multiposte", "radio", "routeur", "freeplayer", "multiplay", "d\u00e9groupage", "total", "partiel", "e-mail", "mail", "m\u00e9l", "fournisseur d'acc\u00e8s", "i.s.p.", "isp", "internaute", "internautes", "france", "fran\u00e7ais", "zimbra", "le webmail", "free fait", "webmail imp", "cela n", "webmail zimbra", "stockage", "pour migrer", "accder", "testteltext", "sans", "testziptext", "testziptext i", "testteltext i", "typenumber", "screenh", "tvbycanal", "tvbycanal147", "tvbycanal204", "tvbycanal83", "tvbycanal80", "tvbycanal34", "4000", "typeof console", "console", "nullc", "nulld", "customevent", "msanimationend", "typeof n", "typeof r", "x20trnf", "width", "accept", "json", "moz o", "custom build", "https", "xmlhttprequest", "typeof module", "webkit", "android", "flash", "span", "un espace", "phpmysql", "helvetica" ], "references": [ "xfe-IP-212.27.63.109-stix2-2.1-export.json", "http://pageperso.free.fr/im/css/free.css", "http://passback.free.fr/pub/pp_300x250.html", "https://subscribe.free.fr/accesgratuit/index.html", "https://subscribe.free.fr/assets/js/vendor/modernizr.custom.js", "https://subscribe.free.fr/assets/js/vendor/jquery-1.9.1.min.js", "https://subscribe.free.fr/assets/js/plugins.min.js", "https://subscribe.free.fr/assets/js/vendor/wow.min.js", "https://subscribe.free.fr/assets/js/main.min.js", "https://subscribe.free.fr/assets/css/accesgratuit.min.css", "https://subscribe.free.fr/assets/css/app2.min.css", "https://webmail.free.fr/", "https://sdk.privacy-center.org/87df2f8d-232a-4617-8efc-3764b3bbd0c0/loader.js?target=webmail.free.fr", "https://webmail.free.fr/program/js/jquery.min.js?s=1510166541", "https://webmail.free.fr/program/js/app.min.js?s=1510166525", "https://sdk.privacy-center.org/ui-gdpr-en.a96c69ed0cb8f37a2deea6c49dd453517875ac60.js", "https://webmail.free.fr/plugins/jqueryui/js/jquery-ui.min.js?s=1510166524", "https://www.free.fr/freebox/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1078, "URL": 2104, "domain": 290, "FileHash-SHA256": 117, "FileHash-MD5": 4, "FileHash-SHA1": 2 }, "indicator_count": 3595, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6253010ef22c26bcdba2869a", "name": "Lh , ReduceRight Malware", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T16:08:46.450000", "tags": [ "reduceright", "number", "string", "gztj64z90qf", "regexp", "r300", "error", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "fontface", "woff", "woff2", "sans", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "lh", "trackevent", "onceperelement", "u003e div", "xgfunction", "gtmk6chb3b", "query", "form", "click", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "fragment", "xdfunction", "light", "regular", "bold", "verdana", "sansserif", "helvetica", "sltb", "slsavebutton2", "arial", "slh2", "slh3", "slsavebutton", "xrt2", "version", "xparsefloat", "typeof b", "function", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "accept" ], "references": [ "xfe-URL-ketoluqidslim.us-stix2-2.1-export.json", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/63c9d725454afa40dc86453f4a52812f.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/a36a95c9dccfd8d0b6ccb62ed162150a.css", "https://www.googletagmanager.com/gtag/js?id=G-ZTJ64Z90QF&l=dataLayer&cx=c", "https://www.googleoptimize.com/optimize.js?id=OPT-MTGSVG5", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtm.js?id=GTM-K6CHB3B", "https://fonts.googleapis.com/css2?family=Open+Sans&family=Oswald:wght@400;600;700&family=Roboto+Condensed:wght@400;700&display=swap", "xfe-URL-nertiob.pw-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1153, "hostname": 391, "FileHash-SHA256": 167, "domain": 249, "FileHash-MD5": 45 }, "indicator_count": 2005, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6250b15f2509705305127d3d", "name": "Unnamed Malware", "description": "This is the full text of an online forum for people under the age of 18, set up in the United States, and published on the website of the site's founder, JK Rowling.", "modified": "2022-05-08T22:03:06.754000", "created": "2022-04-08T22:04:15.223000", "tags": [ "error", "modulenotfound", "infinite", "function", "mouseevent", "dommousescroll", "date", "event", "bscroll", "u200", "typeof s", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "cookie", "slice", "open", "code", "path", "info", "null", "this", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "canvas", "tencent", "barrio", "regexp", "typeof b", "width", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "arisa bd", "director", "uncut bd", "4 bd", "milk1 bd", "cage1 bd", "discodepart1 bd", "discodepart2 bd", "milk4 bd", "wife", "mother", "shown", "meta", "viewport" ], "references": [ "xfe-IP-103.120.25.185-stix2-2.1-export.json", "http://www.yichenghy.com/common.js", "http://www.yichenghy.com/tj.js", "https://yeyeai3.xyz/", "https://www.2610.app:5766/?agent=7762453360", "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "http://v8714.com/", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 903, "hostname": 370, "domain": 112, "FileHash-SHA256": 20, "FileHash-MD5": 3 }, "indicator_count": 1408, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624f2e8aebe8893d7e4f68d5", "name": "IBM EARLY WARNING URL - ketoqitugslim.us", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-07T00:03:18.570000", "created": "2022-04-07T18:33:46.056000", "tags": [ "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "multiple", "href", "typesearch", "helvetica", "typemonth", "typebutton", "typereset", "typesubmit", "arial", "date", "version", "xparsefloat", "regexp", "error", "typeof b", "function", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "accept" ], "references": [ "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/23190726c18d12eb341ebb4c6d4573ab.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/89782cd052fb72c4f9df6bd5644f2afb.css", "xfe-URL-ketoqitugslim.us-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 659, "hostname": 266, "domain": 112, "FileHash-MD5": 5 }, "indicator_count": 1042, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249a9e497137f9627e5a794", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:09:48.093000", "created": "2022-04-03T14:06:28.503000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1048, "domain": 132, "hostname": 311 }, "indicator_count": 1491, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249a9e3fcaee2fb956ffacc", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:06:27.271000", "created": "2022-04-03T14:06:27.271000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1047, "domain": 132, "hostname": 311 }, "indicator_count": 1490, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62497a9c72edc277fb20e52f", "name": "'+titlestr+'", "description": "If you want to see what is going on at this time of year, spare a thought for T.t.m.T.g.ts.com; T-t=t,", "modified": "2022-04-03T10:44:44.074000", "created": "2022-04-03T10:44:44.074000", "tags": [ "typeof t", "typeof symbol", "nthis", "msger", "typeof e", "image", "error", "typeerror", "new date", "codeverify", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "date", "cookie", "slice", "open", "code", "path", "info", "null", "this", "webpackrequire", "othis", "object", "array", "executor", "canvas", "function", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "click", "typeof", "typeof define", "typeof c", "copyright", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "james levine", "udid", "x61x70x70x6cx79", "azaz", "0x5372", "0x19", "0x3de55b", "0x24a5d4", "0x5c", "0x19c89f", "0x2f1b4a", "0x4d1e1f", "0x1a", "0x29", "window", "honor", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "onload", "android", "regexp", "x20trnf", "class", "attr", "pseudo", "child", "swiper", "most", "mit license", "january", "typeof b", "sufeffxa0", "void", "typeof n", "appappapp", "next", "toh5", "channelcode", "androidos", "linux", "ipad", "macintosh", "promise", "xmlhttprequest", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "width", "accept", "cnzzdata", "czuuid", "umdistinctid", "version", "october", "win32", "name", "html", "meta", "viewport" ], "references": [ "http://www.laijcm.com/common.js", "http://www.laijcm.com/tj.js", "http://kk164.xyz/", "https://x4707.com:5443/?register=1", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://www.xvsgwa.com/qz1IJUpc.html", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://www.bibo14.app:2611/css/h5/reset.css", "https://www.dongtiankuangye.com/a002/config.