{ "type": "URL", "indicator": "https://f.body.style", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://f.body.style", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3212173332, "indicator": "https://f.body.style", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 18, "pulses": [ { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626d5deabac11a947774de99", "name": "http://gczlau.com/c3af94f661", "description": "Live link sent via sms", "modified": "2022-05-29T00:01:17.829000", "created": "2022-04-30T16:03:54.153000", "tags": [ "move", "typetext", "typeemail", "typetel", "eace", "eacb", "aaed", "eachb", "yaay", "event", "cacb", "cacf", "typeof t", "text", "function", "load snowplow", "checks", "gets", "getmainpageub", "page", "clkg", "creates custom", "use visitor", "track form", "form", "support", "typeof", "text display", "typeof q", "typeof d", "post", "anura", "display support", "sympathizing", "quaker", "webview", "trident", "android", "date", "snowplow", "array", "anthon pang", "typeof e", "version", "author", "alex dean", "simon andersson", "fred blundun", "enter their", "phone number", "strong", "backstory", "privacy", "policy", "partner lookup", "partnerlookup", "diego", "new york", "contact", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "typeerror", "clickdataapi", "hidden", "typeof n", "bootstrap", "regexp", "error", "mouseleave", "click", "dataspy", "body", "pseudo", "child", "sufeffxa0", "class", "attr", "null", "this", "guide my", "yes no", "male female", "romance", "analyzing", "get started", "enter", "your partner", "number" ], "references": [ "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://guidemyrelationship.com/assets/js/main.js", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 333, "FileHash-SHA256": 106, "domain": 170, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1611, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62630579f28f0ade0c9fb8fb", "name": "Cera networks , hive, hurricane electric ..etc\u2026 \u201ccolos\u201d(plural) or \u201ccolocation\u201d", "description": "function lz_jssess, a new type of browser, is a two-way system, which allows the browser to talk to the other side of the screen.. the following:", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:43:53.501000", "tags": [ "ovlcwm", "activedocument", "null", "span", "date", "file", "livezilladata", "regexp", "amount", "email", "function", "filereader", "checkbox", "window", "false", "path", "trident", "template", "typeof define", "typeof", "lztextlink", "script", "lzrscr", "scrb64d", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "void", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023" ], "references": [ "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 306, "URL": 753, "FileHash-SHA256": 42, "domain": 114 }, "indicator_count": 1215, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261fd6a8d527fa569351e63", "name": "Malware hosting - unrealservers.net & heymman.com", "description": "function S.name, a.com, has been added to the end of a page to make sure it does not end up in an unauthorised place. and it will not get any more.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:57:14.125000", "tags": [ "e2f0fc", "fd7a07", "f0482b", "gradienttype0", "a5bcce", "helvetica", "negative", "arial", "bcd3e4", "style sheet", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "onload", "select", "error", "strong", "uint8array", "string", "null", "number", "function", "input", "array", "iframe", "date", "android", "verify", "stop", "this", "span", "enterprise", "click", "widget", "window", "form", "generator", "reload", "void", "dd2d2f", "e8e8e8", "d8d8d8", "fcfcfc", "e5e5e5", "lucida", "unicode", "lucida grande", "f9f9f9", "footer", "unavailable", "ngsanitize", "order now", "invalid", "snippet", "month", "hours", "fullyear", "regexp", "eeee", "mmmm d", "mena", "christ" ], "references": [ "xfe-URL-heymman.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js", "https://www.heymman.com/script.js", "https://www.heymman.com/style/main.css", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.google.com/recaptcha/api.js", "https://unrealservers.net/master.css", "xfe-URL-Ndevix.com-stix2-2.1-export.json", "xfe-URL-Misk.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 427, "URL": 1183, "FileHash-SHA256": 162, "domain": 441, "email": 4 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626078c9aeb1f4837a1bfc7e", "name": "Malware hosting - allwest.com", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T21:19:05.670000", "tags": [ "guji", "regexp", "cfunction", "event", "afunction", "efunction", "function", "xfunction", "jnull", "yefunction", "customevent", "typeof n", "typeof wpcf7", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "filter", "typenumber", "totalvalue", "linear", "secs", "index", "nameregion", "typevalue", "rangeto", "customuserspeed", "code", "typeof define", "date", "click", "smoothscroll", "number", "property", "fancybox", "null", "false", "scroll", "stop", "speed", "body", "error", "this", "typeerror", "symbol", "generator", "typeof