{ "type": "Domain", "indicator": "hide.call", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/hide.call", "alexa": "http://www.alexa.com/siteinfo/hide.call", "indicator": "hide.call", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2815911935, "indicator": "hide.call", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 18, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "279 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eff46bdd371899ca5be7d7", "name": "CrypterX-gen | Video-lal.com | M. Brian Sabey \u2022 Hall Render | Rexxfield", "description": "Videolal results. Parked. Owner of domain has subsidiaries including Huge Domains. It's possible for attacker to post a 404 error page, park, post it for sale, malvertize. HoneyPotBot? \n\nFireeye. A bit much. william.ballenthin@fireeye.com\t\ncontain a resource (.rsrc) section moritz.raabe@fireeye.com. Overkill. What would Scooby Doo? Scooby!? \nTarget reports opening her MacBook Pro after it was replaced by Apple. It hadn't been in use. She opened it, surprised it was on, automatically connected to a store wifi (she was home) A worker was typing away in terminal. Fought hacker for recordings app containing Jeffrey Reimers aggressions. She lost. Terrified she murdered her MacBook by drowning & dismemberment. Big mistake. Cloned MacBook. Clicked on links trigger malicious downloads, network & DNS issues.", "modified": "2024-04-11T04:01:24.166000", "created": "2024-03-12T06:21:31.484000", "tags": [ "upatre malware", "rwi dtools", "page dow", "security", "bitfender", "yandex", "malware", "all octoseek", "av detections", "ids detections", "yara detections", "alerts", "file score", "fireeye", "injection", "worm", "trojan", "network", "poster", "honeybots", "united", "unknown", "win32upatre mar", "passive dns", "entries", "ipv4", "body", "artro", "generic malware", "formbook", "tag count", "threat report", "ip summary", "url summary", "generic", "hostnames", "pattern match", "ascii text", "png image", "root ca", "file", "authority", "indicator", "mitre att", "ck id", "class", "date", "enterprise", "hybrid", "accept", "general", "local", "click", "strings", "trident", "as47846", "germany unknown", "as2906 netflix", "scan endpoints", "domain", "urls", "files", "trojanspy", "mozilla", "dynamicloader", "medium", "title", "ms windows", "head", "intel", "inetsim http", "delete c", "show", "winnt", "copy", "powershell", "write", "next", "suspicious", "shop", "graph api", "status", "join", "vt community", "api key", "xcitium verdict", "cloud", "contacted", "contacted urls", "ssl certificate", "referrer", "historical ssl", "parent domain", "apple ios", "resolutions", "execution", "hacktool", "outbound connection", "detection list", "blacklist" ], "references": [ "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/ \u2022", "http://systemforex.de/search/redirect.php?f= | http://it.marksypark.com | dont-delete.hugedomains.com | http://selfsparkcentral.com", "william.ballenthin@fireeye.com contain a resource (.rsrc) section\tmoritz.raabe@fireeye.com | Pattern match: \"jloup@gzip.org\" & \"fancybox@3.5.7\"", "FormBook: 104.247.81.53 \u2022 http://www.nimtax.com/k9/,Formbook,Medium,9/9/2019,1/7/2020", "Win32:CrypterX-gen\\ [Trj] | FileHash-MD5 6878e9896fdd84dcc11c997c9b7330ba", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA1 2e586f8db46953532b5e25e07add4dbaeea83a79", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA256 00027d11309d55312ae77f32d4ae79671c91f541e577bace7a5a5abde05563ad", "Win32/Renos: https://otx.alienvault.com/malware/ALF:JASYP:TrojanDownloader:Win32%2FRenos/", "Other:Malware-gen\\ [Trj] | FileHash-MD5 b5168dab50187b33460201b35b96dea7", "Other:Malware-gen\\ [Trj] | FileHash-SHA1 68868b3d0115e3d06f5fddb9d2ea6ad54270166c", "Other:Malware-gen\\ [Trj] | FileHash-SHA256 0000ba467dd40046e240c11251d9db03636d0e7c6f9f96354a46a441c2003143", "allocates_execute_remote_process \u2022 injection_write_memory \u2022 injection_resumethread \u2022 packer_entropy \u2022 network _icmp \u2022 injection_runpe", "injection_write_memory_exe \u2022 injection_ntsetcontextthread \u2022 dumped_buffer \u2022 checks_debugger \u2022 generates_crypto_key \u2022 antivm_memory_available", "CnC IP Addresses: 104.247.81.53 \u2022 185.64.219.6 \u2022 199.191.50.82 \u2022 203.107.45.167 \u2022 91.195.240.94 \u2022 167.235.143.33", "AA47 More AV Detection Ratio 984 / 1000 IDS Detections Win32.Renos/ArtroMALWARETrojan Checkin M1 Possible Fake AV Checkin Fakealert. AA47 More AV Detection Ratio 984 / 1000 IDS Detections /Trojan Checkin M1 Possible Fake AV Checkin Fakealert.", "Videolal: 18.119.154.66:80 (endpoint request) \u2022 54.209.32.212 \u2022 http://videolal.com (phishing) \u2022 http://videolal.com/ \u2022 videolal.com \u2022 www.videolal.com \u2022", "www.videolal.com \u2022 httpvideolal.com \u2022 https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct.html", "https://www.hugedomains.com/domain_profile.cfm?d=videolal.com \u2022 https://www.hugedomains.com/domain_profile.cfm?d=videolal.com\"", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html \u2022", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct-miscinception.html", "https://videolal.com/videos/tsara-brashears-assaulted-by-jeffrey-reimer-metlife-login-retirement.html \u2022 https://videolal.com/css/js/jquery-ui.min.js", "https://videolal.com/videos/tsara-brashears-dead-by-daylight.html \u2022 https://videolal.com/css/jquery-ui.css \u2022 http://videolal.com/tsara-brashears.html", "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/tsara-brashears.html \u2022 http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "http://videolal.com/jeffrey-reimer-dpt-sexual-misconduct.html \u2022 http://videolal.com/tsara-brashears.html", "http://videolal.com/tsara-brashears-dead-or-alive-song-rap.html \u2022 http://videolal.com/the-man-who-built-america-1.html", "http://videolal.com/the-man-who-built-america-1.html \u2022 http://videolal.com/pinnacol-assurance-assaulted-by-jeffrey-", "http://videolal.com/jeffrey-reimer-dpt-physical-therapy-assaulted-patient.html \u2022 http://videolal.com/jeff-reimer-", "http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html \u2022", "http://videolal.com/jeff-reimer-dpt-buys-assault-victims-silence.html \u2022 http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/4998a7eac2a056833d01ee1e60c68c1f83f9ad6cd790ced9511e73cc12780f3c", "https://otx.alienvault.com/malware/Trojan:Win32%2FCrypterX/", "\u2192https://otx.alienvault.com/pulse/65eedf74b7bdda41057bef3e", "\u2192https://otx.alienvault.com/pulse/65ef3723d27863fc33a6b671", "\u2192https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "\u2192https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Other:Malware-gen\\ [Trj]", "display_name": "Other:Malware-gen\\ [Trj]", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Win32.Renos/Artro", "display_name": "Win32.Renos/Artro", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "I-Worm/Bagle.QE", "display_name": "I-Worm/Bagle.QE", "target": null }, { "id": "Worm.Bagle-44", "display_name": "Worm.Bagle-44", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "TrojanSpy:Win32/Nivdort.DE", "display_name": "TrojanSpy:Win32/Nivdort.DE", "target": "/malware/TrojanSpy:Win32/Nivdort.DE" }, { "id": "Win.Trojan.Generic-9897526-0", "display_name": "Win.Trojan.Generic-9897526-0", "target": null }, { "id": "Win.Trojan.Knigsfot-125", "display_name": "Win.Trojan.Knigsfot-125", "target": null }, { "id": "ALF:TrojanDownloader:Win32/Vadokrist.A", "display_name": "ALF:TrojanDownloader:Win32/Vadokrist.A", "target": null }, { "id": "Win.Trojan.Generic-9957168-0", "display_name": "Win.Trojan.Generic-9957168-0", "target": null }, { "id": "Win.Adware.RelevantKnowledge-9821121-0", "display_name": "Win.Adware.RelevantKnowledge-9821121-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:Win32/Neurevt", "display_name": "ALF:HeraklezEval:Trojan:Win32/Neurevt", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1622, "FileHash-SHA1": 