{ "type": "URL", "indicator": "https://c.element.id", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://c.element.id", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3389538323, "indicator": "https://c.element.id", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 17, "pulses": [ { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0f5981b6d81d0fa423", "name": "data102 and colohouse. Malware hosting", "description": "", "modified": "2023-12-06T14:58:23.206000", "created": "2023-12-06T14:58:23.206000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 458, "domain": 557, "URL": 2599, "hostname": 952 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280267248a96d765fe2d7c1", "name": "weide.net", "description": "Here is the full text of the code for the new Firefox browser, created with the help of a few key elements:d, E, F, A, B, J, M, C.", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-14T22:00:18.122000", "tags": [ "please", "vult", "validator", "method", "name", "d1dd2", "value", "function", "number", "param", "form", "meta", "class", "false", "date", "newzipcode", "de heer", "geachte heer", "mevrouw", "geachte mevrouw", "set referrer", "value function", "regexp", "array", "attr", "css1compat", "null", "string", "error", "invalid json", "zoeken naar", "zoeken", "basenet", "pers faq", "contact", "domainsharing", "vraag", "als bedrijf", "als particulier", "voor meer" ], "references": [ "xfe-IP-185.165.31.131-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://www.weide.net", "http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://www.weide.net/js/formfieldformatting.js", "http://www.weide.net/js/jquery.validate.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vult", "display_name": "Vult", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 231, "URL": 512, "FileHash-SHA256": 39, "domain": 149 }, "indicator_count": 931, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6271740be1d2d55007677274", "name": "Fiberhub.com and versaweb.com", "description": "The following is the full text of the code used to create Twitter's new web-based \"bootstrap\" - a guide to what to do if you want to use it in your browser.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T18:27:23.636000", "tags": [ "html5 shiv", "jdalton", "jonneal", "mitgpl2", "typeof c", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "error", "click", "open", "next", "target", "trigger", "config", "checkbox", "delta", "false", "scroll", "vd", "number", "string", "ienew ca", "date", "closure library", "quota", "aafunction", "dafunction", "fbcd", "328373057580084", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "regexp", "typeof b", "pseudo", "child", "array", "width", "sufeffxa0", "class", "accept", "please", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again" ], "references": [ "xfe-IP-76.164.203.68-stix2-2.1-export.json", "http://www.versaweb.com/js/bootstrap.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "http://www.versaweb.com/css/1024.css", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://www.fiberhub.com/js/bootstrap.js", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 590, "URL": 1312, "domain": 376, "FileHash-SHA256": 203 }, "indicator_count": 2481, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1460 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626acbf5b18bf4679059431e", "name": "BLNWX.COM", "description": "Users of the Internet Archive are being asked to login to the service to access the archive's archive, or PURL, and to view the Archive's collection of archived material. \u00c2\u00a31.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T17:16:37.507000", "tags": [ "error", "modulenotfound", "knew promise", "parseint", "date", "fsettimeout", "typeof module", "null", "plugin", "function", "copyright", "twitter", "bootstrap", "http", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "regexp", "pseudo", "child", "sufeffxa0", "class", "attr", "foundation", "close", "user login", "cancel", "close user", "complete", "come", "sign", "cancel toggle", "purl", "administration" ], "references": [ "xfe-IP-193.149.176.62-stix2-2.1-export.json", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://purl.archive.org/", "https://purl.archive.org/static/jquery/jquery.js", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://purl.archive.org/static/app.js", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://modernizr.com/js/build.