e", "copyright", "closure library", "reduceright", "string", "aw981889198", "uint8array", "quota", "aafunction", "void", "hj", "object", "hotjar", "email", "typeof symbol", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "qe", "fnumber", "xhfunction", "yhfunction", "awconversionid", "g0cbkgbkb3j", "xdfunction", "adfunction", "cdfunction", "ddfunction", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "ua411335272", "gfvhxsm5zyl", "xmlhttprequest", "domparser", "typeof module", "html tags", "ox20trnf", "dom element", "typeof t", "class", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c", "bsnull", "gtmmwm9r93", "typeof", "facebook pixel", "pixel code", "iterator", "constantvalue", "globalvariable", "facebook", "service", "phonenumber", "boolean", "select", "strong", "input", "iframe", "android", "verify", "span", "enterprise", "form", "reload", "adwords", "linkedin", "hs pixel", "loader", "addcookiedomain", "hubspot", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "helvetica neue", "helvetica", "arial", "accept", "n nn", "policy", "done", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "captcha", "please", "april", "august", "close", "february", "june", "klik", "download", "next", "blank", "este", "rserver", "mais", "r300", "typeof d", "path", "caca", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-allwest.com-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", "https://js.hsleadflows.net/leadflows.js", "https://js.hs-banner.com/9251231.js", "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", "https://js.hsadspixel.net/fb.js", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "https://connect.facebook.net/en_US/fbevents.js", "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.googletagmanager.com/gtag/js?id=AW-981889198", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0", "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", "https://js.hs-scripts.com/9251231.js" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 821, "URL": 1568, "domain": 251, "FileHash-SHA256": 70, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2715, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62606584633e2b9a3bc935b9", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "function s(t,e), o, is a new type of function, which throws new TypeError when it comes to trying to make a function out of its own language or its form.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T19:56:52.162000", "tags": [ "typeof t", "typeof define", "moztransform", "success", "error", "make sure", "stop", "ajax", "action", "click", "open", "active", "button", "toggle btn", "body", "scroll", "isotope", "preloader", "function", "javascript", "mit license", "typeof module", "gplv3", "license", "copyright", "metafizzy", "math", "typeof", "typeerror", "hidden", "show", "typeof n", "version", "hide", "focusin", "focusout", "shown", "startr", "endr", "federico zivolo", "distributed", "html", "statict", "flip", "regexp", "null", "void", "width", "object", "pseudo", "child", "class", "date", "accept", "webpackrequire", "name", "number", "arraybuffer", "iterator", "typedarray", "prototype", "string", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "android", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "canvas", "slidercaptcha", "createelement", "textdanger", "plugin", "rgba", "imagedata", "false", "touchstart", "trident", "applewebkit", "safari", "base", "presto", "gecko", "khtml", "micromessenger", "typeof e", "swiper", "most", "september", "customevent", "image", "typeof c", "twitter", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "array", "sufeffxa0", "attr", "\u706b\u7bad\u5185\u6d4b\u7b7e\u540d", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "push", "shift", "tencent", "barrio", "slice", "symbol", "typeof window", "maximum", "typeof symbol", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "ufe0fg", "ud83dudc6cud83c", "ud83dudc6dud83c", "welcome", "datav66d78640", "datav2f8052f5", "90deg", "datav5f1e575c", "datave97d7462", "helvetica neue", "helvetica", "10px", "pingfang sc", "arial", "45deg", "typenumber", "opacity0", "mozopacity0", "khtmlopacity0", "opacity100", "event", "boolean", "uint8array", "errordetails", "info", "checker", "generator", "blink", "keepalive", "4096", "unknown", "meteor", "rhino", "mini", "comment", "verify", "yeke", "codec", "media", "live", "speed", "headname", "axiostimeout", "apiurl", "bmi86hjtsk", "root", "length", "indexof", "x0ax20x20x20x20", "location", "0x10", "0x18", "history", "config", "cookie", "onload", "video", "afunction", "indexnotice", "sitehome", "x20trnf", "please", "strong" ], "references": [ "xfe-URL-sys95.com-stix2-2.1-export.json", "https://2001.habyc.com/?channelNo=2001#/home", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://sdk.51.la/js-sdk-pro.min.js", "https://2001.habyc.com/js/config.