934, "FileHash-SHA256": 3289, "URL": 9605, "domain": 2321, "hostname": 2411, "CVE": 1, "email": 3 }, "indicator_count": 20186, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "780 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eedf74b7bdda41057bef3e", "name": "Source Browse- DNS poisoning \u2022 Device CnC", "description": "Smear + Fear campaign. Parked domain schemes. Swatting, social engineering, crime staging/framing. Cyber bully, shocking, false online content, posters, porn dumping, injection, CnC devices, master keys, break & enter. Victim becomes the accused. Framing. Ability to close bank accounts, skim, call, text, email collection, redirect phone calls, create botnets, engineer malware, injection,divert tax refunds, divert funds, royalties, mail erase job history, attack, hospital, CnC event, IRS audits, fake documentaries, stalkers, attackers, death threats. MD articulated outcome after being SA'd by their employee they vowed to protect.", "modified": "2024-04-10T09:00:27.994000", "created": "2024-03-11T10:39:48.949000", "tags": [ "iocs", "all octoseek", "blacklist https", "gmbh version", "legal", "service privacy", "general full", "reverse dns", "san francisco", "asn13335", "cloudflarenet", "cloudflare", "domains", "service privacy", "modernizr", "domainpath name", "migrate", "phishing", "url https", "united", "line", "threat", "paste", "analyze", "value", "z6s3i string", "a7i string", "y3i string", "e0b function", "x8i string", "source level", "threat analyzer", "urls https", "domain", "webzilla", "cloudflar", "system", "hostnames", "sample", "security tls", "ecdheecdsa", "resource", "hash", "windows nt", "win64", "khtml", "gecko", "veryhigh", "limited", "lsalford", "ocomodo ca", "cncomodo ecc", "secure server", "olet", "encrypt", "cnlet", "identity search", "group", "google https", "expired", "comodo", "tls web", "log id", "criteria id", "1663014711", "summary leaf", "timestamp entry", "log operator", "error", "name size", "parent", "directory", "displays", "targets", "smartfolder", "frame", "bookmarks", "splitcount", "nib files", "design", "boundsstr", "rows", "source browser", "ruby logo", "license", "python", "python software", "foundation", "apple inc", "php logo", "visit", "valid", "no na", "no no", "ip security", "ca id", "research group", "cnisrg root", "mozilla", "android", "binrm", "targetdisk", "create", "crlcachedir", "makefile", "dstroot", "keychainssrc", "srcroot", "crl cache", "install", "ev server", "authentication", "subject", "digicert https", "sectigo https", "certificate", "ca limited", "salford", "greater", "key usage", "access", "ca issuers", "ocsp", "x509v3 subject", "lets", "identifier", "411260982", "poison", "search", "status page", "impressum", "protocol h2", "main", "framing", "geoip", "as13335", "centos", "as32244", "liquidweb", "redirect", "as16509", "as133618", "z6s3i y3i", "as62597", "france unknown", "showing", "link", "z6s3i", "date", "unknown", "meta", "sha256", "google safe", "browsing", "hostname", "samples", "td td", "tr tr", "a td", "a domains", "passive dns", "a th", "urls", "as50295 triple", "triple mirrors", "contact", "moved", "show", "accept", "body", "microsoft", "e4609l", "urls http", "yoa https", "url http", "scan endpoints", "report spam", "created", "weeks ago", "pulse", "brashears", "xvideos", "capture", "expiration", "no expiration", "entries", "status", "as58110 ip", "for privacy", "aaaa", "creation date", "domain name", "germany unknown", "bq mar", "ipv4", "pulse pulses", "files", "artro", "files domain", "files related", "pulses otx", "pulses", "tags", "servers", "record value", "body doctype", "html public", "macintosh", "intel mac", "os x", "technology", "dns replication", "email", "server", "registrar abuse", "dnssec", "expiration date", "registrar iana", "admin country", "tech country", "registry admin", "url text", "facebook url", "google url", "google", "software", "asn15169", "ip https", "february", "request chain", "http", "referer", "aes128gcm", "pragma", "frankfurt", "germany", "asn213250", "itpsolutions", "full url", "software caddy", "express", "ubuntu", "as14061", "digitaloceanasn", "address as", "april", "facebook", "march", "hashes", "ip address", "as autonomous", "fastly", "packet", "kb script", "b script", "october", "resource path", "size", "type mimetype", "redirect chain", "kb image", "b image", "cname", "as32244 liquid", "trojan", "high", "yara rule", "sniffs", "windows", "anomalous file", "medium", "guard", "filehash", "js user", "python connection", "brian sabey", "smithtech", "rexxfield", "connect facebook", "open", "emails", "next", "ssl certificate", "contacted", "whois record", "referrer", "historical ssl", "resolutions", "execution", "whois whois", "contacted urls", "linkid69157 url", "formbook", "spyware", "generic malware", "tag count", "sat jul", "threat report", "ip summary", "url summary", "summary", "generic", "alerts", "icmp traffic", "cust exe", "depot tech", "office depot", "tech", "customer client", "june", "copy", "network_icmp", "inject-x64.exe", "tsara brashears", "apple ios", "hacktool", "download", "malware", "relic", "monitoring", "tofsee", "https://otx.alienvault.com/pulse/65acace20c18a7d6c5da2e27", "darklivity", "hijacker", "remote attackers", "cybercrime", "fear factor", "criminal gang", "jeffrey reimer", "miles it", "history killer", "apple", "apple control", "sreredrum", "men", "man", "hit" ], "references": [ "videolal.com [Exploitation for privilege - Turns victim into target then spys, smears, embeds pornography in devices]", "videolal.com was first found hosted : https://rexxfield.com/ | https://crt.sh/?id=410492573 | https://crt.sh/?id=411260982", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/michael.pbxuser.auto.html", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/project.pbxproj.auto.html", "https://opensource.apple.com/source/security_certificates/security_certificates-2/roots/", "https://crt.sh/?q=videolal.com", "https://opensource.apple.com/source/security_certificates/security_certificates-2/Makefile.auto.html", "https://opensource.apple.com/source/security_certificates/", "https://crt.sh/?q=videolal.com", "https://crt.sh/?graph=410492573&opt=nometadata", "https://crt.sh/?spkisha256=2c5ef644a15ed2d591aee707a125b2870da480a0bc16d78022a311c93aca5b15", "Tracey Richter smear included Brashears: http://video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "Tracey Richter smear: video-lal.com/videos/diabolical-sentencing.html", "Tracey Richter smear: video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "Tracey Richter smear: video-lal.com/video/fbcwPGTSo5lrA7e/tracey-richter-documentary?cpc=no", "Malware hosting: http://videolan.mirror.triple-it.nl/vlc-android/3.0.4/VLC-Android-3.0.4-ARMv7.apk", "video-lal.com/videos/sandra-richter-video.html", "Denver Attorney Frank Azar Smear: video-lal.com/videos/sherryce-emery-frank-azar-&-associates.html", "Brashears smear: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "http://tx-p2p-pull.video-voip.com.dorm.com/Accept-Language", "Crazy: video-lal.com/videos/michael-roberts.html", "https://urlscan.io/screenshots/e40cd846-7c34-45a5-9f79-fea139f5b1ee.png", "http://secure.applegiftcard.com \u2022 199.59.243.224: http://tx-p2p-pull.video-voip.com.dorm.com \u2022 199.59.243.224: http://wpad.dorm.com", "notonmytrack.info \u2022 http://notonmytrack.info \u2022 https://pochta-rf.ru/track74157857 \u2022 patch-tracker.gnewsense.org \u2022 mysql.snore.co", "Darren Meade: https://urlscan.io/result/e5f1d6fe-036e-4291-8595-0a33e5dacba5/#behaviour \u2022 alleged partner turned enemy of Michael Roberts", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe | smithsthermopadtool.com", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe \u2022", "Unclear given names authentic. Michael Roberts, Darren