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1905, "hostname": 707, "domain": 494, "FileHash-SHA256": 400 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62616627ee302d24b23523c3", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-21T14:11:51.629000", "tags": [ "tbody", "span", "thead", "tfoot", "multiple", "type", "href", "input", "halflings", "gradienttype1", "twitter", "false", "fontface", "fatface", "woff2", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "typesubmit", "function", "typeof c", "formdata", "this", "typeof define", "null", "typeof f", "object", "boolean", "typeof module", "error", "reflect", "math", "regexp", "number", "array", "typeerror", "string", "symbol", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "account", "open", "navitem", "text", "mainnav", "click", "blank", "copyright", "u0027", "value", "body", "firefox", "enum", "html", "msie", "applewebkit", "traceconsole", "form", "iframe", "legend", "nonmsdombrowser", "callbackindex", "callbackframeid", "eventtarget", "eventargument", "validation", "explorer", "target", "plugin", "bootstrap", "https", "conflict", "focus", "next", "trigger", "checkbox", "delta", "scroll", "sourceid", "date", "sessiontoken", "sessionexpires", "void", "rangeerror", "utf16", "illegal input", "global", "chrome", "opredge", "opera", "safari", "version", "sxa0", "browser", "typeof require", "dom node", "typeof d", "component", "typeof h", "bubble", "reduceright", "script", "typeof n", "jhnew ia", "gtm5sn6brv", "path", "host", "trackpageview", "gw8yd4p2eny", "select", "strong", "uint8array", "android", "verify", "stop", "enterprise", "widget", "window", "generator", "reload", "r300", "caca", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "please", "typeemail", "email", "jarallaxinner", "webkit", "property", "transform", "trident", "edge", "ipodi", "ipadi", "androidi", "blackberryi", "windows phonei", "xfunction", "pfunction", "wfunction", "show navigation", "mjquery", "typeof", "defaulttype", "hidden", "show", "shown", "startr", "endr", "federico zivolo", "distributed", "mit license", "statict", "flip" ], "references": [ "xfe-IP-78.142.35.163-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export.json", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://4vendeta.com/assets/js/popper.min.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://4vendeta.com/assets/js/parallax.min.js", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://cp.enom.com/js/global-functions.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://cp.enom.com/js/jquery.cookie.min.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://cp.enom.com/js/openWin.min.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "https://cdn.optimizely.com/js/26241557.js", "https://cp.enom.com/verisign-seal.htm", "https://cp.enom.com/global/TopMenu.ascx.js", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2989, "hostname": 1208, "domain": 634, "FileHash-SHA256": 302 }, "indicator_count": 5133, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f42dcc369f59f6a1e8b58", "name": "data102 and colohouse. Malware hosting", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T23:16:44.418000", "tags": [ "regexp", "rangeerror", "typeerror", "date", "array", "error", "this", "uint8array", "typeof b", "buffer", "class", "null", "path", "void", "marketo forms", "cross domain", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "label", "input", "typerange", "typecheckbox", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "u1ea01ef9", "franklin", "woff", "u20ab", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "gradienttype0", "webkitkeyframes", "span", "button", "tbody", "textarea", "helvetica neue", "tfoot", "body", "alpha", "twitter", "roboto", "pitch", "datasecret", "q1kg", "q17g", "d2dg", "c d3r", "q171zg", "e c2ttttb", "c g7", "6n184z", "6f6g", "typeof", "wpcf7redirect", "cf7mlscurrentfs", "handle fire", "popuptemplate", "templatename", "click", "fieldset", "cf7mlsbackfs", "section", "classwidget", "idmenu", "idfooter", "idwidget", "idcomment", "classmenu", "classfooter", "classcomment", "target", "blank", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "typeof wpcf7", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "object", "documenttouch", "websocket", "symbol", "generator", "function", "select", "harvest", "mit license", "optgroup", "nnn n", "n nnnn", "explorer", "options", "abbr", "element", "unknownerror", "overquerylimit", "requestdenied", "zeroresults", "node", "edge", "android", "trident", "unknown", "false", "iframe", "marker", "hybrid", "tawkspinner", "failed", "resend", "tawkavatar", "tawkvideo", "tawkalert", "tawkemoji", "tawkicon", "enter", "number", "startchatbutton", "u26a1", "typeof t", "invalid