{ "type": "URL", "indicator": "https://github.com/markedjs/marked.", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://github.com/markedjs/marked.", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #87", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #560", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3429332921, "indicator": "https://github.com/markedjs/marked.", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a0e891990e460b7c453f3c3", "name": "Spyware: Q. Vashti, VirusTotal Box of Apples Sandbox report", "description": "[Spyware: A complete list of words, phrases, symbols and symbols. and the full text of this page, published by Q.Vashti Public TLP, has been released.] Follow Q.Vashti, excellent researcher.", "modified": "2026-05-21T05:24:25.308000", "created": "2026-05-21T04:24:57.187000", "tags": [ "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "write delete", "move time", "url https", "url http", "months ago", "spam author", "spyware created", "modified", "iiiii whoo", "maas", "scan", "iocs", "indicator role", "title added", "active related", "pulses url", "cloudflare", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "MA", "legal deadlock", "Compliance lock abuse", "Phone carrier interception 9999999999", "Plot", "Coordinated state abuse", "Enemy of the state", "Suppression", "Guard abuse", "the real fake admin of all domains and devices", "Mass", "Ina", "Maassina", "Signet" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779336524&Signature=O5n0S4aWPfyjTDJc05rzvbBhcbEoG8Ay%2Fz1o8K3hGVa9yUcttzmFeiPiaEhLbNVb9JiGIOIDKYipVl89pWQnYGXvGkFlwlFEXMP7Bk0zMMRedzKnp5vRpurrgLFfTgr%2BB1LVJyMVDEvDnGezrwX3d6OVEfW4XJ1w3he09Vvhr6fmuca3vBNMTc%2F%2BLGyb5JKBbQl06mGcymu8a2NNt8LXHTceDjZdRnfEyCWqn9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4288, "domain": 63, "IPv4": 4, "hostname": 207, "URL": 570, "FileHash-MD5": 39, "FileHash-SHA1": 40, "CIDR": 1, "email": 3 }, "indicator_count": 5215, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626224efc28c918470fa07ed", "name": "inflect.com - malware", "description": "var e,t, r.o, is a new type of code, which can be used to build a website, but can't do so without a special code.. and the following:", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T03:45:51.681000", "tags": [ "object", "typeof symbol", "typeerror", "html", "body", "software", "pops", "width", "error", "provider", "null", "code", "trident", "trcomponent", "typeof t", "referenceerror", "component", "date", "array", "header", "contact", "backspace", "next", "footer", "copy", "february", "april", "june", "august", "open", "project", "this", "unknown", "heapdeps", "number", "hki3", "ogr1", "function", "regexp", "typeof self", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "string", "boolean", "service", "phonenumber", "meta", "typeof e", "sesprops", "nthis", "href", "image", "input", "class", "logger", "download", "target", "form", "push" ], "references": [ "xfe-URL-inflect.com-stix2-2.1-export.json", "https://cdn.heapanalytics.com/js/heap-2001511295.js", "https://connect.facebook.net/signals/config/534474930374151?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/heap/2.1.2/heap.dynamic.js.gz", "https://storage.googleapis.com/inflect-frontend-assets/adb460de2098568d4c3580de1fde2f6690bcbd04/_next/static/s0TytVz2d0zNgb~bjg~~D/pages/search.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrComponent", "display_name": "TrComponent", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1064, "FileHash-SHA256": 222, "hostname": 162, "domain": 294 }, "indicator_count": 1742, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://cdn.heapanalytics.com/js/heap-2001511295.js", "xfe-URL-inflect.com-stix2-2.1-export.json", "https://connect.facebook.net/en_US/fbevents.