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://sdk.51.la/js-sdk-pro.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://ty66as.jxdysw.cn/1whpv", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1528, "hostname": 543, "domain": 209, "FileHash-SHA256": 127, "email": 1, "FileHash-MD5": 4 }, "indicator_count": 2412, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249330bfdce75b6a0667154", "name": "Malware cont..", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-04-03T05:39:23.816000", "created": "2022-04-03T05:39:23.816000", "tags": [ "2000px", "120deg", "10px", "e9e7e7", "b2b2b2", "webkitkeyframes", "f8f8f8", "d3d4d3", "c9c5c5", "alpha", "web mit", "license http", "invalid", "activexobject", "msies", "msanimationend", "typeof e", "typeof f", "typeof y", "typeof define", "function", "null", "typeof t", "array", "value", "regexp", "textarea", "azaz", "typeof n", "this", "date", "infinity", "iframe", "error", "typeof b", "pseudo", "child", "width", "sufeffxa0", "class", "accept" ], "references": [ "https://cdn.staticfile.org/jquery/2.1.4/jquery.min.js", "https://cdn.staticfile.org/vue/1.0.21/vue.min.js", "https://cdn.staticfile.org/layer/3.1.1/layer.js", "https://cdn.staticfile.org/layer/3.1.1/theme/default/layer.css?v=3.1.1" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 914, "FileHash-SHA256": 23, "hostname": 339, "domain": 126 }, "indicator_count": 1402, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1520 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://passback.free.fr/pub/pp_300x250.html", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "xfe-URL-Zhuzi.me-stix2-2.1-export.json", "https://www.xvsgwa.com/qz1IJUpc.html", "http://www.yichenghy.com/common.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://cdn.staticfile.org/jquery/2.1.4/jquery.min.js", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://1api.net/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=G-ZTJ64Z90QF&l=dataLayer&cx=c", "xfe-IP-212.27.63.109-stix2-2.1-export.json", "https://fonts.googleapis.com/css2?family=Open+Sans&family=Oswald:wght@400;600;700&family=Roboto+Condensed:wght@400;700&display=swap", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "xfe-URL-Jquery.com-stix2-2.1-export.json", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/89782cd052fb72c4f9df6bd5644f2afb.css", "https://ty66as.jxdysw.cn/1whpv", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "https://www.2610.app:5766/?agent=7762453360", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap", "https://6112.hnsstjc.com/a002/xpj.php", "http://appbyweb.net/AppByWeb/js/main.js", "xfe-URL-1api.net-stix2-2.1-export.json", "https://subscribe.free.fr/assets/js/plugins.min.js", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "http://freebit.com/common/js/variablelist_top.js?v=2", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sofire.bdstatic.com/js/dfxaf.js", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "xfe-URL-nertiob.pw-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-K6CHB3B", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "http://slulutz02.com/", "https://cstaticdun.126.net/load.min.js?t=202007291602", "http://push.zhanzhang.baidu.com/push.