attempt", "copyright", "marketo", "remove", "commentform", "author", "mouseenter", "secure", "ccpa", "bottom", "fixed", "widget", "embed", "trigger", "antispam", "please", "cleantalk", "typeof o", "ajaxnonce", "unkown", "apbctajaxerror", "typeof define", "typeof module", "html tags", "ox20trnf", "dom element", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c", "qe", "string", "xhfunction", "yhfunction", "gtmptxlxz4", "host", "code", "script", "promise", "complete", "reduceright", "g7be8pmlskx", "r300", "typeof d", "caca", "ufunction", "ffunction", "gfunction", "mchtd", "azaz", "firefox", "opera", "chrome", "iemobile", "black", "incorrect", "xfunction", "typeof p", "typeof btoa", "vnode", "colohouse", "york", "learn more", "data center", "miami", "e cermak", "springs", "read", "cloud", "managed", "fast", "philadelphia", "bare", "metal", "chat", "accept", "placeheld", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "form", "animation", "value", "foundation", "migrate", "backcompat", "quirks mode", "typeof f", "html", "sufeffxa0", "legacy", "contenttype", "wivobjkey", "typehit", "data", "closure library", "pfunction", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-URL-Data102.com-stix2-2.1-export.json", "https://www.google-analytics.com/analytics.js", "https://chimpstatic.com/mcjs-connected/js/users/6c3abfa7ff8634c75cdb2b22e/ddf7a436c1746be666f330e4a.js", "https://app.whoisvisiting.com/who.js", "https://www.data102.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1", "https://www.data102.com/?wordfence_lh=1&hid=2D6A812A7EB197E80D5A3978A6386BE4&r=0.5029022326538093", "https://www.data102.com/wp-includes/js/wp-embed.min.js?ver=00b0ffc433836dcf9f57035fded0b908", "https://www.data102.com/wp-content/plugins/cta/shared//shortcodes/js/spin.min.js", "https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js", "https://colohouse.com/", "xfe-URL-colohouse.com-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-runtime.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-app.js", "https://munchkin.marketo.net/161/munchkin.js", "https://www.googletagmanager.com/gtag/js?id=G-7BE8PMLSKX&l=dataLayer&cx=c", "https://embed.tawk.to/5697c34527b9b5d40b66960f/default", "https://www.googletagmanager.com/gtm.js?id=GTM-PTXLXZ4", "https://colohouse.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8", "https://colohouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://colohouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.4", "https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31", "https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1", "https://munchkin.marketo.net/munchkin.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-32507910.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-f163fcd0.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0b9454.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js", "https://app-ab02.marketo.com/js/forms2/js/forms2.min.js", "https://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyDR76rjQL_2raonHiZ6ZrPqJr-FPb7pGH0", "https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js", "https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7", "https://colohouse.com/wp-content/themes/Netrouting/js/vendor/modernizr-2.8.3-respond-1.4.2.min.js", "https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2", "https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485", "https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1", "https://colohouse.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6", "https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8", "https://colohouse.com/wp-content/plugins/wp-schema-pro/admin/assets/min-js/frontend.min.js?ver=2.7.2", "https://colohouse.com/wp-content/cache/autoptimize/css/autoptimize_5e11636f7dd8fb4f55e0ff84f0ed5faa.css", "https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext", "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6", "https://app-ab02.marketo.com/js/forms2/css/forms2.css", "https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css", "https://app-ab02.marketo.com/index.php/form/XDFrame" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2599, "hostname": 952, "FileHash-SHA256": 458, "domain": 557 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f2b6a1f2c9d5631d261d5", "name": "Choopa.com - vultr", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T21:36:42.286000", "tags": [ "regexp", "typeof e", "typeof t", "function", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "680876936", "389564586", "17606105819", "1044525330", "176418897", "121200080426", "1473231341", "45705983", "71770035416", "1958414417", "copyright", "closure library", "trunc", "msie", "tagpath", "fbcd", "body", "html", "gettarget", "571256413046247", "prop", "click", "typeof