Mitchell Meade , M. Brian Sabey could be used interchangeably. Black hats w/pseudonyms.", "Smith tech may refer to Det. Ben Smith. HallRender; a media company, producing nonsensical, albeit convincing evidence of deeply fake content.", "Possibly false names given by individual involved. Brian Sabey Hall Render | Michael Roberts Rexxfield | Darren Meade former partner of Roberts", "Responsible reopening Richter case via alleged Detective Ben Smith | Names Below linked to porn spewing Videolan , Videolal, Video-lal (Honeypots?) |", "http://www.hallrender.com/attorney/brian-sabey |", "Sabey: https://www.google.com/search?q=tsara+brashears&client=ms-android-tmus-us-rvc3&sca_esv=52c806ab62ec5c59&cs=1&prmd=inv&filter=0&biw=347&bih=710&dpr=2.08#ip=1", "https://www.hallrender.com/attorney/brian-sabey", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png | www.hallrender.com | rexxfield.com", "http://usb.smithtech.us \u2022 http://usb.smithtech.us/apps/downloads/NSISPortable.exe \u2022 http://usb.smithtech.us/apps/downloads/xplorer2.lite.portable.exe", "http://usb.smithtech.us/projects/downloads/\u2022 http://usb.smithtech.us/projects/downloads/psu.exe \u2022 smithsthermopadtool.com", "servicer.mgid.com \u2022 http://iv-u15.com/imbd-104-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-\u00e5\u00a4\u008f\u00e5\u00b0\u2018\u00e5\u00a5\u00b3-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-blu-ray \u2022 https://load77.exelator.com/pixel.gif", "brain-portal.net", "303 Status. Ide redirect from: https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297", "https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "https://otx.alienvault.com/pulse/64cf438a574eae18716e5954", "https://otx.alienvault.com/pulse/64d018ee4623e8fcd386c2e1", "https://otx.alienvault.com/pulse/65418472eb20b10ee5510fde", "https://otx.alienvault.com/pulse/64d65255c80d866add600bac", "https://otx.alienvault.com/pulse/65204565ac1e8bce4de26df3", "https://otx.alienvault.com/pulse/64cf438a574eae18716e5954", "https://otx.alienvault.com/pulse/65a342310ab3d2c69778d608", "Refuses to remove target from adult content \"tagging\"" ], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "Australia", "United States of America" ], "malware_families": [ { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "Win.Malware.Farfli-6824119-0", "display_name": "Win.Malware.Farfli-6824119-0", "target": null }, { "id": "Win32:TrojanX-Gen[Trj]", "display_name": "Win32:TrojanX-Gen[Trj]", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1574.006", "name": "Dynamic Linker Hijacking", "display_name": "T1574.006 - Dynamic Linker Hijacking" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.004", "name": "Masquerade Task or Service", "display_name": "T1036.004 - Masquerade Task or Service" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1602.002", "name": "Network Device Configuration Dump", "display_name": "T1602.002 - Network Device Configuration Dump" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5328, "domain": 2339, "hostname": 2434, "FileHash-MD5": 1210, "FileHash-SHA1": 721, "FileHash-SHA256": 2784, "SSLCertFingerprint": 5, "CVE": 2, "URI": 2, "email": 10, "CIDR": 3 }, "indicator_count": 14838, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "781 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a8b61abf1b451f2aebc", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:55.086000", "created": "2023-12-06T14:51:55.086000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a87eeed875a212dff0a", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:51.546000", "created": "2023-12-06T14:51:51.546000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62719a4dec6d0aa4631b9b2f", "name": "serverhub.com eonix.net", "description": "If you want to know what to do with your intercoms, spare a thought for e.intercom and add a new listener to your browser.. and use it to make the call.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T21:10:37.722000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1459 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62616627ee302d24b23523c3", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T14:11:51.629000", "tags": [ "tbody", "span", "thead", "tfoot", "multiple", "type", "href", "input", "halflings", "gradienttype1", "twitter", "false", "fontface", "fatface", "woff2", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "typesubmit", "function", "typeof c", "formdata", "this", "typeof define", "null", "typeof f", "object", "boolean", "typeof module", "error", "reflect", "math", "regexp", "number", "array", "typeerror", "string", "symbol", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "account", "open", "navitem", "text", "mainnav", "click", "blank", "copyright", "u0027", "value", "body", "firefox", "enum", "html", "msie", "applewebkit", "traceconsole", "form", "iframe", "legend", "nonmsdombrowser", "callbackindex", "callbackframeid", "eventtarget", "eventargument", "validation", "explorer", "target", "plugin", "bootstrap", "https", "conflict", "focus", "next", "trigger", "checkbox", "delta", "scroll", "sourceid", "date", "sessiontoken", "sessionexpires", "void", "rangeerror", "utf16", "illegal input", "global", "chrome", "opredge", "opera", "safari", "version", "sxa0", "browser", "typeof require", "dom node", "typeof d", "component", "typeof h", "bubble", "reduceright", "script", "typeof n", "jhnew ia", "gtm5sn6brv", "path", "host", "trackpageview", "gw8yd4p2eny", "select", "strong", "uint8array", "android", "verify", "stop", "enterprise", "widget", "window", "generator", "reload", "r300", "caca", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "please", "typeemail", "email", "jarallaxinner", "webkit", "property", "transform", "trident", "edge", "ipodi", "ipadi", "androidi", "blackberryi", "windows phonei", "xfunction", "pfunction", "wfunction", "show navigation", "mjquery", "typeof", "defaulttype", "hidden", "show", "shown", "startr", "endr", "federico zivolo", "distributed", "mit license", "statict", "flip" ], "references": [ "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export.json", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://4vendeta.com/assets/js/popper.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://cp.enom.com/js/global-functions.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://cp.enom.com/js/openWin.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://cdn.optimizely.com/js/26241557.js", "https://cp.enom.com/verisign-seal.htm", "https://cp.enom.com/global/TopMenu.ascx.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2989, "hostname": 1208, "domain": 634, "FileHash-SHA256": 302 }, "indicator_count": 5133, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62606584633e2b9a3bc935b9", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "function s(t,e), o, is a new type of function, which throws new TypeError when it comes to trying to make a function out of its own language or its form.