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/7bf60781816875acb6c04aa4f706c4ad.js", "https://www.bibo14.app:2611/js/cncc.js", "xfe-URL-Easydns.com-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb/js/superfish.js", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "xfe-IP-193.149.176.62-stix2-2.1-export.json", "https://subscribe.free.fr/assets/js/main.min.js", "https://www.google-analytics.com/analytics.js", "xfe-URL-ketoluqidslim.us-stix2-2.1-export.json", "https://modernizr.com/js/build.js", "https://webmail.free.fr/plugins/jqueryui/js/jquery-ui.min.js?s=1510166524", "xfe-URL-Purl.com-stix2-2.1-export.json", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://cdn.staticfile.org/layer/3.1.1/layer.js", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/63c9d725454afa40dc86453f4a52812f.css", "https://subscribe.free.fr/assets/js/vendor/jquery-1.9.1.min.js", "xfe-URL-freebit.com-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "https://sdk.privacy-center.org/ui-gdpr-en.a96c69ed0cb8f37a2deea6c49dd453517875ac60.js", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "http://appbyweb.net/AppByWeb", "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "xfe-IP-103.120.25.185-stix2-2.1-export.json", "http://www.yichenghy.com/tj.js", "https://6112.hnsstjc.com/a002/js/fontSize.js", "http://pageperso.free.fr/im/css/free.css", "https://cdn.staticfile.org/layer/3.1.1/theme/default/layer.css?v=3.1.1", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://webmail.free.fr/program/js/app.min.js?s=1510166525", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "http://freebit.com/common/css/common.css", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://freebit.com/common/css/reset.css", "https://webmail.free.fr/", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&", "https://m9277.com/tsnew-download/js/jquery.min.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://subscribe.free.fr/assets/css/app2.min.css", "https://code.jquery.com/jquery-3.1.1.slim.min.js", "https://m2855.com:35003/", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "https://sdk.privacy-center.org/87df2f8d-232a-4617-8efc-3764b3bbd0c0/loader.js?target=webmail.free.fr", "http://www.laijcm.com/tj.js", "http://freebit.com/common/css/top.css", "https://cdn.staticfile.org/vue/1.0.21/vue.min.js", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css", "http://freebit.com/common/js/function.js", "https://purl.archive.org/", "https://www.free.fr/freebox/", "https://subscribe.free.fr/assets/js/vendor/modernizr.custom.js", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://freebit.com/common/js/jquery.bxslider.min.js", "https://1api.net/css/bootstrap.min.css", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "https://client.crisp.chat/l.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "https://www.nocix.net/js/nocix.js", "https://www.googleoptimize.com/optimize.js?id=OPT-MTGSVG5", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://yeyeai3.xyz/", "https://purl.archive.org/static/jquery/jquery.js", "https://mgttse001.vip/static/js/jquery.js", "https://www.bibo14.app:2611/css/h5/reset.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/a36a95c9dccfd8d0b6ccb62ed162150a.css", "https://m9277.com/tsnew-download/index.html", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "http://freebit.com/common/js/slide.js", "https://www.vgt.pl/js/jquery-3.2.1.min.js", "https://subscribe.free.fr/accesgratuit/index.html", "http://static.geetest.com/static/js/geetest.6.0.9.js", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://sdk.51.la/js-sdk-pro.min.js", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/af74c0184a1151090f275e5d06fe0387.js", "xfe-URL-Freebit.net-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "https://webmail.free.fr/program/js/jquery.min.js?s=1510166541", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NL3LLHS", "xfe-URL-appbyweb.net-stix2-2.1-export.json", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "http://freebit.com/common/js/jquery.mixitup.min.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://subscribe.free.fr/assets/css/accesgratuit.min.css", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "http://v8714.com/", "http://freebit.com/topnews.css", "https://nertiob.pw/lander/us-leanstartketov8-pre2-cryp.im/assets/23190726c18d12eb341ebb4c6d4573ab.css", "https://www.nocix.net/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "http://kk164.xyz/", "http://www.laijcm.com/common.js", "https://www.dongtiankuangye.com/a002/config.js", "https://subscribe.free.fr/assets/js/vendor/wow.