l", "json", "array", "string", "8760", "image", "adveid", "typeof c", "typeerror", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "service", "phonenumber", "meta", "invalid uuid", "uint8array", "nullu", "1099511627776", "t4294967296", "typeof symbol", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "reduceright", "number", "gk6536fhn4d", "r300", "typeof d", "path", "caca", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "javascript", "code", "hoverpopup", "please", "output", "popupmodal", "country", "checkall", "invcid", "base64", "score", "attr", "js foundation", "typeof module", "ffffff", "acce22", "f0f0f0", "dadada", "typesubmit", "typebutton", "f4f4f4", "trebuchet ms", "tahoma", "woff", "footer", "segoe ui", "emoji", "tbody", "roboto", "helvetica neue", "arial", "apple color", "noto color", "type", "twitter", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "onclickpopup", "discountmonthly", "grayoverlay", "popup into", "popup var", "center", "price", "first", "classname", "eventkey", "event", "selector", "name", "datakey", "version", "default", "shown", "target", "close", "false", "trigger", "jquery", "delta", "open", "arrow", "protected", "leave", "dataspy", "typeof define", "eventlistener" ], "references": [ "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://www.choopa.com/css/bootstrap.css", "https://www.choopa.com/css/global.css?v=209", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://my.choopa.com/js/global.js?v=41", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.google-analytics.com/analytics.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://static.ads-twitter.com/uwt.js", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://js.partnerstack.com/v1/", "https://bat.bing.com/p/action/17528422.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/sendrolling.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1241, "URL": 3454, "domain": 430, "FileHash-SHA256": 453 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625614852d13a468fd3f7ef9", "name": "Malware and bots", "description": "function se(t,e,n, r, n; if you want to know what type of document you are, you can use the new RegExp(M) to set it.", "modified": "2022-05-12T00:04:24.089000", "created": "2022-04-13T00:08:37.870000", "tags": [ "bygmo", "gmohd", "dx gmo", "nftadam", "iosandroid gmo", "csr sdgs", "english", "4444 gmo2020417", "developers gmo", "devsecopsthon", "tech", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "brands", "fliph", "google", "import", "acbac1", "typeemail", "2deg", "1deg", "4deg", "css3", "animation cheat", "sheet", "justin aguilar", "questions", "slideexpandup", "expandup", "gradienttype0", "false", "copyright", "twitter", "f56505", "font", "font path", "woff", "truetype", "fontawesome", "unicode private", "tbody", "tfoot", "thead", "span", "multiple", "type", "href", "input", "halflings", "gradienttype1", "please", "function", "param", "method", "value", "target", "null", "array", "validator", "select", "checkbox", "date", "body", "error", "form", "meta", "class", "regexp", "typeof b", "width", "pseudo", "child", "sufeffxa0", "accept", "20px", "24px", "45deg", "typesubmit", "typenumber", "helvetica", "timelimit", "dialog", "content", "callback", "bodynoscroll", "click", "html", "confirm", "notice", "typeof e", "typeof t", "attr", "js foundation", "typeof module" ], "references": [ "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "http://imhrzluowdso.gq/i/css/font-awesome.css", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "http://imhrzluowdso.gq/i/css/animations.css", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://use.fontawesome.com/releases/v5.0.6/css/all.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1188, "domain": 214, "hostname": 427, "FileHash-SHA256": 168, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1481 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621fff12d2c54f70fea90576", "name": "Bexar.org", "description": "", "modified": "2022-04-01T00:01:54.852000", "created": "2022-03-02T23:34:42.531000", "tags": [], "references": [ "www.bexar.org - urlscan.io.pdf", "bexar api 4.pdf", "bexar api 8.pdf", "bexar 6.pdf", "bexar api 2.pdf", "bexar api 7.pdf", "bexar api 3.pdf", "bexar api 9.pdf", "bexar api 12.pdf", "bexar api 17.pdf", "bexar api 15.pdf", "bexar api 18.pdf", "bexar api 10.pdf", "bexar api 19.pdf", "bexar api 20.pdf", "bexar api 13.pdf", "bexar api 21.pdf", "bexar api 14.pdf", "bexar api 22.pdf", "bexar1.pdf", "bexar api5.pdf", "bexar2.pdf", "bexar3.pdf", "bexar.org 3.2.22.pdf", "bexar6.pdf", "bexar5.pdf", "bexar