{ "type": "URL", "indicator": "https://a.position.top-h.top", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://a.position.top-h.top", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3266035871, "indicator": "https://a.position.top-h.top", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 25, "pulses": [ { "id": "664b74b2683dec84891aef96", "name": "PrivateLoader is a malware with a module structure that has the capability is to download and execute one or several payloads", "description": "http://185.172.128.69/batushka/inte.exe \nhttp://185.172.128.69/allnewumm.exe\nhttp://185.172.128.69/brandumma.exe\nhttp://185.172.128.69/files\nhttp://185.172.128.69/files/US.file\nhttp://185.172.128.69/latestumma.exe\nhttp://185.172.128.69/newumma.exe\nhttp://185.172.128.69/sekundumma.exe\nhttp://185.172.128.69/ummanew.exe", "modified": "2024-10-14T20:36:05.361000", "created": "2024-05-20T16:05:06.313000", "tags": [ "stdin via", "nextron", "powershell id", "powershell", "tim rauch", "elastic", "script block", "logging", "pe32", "ms windows", "intel", "nazwa typ", "md5 nazwa", "procesu" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7268, "domain": 1310, "URL": 8101, "FileHash-SHA1": 1615, "hostname": 2590, "FileHash-MD5": 1852, "email": 267, "SSLCertFingerprint": 3, "CIDR": 38, "CVE": 7, "IPv4": 15, "YARA": 4 }, "indicator_count": 23070, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e0d95a8c74cc715f7a2", "name": "West.cn", "description": "", "modified": "2023-12-06T15:06:53.350000", "created": "2023-12-06T15:06:53.350000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "domain": 533, "hostname": 757, "URL": 1861, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c712f63f24552fa3e38", "name": "bgp.net malicious hosting", "description": "", "modified": "2023-12-06T15:00:01.600000", "created": "2023-12-06T15:00:01.600000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 173, "hostname": 417, "URL": 1208, "domain": 267, "CVE": 1 }, "indicator_count": 2066, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c68b4f63f4ac0d16ff5", "name": "egihosting.com - malware", "description": "", "modified": "2023-12-06T14:59:52.017000", "created": "2023-12-06T14:59:52.017000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 120, "hostname": 352, "domain": 115, "URL": 934 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280398780fbe64692dd54fd", "name": "West.cn", "description": "If you want to know more about Shockwave Flash, spare a thought for the members of your own storage system:mt.co.g.o.mimeTypes.com, mime", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-14T23:21:43.936000", "tags": [ "jquery", "date", "vue jquery", "template", "layer", "paas", "dist", "wjf3m", "ajax", "business", "string", "number", "regexp", "copyright", "uint8array", "fnumber", "aw1045757556", "closure library", "xdfunction", "code", "ddos", "image", "script", "document", "unescape", "msie", "canvas", "domain", "click", "input", "label", "jdomname", "strong", "jactive15toast", "jclearinput", "case", "datatarget", "jdomainregcount", "span", "function", "x786e", "x53d6", "cite", "x4fe1", "iframe", "null", "prompt", "x6700", "x591a", "array", "numarray", "data", "midsize", "action", "keyword", "firstfix", "object", "5n3j", "3f4r", "5p3s", "1f5m", "hhe2", "bbf2", "3y3z", "1223", "6q6m", "zfunction", "psettimeout", "tsettimeout", "hsetinterval", "iparseint", "hnull", "pnull", "tnull", "lv1s", "efunction", "typeof t", "typeof e", "adobeedge", "typeof r", "webkittransform", "moztransform", "body", "this", "notifier", "invert", "name", "param", "value", "error", "false", "trigger", "restart", "form", "config", "constants", "true", "modalhelper", "relative", "fixed", "account login", "activexobject", "haslocation", "xmlhttprequest", "xmlregexp", "temp", "extpart", "foundation", "mit license", "write", "rhino", "mark", "import", "classnamedom", "onbeforedestroy", "login", "auto", "init", "typeof b", "width", "pseudo", "child", "enulle", "class", "accept", "shockwave flash", "new date1e3", "ka6e5", "la10" ], "references": [ "xfe-IP-103.24.249.209-stix2-2.1-export.json", "xfe-URL-West.cn-stix2-2.1-export.json", "https://m.west.cn/jscripts/baidutj/hm.js", "http://m.west.cn/jscripts/baidutj/hm.js", "https://www.west.cn/js2016/lib/jquery.SuperSlide/jquery.SuperSlide.2.1.1.x.js", "https://www.west.cn/js2016/root/jqinclude.js?t=20211126a", "https://www.googletagmanager.com/gtag/js?id=AW-1045757556" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 533, "URL": 1861, "hostname": 757, "FileHash-SHA256": 208, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6262fc8eadd28fedcc1f00f0", "name": "RoLR: Stichting Registrar of Last Resort Foundation", "description": "Regulator of Last Resort (RoLR) has announced that it has incorporated into the European Union (EU) and will begin registering domains in the next few weeks, with the aim of providing a range of services.