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://purl.archive.org/static/app.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "xfe-URL-ketoqitugslim.us-stix2-2.0-export.json", "https://x4707.com:5443/?register=1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Qe", "Reduceright", "Lh", "Gc" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 22, "pulses": [ { "id": "673dc97604d5c7076da96877", "name": "https://www.vgt.pl/js/jquery-3.2.1.min.js", "description": "JQuery v3.2.1 is released by the JS Foundation and is based on the code written by Jeremy Chilcot, the co-creator of the popular web browser, JQuery.", "modified": "2025-07-31T22:43:55.771000", "created": "2024-11-20T11:35:18.167000", "tags": [ "regexp", "error", "pseudo", "child", "sufeffxa0", "class", "attr", "js foundation", "typeof module", "object", "date", "null" ], "references": [ "https://www.vgt.pl/js/jquery-3.2.1.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 172, "hostname": 404, "URL": 969, "domain": 98, "FileHash-MD5": 178, "FileHash-SHA256": 355, "IPv4": 3 }, "indicator_count": 2179, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "304 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664b74b2683dec84891aef96", "name": "PrivateLoader is a malware with a module structure that has the capability is to download and execute one or several payloads", "description": "http://185.172.128.69/batushka/inte.exe \nhttp://185.172.128.69/allnewumm.exe\nhttp://185.172.128.69/brandumma.exe\nhttp://185.172.128.69/files\nhttp://185.172.128.69/files/US.file\nhttp://185.172.128.69/latestumma.exe\nhttp://185.172.128.69/newumma.exe\nhttp://185.172.128.69/sekundumma.exe\nhttp://185.172.128.69/ummanew.exe", "modified": "2024-10-14T20:36:05.361000", "created": "2024-05-20T16:05:06.313000", "tags": [ "stdin via", "nextron", "powershell id", "powershell", "tim rauch", "elastic", "script block", "logging", "pe32", "ms windows", "intel", "nazwa typ", "md5 nazwa", "procesu" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7268, "domain": 1310, "URL": 8101, "FileHash-SHA1": 1615, "hostname": 2590, "FileHash-MD5": 1852, "email": 267, "SSLCertFingerprint": 3, "CIDR": 38, "CVE": 7, "IPv4": 15, "YARA": 4 }, "indicator_count": 23070, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "594 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b7bb1d8a5ad0edc6615", "name": "Lh , ReduceRight Malware", "description": "", "modified": "2023-12-06T14:55:55.190000", "created": "2023-12-06T14:55:55.190000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 167, "domain": 249, "URL": 1152, "hostname": 391, "FileHash-MD5": 45 }, "indicator_count": 2004, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626acbf5b18bf4679059431e", "name": "BLNWX.COM", "description": "Users of the Internet Archive are being asked to login to the service to access the archive's archive, or PURL, and to view the Archive's collection of archived material. \u00c2\u00a31.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T17:16:37.507000", "tags": [ "error", "modulenotfound", "knew promise", "parseint", "date", "fsettimeout", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "regexp", "pseudo", "child", "sufeffxa0", "class", "attr", "foundation", "close", "user login", "cancel", "close user", "complete", "come", "sign", "cancel toggle", "purl", "administration" ], "references": [ "xfe-IP-193.149.176.62-stix2-2.1-export.json", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://purl.archive.org/", "https://purl.archive.org/static/jquery/jquery.js", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://purl.archive.org/static/app.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://modernizr.com/js/build.