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://2001.dwlww.com/?channelNo=2001#/home", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://2001.dwlww.com/js/config.js", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "https://m4244.com:35003/", "https://www.8098.app:21568/?agent=7691755704", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://app.ynsdty.cn//package/GmCC6WISh", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://app.ynsdty.cn/dist/js/app.base.js", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 901, "URL": 5740, "hostname": 2218, "FileHash-SHA256": 1686, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6250b468bafaeb321280022f", "name": "Volltextsuche | Wir. Leben. Eifel.", "description": "Follow us on Facebook, Twitter, Instagram, Snapchat, YouTube, Facebook and other social media, here are some of the key information we need to know about the Eifel - ei Marke", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T22:17:12.122000", "tags": [ "date", "month", "typeof", "typeof define", "invalid date", "january", "february", "march", "april", "june", "august", "typeof require", "kfunction", "typeof b", "error", "modulenotfound", "iframe", "multiple", "event", "typeof c", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "dirrtl", "scalefactor", "typecheckbox", "http", "viewportwidth", "segoe ui", "arial", "helvetica", "verdana", "accept", "alpha", "cookiebotwidget", "number", "position", "cookiebot logo", "logo", "close widget", "consent", "weitere infos", "top unternehmen", "suche", "wirtschaft", "urbanes wohnen", "eifel tourismus", "einfhrung der", "volltextsuche", "leben", "eifel" ], "references": [ "https://www.standort-eifel.de/volltextsuche?form=fulltext&query=", "xfe-URL-zrvxhxr.ga-stix2-2.1-export.json", "https://consent.cookiebot.com/Scripts/widgetIcon.min.js", "https://consent.cookiebot.com/logconsent.ashx?action=decline&nocache=1649455889539&referer=https%3A%2F%2Fwww.standort-eifel.de%2Fvolltextsuche%3Fform%3Dfulltext%26query%3D&cbid=b1882b56-56d5-40fe-b5a3-6f1a5090ee0f&cbt=optinout&hasdata=true", "https://consent.cookiebot.com/b1882b56-56d5-40fe-b5a3-6f1a5090ee0f/cc.js?renew=false&referer=www.standort-eifel.de&dnt=false", "https://consent.cookiebot.com/uc.js", "https://www.standort-eifel.de/portal/dist/scripts/perfect-scrollbar.15f53abf.js.pagespeed.jm.FfU6v2WnFT.js", "https://www.standort-eifel.de/portal/dist/scripts/datePicker.b29f1017.js.pagespeed.jm.sp8QFzzpUj.js", "https://www.standort-eifel.de/portal/dist/scripts/serialize.a1835547.js.pagespeed.jm.oYNVR3P8_v.js", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 63, "URL": 107, "FileHash-SHA256": 276, "domain": 57 }, "indicator_count": 503, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1484 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624de06b6d7b6fb1caada56a", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:11.932000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624de0699b9516c5c53a4c60", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:09.891000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624de05d2c58343224615255", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:47:57.704000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621fff12d2c54f70fea90576", "name": "Bexar.org", "description": "", "modified": "2022-04-01T00:01:54.852000", "created": "2022-03-02T23:34:42.531000", "tags": [], "references": [ "www.bexar.org - urlscan.io.pdf", "bexar api 4.pdf", "bexar api 8.pdf", "bexar 6.pdf", "bexar api 2.pdf", "bexar api 7.pdf", "bexar api 3.pdf", "bexar api 9.pdf", "bexar api 12.pdf", "bexar api 17.pdf", "bexar api 15.pdf", "bexar api 18.pdf", "bexar api 10.pdf", "bexar api 19.pdf", "bexar api 20.pdf", "bexar api 13.pdf", "bexar api 21.pdf", "bexar api 14.pdf", "bexar api 22.pdf", "bexar1.pdf", "bexar api5.pdf", "bexar2.pdf", "bexar3.pdf", "bexar.org 3.2.22.pdf", "bexar6.pdf", "bexar5.pdf", "bexar api_1.pdf", "bexar10.pdf", "bexar api.pdf", "bexar_v1df.pdf", "bexarv4df.pdf", "bexarv2df.pdf", "bexarv6df.pdf", "bexasv3df.pdf", "bexarv7df.pdf", "bear_v apidf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1833, "URL": 4669, "domain": 1025, "FileHash-SHA256": 1735, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9410, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1521 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1524 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "xfe-URL-heymman.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "xfe-URL-allwest.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js", "bexarv6df.pdf", "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "bexasv3df.pdf", "https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js", "bexar api_1.pdf", "xfe-URL-Misk.com-stix2-2.1-export.json", "bexar api 3.pdf", "bexar2.pdf", "bexar.org 3.2.22.pdf", "https://app.ynsdty.cn/dist/js/jquery.cookie.js", "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", "https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://www.standort-eifel.de/portal/dist/scripts/perfect-scrollbar.15f53abf.js.pagespeed.jm.FfU6v2WnFT.js", "https://consent.cookiebot.com/Scripts/widgetIcon.min.