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779336524&Signature=O5n0S4aWPfyjTDJc05rzvbBhcbEoG8Ay%2Fz1o8K3hGVa9yUcttzmFeiPiaEhLbNVb9JiGIOIDKYipVl89pWQnYGXvGkFlwlFEXMP7Bk0zMMRedzKnp5vRpurrgLFfTgr%2BB1LVJyMVDEvDnGezrwX3d6OVEfW4XJ1w3he09Vvhr6fmuca3vBNMTc%2F%2BLGyb5JKBbQl06mGcymu8a2NNt8LXHTceDjZdRnfEyCWqn9", "https://storage.googleapis.com/inflect-frontend-assets/adb460de2098568d4c3580de1fde2f6690bcbd04/_next/static/s0TytVz2d0zNgb~bjg~~D/pages/search.js", "https://cdn.segment.com/next-integrations/integrations/heap/2.1.2/heap.dynamic.js.gz", "https://connect.facebook.net/signals/config/534474930374151?v=2.9.57&r=stable" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Trcomponent" ], "industries": [], "unique_indicators": 3700 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/github.com", "whois": "http://whois.domaintools.com/github.com", "domain": "github.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a0e891990e460b7c453f3c3", "name": "Spyware: Q. Vashti, VirusTotal Box of Apples Sandbox report", "description": "[Spyware: A complete list of words, phrases, symbols and symbols. and the full text of this page, published by Q.Vashti Public TLP, has been released.] Follow Q.Vashti, excellent researcher.", "modified": "2026-05-21T05:24:25.308000", "created": "2026-05-21T04:24:57.187000", "tags": [ "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "write delete", "move time", "url https", "url http", "months ago", "spam author", "spyware created", "modified", "iiiii whoo", "maas", "scan", "iocs", "indicator role", "title added", "active related", "pulses url", "cloudflare", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "MA", "legal deadlock", "Compliance lock abuse", "Phone carrier interception 9999999999", "Plot", "Coordinated state abuse", "Enemy of the state", "Suppression", "Guard abuse", "the real fake admin of all domains and devices", "Mass", "Ina", "Maassina", "Signet" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779336524&Signature=O5n0S4aWPfyjTDJc05rzvbBhcbEoG8Ay%2Fz1o8K3hGVa9yUcttzmFeiPiaEhLbNVb9JiGIOIDKYipVl89pWQnYGXvGkFlwlFEXMP7Bk0zMMRedzKnp5vRpurrgLFfTgr%2BB1LVJyMVDEvDnGezrwX3d6OVEfW4XJ1w3he09Vvhr6fmuca3vBNMTc%2F%2BLGyb5JKBbQl06mGcymu8a2NNt8LXHTceDjZdRnfEyCWqn9" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 4288, "domain": 63, "IPv4": 4, "hostname": 207, "URL": 570, "FileHash-MD5": 39, "FileHash-SHA1": 40, "CIDR": 1, "email": 3 }, "indicator_count": 5215, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626224efc28c918470fa07ed", "name": "inflect.com - malware", "description": "var e,t, r.o, is a new type of code, which can be used to build a website, but can't do so without a special code.. and the following:", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T03:45:51.681000", "tags": [ "object", "typeof symbol", "typeerror", "html", "body", "software", "pops", "width", "error", "provider", "null", "code", "trident", "trcomponent", "typeof t", "referenceerror", "component", "date", "array", "header", "contact", "backspace", "next", "footer", "copy", "february", "april", "june", "august", "open", "project", "this", "unknown", "heapdeps", "number", "hki3", "ogr1", "function", "regexp", "typeof self", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "string", "boolean", "service", "phonenumber", "meta", "typeof e", "sesprops", "nthis", "href", "image", "input", "class", "logger", "download", "target", "form", "push" ], "references": [ "xfe-URL-inflect.com-stix2-2.1-export.json", "https://cdn.heapanalytics.com/js/heap-2001511295.js", "https://connect.facebook.net/signals/config/534474930374151?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/heap/2.1.2/heap.dynamic.js.gz", "https://storage.googleapis.com/inflect-frontend-assets/adb460de2098568d4c3580de1fde2f6690bcbd04/_next/static/s0TytVz2d0zNgb~bjg~~D/pages/search.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrComponent", "display_name": "TrComponent", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1064, "FileHash-SHA256": 222, "hostname": 162, "domain": 294 }, "indicator_count": 1742, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://github.com/markedjs/marked.", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://github.com/markedjs/marked.", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780307820.3521957 }