api_1.pdf", "bexar10.pdf", "bexar api.pdf", "bexar_v1df.pdf", "bexarv4df.pdf", "bexarv2df.pdf", "bexarv6df.pdf", "bexasv3df.pdf", "bexarv7df.pdf", "bear_v apidf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1833, "URL": 4669, "domain": 1025, "FileHash-SHA256": 1735, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9410, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1522 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0b9454.js", "https://cp.enom.com/js/cart.minicart.min.js", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://my.choopa.com/js/desktop.js?v=41", "bexar api 18.pdf", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "http://www.weide.net", "bexar 6.pdf", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://colohouse.com/wp-content/themes/Netrouting/js/vendor/modernizr-2.8.3-respond-1.4.2.min.js", "xfe-IP-185.165.31.131-stix2-2.1-export.json", "https://s.adroll.com/j/exp/LZLVHVDGLRC6BEJRRIQDVW/index.js", "https://colohouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "http://downloads.mailchimp.com/js/jquery.form-n-validate.js", "https://colohouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://www.choopa.com/css/bootstrap.css", "https://chimpstatic.com/mcjs-connected/js/users/6c3abfa7ff8634c75cdb2b22e/ddf7a436c1746be666f330e4a.js", "https://app-ab02.marketo.com/js/forms2/css/forms2.css", "https://app-ab02.marketo.com/js/forms2/js/forms2.min.js", "https://4vendeta.com/assets/js/popper.min.js", "xfe-URL-creativecommons.org-stix2-2.1-export.json", "https://d.adroll.com/consent/check/LZLVHVDGLRC6BEJRRIQDVW?arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&_s=1b87c8c5132a03372125d888e43b0a86&_b=2", "https://modernizr.com/js/build.js", "http://imhrzluowdso.gq/i/css/animations.css", "https://cp.enom.com/js/global-functions.js", "https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7", "https://colohouse.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8", "bear_v apidf.pdf", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5SN6BRV", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://www.data102.com/?wordfence_lh=1&hid=2D6A812A7EB197E80D5A3978A6386BE4&r=0.5029022326538093", "https://www.data102.com/wp-includes/js/wp-embed.min.js?ver=00b0ffc433836dcf9f57035fded0b908", "https://use.fontawesome.com/releases/v5.0.6/css/all.css", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://purl.archive.org/static/jquery/jquery.js", "https://cp.enom.com/js/punycode.min.js", "https://cp.enom.com/WebResource.axd?d=6rtXrDcnyiYD-9dFDFOkxTRcPVSrAN8fR-cHKzNqPTy7bHic-2LLMHDnielTzEI-sd1KplHrRBudcZJOm0-lxubO7k41&t=637453818340000000", "bexar api 20.pdf", "bexarv6df.pdf", "xfe-URL-imhrzluowdso.gq-stix2-2.1-export.json", "https://cp.enom.com/js/jquery-3.5.1.min.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173", "https://bat.bing.com/p/action/17528422.js", "http://www.versaweb.com/js/bootstrap.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://www.fiberhub.com/js/bootstrap.js", "xfe-IP-78.142.35.163-stix2-2.1-export.json", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/common.js", "http://imhrzluowdso.gq/i/css/bootstrap.css", "bexarv2df.pdf", "https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js", "xfe-URL-fiberhub.com-stix2-2.1-export.json", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173", "http://alp-vision.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://munchkin.marketo.net/161/munchkin.js", "https://aquanx.com/js/modernizr-custom.js", "http://alp-vision.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31", "https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2", "https://www.data102.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://my.choopa.com/js/global.js?v=41", "https://www.redditstatic.com/ads/pixel.js", "https://app.whoisvisiting.com/who.js", "https://cp.enom.com/ScriptResource.axd?d=lDjPFfAIWSrEAVNgTHTrISQmLEFmHAaibvNJQuGRZDbWpGFPLrFwaGVpjCUsI6HkqzbpwmaAa0cJCrq8f0eqEvIsQM8lvN_dVYVyESnohON4oTvdMZHDmwG83uJA4m2oqykP8TTTSIeV2oaNrlIXaX8cOxC5Cv6aGmjpdB2u-227wdn30&t=363be08", "bexar6.pdf", "https://cp.enom.com/js/openWin.min.js", "bexar api5.pdf", "bexarv7df.pdf", "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js", "https://cp.enom.com/scripts/Session.min.