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "bexar api 7.pdf", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://user.aquanx.com/clientarea.php", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", "xfe-URL-sys95.com-stix2-2.1-export.json", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", "zetalytics .pdf", "https://accounts.hetzner.com/login", "https://2001.habyc.com/static/css/app.88afcfd8.css", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4", "https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js", "bexar api 15.pdf", "https://unrealservers.net/master.css", "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", "https://js.hs-banner.com/9251231.js", "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://2001.dwlww.com/static/css/app.88afcfd8.css", "bexar1.pdf", "https://2001.habyc.com/js/config.js", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://2001.dwlww.com/?channelNo=2001#/home", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "https://app.ynsdty.cn/dist/js/app.base.js", "bexar api 12.pdf", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://www.8098.app:21568/js/jquery-1.11.3.min.js", "bexar3.pdf", "https://m4244.com:35003/", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable", "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", "https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4", "bexarv2df.pdf", "bexarv7df.pdf", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "https://app.ynsdty.cn/dist/js/jquery.min.js", "https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js", "bexar5.pdf", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://aquanx.com/", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js", "https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", "https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw", "xfe-URL-zrvxhxr.ga-stix2-2.1-export.json", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", "https://www.standort-eifel.de/volltextsuche?form=fulltext&query=", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "https://www.sunnetwork.com.sg/sun_21/js/slick.min.js", "bexar api 4.pdf", "https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js", "bexar api 14.pdf", "bexar api 10.pdf", "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", "https://sdk.51.la/js-sdk-pro.min.js", "https://matomo.hetzner.com/matomo.js", "https://app.ynsdty.cn//package/GmCC6WISh", "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", "https://app.ynsdty.cn/dist/vendors/core-js/core.js", "https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js", "https://js.hsadspixel.net/fb.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "bexar api 8.pdf", "https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "http://push.zhanzhang.baidu.com/push.js", "https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004", "https://consent.cookiebot.com/uc.js", "bexar10.pdf", "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", "bexar api 22.pdf", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", "https://www.hxcpp100.com/js/linkChange.js", "xfe-URL-habyc.com-stix2-2.1-export.json", "https://www.sunnetwork.com.sg/sun_21/js/popper.min.js", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/jquery-1.12.4.min.js", "xfe-URL-2001.habyc.com-stix2-2.1-export.json", "https://aquanx.com/js/modernizr-custom.js", "https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js", "bexar api 18.pdf", "https://guidemyrelationship.com/assets/js/main.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css", "bexar 6.pdf", "https://www.googletagmanager.com/gtag/js?id=AW-981889198", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=", "https://2001.habyc.com/?channelNo=2001#/home", "https://h5.hxcpp100.com/?id=22929", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953", "xfe-URL-raksmart.com-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://connect.facebook.net/en_US/fbevents.js", "www.bexar.org - urlscan.io.pdf", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://consent.cookiebot.com/b1882b56-56d5-40fe-b5a3-6f1a5090ee0f/cc.js?renew=false&referer=www.standort-eifel.de&dnt=false", "https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css", "https://www.heymman.com/script.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "bexar api.pdf", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.8098.app:21568/?agent=7691755704", "bexar api 17.pdf", "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", "https://2001.dwlww.com/static/js/app.9d5d18d7.js", "https://consent.cookiebot.com/logconsent.ashx?action=decline&nocache=1649455889539&referer=https%3A%2F%2Fwww.standort-eifel.de%2Fvolltextsuche%3Fform%3Dfulltext%26query%3D&cbid=b1882b56-56d5-40fe-b5a3-6f1a5090ee0f&cbt=optinout&hasdata=true", "https://h5.hxcpp100.com/js/linkChange.js", "bexar api 13.pdf", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "bexarv4df.pdf", "bexar_v1df.pdf", "bexar api5.pdf", "https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css", "https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js", "https://www.standort-eifel.de/portal/dist/scripts/serialize.a1835547.js.pagespeed.jm.oYNVR3P8_v.js", "bear_v apidf.pdf", "bexar api 21.pdf", "https://2001.dwlww.com/js/config.js", "bexar api 20.pdf", "https://js.hsleadflows.net/leadflows.js", "https://www.google.com/recaptcha/api.js", "https://www.heymman.com/style/main.css", "https://js.users.51.la/21185805.