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T19:56:52.162000", "tags": [ "typeof t", "typeof define", "moztransform", "success", "error", "make sure", "stop", "ajax", "action", "click", "open", "active", "button", "toggle btn", "body", "scroll", "isotope", "preloader", "function", "javascript", "mit license", "typeof module", "gplv3", "license", "copyright", "metafizzy", "math", "typeof", "typeerror", "hidden", "show", "typeof n", "version", "hide", "focusin", "focusout", "shown", "startr", "endr", "federico zivolo", "distributed", "html", "statict", "flip", "regexp", "null", "void", "width", "object", "pseudo", "child", "class", "date", "accept", "webpackrequire", "name", "number", "arraybuffer", "iterator", "typedarray", "prototype", "string", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "android", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "canvas", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "applewebkit", "safari", "base", "presto", "gecko", "khtml", "micromessenger", "typeof e", "swiper", "most", "september", "customevent", "image", "typeof c", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "array", "sufeffxa0", "attr", "\u706b\u7bad\u5185\u6d4b\u7b7e\u540d", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "push", "shift", "tencent", "barrio", "slice", "symbol", "typeof window", "maximum", "typeof symbol", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "ufe0fg", "ud83dudc6cud83c", "ud83dudc6dud83c", "welcome", "datav66d78640", "datav2f8052f5", "90deg", "datav5f1e575c", "datave97d7462", "helvetica neue", "helvetica", "10px", "pingfang sc", "arial", "45deg", "typenumber", "opacity0", "mozopacity0", "khtmlopacity0", "opacity100", "event", "boolean", "uint8array", "errordetails", "info", "checker", "generator", "blink", "keepalive", "4096", "unknown", "meteor", "rhino", "mini", "comment", "verify", "yeke", "codec", "media", "live", "speed", "headname", "axiostimeout", "apiurl", "bmi86hjtsk", "root", "length", "indexof", "x0ax20x20x20x20", "location", "0x10", "0x18", "history", "config", "cookie", "onload", "video", "afunction", "indexnotice", "sitehome", "x20trnf", "please", "strong" ], "references": [ "xfe-URL-sys95.com-stix2-2.1-export.json", "https://2001.habyc.com/?channelNo=2001#/home", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://sdk.51.la/js-sdk-pro.min.js", "https://2001.habyc.com/js/config.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://2001.dwlww.com/?channelNo=2001#/home", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://2001.dwlww.com/js/config.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://m4244.com:35003/", "https://www.8098.app:21568/?agent=7691755704", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://app.ynsdty.cn//package/GmCC6WISh", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://app.ynsdty.cn/dist/js/app.base.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 901, "URL": 5740, "hostname": 2218, "FileHash-SHA256": 1686, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249814713d29e4f994fc037", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:11.584000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249814433d08ebcfc2b6e2a", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:08.540000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1489 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62497a9c72edc277fb20e52f", "name": "'+titlestr+'", "description": "If you want to see what is going on at this time of year, spare a thought for T.t.m.T.g.ts.com; T-t=t,", "modified": "2022-04-03T10:44:44.074000", "created": "2022-04-03T10:44:44.074000", "tags": [ "typeof t", "typeof symbol", "nthis", "msger", "typeof e", "image", "error", "typeerror", "new date", "codeverify", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "date", "cookie", "slice", "open", "code", "path", "info", "null", "this", "webpackrequire", "othis", "object", "array", "executor", "canvas", "function", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "click", "typeof", "typeof define", "typeof c", "copyright", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "james levine", "udid", "x61x70x70x6cx79", "azaz", "0x5372", "0x19", "0x3de55b", "0x24a5d4", "0x5c", "0x19c89f", "0x2f1b4a", "0x4d1e1f", "0x1a", "0x29", "window", "honor", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "onload", "android", "regexp", "x20trnf", "class", "attr", "pseudo", "child", "swiper", "most", "mit license", "january", "typeof b", "sufeffxa0", "void", "typeof n", "appappapp", "next", "toh5", "channelcode", "androidos", "linux", "ipad", "macintosh", "promise", "xmlhttprequest", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "width", "accept", "cnzzdata", "czuuid", "umdistinctid", "version", "october", "win32", "name", "html", "meta", "viewport" ], "references": [ "http://www.laijcm.com/common.js", "http://www.laijcm.com/tj.js", "http://kk164.xyz/", "https://x4707.com:5443/?register=1", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://www.xvsgwa.com/qz1IJUpc.html", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://www.bibo14.app:2611/css/h5/reset.css", "https://www.dongtiankuangye.com/a002/config.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://sdk.51.la/js-sdk-pro.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://ty66as.jxdysw.cn/1whpv", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1528, "hostname": 543, "domain": 209, "FileHash-SHA256": 127, "email": 1, "FileHash-MD5": 4 }, "indicator_count": 2412, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1519 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "william.ballenthin@fireeye.com contain a resource (.rsrc) section\tmoritz.raabe@fireeye.com | Pattern match: \"jloup@gzip.org\" & \"fancybox@3.5.7\"", "https://cp.enom.com/js/jquery-3.5.1.min.js", "http://www.laijcm.com/common.js", "https://opensource.apple.com/source/security_certificates/", "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/tsara-brashears.html \u2022 http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://2001.habyc.com/?channelNo=2001#/home", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://js.hsleadflows.net/leadflows.js", "Other:Malware-gen\\ [Trj] | FileHash-MD5 b5168dab50187b33460201b35b96dea7", "http://systemforex.de/search/redirect.php?f= | http://it.marksypark.com | dont-delete.hugedomains.com | http://selfsparkcentral.com", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://app.ynsdty.cn//package/GmCC6WISh", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "https://2001.habyc.com/js/config.js", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/", "https://cp.enom.com/responsive/_js/bootstrap.js", "http://www.hallrender.com/attorney/brian-sabey |", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "TarrantCounty17df.pdf", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://otx.alienvault.com/pulse/64d65255c80d866add600bac", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/michael.pbxuser.auto.html", "tarrantcountydf.pdf", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "303 Status. Ide redirect from: https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297", "http://videolal.com/tsara-brashears-dead-or-alive-song-rap.html \u2022 http://videolal.com/the-man-who-built-america-1.html", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "Unclear given names authentic. Michael Roberts, Darren Mitchell Meade , M. Brian Sabey could be used interchangeably. Black hats w/pseudonyms.", "https://otx.alienvault.com/pulse/65a342310ab3d2c69778d608", "TarrantCounty15df.pdf", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://ty66as.jxdysw.cn/1whpv", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://widget.intercom.io/widget/rbc8ok9w", "Tracey Richter smear: video-lal.com/videos/diabolical-sentencing.html", "https://cp.enom.com/verisign-seal.htm", "TarrantCounty3df.pdf", "https://cp.enom.com/global/TopMenu.ascx.