{ "type": "Domain", "indicator": "h.ca", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/h.ca", "alexa": "http://www.alexa.com/siteinfo/h.ca", "indicator": "h.ca", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2265775963, "indicator": "h.ca", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "67709b347e368914cb5d1fa2", "name": "ld869rwRuHeO9Tw.exe 1d773d866966940f042d442b9e0cec638e733a83f7137cbdd4e70d4cb9803ada", "description": "https://www.hybrid-analysis.com/sample/1d773d866966940f042d442b9e0cec638e733a83f7137cbdd4e70d4cb9803ada/677086f7a2798798250fafcd\nLastcode analysis wedi cyhoeddi i'wadu cyffredinol, \u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m.", "modified": "2025-05-14T21:11:16.436000", "created": "2024-12-29T00:43:32.094000", "tags": [ "sha256 file", "type type", "language chi2", "image english", "us 1", "1 upx1", "monitoruj", "rozszerzenia", "kali linux", "live boot", "apple m1", "kolekcja dvd", "sound pool", "hashdb narodowa", "oprogramowania", "nsrl", "programfiles", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha1", "sha256", "runtime process", "description zip", "type", "size", "error", "null", "install", "bitcoin", "python", "calendar", "xorist", "path", "refresh", "body", "span", "green", "win32", "designer", "filler", "tools", "black", "wallpaper", "zapis", "pulpit", "autoit", "bill", "light", "stars", "look", "verify", "restart", "desktop" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 491, "FileHash-MD5": 452, "FileHash-SHA1": 458, "BitcoinAddress": 1, "URL": 39, "domain": 66, "hostname": 18 }, "indicator_count": 1525, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b98527049ba5438e5ad", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "", "modified": "2023-12-06T14:56:24.859000", "created": "2023-12-06T14:56:24.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 403, "FileHash-SHA256": 161, "hostname": 482, "URL": 929 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b9517363fdfb72ab1d4", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "", "modified": "2023-12-06T14:56:21.300000", "created": "2023-12-06T14:56:21.300000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 403, "FileHash-SHA256": 161, "hostname": 482, "URL": 929 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62752a3d78ce35783bfc85cc", "name": "SafeFrame Container", "description": "If you want to know what is going to happen when you create a non-iterable object, try these three pieces of code in the form of a new \"word\" or \"phrase\".", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T14:01:33.267000", "tags": [ "public", "typeof", "typeof define", "array", "typeerror", "typeof symbol", "error", "typeof enulle", "sdkversion", "internal", "date", "cnzzdata", "czuuid", "umdistinctid", "typeof e", "typeof t", "version", "swiper", "most", "copyright", "mit license", "april", "trident", "win32", "class", "lh", "vd", "function", "overlaylevel", "zdhxiong", "customevent", "symbol", "object", "string", "number", "null", "uint8array", "typeof b", "iframe", "android", "embed", "meta", "0x14a", "0x104", "0x97", "0xe1", "0x228", "0x12b", "0x14e", "0xf5", "0x11a", "0xc6", "sxa0", "typeof d", "closure library", "array int8array", "b1342177279", "regexp", "typeof r", "pseudo", "child", "typeof n", "template", "void", "this", "ienew ca", "quota", "aafunction", "dafunction", "gc", "trackpageview", "trackevent", "gtmmdcvhgd", "node", "element", "path", "reduceright", "p420", "gc3w7t6h5qw", "kafunction", "fafafa", "xlfunction", "kkfunction", "nkfunction", "qkfunction", "rkfunction", "skfunction", "span", "edge", "bad idp", "bad event", "crios", "invalid attempt", "afunction", "ufunction", "kfunction" ], "references": [ "xfe-URL-himado.com-stix2-2.1-export.json", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/layui/layui.all.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/js/swiper.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2262, "URL": 8251, "FileHash-SHA256": 1416, "domain": 2979 }, "indicator_count": 14908, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6254b50d3a75591979e89aff", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt\n\nhttp://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T23:09:01.491000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "tcid", "icmp6", "ei6oa", "smhl4", "nonpx", "scls" ], "references": [ "http://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 929, "hostname": 482, "domain": 403, "FileHash-SHA256": 161 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6254b50f075fa30a99c7021c", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt\n\nhttp://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T23:09:03.497000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "tcid", "icmp6", "ei6oa", "smhl4", "nonpx", "scls" ], "references": [ "http://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 929, "hostname": 482, "domain": 403, "FileHash-SHA256": 161 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://himado.com/heihei/layui/layui.all.js", "xfe-URL-Aliyun.com-stix2-2.1-export.json", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/js/swiper.min.js", "xfe-URL-himado.com-stix2-2.1-export.json", "http://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "http://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Lh", "Gc", "Reduceright", "Vd" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "67709b347e368914cb5d1fa2", "name": "ld869rwRuHeO9Tw.exe 1d773d866966940f042d442b9e0cec638e733a83f7137cbdd4e70d4cb9803ada", "description": "https://www.hybrid-analysis.com/sample/1d773d866966940f042d442b9e0cec638e733a83f7137cbdd4e70d4cb9803ada/677086f7a2798798250fafcd\nLastcode