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://www.google-analytics.com/analytics.js", "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", "https://www.standort-eifel.de/portal/dist/scripts/datePicker.b29f1017.js.pagespeed.jm.sp8QFzzpUj.js", "https://www.sunnetwork.com.sg/sun_21/js/main.js", "https://js.hs-scripts.com/9251231.js", "bexar api 9.pdf", "bexar6.pdf", "https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "bexar api 2.pdf", "https://accounts.hetzner.com/build/app.dc073715.js", "xfe-URL-sun.net.hk-stix2-2.1-export.json", "bexar api 19.pdf", "https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js", "xfe-URL-Ndevix.com-stix2-2.1-export.json", "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Reduceright", "Trojan:win32/danabot.g", "Activedocument", "Qe", "Backdoor:win32/poison.e", "Alf:pua:block:iobit.r!mtb", "Trackingclient", "Win32:cryptor", "Ovlcwm", "Win.virus.polyransom-5704625-0", "Vui", "Vasaris", "Tente", "Hammer", "Outubro", "Anda", "Telper:cert:softwarebundler:win32/bunpredelt", "Srpanj", "Vd", "Bnm", "Hj", "Rabu" ], "industries": [ "Government" ], "unique_indicators": 30881 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/body.style", "whois": "http://whois.domaintools.com/body.style", "domain": "body.style", "hostname": "f.body.style" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 18, "pulses": [ { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c37c54dd9e78f85c0fa", "name": "\u7ea2\u674f\u89c6\u9891 malware", "description": "", "modified": "2023-12-06T14:59:03.859000", "created": "2023-12-06T14:59:03.859000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "hostname": 2218, "URL": 5740, "domain": 901, "FileHash-MD5": 3 }, "indicator_count": 10548, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626d5deabac11a947774de99", "name": "http://gczlau.com/c3af94f661", "description": "Live link sent via sms", "modified": "2022-05-29T00:01:17.829000", "created": "2022-04-30T16:03:54.153000", "tags": [ "move", "typetext", "typeemail", "typetel", "eace", "eacb", "aaed", "eachb", "yaay", "event", "cacb", "cacf", "typeof t", "text", "function", "load snowplow", "checks", "gets", "getmainpageub", "page", "clkg", "creates custom", "use visitor", "track form", "form", "support", "typeof", "text display", "typeof q", "typeof d", "post", "anura", "display support", "sympathizing", "quaker", "webview", "trident", "android", "date", "snowplow", "array", "anthon pang", "typeof e", "version", "author", "alex dean", "simon andersson", "fred blundun", "enter their", "phone number", "strong", "backstory", "privacy", "policy", "partner lookup", "partnerlookup", "diego", "new york", "contact", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "typeerror", "clickdataapi", "hidden", "typeof n", "bootstrap", "regexp", "error", "mouseleave", "click", "dataspy", "body", "pseudo", "child", "sufeffxa0", "class", "attr", "null", "this", "guide my", "yes no", "male female", "romance", "analyzing", "get started", "enter", "your partner", "number" ], "references": [ "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://guidemyrelationship.com/assets/js/main.js", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 333, "FileHash-SHA256": 106, "domain": 170, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1611, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62630579f28f0ade0c9fb8fb", "name": "Cera networks , hive, hurricane electric ..etc\u2026 \u201ccolos\u201d(plural) or \u201ccolocation\u201d", "description": "function lz_jssess, a new type of browser, is a two-way system, which allows the browser to talk to the other side of the screen.. the following:", "modified": "2022-05-22T00:01:01.264000", "created": "2022-04-22T19:43:53.501000", "tags": [ "ovlcwm", "activedocument", "null", "span", "date", "file", "livezilladata", "regexp", "amount", "email", "function", "filereader", "checkbox", "window", "false", "path", "trident", "template", "typeof define", "typeof", "lztextlink", "script", "lzrscr", "scrb64d", "typeof b", "error", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "void", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023" ], "references": [ "xfe-URL-ceranetworks.com-stix2-2.1-export.json", "https://www.ceranetworks.com/livechat/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://www.ceranetworks.com/public/static/js/jquery@1.12.4.min.js", "https://www.ceranetworks.com/livechat/server.php?rqst=track&output=jcrpt&hfk=MQ__&ovlv=djI_&ovltwo=MQ__&ovlc=MQ__&esc=IzJlOGFlNQ__&epc=IzMwOTFmMg__&ovlts=MA__&hfk=MQ__&ovlapo=MQ__&nse=0.7916382809044465", "https://www.ceranetworks.com/livechat/script.php?id=d708615a9293e1bcec892afb03bd2b45", "https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js", "https://www.ceranetworks.com/livechat/geo.php?a=1&gv=1023&method=lz_tracking_geo_result&spanm=lz_tracking_set_geo_span&oak=" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 306, "URL": 753, "FileHash-SHA256": 42, "domain": 114 }, "indicator_count": 1215, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1470 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6261fd6a8d527fa569351e63", "name": "Malware hosting - unrealservers.net & heymman.com", "description": "function S.name, a.com, has been added to the end of a page to make sure it does not end up in an unauthorised place. and it will not get any more.