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:05:50.548000", "tags": [ "regexp", "function", "typeof b", "error", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "rolr", "registrar", "welcome", "eu corporation", "icann", "whois lookup" ], "references": [ "xfe-URL-netsol.com-stix2-2.1-export.json", "https://www.rolr.eu/", "http://www.rolr.eu/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 498, "URL": 1105, "domain": 179, "FileHash-SHA256": 23 }, "indicator_count": 1805, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62630d254b29696c094f7cb8", "name": "bgp.net malicious hosting", "description": "", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T20:16:37.675000", "tags": [ "2000px", "20px", "90deg", "10px", "30px", "3deg", "10deg", "5deg", "1deg", "30deg", "datasecret", "typeof", "wpbakery page", "copyright", "michael m", "wpbakery", "license", "jscs", "index1", "prev", "parallaximage", "error", "yfunction", "bfunction", "date", "nulld", "dfunction", "ffunction", "efunction", "nullb", "typeof console", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "documenttouch", "websocket", "regexp", "pseudo", "child", "typeof b", "array", "sufeffxa0", "class", "attr", "null", "void", "function", "width", "body", "accept", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "image", "udfcbudfcc", "u2640u2642", "09af", "source", "ud83dudc6cud83c" ], "references": [ "xfe-URL-bgp.net-stix2-2.1-export.json", "https://bgp.net/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9", "https://bgp.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://bgp.net/wp-content/themes/multihost/framework/js/public/modernizr.min.js?ver=5.5.9", "https://www.google.com/recaptcha/api.js?render=6LfPdckUAAAAAMPH_0crY_k4tdvDN7GVgKtWUyjU&ver=3.0", "https://bgp.net/wp-content/themes/multihost/framework/js/public/pace.min.js?ver=5.5.9", "https://bgp.net/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.3", "https://bgp.net/wp-includes/js/wp-embed.min.js?ver=5.5.9", "https://bgp.net/wp-content/plugins/designthemes-core-features/shortcodes/css/animations.css?ver=5.5.9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 417, "URL": 1208, "CVE": 1, "domain": 267, "FileHash-SHA256": 173 }, "indicator_count": 2066, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62626072973e68ce985c7a64", "name": "egihosting.com - malware", "description": "Here is the full code of the code, following the basic rules::. (t.2*o, t.3) for each of n's bizo-data-partner.", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T07:59:46.386000", "tags": [ "ui tabs", "http", "foundation", "mit license", "typeof define", "width", "ui core", "usemap", "backspace8", "comma188", "delete46", "this", "datasecret", "date", "image", "dorandvlxthvep", "click", "chat", "linux", "chrome", "safari", "konqueror", "opera", "false", "body", "regexp", "function", "typeof b", "error", "pseudo", "child", "null", "array", "sufeffxa0", "class", "void", "accept", "attr", "string", "number", "script", "copyright", "closure library", "typeerror", "symbol", "array int8array", "caregexp", "legacy", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install" ], "references": [ "xfe-URL-egihosting.com-stix2-2.1-export.json", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://egihosting.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://egihosting.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/530527736/?random=1650613875466&cv=9&fst=1650613875466&num=1&rdp=1&label=R7TDCJOysOMBEPjr_PwB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=5&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fegihosting.com%2F&tiba=Best%20dedicated%20server%20for%20hosting%20in%20Silicon%20Valley%20%7C%20EGI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://egihosting.