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "Win32/Renos: https://otx.alienvault.com/malware/ALF:JASYP:TrojanDownloader:Win32%2FRenos/", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://analytics.cloudron.io/piwik.js", "https://www.xvsgwa.com/qz1IJUpc.html", "notonmytrack.info \u2022 http://notonmytrack.info \u2022 https://pochta-rf.ru/track74157857 \u2022 patch-tracker.gnewsense.org \u2022 mysql.snore.co", "http://videolal.com/jeffrey-reimer-dpt-physical-therapy-assaulted-patient.html \u2022 http://videolal.com/jeff-reimer-", "http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html \u2022", "https://crt.sh/?graph=410492573&opt=nometadata", "Malware hosting: http://videolan.mirror.triple-it.nl/vlc-android/3.0.4/VLC-Android-3.0.4-ARMv7.apk", "https://4vendeta.com/assets/js/jquery.min.js", "https://www.cloudron.io/index.js", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "xfe-URL-Intercom.io-stix2-2.1-export.json", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://serverhub.com/modules/system/assets/js/framework.js", "http://kk164.xyz/", "xfe-IP-78.142.35.163-stix2-2.1-export.json", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://otx.alienvault.com/pulse/65204565ac1e8bce4de26df3", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe \u2022", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "AA47 More AV Detection Ratio 984 / 1000 IDS Detections Win32.Renos/ArtroMALWARETrojan Checkin M1 Possible Fake AV Checkin Fakealert. AA47 More AV Detection Ratio 984 / 1000 IDS Detections /Trojan Checkin M1 Possible Fake AV Checkin Fakealert.", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA1 2e586f8db46953532b5e25e07add4dbaeea83a79", "Refuses to remove target from adult content \"tagging\"", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "xfe-URL-sys95.com-stix2-2.1-export.json", "https://script.tapfiliate.com/tapfiliate.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "TarrantCounty19df.pdf", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://app.ynsdty.cn/dist/js/app.base.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://opensource.apple.com/source/security_certificates/security_certificates-2/roots/", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/status/", "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "http://usb.smithtech.us \u2022 http://usb.smithtech.us/apps/downloads/NSISPortable.exe \u2022 http://usb.smithtech.us/apps/downloads/xplorer2.lite.portable.exe", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html \u2022", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "https://cp.enom.com/js/jquery.jgrowl.min.js", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "TarrantCounty20df.pdf", "https://videolal.com/videos/tsara-brashears-dead-by-daylight.html \u2022 https://videolal.com/css/jquery-ui.css \u2022 http://videolal.com/tsara-brashears.html", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://m4244.com:35003/", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "Other:Malware-gen\\ [Trj] | FileHash-SHA1 68868b3d0115e3d06f5fddb9d2ea6ad54270166c", "TarrantCounty7df.pdf", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://www.bibo14.app:2611/js/down.js?v=1022", "TarantCounty2df.pdf", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/ \u2022", "http://tx-p2p-pull.video-voip.com.dorm.com/Accept-Language", "https://cp.enom.com/js/jquery.cookie.min.js", "Tracey Richter smear: video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "https://cp.enom.com/js/cart.minicart.min.js", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct-miscinception.html", "Win32:CrypterX-gen\\ [Trj] | FileHash-MD5 6878e9896fdd84dcc11c997c9b7330ba", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "tarrant23df.pdf", "https://videolal.com/videos/tsara-brashears-assaulted-by-jeffrey-reimer-metlife-login-retirement.html \u2022 https://videolal.com/css/js/jquery-ui.min.js", "brain-portal.net", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "TarrantCounty4df.pdf", "https://6112.hnsstjc.com/a002/js/fontSize.js", "xfe-URL-Enom.com-stix2-2.1-export.json", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "Crazy: video-lal.com/videos/michael-roberts.html", "Smith tech may refer to Det. Ben Smith. HallRender; a media company, producing nonsensical, albeit convincing evidence of deeply fake content.", "https://pv.sohu.com/cityjson?ie=utf-8", "Sabey: https://www.google.com/search?q=tsara+brashears&client=ms-android-tmus-us-rvc3&sca_esv=52c806ab62ec5c59&cs=1&prmd=inv&filter=0&biw=347&bih=710&dpr=2.08#ip=1", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe | smithsthermopadtool.com", "https://kf.cdsanheli.com/js/online.3de8ba00.js", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js", "\u2192https://otx.alienvault.com/pulse/65eedf74b7bdda41057bef3e", "video-lal.com/videos/sandra-richter-video.html", "https://4vendeta.com/assets/js/popper.min.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "https://cp.enom.com/js/global-functions.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "Tracey Richter smear: video-lal.com/video/fbcwPGTSo5lrA7e/tracey-richter-documentary?cpc=no", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "tarrantcounty22df.pdf", "https://js.hs-scripts.com/3844463.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://otx.alienvault.com/pulse/65418472eb20b10ee5510fde", "videolal.com [Exploitation for privilege - Turns victim into target then spys, smears, embeds pornography in devices]", "https://cp.enom.com/js/punycode.min.js", "FormBook: 104.247.81.53 \u2022 http://www.nimtax.com/k9/,Formbook,Medium,9/9/2019,1/7/2020", "http://videolal.com/the-man-who-built-america-1.html \u2022 http://videolal.com/pinnacol-assurance-assaulted-by-jeffrey-", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://4vendeta.com/assets/js/parallax.min.js", "www.videolal.com \u2022 httpvideolal.com \u2022 https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct.html", "https://2001.dwlww.com/?channelNo=2001#/home", "TarrantCounty18df.pdf", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js", "https://urlscan.io/screenshots/e40cd846-7c34-45a5-9f79-fea139f5b1ee.png", "https://js.hscollectedforms.net/collectedforms.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://fengweics.com/", "https://cp.enom.com/responsive/_js/init.min.js", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "Videolal: 18.119.154.66:80 (endpoint request) \u2022 54.209.32.212 \u2022 http://videolal.com (phishing) \u2022 http://videolal.com/ \u2022 videolal.com \u2022 www.videolal.com \u2022", "https://crt.sh/?q=videolal.com", "https://www.8098.app:21568/?agent=7691755704", "https://app.fanzhi.xyz/dist/js/app.base.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "tarrantcounty8df.pdf", "http://secure.applegiftcard.com \u2022 199.59.243.224: http://tx-p2p-pull.video-voip.com.dorm.com \u2022 199.59.243.224: http://wpad.dorm.com", "Responsible reopening Richter case via alleged Detective Ben Smith | Names Below linked to porn spewing Videolan , Videolal, Video-lal (Honeypots?) |", "xfe-URL-Eonix.net-stix2-2.1-export.json", "https://6112.hnsstjc.com/a002/xpj.php", "TarrantCounty10df.pdf", "http://videolal.com/jeff-reimer-dpt-buys-assault-victims-silence.html \u2022 http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "http://videolal.com/jeffrey-reimer-dpt-sexual-misconduct.html \u2022 http://videolal.com/tsara-brashears.html", "https://www.hugedomains.com/domain_profile.cfm?d=videolal.com \u2022 https://www.hugedomains.com/domain_profile.cfm?d=videolal.com\"", "https://otx.alienvault.com/pulse/64cf438a574eae18716e5954", "TarrantCounty12df.pdf", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "Tracey Richter smear included Brashears: http://video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "https://otx.alienvault.com/pulse/64d018ee4623e8fcd386c2e1", "https://www.hallrender.com/attorney/brian-sabey", "http://usb.smithtech.us/projects/downloads/\u2022 http://usb.smithtech.us/projects/downloads/psu.exe \u2022 smithsthermopadtool.com", "https://cdn.optimizely.com/js/26241557.js", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://app.fanzhi.xyz/dist/css/vip.css", "Brashears smear: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "TarrantCounty1df.pdf", "TarrantCounty9df.pdf", "https://x4707.com:5443/?register=1", "http://www.laijcm.com/tj.