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1905, "hostname": 707, "domain": 494, "FileHash-SHA256": 400 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626a8a564da0d5b27dc02619", "name": "App By Web", "description": "Israeli malware hosting", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T12:36:38.103000", "tags": [ "hebrew", "truetype", "woff2", "woff", "body", "fh5cooffcanvas", "function", "click", "main menu", "superfish var", "parallax", "offcanvas", "mobile menu", "animations var", "mstouchaction", "superfish menu", "plugin", "copyright", "joel birch", "dual", "fill", "touchaction", "y position", "hoverintent", "brian cherne", "param", "threshold", "mit license", "or selector", "author", "1parseint", "mark dalgleish", "http", "webkitopacity", "webkit", "khtmlopacity", "khtml", "typeof d", "error", "this", "caleb troughton", "typeof f", "adapter", "bootstrap", "javascript", "typeof c", "twitter", "focus", "azaz", "including", "this software", "but not", "limited to", "terms of", "open", "bsd license", "redistribution", "redistributions", "neither", "direct", "gc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "null", "date", "accept", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "documenttouch", "websocket", "string", "silk", "script", "arial", "edge", "iframe", "promise", "void", "android", "trident", "embed", "meta", "roboto", "term", "\u05d4\u05d6\u05de\u05e0\u05ea \u05de\u05d5\u05e0\u05d9\u05ea", "wtaxi", "wapp", "app by web ltd", "03-5115656", "03-5109109", "+97235115656", "\u05de\u05e2\u05e8\u05db\u05d5\u05ea \u05d4\u05e1\u05e2\u05d9\u05dd", "\u05db\u05e8\u05d8\u05d9\u05e1 \u05d0\u05e9\u05e8\u05d0\u05d9 \u05d1\u05de\u05d5\u05e0\u05d9\u05ea", "web ltd", "reserved" ], "references": [ "xfe-URL-appbyweb.net-stix2-2.1-export.json", "http://appbyweb.net/AppByWeb", "https://partner.googleadservices.com/gampad/cookie.js?domain=appbyweb.net&callback=_gfp_s_&client=ca-pub-2581829468247892", "https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204200101/show_ads_impl_fy2019.js", "http://appbyweb.net/AppByWeb/js/modernizr-2.6.2.min.js", "http://appbyweb.net/AppByWeb/js/jquery.min.js", "http://appbyweb.net/AppByWeb/js/jquery.easing.1.3.js", "http://appbyweb.net/AppByWeb/js/bootstrap.min.js", "http://appbyweb.net/AppByWeb/js/jquery.waypoints.min.js", "http://appbyweb.net/AppByWeb/js/jquery.stellar.min.js", "http://appbyweb.net/AppByWeb/js/hoverIntent.js", "http://appbyweb.net/AppByWeb/js/superfish.js", "http://appbyweb.net/AppByWeb/js/main.js", "https://files.appbyweb.net/Fonts/OpenSansHebrew/font.css", "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2581829468247892&output=html&adk=1812271804&adf=3025194257&lmt=1651149220&plat=16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C32%3A32&format=0x0&url=http%3A%2F%2Fappbyweb.net%2FAppByWeb%2F&ea=0&pra=5&wgl=1&dt=1651149220376&bpp=1&bdt=121&idt=18&shv=r20220425&mjsv=m202204200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De83d6067a4dac5b6-229192c549d200d1%3AT%3D1651148802%3ART%3D1651148802%3AS%3DALNI_MZSt9utXhYBHAIH9xwQp72WuxQxTw&nras=1&correlator=1655793633284&" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1554, "hostname": 533, "domain": 211, "FileHash-SHA256": 199 }, "indicator_count": 2497, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261873303497c0dd414ef10", "name": "Jquery and 1api.net", "description": "var Cd, Zd.com, \"G1\", \"g1\" and \" G2\" are all part of the new code for Google's tag management system, which is based on the word \"tag\".", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:32:51.012000", "tags": [ "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "regexp", "pseudo", "child", "ajax", "ajaxjsonp", "ajaxload", "ajaxparsexml", "ajaxscript", "ajaxxhr", "class", "date", "null", "number", "string", "copyright", "gtmnl3llhs", "host", "path", "closure library", "xdfunction", "adfunction" ], "references": [ "xfe-URL-Jquery.com-stix2-2.1-export.json", "xfe-URL-1api.net-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NL3LLHS", "https://code.jquery.com/jquery-3.1.1.slim.min.js", "https://1api.net/js/bootstrap.min.js", "https://1api.net/css/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1235, "domain": 192, "FileHash-SHA256": 267 }, "indicator_count": 2188, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ga.select", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ga.select", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780339267.6779401 }