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 934, "hostname": 352, "domain": 115, "FileHash-SHA256": 120 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62618afdab12239895b96788", "name": "nocix malware Qe", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T16:49:01.885000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "typeof e", "typeof symbol", "regexp", "hotjar", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "number", "aa6060", "ui function", "e0e0e0", "eeeeee", "code for", "gauges function", "ui code", "abort", "worker", "allow", "body", "oldvalue", "transtion type", "datafield", "name", "minus", "plus", "ctrla", "click", "function", "error", "bootstrap", "javascript", "typeof c", "copyright", "twitter", "focus", "azaz", "typeof b", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "qe", "string", "uint8array", "fnumber", "xhfunction", "yhfunction", "aw701859743", "code", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "script", "typeerror", "symbol", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.nocix.net/js/bootstrap.min.js", "https://www.nocix.net/js/nocix.js", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 507, "URL": 1232, "domain": 170, "FileHash-SHA256": 125, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62608b1b8d323a111026565a", "name": "Malware hosting - freebit.com freebit.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=v, v.b, and b.d(d) for all of its value.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T22:37:15.955000", "tags": [ "getstate", "filter", "regexp", "function", "typeof b", "error", "null", "width", "pseudo", "child", "array", "sufeffxa0", "date", "class", "accept", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "u1ea01ef9", "e9edee", "ea3d31", "45deg", "import", "fontawesome", "html", "pron w3", "hiragino kaku", "gothic pron", "meiryo", "ir side", "menu", "hidden", "select", "click", "mspointerdown", "list", "grid", "changelayout", "40deg", "100px", "logrid", "lolist", "mstransitionend", "xfunction", "bxslider", "copyright", "written", "mit license", "next", "prev", "start", "stop", "section", "alert", "author", "link", "license", "commercial use", "noncommercial", "ccbync license", "targetsbound0", "targetsdone0" ], "references": [ "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "xfe-URL-freebit.com-stix2-2.1-export.json", "xfe-URL-Freebit.net-stix2-2.1-export.json", "http://freebit.com/common/js/jquery.mixitup.min.js", "http://freebit.com/common/js/slide.js", "http://freebit.com/common/js/jquery.bxslider.min.js", "http://freebit.com/common/js/variablelist_top.js?v=2", "http://freebit.com/common/js/function.js", "http://freebit.com/common/css/reset.css", "http://freebit.com/common/css/common.css", "http://freebit.com/common/css/top.css", "http://freebit.com/topnews.css", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 187, "URL": 1132, "hostname": 428, "FileHash-SHA256": 40 }, "indicator_count": 1787, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62606584633e2b9a3bc935b9", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "function s(t,e), o, is a new type of function, which throws new TypeError when it comes to trying to make a function out of its own language or its form.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T19:56:52.162000", "tags": [ "typeof t", "typeof define", "moztransform", "success", "error", "make sure", "stop", "ajax", "action", "click", "open", "active", "button", "toggle btn", "body", "scroll", "isotope", "preloader", "function", "javascript", "mit license", "typeof module", "gplv3", "license", "copyright", "metafizzy", "math", "typeof", "typeerror", "hidden", "show", "typeof n", "version", "hide", "focusin", "focusout", "shown", "startr", "endr", "federico zivolo", "distributed", "html", "statict", "flip", "regexp", "null", "void", "width", "object", "pseudo", "child", "class", "date", "accept", "webpackrequire", "name", "number", "arraybuffer", "iterator", "typedarray", "prototype", "string", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "android", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "canvas", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "applewebkit", "safari", "base", "presto", "gecko", "khtml", "micromessenger", "typeof e", "swiper", "most", "september", "customevent", "image", "typeof c", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "array", "sufeffxa0", "attr", "\u706b\u7bad\u5185\u6d4b\u7b7e\u540d", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "push", "shift", "tencent", "barrio", "slice", "symbol", "typeof window", "maximum", "typeof symbol", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "ufe0fg", "ud83dudc6cud83c", "ud83dudc6dud83c", "welcome", "datav66d78640", "datav2f8052f5", "90deg", "datav5f1e575c", "datave97d7462", "helvetica neue", "helvetica", "10px", "pingfang sc", "arial", "45deg", "typenumber", "opacity0", "mozopacity0", "khtmlopacity0", "opacity100", "event", "boolean", "uint8array", "errordetails", "info", "checker", "generator", "blink", "keepalive", "4096", "unknown", "meteor", "rhino", "mini", "comment", "verify", "yeke", "codec", "media", "live", "speed", "headname", "axiostimeout", "apiurl", "bmi86hjtsk", "root", "length", "indexof", "x0ax20x20x20x20", "location", "0x10", "0x18", "history", "config", "cookie", "onload", "video", "afunction", "indexnotice", "sitehome", "x20trnf", "please", "strong" ], "references": [ "xfe-URL-sys95.com-stix2-2.1-export.json", "https://2001.habyc.com/?channelNo=2001#/home", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://sdk.51.la/js-sdk-pro.min.js", "https://2001.habyc.com/js/config.