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:57:14.125000", "tags": [ "e2f0fc", "fd7a07", "f0482b", "gradienttype0", "a5bcce", "helvetica", "negative", "arial", "bcd3e4", "style sheet", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "onload", "select", "error", "strong", "uint8array", "string", "null", "number", "function", "input", "array", "iframe", "date", "android", "verify", "stop", "this", "span", "enterprise", "click", "widget", "window", "form", "generator", "reload", "void", "dd2d2f", "e8e8e8", "d8d8d8", "fcfcfc", "e5e5e5", "lucida", "unicode", "lucida grande", "f9f9f9", "footer", "unavailable", "ngsanitize", "order now", "invalid", "snippet", "month", "hours", "fullyear", "regexp", "eeee", "mmmm d", "mena", "christ" ], "references": [ "xfe-URL-heymman.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js", "https://www.heymman.com/script.js", "https://www.heymman.com/style/main.css", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.google.com/recaptcha/api.js", "https://unrealservers.net/master.css", "xfe-URL-Ndevix.com-stix2-2.1-export.json", "xfe-URL-Misk.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 427, "URL": 1183, "FileHash-SHA256": 162, "domain": 441, "email": 4 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1471 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626078c9aeb1f4837a1bfc7e", "name": "Malware hosting - allwest.com", "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T21:19:05.670000", "tags": [ "guji", "regexp", "cfunction", "event", "afunction", "efunction", "function", "xfunction", "jnull", "yefunction", "customevent", "typeof n", "typeof wpcf7", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "filter", "typenumber", "totalvalue", "linear", "secs", "index", "nameregion", "typevalue", "rangeto", "customuserspeed", "code", "typeof define", "date", "click", "smoothscroll", "number", "property", "fancybox", "null", "false", "scroll", "stop", "speed", "body", "error", "this", "typeerror", "symbol", "generator", "typeof e", "copyright", "closure library", "reduceright", "string", "aw981889198", "uint8array", "quota", "aafunction", "void", "hj", "object", "hotjar", "email", "typeof symbol", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "qe", "fnumber", "xhfunction", "yhfunction", "awconversionid", "g0cbkgbkb3j", "xdfunction", "adfunction", "cdfunction", "ddfunction", "typeof hj", "surveyv2", "surveyisolated", "heatmapviewer", "notification", "sentry", "ua411335272", "gfvhxsm5zyl", "xmlhttprequest", "domparser", "typeof module", "html tags", "ox20trnf", "dom element", "typeof t", "class", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c", "bsnull", "gtmmwm9r93", "typeof", "facebook pixel", "pixel code", "iterator", "constantvalue", "globalvariable", "facebook", "service", "phonenumber", "boolean", "select", "strong", "input", "iframe", "android", "verify", "span", "enterprise", "form", "reload", "adwords", "linkedin", "hs pixel", "loader", "addcookiedomain", "hubspot", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "helvetica neue", "helvetica", "arial", "accept", "n nn", "policy", "done", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "captcha", "please", "april", "august", "close", "february", "june", "klik", "download", "next", "blank", "este", "rserver", "mais", "r300", "typeof d", "path", "caca", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "array int8array", "caregexp", "legacy" ], "references": [ "xfe-URL-allwest.com-stix2-2.1-export.json", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.google-analytics.com/analytics.js", "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", "https://js.hsleadflows.net/leadflows.js", "https://js.hs-banner.com/9251231.js", "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", "https://js.hsadspixel.net/fb.js", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", "https://connect.facebook.net/en_US/fbevents.js", "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.googletagmanager.com/gtag/js?id=AW-981889198", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0", "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", "https://js.hs-scripts.com/9251231.js" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 821, "URL": 1568, "domain": 251, "FileHash-SHA256": 70, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2715, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://f.body.style", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://f.body.style", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780271568.239848 }