{ "type": "URL", "indicator": "https://n.memoizedprops.style", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://n.memoizedprops.style", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3431431332, "indicator": "https://n.memoizedprops.style", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e2d7cb4228401888b63", "name": "possibly a central bank", "description": "", "modified": "2023-12-06T15:07:25.990000", "created": "2023-12-06T15:07:25.990000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 622, "domain": 2558, "URL": 4203, "hostname": 1221, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280aa12040a569d19f6285f", "name": "possibly a central bank", "description": "Tobias Ahlin,", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T07:21:54.499000", "tags": [ "regexp", "typeof e", "function", "typeof t", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "reduceright", "number", "string", "l420", "g8m7ft2s1tv", "copyright", "json", "uint8array", "ssnull", "script", "closure library", "xdfunction", "adfunction", "typeerror", "symbol", "generator", "typeof n", "array", "promise", "weakmap", "typeof f", "natb", "409764", "animation", "suspense", "context", "forwardref", "deleted", "10252", "meta", "facebook", "unknown", "scroll", "backspace", "insert", "typeof symbol", "typeof c", "typeof s", "sprintf", "syntaxerror", "vhyj", "diefg", "bcdiefguxx", "constructor", "param", "rockn", "createclass", "source", "super", "infinity", "false", "contact", "internal", "phonenumber", "middle", "path", "redemption", "pass", "click", "cont", "albania", "armenia", "burma", "belarus", "cuba", "panama", "paraguay", "slovakia", "chad", "uruguay", "prop", "invert", "flip", "close", "small", "green", "union", "indonesia", "lucia", "martin", "mexico", "code", "apache", "blin", "slave", "gondi", "icelandic", "ganda", "zulu", "christmas", "burkina", "czech", "ukraine", "android", "format", "updater", "next", "hooks", "harmony", "trim", "python", "push", "shift", "slice", "shadowsizzle", "domdata", "hexchars", "agent", "launcher", "fail", "bind", "trident", "getclass", "body", "widget", "areasmodule", "duip", "hlwq", "fz5i", "dehu", "tbh0", "fwir", "x7am", "pcnd", "valr", "boolean", "portal", "partner", "ascio partner", "ascio", "tlds", "login en", "en de", "join today", "idns", "skip", "ascio domains", "tlds offered", "global whois", "checker", "helvetica neue", "arial", "d67a60", "inter", "baskerville", "15px", "180deg", "135deg", "video", "init", "wrap", "flip direction", "stop animation", "scale", "htmlelement", "hide", "typeof", "property", "fill", "noscroll", "matrix", "skew", "look", "julian garnier", "mit license", "typeof define", "typeof module", "htmlcollection", "255a", "qnull", "float32array", "nfunction", "tobias ahlin", "github", "spotify", "hyper island", "strong", "tobias", "read", "view", "ahlin bjerrome", "minecraft", "view project", "spinkit", "lookback", "ruby", "hello" ], "references": [ "xfe-URL-ascio.com-stix2-2.1-export.json", "https://tobiasahlin.com", "xfe-URL-tobiasahlin.com-stix2-2.1-export.json", "https://tobiasahlin.com/js/anime.min.js", "https://tobiasahlin.com/js/app.js?v=1", "https://tobiasahlin.com/js/portfolio.js", "https://tobiasahlin.com/css/site.css", "https://ascio.com", "https://portal.ascio.com/login", "https://static.zdassets.com/ekr/snippet.js?key=d814ea4a-a8eb-4a9c-aedd-cac0aa0e3551", "https://portal.ascio.com/7.602be6705ce7b901b821.js", "https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js", "https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js", "https://js.hs-scripts.com/20704235.js", "https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806", "https://www.ascio.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834", "https://www.ascio.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c", "https://www.ascio.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1", "https://www.ascio.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19", "xfe-URL-lodash.com-stix2-2.1-export.json", "https://www.ascio.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3", "https://www.googletagmanager.com/gtag/js?id=G-8M7FT2S1TV&l=dataLayer&cx=c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "hostname": 1221, "domain": 2558, "FileHash-SHA256": 622, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "https://contabo.com/client/client.a529db28.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://www.hotjar.com/persistUtmParams.js", "https://fast.appcues.com/79878.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://portal.ascio.com/login", "https://www.ascio.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1", "xfe-URL-ascio.com-stix2-2.1-export.json", "https://js.hs-scripts.com/20704235.js", "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://sc-static.net/scevent.min.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://tobiasahlin.com/js/anime.min.js", "https://www.googletagmanager.com/gtag/js?id=G-8M7FT2S1TV&l=dataLayer&cx=c", "https://portal.ascio.com/7.602be6705ce7b901b821.js", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "https://tobiasahlin.com", "xfe-URL-tobiasahlin.com-stix2-2.1-export.json", "https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://www.hotjar.com/ensureSegmentId.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://static.zdassets.com/ekr/snippet.js?key=d814ea4a-a8eb-4a9c-aedd-cac0aa0e3551", "https://www.ascio.