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://2001.dwlww.com/?channelNo=2001#/home", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://2001.dwlww.com/js/config.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://m4244.com:35003/", "https://www.8098.app:21568/?agent=7691755704", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://app.ynsdty.cn//package/GmCC6WISh", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://app.ynsdty.cn/dist/js/app.base.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 901, "URL": 5740, "hostname": 2218, "FileHash-SHA256": 1686, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625effa1c4edcef37385c4eb", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:53.960000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625eff927c93e3e5cd50e191", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:38.810000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625614852d13a468fd3f7ef9", "name": "Malware and bots", "description": "function se(t,e,n, r, n; if you want to know what type of document you are, you can use the new RegExp(M) to set it.", "modified": "2022-05-12T00:04:24.089000", "created": "2022-04-13T00:08:37.870000", "tags": [ "bygmo", "gmohd", "dx gmo", "nftadam", "iosandroid gmo", "csr sdgs", "english", "4444 gmo2020417", "developers gmo", "devsecopsthon", "tech", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "brands", "fliph", "google", "import", "acbac1", "typeemail", "2deg", "1deg", "4deg", "css3", "animation cheat", "sheet", "justin aguilar", "questions", "slideexpandup", "expandup", "gradienttype0", "false", "copyright", "twitter", "f56505", "font", "font path", "woff", "truetype", "fontawesome", "unicode private", "tbody", "tfoot", "thead", "span", "multiple", "type", "href", "input", "halflings", "gradienttype1", "please", "function", "param", "method", "value", "target", "null", "array", "validator", "select", "checkbox", "date", "body", "error", "form", "meta", "class", "regexp", "typeof b", "width", "pseudo", "child", "sufeffxa0", "accept", "20px", "24px", "45deg", "typesubmit", "typenumber", "helvetica", "timelimit", "dialog", "content", "callback", "bodynoscroll", "click", "html", "confirm", "notice", "typeof e", "typeof t", "attr", "js foundation", "typeof module" ], "references": [ "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "http://imhrzluowdso.gq/i/css/font-awesome.css", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "http://imhrzluowdso.gq/i/css/animations.css", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://use.fontawesome.com/releases/v5.0.6/css/all.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1188, "domain": 214, "hostname": 427, "FileHash-SHA256": 168, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1480 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6250b15f2509705305127d3d", "name": "Unnamed Malware", "description": "This is the full text of an online forum for people under the age of 18, set up in the United States, and published on the website of the site's founder, JK Rowling.", "modified": "2022-05-08T22:03:06.754000", "created": "2022-04-08T22:04:15.223000", "tags": [ "error", "modulenotfound", "infinite", "function", "mouseevent", "dommousescroll", "date", "event", "bscroll", "u200", "typeof s", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "cookie", "slice", "open", "code", "path", "info", "null", "this", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "canvas", "tencent", "barrio", "regexp", "typeof b", "width", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "arisa bd", "director", "uncut bd", "4 bd", "milk1 bd", "cage1 bd", "discodepart1 bd", "discodepart2 bd", "milk4 bd", "wife", "mother", "shown", "meta", "viewport" ], "references": [ "xfe-IP-103.120.25.185-stix2-2.1-export.json", "http://www.yichenghy.com/common.js", "http://www.yichenghy.com/tj.js", "https://yeyeai3.xyz/", "https://www.2610.app:5766/?agent=7762453360", "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "http://v8714.com/", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 