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://cp.enom.com/verisign-seal.htm", "https://s.adroll.com/j/sendrolling.js", "xfe-URL-Vultr.com-stix2-2.1-export.json", "bexar1.pdf", "https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css", "bexar api 13.pdf", "http://imhrzluowdso.gq/i/css/font-awesome.css", "bexar10.pdf", "https://cp.enom.com/responsive/_js/knockout-3.3.0.min.js", "https://www.choopa.com/_js/global.js?v=209", "xfe-URL-Purl.com-stix2-2.1-export.json", "xfe-URL-Easydns.com-stix2-2.1-export.json", "https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8", "bexar api 14.pdf", "https://4vendeta.com/assets/js/parallax.min.js", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "https://www.googletagmanager.com/gtag/js?id=UA-92521958-1", "xfe-IP-76.164.203.68-stix2-2.1-export.json", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485", "https://4vendeta.com/assets/js/ajaxchimp.min.js", "https://colohouse.com/wp-content/plugins/wp-schema-pro/admin/assets/min-js/frontend.min.js?ver=2.7.2", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js", "bexar5.pdf", "https://bat.bing.com/bat.js", "xfe-URL-4vendeta.com-stix2-2.1-export.json", "bexar api 3.pdf", "http://fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&subset=latin%2Ccyrillic&ver=5.7.6", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-runtime.js", "bexar2.pdf", "https://www.googletagmanager.com/gtm.js?id=GTM-PTXLXZ4", "http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://www.data102.com/wp-content/plugins/cta/shared//shortcodes/js/spin.min.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://cp.enom.com/js/jquery.jgrowl.min.js", "http://imhrzluowdso.gq/i/css/style.css", "xfe-URL-modernizr.com-stix2-2.1-export.json", "https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1", "https://www.googletagmanager.com/gtag/js?id=G-W8YD4P2ENY&l=dataLayer&cx=c", "https://4vendeta.com/assets/js/meanmenu.min.js", "https://cdn.optimizely.com/js/26241557.js", "http://alp-vision.com/wp-content/themes/alp-vision/css/bootstrap.css?ver=1.0", "http://alp-vision.com/wp-content/cache/autoptimize/js/autoptimize_78b4f9b28399aa3c8a405e45931ad058.js", "bexar api 9.pdf", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js", "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://colohouse.com/", "https://purl.archive.org/static/bootstrap/js/bootstrap.js", "https://munchkin.marketo.net/munchkin.js", "https://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyDR76rjQL_2raonHiZ6ZrPqJr-FPb7pGH0", "https://d.adroll.com/pixel/LZLVHVDGLRC6BEJRRIQDVW/HBKRUDDSQJCU7GD5KH3RWC?adroll_fpc=fd1d5ad32fd771b6d89af530ec6ca1cf-1651601137287&arrfrr=http%3A%2F%2Fwww.versaweb.com%2F&pv=14491019928.1296&cookie=&adroll_s_ref=&keyw=", "xfe-URL-Enom.com-stix2-2.1-export.json", "https://ssl.google-analytics.com/ga.js", "bexar api 15.pdf", "bexar.org 3.2.22.pdf", "https://s.adroll.com/j/roundtrip.js", "https://www.choopa.com/_js/bootstrap.js", "bexar api 4.pdf", "https://colohouse.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/dialog.min.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "xfe-URL-raksmart.com-stix2-2.1-export.json", "https://aquanx.com/", "xfe-URL-colohouse.com-stix2-2.1-export.json", "www.bexar.org - urlscan.io.pdf", "bexar api 8.pdf", "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "bexar api.pdf", "https://cp.enom.com/js/jquery.disableonsubmit.min.js", "https://www.googletagmanager.com/gtag/js?id=G-7BE8PMLSKX&l=dataLayer&cx=c", "xfe-URL-Data102.com-stix2-2.1-export.json", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4", "bexar api 2.pdf", "https://www.choopa.com/_js/dragscroll.js", "bexar api 7.pdf", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://cp.enom.com/responsive/_js/bootstrap.js", "https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js", "https://purl.archive.org/static/app.js", "https://4vendeta.com/assets/js/bootstrap.min.js", "https://purl.archive.org/", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "bexar api 12.pdf", "https://colohouse.com/wp-content/cache/autoptimize/css/autoptimize_5e11636f7dd8fb4f55e0ff84f0ed5faa.css", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://www.googletagmanager.com/gtag/js?id=UA-33008870-1", "https://aquanx.com/js/bootstrap.js", "https://www.google-analytics.com/analytics.js", "https://app-ab02.marketo.com/index.php/form/XDFrame", "http://www.versaweb.com/css/1024.css", "https://embed.tawk.to/5697c34527b9b5d40b66960f/default", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-app.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/css/public.css", "https://cp.enom.com/js/jquery.cookie.min.js", "http://www.weide.net/js/formfieldformatting.js", "xfe-IP-193.149.176.62-stix2-2.1-export.json", "https://static.zdassets.com/ekr/snippet.js?key=7342b695-e394-4f25-89a0-da9d262a48da", "https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1", "https://js.partnerstack.com/v1/", "bexar api_1.pdf", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "bexarv4df.pdf", "bexasv3df.pdf", "http://alp-vision.