analysis wedi cyhoeddi i'wadu cyffredinol, \u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m.", "modified": "2025-05-14T21:11:16.436000", "created": "2024-12-29T00:43:32.094000", "tags": [ "sha256 file", "type type", "language chi2", "image english", "us 1", "1 upx1", "monitoruj", "rozszerzenia", "kali linux", "live boot", "apple m1", "kolekcja dvd", "sound pool", "hashdb narodowa", "oprogramowania", "nsrl", "programfiles", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha1", "sha256", "runtime process", "description zip", "type", "size", "error", "null", "install", "bitcoin", "python", "calendar", "xorist", "path", "refresh", "body", "span", "green", "win32", "designer", "filler", "tools", "black", "wallpaper", "zapis", "pulpit", "autoit", "bill", "light", "stars", "look", "verify", "restart", "desktop" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 491, "FileHash-MD5": 452, "FileHash-SHA1": 458, "BitcoinAddress": 1, "URL": 39, "domain": 66, "hostname": 18 }, "indicator_count": 1525, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b98527049ba5438e5ad", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "", "modified": "2023-12-06T14:56:24.859000", "created": "2023-12-06T14:56:24.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 403, "FileHash-SHA256": 161, "hostname": 482, "URL": 929 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b9517363fdfb72ab1d4", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "", "modified": "2023-12-06T14:56:21.300000", "created": "2023-12-06T14:56:21.300000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 403, "FileHash-SHA256": 161, "hostname": 482, "URL": 929 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62752a3d78ce35783bfc85cc", "name": "SafeFrame Container", "description": "If you want to know what is going to happen when you create a non-iterable object, try these three pieces of code in the form of a new \"word\" or \"phrase\".", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T14:01:33.267000", "tags": [ "public", "typeof", "typeof define", "array", "typeerror", "typeof symbol", "error", "typeof enulle", "sdkversion", "internal", "date", "cnzzdata", "czuuid", "umdistinctid", "typeof e", "typeof t", "version", "swiper", "most", "copyright", "mit license", "april", "trident", "win32", "class", "lh", "vd", "function", "overlaylevel", "zdhxiong", "customevent", "symbol", "object", "string", "number", "null", "uint8array", "typeof b", "iframe", "android", "embed", "meta", "0x14a", "0x104", "0x97", "0xe1", "0x228", "0x12b", "0x14e", "0xf5", "0x11a", "0xc6", "sxa0", "typeof d", "closure library", "array int8array", "b1342177279", "regexp", "typeof r", "pseudo", "child", "typeof n", "template", "void", "this", "ienew ca", "quota", "aafunction", "dafunction", "gc", "trackpageview", "trackevent", "gtmmdcvhgd", "node", "element", "path", "reduceright", "p420", "gc3w7t6h5qw", "kafunction", "fafafa", "xlfunction", "kkfunction", "nkfunction", "qkfunction", "rkfunction", "skfunction", "span", "edge", "bad idp", "bad event", "crios", "invalid attempt", "afunction", "ufunction", "kfunction" ], "references": [ "xfe-URL-himado.com-stix2-2.1-export.json", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/layui/layui.all.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/js/swiper.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2262, "URL": 8251, "FileHash-SHA256": 1416, "domain": 2979 }, "indicator_count": 14908, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6254b50d3a75591979e89aff", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt\n\nhttp://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T23:09:01.491000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "tcid", "icmp6", "ei6oa", "smhl4", "nonpx", "scls" ], "references": [ "http://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 929, "hostname": 482, "domain": 403, "FileHash-SHA256": 161 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 394, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6254b50f075fa30a99c7021c", "name": "http://milab.cs.purded.edu/media/tasklog/ - a lot of data", "description": "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt\n\nhttp://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt\nhttp://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt", "modified": "2022-05-11T00:02:13.446000", "created": "2022-04-11T23:09:03.497000", "tags": [ "ts val", "flags", "unknown", "ip6 fe80", "tcid", "icmp6", "ei6oa", "smhl4", "nonpx", "scls" ], "references": [ "http://milab.cs.purdue.edu/media/tasklog/fd60d718-4d6b-40b3-9e58-7b98cf1926a9/CEXP_155185615171517675-b8e9-4f8d-8037-c653e15a1646_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/bdc8bf95-e987-4a6f-b1ff-05a9e6e0b4a5/CEXP_15519067005351d04a-bf72-4df4-808a-5c67b40f0754_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/b4eff735-7a01-4a85-8a47-83ba1eaaaf12/CEXP_1551906810861a9201-696e-4aaf-a0da-08ce69d2b709_esp.txt", "http://milab.cs.purdue.edu/media/tasklog/e955eceb-a623-424f-9067-9cbb00e1ba93/CEXP_15519006996bbfc155-775c-4bde-9e5c-cccca344ce12_esp.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 929, "hostname": 482, "domain": 403, "FileHash-SHA256": 161 }, "indicator_count": 1975, "is_author": false, "is_subscribing": null, "subscriber_count": 396, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "h.ca", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "h.ca", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780308883.8255215 }