903, "hostname": 370, "domain": 112, "FileHash-SHA256": 20, "FileHash-MD5": 3 }, "indicator_count": 1408, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6233d616fee08c4f8a785896", "name": "http://www.flash-gamer.net/js/jquery.gzip.js", "description": "hybrid 70/100", "modified": "2022-04-17T00:01:27.728000", "created": "2022-03-18T00:45:10.703000", "tags": [ "regexp", "function", "typeof b", "error", "width", "pseudo", "child", "null", "array", "sufeffxa0", "date", "class", "accept", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "path", "sha256", "size", "threat level", "pcap", "sha1", "pcap processing", "seen", "malicious", "hybrid", "suspicious", "close", "click", "hosts", "general", "local", "strings" ], "references": [ "https://hybrid-analysis.com/sample/9fc669a1f5639630a4ddd903138d2f77c38401a62bba019b87bd948f5679acae/6231f427901f8374d9478680", "http://www.flash-gamer.net/js/jquery.gzip.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 550, "hostname": 322, "domain": 56, "FileHash-SHA256": 60, "FileHash-MD5": 32, "FileHash-SHA1": 29, "email": 2 }, "indicator_count": 1051, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6249a9e497137f9627e5a794", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:09:48.093000", "created": "2022-04-03T14:06:28.503000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1048, "domain": 132, "hostname": 311 }, "indicator_count": 1491, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1519 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6249a9e3fcaee2fb956ffacc", "name": "\u7f8e\u9ad8\u6885\u2014botnet", "description": "At.ts.t, At.com, is the new version of HTML, which can now be viewed in full on Google's web browser and on Apple's mobile app for the first time.", "modified": "2022-04-03T14:06:27.271000", "created": "2022-04-03T14:06:27.271000", "tags": [ "event", "null", "promise", "html", "width", "hasclass", "loadx20error", "ajaxcomplete", "unique", "609237fvvpkt", "push", "first", "open", "checkbox", "trigger", "jquery", "write", "blackberry", "android", "androidos", "firefox", "chrome", "skyfire", "opera", "opera mobi", "dolfin", "kindle", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "window", "shift", "date", "canvas", "tencent", "barrio", "slice", "regexp", "function", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "accept", "testflight", "typeof e", "typeof n", "typeof t", "typeof r", "x20trnf", "this" ], "references": [ "http://slulutz02.com/", "https://mgttse001.vip/static/js/jquery.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "https://m2855.com:35003/", "https://m9277.com/tsnew-download/index.html", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "https://m9277.com/tsnew-download/js/jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1047, "domain": 132, "hostname": 311 }, "indicator_count": 1490, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1519 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62497a9c72edc277fb20e52f", "name": "'+titlestr+'", "description": "If you want to see what is going on at this time of year, spare a thought for T.t.m.T.g.ts.com; T-t=t,", "modified": "2022-04-03T10:44:44.074000", "created": "2022-04-03T10:44:44.074000", "tags": [ "typeof t", "typeof symbol", "nthis", "msger", "typeof e", "image", "error", "typeerror", "new date", "codeverify", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "push", "shift", "date", "cookie", "slice", "open", "code", "path", "info", "null", "this", "webpackrequire", "othis", "object", "array", "executor", "canvas", "function", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "click", "typeof", "typeof define", "typeof c", "copyright", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "james levine", "udid", "x61x70x70x6cx79", "azaz", "0x5372", "0x19", "0x3de55b", "0x24a5d4", "0x5c", "0x19c89f", "0x2f1b4a", "0x4d1e1f", "0x1a", "0x29", "window", "honor", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "onload", "android", "regexp", "x20trnf", "class", "attr", "pseudo", "child", "swiper", "most", "mit license", "january", "typeof b", "sufeffxa0", "void", "typeof n", "appappapp", "next", "toh5", "channelcode", "androidos", "linux", "ipad", "macintosh", "promise", "xmlhttprequest", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "width", "accept", "cnzzdata", "czuuid", "umdistinctid", "version", "october", "win32", "name", "html", "meta", "viewport" ], "references": [ "http://www.laijcm.com/common.js", "http://www.laijcm.com/tj.js", "http://kk164.xyz/", "https://x4707.com:5443/?register=1", "https://6112.hnsstjc.com/a002/xpjtz.php", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://www.xvsgwa.com/qz1IJUpc.html", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://www.bibo14.app:2611/js/cncc.js", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://www.bibo14.app:2611/css/h5/reset.css", "https://www.dongtiankuangye.com/a002/config.