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://crt.sh/?spkisha256=2c5ef644a15ed2d591aee707a125b2870da480a0bc16d78022a311c93aca5b15", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://www.dongtiankuangye.com/a002/config.js", "Darren Meade: https://urlscan.io/result/e5f1d6fe-036e-4291-8595-0a33e5dacba5/#behaviour \u2022 alleged partner turned enemy of Michael Roberts", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://ssl.captcha.qq.com/TCaptcha.js", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://www.cloudron.io/3rdparty/bootstrap.min.css", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://opensource.apple.com/source/security_certificates/security_certificates-2/Makefile.auto.html", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "Other:Malware-gen\\ [Trj] | FileHash-SHA256 0000ba467dd40046e240c11251d9db03636d0e7c6f9f96354a46a441c2003143", "videolal.com was first found hosted : https://rexxfield.com/ | https://crt.sh/?id=410492573 | https://crt.sh/?id=411260982", "Possibly false names given by individual involved. Brian Sabey Hall Render | Michael Roberts Rexxfield | Darren Meade former partner of Roberts", "https://2001.dwlww.com/js/config.js", "injection_write_memory_exe \u2022 injection_ntsetcontextthread \u2022 dumped_buffer \u2022 checks_debugger \u2022 generates_crypto_key \u2022 antivm_memory_available", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/project.pbxproj.auto.html", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "allocates_execute_remote_process \u2022 injection_write_memory \u2022 injection_resumethread \u2022 packer_entropy \u2022 network _icmp \u2022 injection_runpe", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png | www.hallrender.com | rexxfield.com", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "\u2192https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/4998a7eac2a056833d01ee1e60c68c1f83f9ad6cd790ced9511e73cc12780f3c", "http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "TarrantCounty21df.pdf", "xfe-URL-Hush.com-stix2-2.1-export.json", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "TarrantCounty6df.pdf", "Denver Attorney Frank Azar Smear: video-lal.com/videos/sherryce-emery-frank-azar-&-associates.html", "https://cp.enom.com/js/openWin.min.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://otx.alienvault.com/malware/Trojan:Win32%2FCrypterX/", "\u2192https://otx.alienvault.com/pulse/65ef3723d27863fc33a6b671", "servicer.mgid.com \u2022 http://iv-u15.com/imbd-104-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-\u00e5\u00a4\u008f\u00e5\u00b0\u2018\u00e5\u00a5\u00b3-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-blu-ray \u2022 https://load77.exelator.com/pixel.gif", "https://widget.wickedreports.com/widget.js", "TarrantCounty14df.pdf", "https://www.bibo14.app:2611/css/h5/reset.css", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA256 00027d11309d55312ae77f32d4ae79671c91f541e577bace7a5a5abde05563ad", "TarrantCounty5df.pdf", "https://sdk.51.la/js-sdk-pro.min.js", "\u2192https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "CnC IP Addresses: 104.247.81.53 \u2022 185.64.219.6 \u2022 199.191.50.82 \u2022 203.107.45.167 \u2022 91.195.240.94 \u2022 167.235.143.33", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "[Unnamed group]" ], "malware_families": [ "Artro", "Alf:trojandownloader:win32/vadokrist.a", "I-worm/bagle.qe", "Okcancel", "Reduceright", "Trojanspy", "Trackingclient", "Outubro", "Vui", "Win.adware.relevantknowledge-9821121-0", "Win.malware.farfli-6824119-0", "Win.trojan.generic-9897526-0", "Win.trojan.knigsfot-125", "Vd", "Anda", "Win32:trojanx-gen[trj]", "Win32:crypterx-gen\\ [trj]", "Formbook", "Srpanj", "Tente", "Other:malware-gen\\ [trj]", "Vasaris", "Rabu", "Win32.renos/artro", "Trojanspy:win32/nivdort.de", "Win.trojan.generic-9957168-0", "Generic", "Hacktool", "Alf:heraklezeval:trojan:win32/neurevt", "Worm.bagle-44" ], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 18, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "279 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eff46bdd371899ca5be7d7", "name": "CrypterX-gen | Video-lal.com | M. Brian Sabey \u2022 Hall Render | Rexxfield", "description": "Videolal results. Parked. Owner of domain has subsidiaries including Huge Domains. It's possible for attacker to post a 404 error page, park, post it for sale, malvertize. HoneyPotBot? \n\nFireeye. A bit much. william.ballenthin@fireeye.com\t\ncontain a resource (.rsrc) section moritz.raabe@fireeye.com. Overkill. What would Scooby Doo? Scooby!? \nTarget reports opening her MacBook Pro after it was replaced by Apple. It hadn't been in use. She opened it, surprised it was on, automatically connected to a store wifi (she was home) A worker was typing away in terminal. Fought hacker for recordings app containing Jeffrey Reimers aggressions. She lost. Terrified she murdered her MacBook by drowning & dismemberment. Big mistake. Cloned MacBook. Clicked on links trigger malicious downloads, network & DNS issues.", "modified": "2024-04-11T04:01:24.166000", "created": "2024-03-12T06:21:31.484000", "tags": [ "upatre malware", "rwi dtools", "page dow", "security", "bitfender", "yandex", "malware", "all octoseek", "av detections", "ids detections", "yara detections", "alerts", "file score", "fireeye", "injection", "worm", "trojan", "network", "poster", "honeybots", "united", "unknown", "win32upatre mar", "passive dns", "entries", "ipv4", "body", "artro", "generic malware", "formbook", "tag count", "threat report", "ip summary", "url summary", "generic", "hostnames", "pattern match", "ascii text", "png image", "root ca", "file", "authority", "indicator", "mitre att", "ck id", "class", "date", "enterprise", "hybrid", "accept", "general", "local", "click", "strings", "trident", "as47846", "germany unknown", "as2906 netflix", "scan endpoints", "domain", "urls", "files", "trojanspy", "mozilla", "dynamicloader", "medium", "title", "ms windows", "head", "intel", "inetsim http", "delete c", "show", "winnt", "copy", "powershell", "write", "next", "suspicious", "shop", "graph api", "status", "join", "vt community", "api key", "xcitium verdict", "cloud", "contacted", "contacted urls", "ssl certificate", "referrer", "historical ssl", "parent domain", "apple ios", "resolutions", "execution", "hacktool", "outbound connection", "detection list", "blacklist" ], "references": [ "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/ \u2022", "http://systemforex.de/search/redirect.php?f= | http://it.marksypark.com | dont-delete.hugedomains.com | http://selfsparkcentral.com", "william.ballenthin@fireeye.com contain a resource (.rsrc) section\tmoritz.raabe@fireeye.com | Pattern match: \"jloup@gzip.org\" & \"fancybox@3.5.7\"", "FormBook: 104.247.81.53 \u2022 http://www.nimtax.com/k9/,Formbook,Medium,9/9/2019,1/7/2020", "Win32:CrypterX-gen\\ [Trj] | FileHash-MD5 6878e9896fdd84dcc11c997c9b7330ba", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA1 2e586f8db46953532b5e25e07add4dbaeea83a79", "Win32:CrypterX-gen\\ [Trj] | FileHash-SHA256 00027d11309d55312ae77f32d4ae79671c91f541e577bace7a5a5abde05563ad", "Win32/Renos: https://otx.alienvault.com/malware/ALF:JASYP:TrojanDownloader:Win32%2FRenos/", "Other:Malware-gen\\ [Trj] | FileHash-MD5 b5168dab50187b33460201b35b96dea7", "Other:Malware-gen\\ [Trj] | FileHash-SHA1 68868b3d0115e3d06f5fddb9d2ea6ad54270166c", "Other:Malware-gen\\ [Trj] | FileHash-SHA256 0000ba467dd40046e240c11251d9db03636d0e7c6f9f96354a46a441c2003143", "allocates_execute_remote_process \u2022 injection_write_memory \u2022 injection_resumethread \u2022 packer_entropy \u2022 network _icmp \u2022 injection_runpe", "injection_write_memory_exe \u2022 injection_ntsetcontextthread \u2022 dumped_buffer \u2022 checks_debugger \u2022 generates_crypto_key \u2022 antivm_memory_available", "CnC IP Addresses: 104.247.81.53 \u2022 185.64.219.6 \u2022 199.191.50.82 \u2022 203.107.45.167 \u2022 91.195.240.94 \u2022 167.235.143.33", "AA47 More AV Detection Ratio 984 / 1000 IDS Detections Win32.Renos/ArtroMALWARETrojan Checkin M1 Possible Fake AV Checkin Fakealert. AA47 More AV Detection Ratio 984 / 1000 IDS Detections /Trojan Checkin M1 Possible Fake AV Checkin Fakealert.", "Videolal: 18.119.154.66:80 (endpoint request) \u2022 54.209.32.212 \u2022 http://videolal.com (phishing) \u2022 http://videolal.com/ \u2022 videolal.com \u2022 www.videolal.com \u2022", "www.videolal.com \u2022 httpvideolal.com \u2022 https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct.html", "https://www.hugedomains.com/domain_profile.cfm?d=videolal.com \u2022 https://www.hugedomains.com/domain_profile.cfm?d=videolal.com\"", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html \u2022", "https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct-miscinception.html", "https://videolal.com/videos/tsara-brashears-assaulted-by-jeffrey-reimer-metlife-login-retirement.html \u2022 https://videolal.com/css/js/jquery-ui.min.js", "https://videolal.com/videos/tsara-brashears-dead-by-daylight.html \u2022 https://videolal.com/css/jquery-ui.css \u2022 http://videolal.com/tsara-brashears.html", "http://videolal.com/tsara-brashears-dead.html \u2022 http://videolal.com/tsara-brashears.html \u2022 http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html", "http://videolal.com/jeffrey-reimer-dpt-sexual-misconduct.html \u2022 http://videolal.com/tsara-brashears.html", "http://videolal.com/tsara-brashears-dead-or-alive-song-rap.html \u2022 http://videolal.com/the-man-who-built-america-1.html", "http://videolal.com/the-man-who-built-america-1.html \u2022 http://videolal.com/pinnacol-assurance-assaulted-by-jeffrey-", "http://videolal.com/jeffrey-reimer-dpt-physical-therapy-assaulted-patient.html \u2022 http://videolal.com/jeff-reimer-", "http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html \u2022", "http://videolal.com/jeff-reimer-dpt-buys-assault-victims-silence.html \u2022 http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/4998a7eac2a056833d01ee1e60c68c1f83f9ad6cd790ced9511e73cc12780f3c", "https://otx.alienvault.com/malware/Trojan:Win32%2FCrypterX/", "\u2192https://otx.alienvault.com/pulse/65eedf74b7bdda41057bef3e", "\u2192https://otx.alienvault.com/pulse/65ef3723d27863fc33a6b671", "\u2192https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "\u2192https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win32:CrypterX-gen\\ [Trj]", "display_name": "Win32:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Other:Malware-gen\\ [Trj]", "display_name": "Other:Malware-gen\\ [Trj]", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Win32.Renos/Artro", "display_name": "Win32.Renos/Artro", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "I-Worm/Bagle.QE", "display_name": "I-Worm/Bagle.QE", "target": null }, { "id": "Worm.Bagle-44", "display_name": "Worm.Bagle-44", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "TrojanSpy:Win32/Nivdort.DE", "display_name": "TrojanSpy:Win32/Nivdort.DE", "target": "/malware/TrojanSpy:Win32/Nivdort.DE" }, { "id": "Win.Trojan.Generic-9897526-0", "display_name": "Win.Trojan.Generic-9897526-0", "target": null }, { "id": "Win.Trojan.Knigsfot-125", "display_name": "Win.Trojan.Knigsfot-125", "target": null }, { "id": "ALF:TrojanDownloader:Win32/Vadokrist.A", "display_name": "ALF:TrojanDownloader:Win32/Vadokrist.A", "target": null }, { "id": "Win.Trojan.Generic-9957168-0", "display_name": "Win.Trojan.Generic-9957168-0", "target": null }, { "id": "Win.Adware.RelevantKnowledge-9821121-0", "display_name": "Win.Adware.RelevantKnowledge-9821121-0", "target": null }, { "id": "ALF:HeraklezEval:Trojan:Win32/Neurevt", "display_name": "ALF:HeraklezEval:Trojan:Win32/Neurevt", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null }, { "id": "HackTool", "display_name": "HackTool", "target": null } ], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1622, "FileHash-SHA1": 934, "FileHash-SHA256": 3289, "URL": 9605, "domain": 2321, "hostname": 2411, "CVE": 1, "email": 3 }, "indicator_count": 20186, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "780 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eedf74b7bdda41057bef3e", "name": "Source Browse- DNS poisoning \u2022 Device CnC", "description": "Smear + Fear campaign. Parked domain schemes. Swatting, social engineering, crime staging/framing. Cyber bully, shocking, false online content, posters, porn dumping, injection, CnC devices, master keys, break & enter. Victim becomes the accused. Framing. Ability to close bank accounts, skim, call, text, email collection, redirect phone calls, create botnets, engineer malware, injection,divert tax refunds, divert funds, royalties, mail erase job history, attack, hospital, CnC event, IRS audits, fake documentaries, stalkers, attackers, death threats. MD articulated outcome after being SA'd by their employee they vowed to protect.", "modified": "2024-04-10T09:00:27.994000", "created": "2024-03-11T10:39:48.949000", "tags": [ "iocs", "all octoseek", "blacklist https", "gmbh version", "legal", "service privacy", "general full", "reverse dns", "san francisco", "asn13335", "cloudflarenet", "cloudflare", "domains", "service privacy", "modernizr", "domainpath name", "migrate", "phishing", "url https", "united", "line", "threat", "paste", "analyze", "value", "z6s3i string", "a7i string", "y3i string", "e0b function", "x8i string", "source level", "threat analyzer", "urls https", "domain", "webzilla", "cloudflar", "system", "hostnames", "sample", "security tls", "ecdheecdsa", "resource", "hash", "windows nt", "win64", "khtml", "gecko", "veryhigh", "limited", "lsalford", "ocomodo ca", "cncomodo ecc", "secure server", "olet", "encrypt", "cnlet", "identity search", "group", "google https", "expired", "comodo", "tls web", "log id", "criteria id", "1663014711", "summary leaf", "timestamp entry", "log operator", "error", "name size", "parent", "directory", "displays", "targets", "smartfolder", "frame", "bookmarks", "splitcount", "nib files", "design", "boundsstr", "rows", "source browser", "ruby logo", "license", "python", "python software", "foundation", "apple inc", "php logo", "visit", "valid", "no na", "no no", "ip security", "ca id", "research group", "cnisrg root", "mozilla", "android", "binrm", "targetdisk", "create", "crlcachedir", "makefile", "dstroot", "keychainssrc", "srcroot", "crl cache", "install", "ev server", "authentication", "subject", "digicert https", "sectigo https", "certificate", "ca limited", "salford", "greater", "key usage", "access", "ca issuers", "ocsp", "x509v3 subject", "lets", "identifier", "411260982", "poison", "search", "status page", "impressum", "protocol h2", "main", "framing", "geoip", "as13335", "centos", "as32244", "liquidweb", "redirect", "as16509", "as133618", "z6s3i y3i", "as62597", "france unknown", "showing", "link", "z6s3i", "date", "unknown", "meta", "sha256", "google safe", "browsing", "hostname", "samples", "td td", "tr tr", "a td", "a domains", "passive dns", "a th", "urls", "as50295 triple", "triple mirrors", "contact", "moved", "show", "accept", "body", "microsoft", "e4609l", "urls http", "yoa https", "url http", "scan endpoints", "report spam", "created", "weeks ago", "pulse", "brashears", "xvideos", "capture", "expiration", "no expiration", "entries", "status", "as58110 ip", "for privacy", "aaaa", "creation date", "domain name", "germany unknown", "bq mar", "ipv4", "pulse pulses", "files", "artro", "files domain", "files related", "pulses otx", "pulses", "tags", "servers", "record value", "body doctype", "html public", "macintosh", "intel mac", "os x", "technology", "dns replication", "email", "server", "registrar abuse", "dnssec", "expiration date", "registrar iana", "admin country", "tech country", "registry admin", "url text", "facebook url", "google url", "google", "software", "asn15169", "ip https", "february", "request chain", "http", "referer", "aes128gcm", "pragma", "frankfurt", "germany", "asn213250", "itpsolutions", "full url", "software caddy", "express", "ubuntu", "as14061", "digitaloceanasn", "address as", "april", "facebook", "march", "hashes", "ip address", "as autonomous", "fastly", "packet", "kb script", "b script", "october", "resource path", "size", "type mimetype", "redirect chain", "kb image", "b