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://www.dwin1.com/13976.js", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js", "https://tobiasahlin.com/css/site.css", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://ascio.com", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://tobiasahlin.com/js/app.js?v=1", "https://contabo.com/client/client-30e55c50.css", "https://www.ascio.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "original dropped file discovery url", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.ascio.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834", "https://tobiasahlin.com/js/portfolio.js", "https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://www.clarity.ms/tag/uet/5739677", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "https://www.ascio.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "xfe-URL-lodash.com-stix2-2.1-export.json" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Reduceright" ], "industries": [], "unique_indicators": 16252 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/memoizedprops.style", "whois": "http://whois.domaintools.com/memoizedprops.style", "domain": "memoizedprops.style", "hostname": "n.memoizedprops.style" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e2d7cb4228401888b63", "name": "possibly a central bank", "description": "", "modified": "2023-12-06T15:07:25.990000", "created": "2023-12-06T15:07:25.990000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 622, "domain": 2558, "URL": 4203, "hostname": 1221, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1214 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280aa12040a569d19f6285f", "name": "possibly a central bank", "description": "Tobias Ahlin,", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T07:21:54.499000", "tags": [ "regexp", "typeof e", "function", "typeof t", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "reduceright", "number", "string", "l420", "g8m7ft2s1tv", "copyright", "json", "uint8array", "ssnull", "script", "closure library", "xdfunction", "adfunction", "typeerror", "symbol", "generator", "typeof n", "array", "promise", "weakmap", "typeof f", "natb", "409764", "animation", "suspense", "context", "forwardref", "deleted", "10252", "meta", "facebook", "unknown", "scroll", "backspace", "insert", "typeof symbol", "typeof c", "typeof s", "sprintf", "syntaxerror", "vhyj", "diefg", "bcdiefguxx", "constructor", "param", "rockn", "createclass", "source", "super", "infinity", "false", "contact", "internal", "phonenumber", "middle", "path", "redemption", "pass", "click", "cont", "albania", "armenia", "burma", "belarus", "cuba", "panama", "paraguay", "slovakia", "chad", "uruguay", "prop", "invert", "flip", "close", "small", "green", "union", "indonesia", "lucia", "martin", "mexico", "code", "apache", "blin", "slave", "gondi", "icelandic", "ganda", "zulu", "christmas", "burkina", "czech", "ukraine", "android", "format", "updater", "next", "hooks", "harmony", "trim", "python", "push", "shift", "slice", "shadowsizzle", "domdata", "hexchars", "agent", "launcher", "fail", "bind", "trident", "getclass", "body", "widget", "areasmodule", "duip", "hlwq", "fz5i", "dehu", "tbh0", "fwir", "x7am", "pcnd", "valr", "boolean", "portal", "partner", "ascio partner", "ascio", "tlds", "login en", "en de", "join today", "idns", "skip", "ascio domains", "tlds offered", "global whois", "checker", "helvetica neue", "arial", "d67a60", "inter", "baskerville", "15px", "180deg", "135deg", "video", "init", "wrap", "flip direction", "stop animation", "scale", "htmlelement", "hide", "typeof", "property", "fill", "noscroll", "matrix", "skew", "look", "julian garnier", "mit license", "typeof define", "typeof module", "htmlcollection", "255a", "qnull", "float32array", "nfunction", "tobias ahlin", "github", "spotify", "hyper island", "strong", "tobias", "read", "view", "ahlin bjerrome", "minecraft", "view project", "spinkit", "lookback", "ruby", "hello" ], "references": [ "xfe-URL-ascio.com-stix2-2.1-export.json", "https://tobiasahlin.com", "xfe-URL-tobiasahlin.com-stix2-2.1-export.json", "https://tobiasahlin.com/js/anime.min.js", "https://tobiasahlin.com/js/app.js?v=1", "https://tobiasahlin.com/js/portfolio.js", "https://tobiasahlin.com/css/site.css", "https://ascio.com", "https://portal.ascio.com/login", "https://static.zdassets.com/ekr/snippet.js?key=d814ea4a-a8eb-4a9c-aedd-cac0aa0e3551", "https://portal.ascio.com/7.602be6705ce7b901b821.js", "https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js", "https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js", "https://js.hs-scripts.com/20704235.js", "https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806", "https://www.ascio.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834", "https://www.ascio.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c", "https://www.ascio.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1", "https://www.ascio.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19", "xfe-URL-lodash.com-stix2-2.1-export.json", "https://www.ascio.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3", "https://www.googletagmanager.com/gtag/js?id=G-8M7FT2S1TV&l=dataLayer&cx=c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "hostname": 1221, "domain": 2558, "FileHash-SHA256": 622, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1468 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://n.memoizedprops.style", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://n.memoizedprops.style", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780350904.096343 }