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://sdk.51.la/js-sdk-pro.min.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://ty66as.jxdysw.cn/1whpv", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1528, "hostname": 543, "domain": 209, "FileHash-SHA256": 127, "email": 1, "FileHash-MD5": 4 }, "indicator_count": 2412, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1519 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://app.ynsdty.cn//package/GmCC6WISh", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://ty66as.jxdysw.cn/dist/captcha/disk/slidercaptcha.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://www.nocix.net/js/bootstrap.min.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js", "https://www.2610.app:5766/js/jquery-1.11.3.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-freebit.com-stix2-2.1-export.json", "https://www.7631.app:8755/js/jquery-1.11.3.min.js", "https://6112.hnsstjc.com/a002/js/swiper.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-1045757556", "http://freebit.com/common/js/jquery.mixitup.min.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css", "http://freebit.com/common/js/variablelist_top.js?v=2", "https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css", "xfe-URL-egihosting.com-stix2-2.1-export.json", "xfe-URL-Nocix.net-stix2-2.1-export.json", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://6112.hnsstjc.com/a002/js/jquery-1.8.3.min.js", "xfe-IP-103.24.249.209-stix2-2.1-export.json", "http://freebit.com/common/js/jquery.bxslider.min.js", "http://m.west.cn/jscripts/baidutj/hm.js", "https://analytics.cloudron.io/piwik.js", "https://www.west.cn/js2016/lib/jquery.SuperSlide/jquery.SuperSlide.2.1.1.x.js", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://bgp.net/wp-content/plugins/designthemes-core-features/shortcodes/css/animations.css?ver=5.5.9", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.flash-gamer.net/js/jquery.gzip.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "https://egihosting.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "http://imhrzluowdso.gq/i/css/animations.css", "xfe-URL-sys95.com-stix2-2.1-export.json", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://mgttse001.vip/template/m1938pc/pic/hf1", "http://www.yichenghy.com/common.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "http://freebit.com/topnews.css", "https://m9277.com/tsnew-download/js/jquery.min.js", "https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600;700&display=swap", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://x4707.com:5443/?register=1", "https://2001.dwlww.com/js/config.js", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "http://kk164.xyz/", "https://bgp.net/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9", "http://freebit.com/common/js/slide.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://static.hotjar.com/c/hotjar-596666.js?sv=5", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://6112.hnsstjc.com/a002/js/fontSize.js", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.dongtiankuangye.com/a002/config.js", "https://ty66as.jxdysw.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://6112.hnsstjc.com/a002/xpjtz.php", "http://imhrzluowdso.gq/i/css/font-awesome.css", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://c.cnzz.com/core.php?web_id=1280875449&t=z", "https://m2855.com:35003/", "https://s9.cnzz.com/z_stat.php?id=1280875449&web_id=1280875449", "https://www.bibo14.app:2611/js/down.js?v=1022", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "https://www.google.com/recaptcha/api.js?render=6LfPdckUAAAAAMPH_0crY_k4tdvDN7GVgKtWUyjU&ver=3.0", "https://www.nocix.net/speedtest/speedtest.js?r=4343", "xfe-IP-103.120.25.185-stix2-2.1-export.json", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://sdk.51.la/js-sdk-pro.