image", "cname", "as32244 liquid", "trojan", "high", "yara rule", "sniffs", "windows", "anomalous file", "medium", "guard", "filehash", "js user", "python connection", "brian sabey", "smithtech", "rexxfield", "connect facebook", "open", "emails", "next", "ssl certificate", "contacted", "whois record", "referrer", "historical ssl", "resolutions", "execution", "whois whois", "contacted urls", "linkid69157 url", "formbook", "spyware", "generic malware", "tag count", "sat jul", "threat report", "ip summary", "url summary", "summary", "generic", "alerts", "icmp traffic", "cust exe", "depot tech", "office depot", "tech", "customer client", "june", "copy", "network_icmp", "inject-x64.exe", "tsara brashears", "apple ios", "hacktool", "download", "malware", "relic", "monitoring", "tofsee", "https://otx.alienvault.com/pulse/65acace20c18a7d6c5da2e27", "darklivity", "hijacker", "remote attackers", "cybercrime", "fear factor", "criminal gang", "jeffrey reimer", "miles it", "history killer", "apple", "apple control", "sreredrum", "men", "man", "hit" ], "references": [ "videolal.com [Exploitation for privilege - Turns victim into target then spys, smears, embeds pornography in devices]", "videolal.com was first found hosted : https://rexxfield.com/ | https://crt.sh/?id=410492573 | https://crt.sh/?id=411260982", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/michael.pbxuser.auto.html", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/", "https://opensource.apple.com/source/security_certificates/security_certificates-2/security_certificates.xcode/project.pbxproj.auto.html", "https://opensource.apple.com/source/security_certificates/security_certificates-2/roots/", "https://crt.sh/?q=videolal.com", "https://opensource.apple.com/source/security_certificates/security_certificates-2/Makefile.auto.html", "https://opensource.apple.com/source/security_certificates/", "https://crt.sh/?q=videolal.com", "https://crt.sh/?graph=410492573&opt=nometadata", "https://crt.sh/?spkisha256=2c5ef644a15ed2d591aee707a125b2870da480a0bc16d78022a311c93aca5b15", "Tracey Richter smear included Brashears: http://video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "Tracey Richter smear: video-lal.com/videos/diabolical-sentencing.html", "Tracey Richter smear: video-lal.com/video/26kiRlUTTmGzje2/diabolical-women-tracey-richter-s1-e2?cpc=n", "Tracey Richter smear: video-lal.com/video/fbcwPGTSo5lrA7e/tracey-richter-documentary?cpc=no", "Malware hosting: http://videolan.mirror.triple-it.nl/vlc-android/3.0.4/VLC-Android-3.0.4-ARMv7.apk", "video-lal.com/videos/sandra-richter-video.html", "Denver Attorney Frank Azar Smear: video-lal.com/videos/sherryce-emery-frank-azar-&-associates.html", "Brashears smear: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "http://tx-p2p-pull.video-voip.com.dorm.com/Accept-Language", "Crazy: video-lal.com/videos/michael-roberts.html", "https://urlscan.io/screenshots/e40cd846-7c34-45a5-9f79-fea139f5b1ee.png", "http://secure.applegiftcard.com \u2022 199.59.243.224: http://tx-p2p-pull.video-voip.com.dorm.com \u2022 199.59.243.224: http://wpad.dorm.com", "notonmytrack.info \u2022 http://notonmytrack.info \u2022 https://pochta-rf.ru/track74157857 \u2022 patch-tracker.gnewsense.org \u2022 mysql.snore.co", "Darren Meade: https://urlscan.io/result/e5f1d6fe-036e-4291-8595-0a33e5dacba5/#behaviour \u2022 alleged partner turned enemy of Michael Roberts", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe | smithsthermopadtool.com", "http://usb.smithtech.us/projects/downloads/shortcutcreator4u3-setup.exe \u2022", "Unclear given names authentic. Michael Roberts, Darren Mitchell Meade , M. Brian Sabey could be used interchangeably. Black hats w/pseudonyms.", "Smith tech may refer to Det. Ben Smith. HallRender; a media company, producing nonsensical, albeit convincing evidence of deeply fake content.", "Possibly false names given by individual involved. Brian Sabey Hall Render | Michael Roberts Rexxfield | Darren Meade former partner of Roberts", "Responsible reopening Richter case via alleged Detective Ben Smith | Names Below linked to porn spewing Videolan , Videolal, Video-lal (Honeypots?) |", "http://www.hallrender.com/attorney/brian-sabey |", "Sabey: https://www.google.com/search?q=tsara+brashears&client=ms-android-tmus-us-rvc3&sca_esv=52c806ab62ec5c59&cs=1&prmd=inv&filter=0&biw=347&bih=710&dpr=2.08#ip=1", "https://www.hallrender.com/attorney/brian-sabey", "https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-150x150.png | www.hallrender.com | rexxfield.com", "http://usb.smithtech.us \u2022 http://usb.smithtech.us/apps/downloads/NSISPortable.exe \u2022 http://usb.smithtech.us/apps/downloads/xplorer2.lite.portable.exe", "http://usb.smithtech.us/projects/downloads/\u2022 http://usb.smithtech.us/projects/downloads/psu.exe \u2022 smithsthermopadtool.com", "servicer.mgid.com \u2022 http://iv-u15.com/imbd-104-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-\u00e5\u00a4\u008f\u00e5\u00b0\u2018\u00e5\u00a5\u00b3-\u00e9\u00bb\u2019\u00e5\u00ae\u00ae\u00e3\u201a\u0152\u00e3\u0081\u201e-blu-ray \u2022 https://load77.exelator.com/pixel.gif", "brain-portal.net", "303 Status. Ide redirect from: https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297", "https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf", "https://otx.alienvault.com/pulse/64cf438a574eae18716e5954", "https://otx.alienvault.com/pulse/64d018ee4623e8fcd386c2e1", "https://otx.alienvault.com/pulse/65418472eb20b10ee5510fde", "https://otx.alienvault.com/pulse/64d65255c80d866add600bac", "https://otx.alienvault.com/pulse/65204565ac1e8bce4de26df3", "https://otx.alienvault.com/pulse/64cf438a574eae18716e5954", "https://otx.alienvault.com/pulse/65a342310ab3d2c69778d608", "Refuses to remove target from adult content \"tagging\"" ], "public": 1, "adversary": "[Unnamed group]", "targeted_countries": [ "Australia", "United States of America" ], "malware_families": [ { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Generic", "display_name": "Generic", "target": null }, { "id": "Win.Malware.Farfli-6824119-0", "display_name": "Win.Malware.Farfli-6824119-0", "target": null }, { "id": "Win32:TrojanX-Gen[Trj]", "display_name": "Win32:TrojanX-Gen[Trj]", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1574.006", "name": "Dynamic Linker Hijacking", "display_name": "T1574.006 - Dynamic Linker Hijacking" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1036.004", "name": "Masquerade Task or Service", "display_name": "T1036.004 - Masquerade Task or Service" }, { "id": "T1444", "name": "Masquerade as Legitimate Application", "display_name": "T1444 - Masquerade as Legitimate Application" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1602.002", "name": "Network Device Configuration Dump", "display_name": "T1602.002 - Network Device Configuration Dump" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1156", "name": "Malicious Shell Modification", "display_name": "T1156 - Malicious Shell Modification" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 45, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5328, "domain": 2339, "hostname": 2434, "FileHash-MD5": 1210, "FileHash-SHA1": 721, "FileHash-SHA256": 2784, "SSLCertFingerprint": 5, "CVE": 2, "URI": 2, "email": 10, "CIDR": 3 }, "indicator_count": 14838, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "781 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a8b61abf1b451f2aebc", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:55.086000", "created": "2023-12-06T14:51:55.086000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a87eeed875a212dff0a", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:51.546000", "created": "2023-12-06T14:51:51.546000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "hide.call", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "hide.call", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780262386.9485497 }