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.6", "https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js", "xfe-URL-versaweb.com-stix2-2.1-export.json", "https://4vendeta.com/assets/js/jquery.min.js", "https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "xfe-URL-c81e728d9d4c2f636f067f89cc14862c.com-stix2-2.1-export.json", "bexar_v1df.pdf", "https://cp.enom.com/ScriptResource.axd?d=fVjQa-0YyNqO6JmV36bw6eBJdTjE2YSdtcunOWcKYcBNn73MOJKQA_rxX3YMhcxLTgyDsGTKy0p9NEPvxzpqEpBKtm3GLb2GgI1LFYMC0Xr2lh71ZCttzgNGFnc5mS_Fc_DY5UH0M19Mr958h1jvmK4kzAM1&t=363be08", "https://cp.enom.com/global/TopMenu.ascx.js", "http://www.weide.net/js/jquery.validate.js", "bexar api 17.pdf", "https://static.ads-twitter.com/uwt.js", "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-32507910.js", "http://imhrzluowdso.gq/i/css/bootstrap-theme.css", "https://www.choopa.com/css/global.css?v=209", "https://user.aquanx.com/clientarea.php", "https://connect.facebook.net/en_US/fbevents.js", "https://cp.enom.com/responsive/_js/init.min.js", "https://c81e728d9d4c2f636f067f89cc14862c.com/static_new/js/jquery.min.js", "bexar api 21.pdf", "https://colohouse.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.4", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-f163fcd0.js", "bexar api 22.pdf", "bexar api 19.pdf", "bexar3.pdf", "bexar api 10.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Qe", "Reduceright", "Vd", "Vult" ], "industries": [ "Government" ], "unique_indicators": 52144 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/element.id", "whois": "http://whois.domaintools.com/element.id", "domain": "element.id", "hostname": "c.element.id" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 17, "pulses": [ { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "382 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cdd2f63f24552fa3e39", "name": "BLNWX.COM", "description": "", "modified": "2023-12-06T15:01:49.772000", "created": "2023-12-06T15:01:49.772000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 400, "URL": 1905, "domain": 494, "hostname": 707 }, "indicator_count": 3506, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c534aadf7adf4f27d77", "name": "enom.com & 4vendeta.com - ReduceRight malware hosting/creation", "description": "", "modified": "2023-12-06T14:59:31.122000", "created": "2023-12-06T14:59:31.122000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 302, "domain": 634, "URL": 2988, "hostname": 1208 }, "indicator_count": 5132, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0f5981b6d81d0fa423", "name": "data102 and colohouse. Malware hosting", "description": "", "modified": "2023-12-06T14:58:23.206000", "created": "2023-12-06T14:58:23.206000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 458, "domain": 557, "URL": 2599, "hostname": 952 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708bae2f0c59d34f050b9e", "name": "Malware and bots", "description": "", "modified": "2023-12-06T14:56:46.779000", "created": "2023-12-06T14:56:46.779000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 168, "hostname": 427, "domain": 214, "URL": 1188, "FileHash-MD5": 1, "FileHash-SHA1": 1, "email": 1 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280267248a96d765fe2d7c1", "name": "weide.net", "description": "Here is the full text of the code for the new Firefox browser, created with the help of a few key elements:d, E, F, A, B, J, M, C.", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-14T22:00:18.122000", "tags": [ "please", "vult", "validator", "method", "name", "d1dd2", "value", "function", "number", "param", "form", "meta", "class", "false", "date", "newzipcode", "de heer", "geachte heer", "mevrouw", "geachte mevrouw", "set referrer", "value function", "regexp", "array", "attr", "css1compat", "null", "string", "error", "invalid json", "zoeken naar", "zoeken", "basenet", "pers faq", "contact", "domainsharing", "vraag", "als bedrijf", "als particulier", "voor meer" ], "references": [ "xfe-IP-185.165.31.131-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://www.weide.net", "http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "http://www.weide.net/js/formfieldformatting.js", "http://www.weide.net/js/jquery.validate.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vult", "display_name": "Vult", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 231, "URL": 512, "FileHash-SHA256": 39, "domain": 149 }, "indicator_count": 931, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://c.element.id", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://c.element.id", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780309038.701333 }