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "http://v8714.com/", "https://www.bibo14.app:2611/js/xinstall_inner_e.min.js?v=1004", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/530527736/?random=1650613875466&cv=9&fst=1650613875466&num=1&rdp=1&label=R7TDCJOysOMBEPjr_PwB&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=5&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fegihosting.com%2F&tiba=Best%20dedicated%20server%20for%20hosting%20in%20Silicon%20Valley%20%7C%20EGI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "http://freebit.com/common/js/function.js", "xfe-URL-netsol.com-stix2-2.1-export.json", "http://freebit.com/common/css/top.css", "https://cstaticdun.126.net/load.min.js?t=202007291602", "https://www.west.cn/js2016/root/jqinclude.js?t=20211126a", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://imhrzluowdso.gq/i/css/bootstrap.css", "https://www.bibo14.app:2611/css/h5/reset.css", "http://slulutz02.com/", "http://freebit.com/common/css/common.css", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://hybrid-analysis.com/sample/9fc669a1f5639630a4ddd903138d2f77c38401a62bba019b87bd948f5679acae/6231f427901f8374d9478680", "http://freebit.com/common/css/reset.css", "https://www.8098.app:21568/?agent=7691755704", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "https://2001.habyc.com/js/config.js", "https://bgp.net/wp-includes/js/wp-embed.min.js?ver=5.5.9", "https://www.7631.app:8755/js/mobile-detect.min.js?v=1004", "http://www.laijcm.com/tj.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://ty66as.jxdysw.cn/1whpv", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://bgp.net/wp-content/themes/multihost/framework/js/public/pace.min.js?ver=5.5.9", "https://www.2610.app:5766/js/xinstall_inner_e.min.js?v=1004", "https://m9277.com/tsnew-download/index.html", "https://js112.oss-accelerate.aliyuncs.com/os.js", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "http://www.rolr.eu/js/jquery.min.js", "xfe-URL-bgp.net-stix2-2.1-export.json", "https://www.cloudron.io/3rdparty/angular.min.js", "https://bgp.net/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.3", "https://yeyeai3.xyz/", "https://pojd783.cc:8443/index.html?shareName=pojd783.cc", "http://static.geetest.com/static/js/geetest.6.0.9.js", "https://client.crisp.chat/l.js", "https://www.dongtiankuangye.com/a002/js/plugins/swiper/swiper.min.css", "https://t.captcha.qq.com/template/drag_ele.html?t=1648982190651", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://6553w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "xfe-URL-Zhuzi.me-stix2-2.1-export.json", "https://www.bibo14.app:2611/js/cncc.js", "https://6553w.com:2188/m/js/2203141811-fhcpLogin.js", "https://ssl.captcha.qq.com/TCaptcha.js", "https://bgp.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.7631.app:8755/js/xinstall_inner_e.min.js?v=1004", "http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "https://www.dongtiankuangye.com/a002/js/libs/jquery-1.12.4/jquery-1.12.4.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "https://bgp.net/wp-content/themes/multihost/framework/js/public/modernizr.min.js?ver=5.5.9", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "http://www.laijcm.com/common.js", "xfe-URL-www.yichenghy.com-stix2-2.1-export.json", "https://2001.habyc.com/static/css/app.88afcfd8.css", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "https://ty66as.jxdysw.cn/dist/vendors/clipboard/clipboard.min.js", "https://www.2610.app:5766/?agent=7762453360", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://www.cloudron.io/index.js", "xfe-URL-Freebit.net-stix2-2.1-export.json", "https://www.xvsgwa.com/qz1IJUpc.html", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "https://www.google-analytics.com/analytics.js", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://m.west.cn/jscripts/baidutj/hm.js", "https://www.bibo14.app:2611/js/jquery-1.11.3.min.js", "https://egihosting.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://www.googletagmanager.com/gtag/js?id=AW-701859743", "https://sdk.51.la/event/js-sdk-event.min.js?u=Je0ztO5GuwfJ6eip", "https://www.nocix.net/js/nocix.js", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://www.rolr.eu/", "https://sofire.bdstatic.com/js/dfxaf.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "https://2001.habyc.com/?channelNo=2001#/home", "https://use.fontawesome.com/releases/v5.0.6/css/all.css", "xfe-URL-West.cn-stix2-2.1-export.json", "https://mgttse001.vip/static/js/jquery.js", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://m4244.com:35003/", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://app.ynsdty.cn/dist/js/app.base.js", "https://2001.dwlww.com/?channelNo=2001#/home", "http://www.yichenghy.com/tj.js", "https://pojd783.cc:8443/js/sharetrace.min.js", "https://captcha.gtimg.com/1/tcaptcha-frame.db8b9289.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://6112.hnsstjc.com/a002/xpj.php", "https://egihosting.com/wp-includes/js/jquery/jquery.js?ver=1.12.4" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Qe" ], "industries": [], "unique_indicators": 50158 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/top-h.top", "whois": "http://whois.domaintools.com/top-h.top", "domain": "top-h.top", "hostname": "a.position.top-h.top" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 25, "pulses": [ { "id": "664b74b2683dec84891aef96", "name": "PrivateLoader is a malware with a module structure that has the capability is to download and execute one or several payloads", "description": "http://185.172.128.69/batushka/inte.exe \nhttp://185.172.128.69/allnewumm.exe\nhttp://185.172.128.69/brandumma.exe\nhttp://185.172.128.69/files\nhttp://185.172.128.69/files/US.file\nhttp://185.172.128.69/latestumma.exe\nhttp://185.172.128.69/newumma.exe\nhttp://185.172.128.69/sekundumma.exe\nhttp://185.172.128.69/ummanew.exe", "modified": "2024-10-14T20:36:05.361000", "created": "2024-05-20T16:05:06.313000", "tags": [ "stdin via", "nextron", "powershell id", "powershell", "tim rauch", "elastic", "script block", "logging", "pe32", "ms windows", "intel", "nazwa typ", "md5 nazwa", "procesu" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7268, "domain": 1310, "URL": 8101, "FileHash-SHA1": 1615, "hostname": 2590, "FileHash-MD5": 1852, "email": 267, "SSLCertFingerprint": 3, "CIDR": 38, "CVE": 7, "IPv4": 15, "YARA": 4 }, "indicator_count": 23070, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e0d95a8c74cc715f7a2", "name": "West.cn", "description": "", "modified": "2023-12-06T15:06:53.350000", "created": "2023-12-06T15:06:53.350000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 208, "domain": 533, "hostname": 757, "URL": 1861, "FileHash-MD5": 1 }, "indicator_count": 3360, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c712f63f24552fa3e38", "name": "bgp.net malicious hosting", "description": "", "modified": "2023-12-06T15:00:01.600000", "created": "2023-12-06T15:00:01.600000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 173, "hostname": 417, "URL": 1208, "domain": 267, "CVE": 1 }, "indicator_count": 2066, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c68b4f63f4ac0d16ff5", "name": "egihosting.com - malware", "description": "", "modified": "2023-12-06T14:59:52.017000", "created": "2023-12-06T14:59:52.017000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 120, "hostname": 352, "domain": 115, "URL": 934 }, "indicator_count": 1521, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c5b24dc4c51811f6de7", "name": "nocix malware Qe", "description": "", "modified": "2023-12-06T14:59:39.528000", "created": "2023-12-06T14:59:39.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 125, "hostname": 507, "URL": 1232, "domain": 170, "FileHash-MD5": 1 }, "indicator_count": 2035, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628ce74526894454664e1bab", "name": "cloudron.io", "description": "function ar(aw,av,au,at) is a new version of the Matomo tracker, which allows users to track where a tracker has been located, and when it is activated.", "modified": "2022-06-23T00:03:28.624000", "created": "2022-05-24T14:10:13.562000", "tags": [ "span", "type", "href", "tbody", "tfoot", "thead", "input", "helvetica neue", "helvetica", "arial", "twitter", "date", "docviewtop", "shadow", "rocketchat", "sogo", "gitlab", "wordpress", "matomo", "kanboard", "taiga", "ninja", "slow", "scroll", "dom exception", "google", "regexp", "mmm d", "mmmm d", "null", "this", "number", "destroy", "controller", "array", "error", "android", "false", "function", "index", "slickcenter", "slick", "object", "translate", "translate3d", "jquery", "typeof c", "copyright", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept", "string", "please", "blob", "post", "link", "license" ], "references": [ "https://analytics.cloudron.io/piwik.js", "https://www.cloudron.io/3rdparty/jquery-1.11.0.js", "https://www.cloudron.io/3rdparty/bootstrap.min.js", "https://www.cloudron.io/3rdparty/slick.js", "https://www.cloudron.io/3rdparty/angular.min.js", "https://www.cloudron.io/3rdparty/angular-loader.min.js", "https://www.cloudron.io/3rdparty/angular-route.min.js", "https://www.cloudron.io/3rdparty/angular-base64.min.js", "https://www.cloudron.io/index.js", "https://www.cloudron.io/3rdparty/bootstrap.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 541, "URL": 1300, "domain": 180, "FileHash-SHA256": 72, "FileHash-SHA1": 1 }, "indicator_count": 2094, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://a.position.top-h.top", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://a.position.top-h.top", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780254986.389622 }