{ "type": "URL", "indicator": "https://r.s.next", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://r.s.next", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3459554278, "indicator": "https://r.s.next", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "6844240c68255798e08beb3b", "name": "Bilety online: Tw\u00f3j kolejowy partner w podr\u00f3\u017cy", "description": "Microsoft has created a new version of its XMLHttpRequest, which allows users to access a website, via a browser or browser without the permission of a third party, using the same address.", "modified": "2025-07-07T00:01:51.704000", "created": "2025-06-07T11:35:40.942000", "tags": [ "sign", "google sign", "forgot email", "criminalip", "create account", "bilety online", "sprzeday biletw", "polregio", "ssdeep", "license", "typeerror", "regexp", "promise", "function", "version", "typeof symbol", "copyright", "google llc", "apache license", "date", "without", "error", "blank", "trident", "generator", "class", "mountain view", "android", "submission", "california", "common name", "google inc", "unit android", "country code", "us state", "sha1", "sha256", "imphash", "pehash", "file type", "vhash", "authentihash" ], "references": [ "http://bilety.polregio.pl", "https://bilety.polregio.pl", "http://www.salesmanago.pl/static/sm.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1295, "hostname": 302, "domain": 137, "FileHash-SHA256": 996, "FileHash-MD5": 38, "FileHash-SHA1": 40, "IPv4": 1 }, "indicator_count": 2809, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "329 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "353 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed86228ecb2b03d35b046f", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:25:54.305000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed8628367c1a4f3f8e773a", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:26:00.959000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62925b989eba65cefe8c5f88", "name": "Mathworks.com (work in progress) extractor is malfunctioning", "description": "defineProperty(t,n), Object.prototype, E.S.D, e.CmpApiModel, \"DeepClone\", \"deepClones\" - a description of all the functions in this.", "modified": "2022-05-28T17:43:49.055000", "created": "2022-05-28T17:27:52.332000", "tags": [ "optin", "elqsitevisited", "qnew date", "rnew date", "dlkey", "dllookup", "image", "httponly", "typeof e", "typeerror", "typeof symbol", "string", "array", "date", "efunction", "sfunction", "target", "typeof h", "typeof t", "typeof n", "typeof", "copyright", "event", "jquery", "typeof u", "uspapi", "confirmation", "matlab", "matlab speaks", "video", "system toolbox", "international", "learning", "computer vision", "analytics", "toolbox", "shell", "loans", "b0b6c1", "send", "caced6", "qualaroo", "thank", "ffd700", "simulink", "blank", "pass", "undef", "false", "null", "martin", "6464", "12224", "survey", "close", "tools", "python", "typeof require", "error", "modulenotfound", "abcdef", "typeof visitor", "adcloud", "typeof alloy" ], "references": [ "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=m", "https://www.everestjs.net/static/le/last-event-tag-latest.min.js", "https://s3.amazonaws.com/ki.js/49559/ahy.js", "https://rules.quantcount.com/rules-p-zfNtLVVEHXE-1.js", "https://secure.quantserve.com/quant.js", "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=mathworks.com", "https://img03.en25.com/i/elqCfg.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 156, "hostname": 192, "URL": 608, "FileHash-SHA256": 22, "FileHash-MD5": 2 }, "indicator_count": 980, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "https://contabo.com/client/client-30e55c50.css", "jquery.cookie.js.pobrane", "djmobilemenu.css", "caption.js.pobrane", "offcanvas.26.css", "offcanvas.css", "jquery.easing.min.js.pobrane", "animations.css", "https://www.everestjs.net/static/le/last-event-tag-latest.min.js", "https://bilety.polregio.pl", "geometry.js.pobrane", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "ad_status.js.pobrane", "style.css", "template.26.css", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "jquery.min.js.pobrane", "extended_layouts.26.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "magnific-init.js.pobrane", "jquery.djmobilemenu.js.pobrane", "map.js.pobrane", "http://bilety.polregio.pl", "cast_sender.js.pobrane", "search.js.pobrane", "common.js.pobrane", "jquery-migrate.min.js.pobrane", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js", "magnific.css", "embed.html", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "jquery.djmegamenu.js.pobrane", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://contabo.com/client/client.a529db28.js", "finder.css", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://www.hotjar.com/ensureSegmentId.js", "bootstrap.min.js.pobrane", "https://www.clarity.ms/tag/uet/5739677", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://secure.quantserve.com/quant.js", "apstag.js", "slider.js.pobrane", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "jquery.countTo.js.pobrane", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://sc-static.net/scevent.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "scripts.js.pobrane", "remote.js.pobrane", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://img03.en25.com/i/elqCfg.min.js", "webpack buildin global.js", "jquery.ui.core.min.js.pobrane", "https://www.dwin1.com/13976.js", "https://s3.amazonaws.com/ki.js/49559/ahy.js", "embed.js.pobrane", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "overlay.js.pobrane", "jcemediabox.js.pobrane", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "animate.ext.css", "template_responsive.26.css", "v6s.js", "fontswitcher.js.pobrane", "djimageslider.css", "jquery.autocomplete.min.js.pobrane", "onion.js.pobrane", "pagesettings.js.pobrane", "css", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "offcanvas.js.pobrane", "www-embed-player.js.pobrane", "stickybar.js.pobrane", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "jcemediabox.css", "https://l.clarity.ms/s/0.6.34/clarity.js", "layout.min.js.pobrane", "https://www.hotjar.com/persistUtmParams.js", "font_switcher.26.css", "SlotBuilder.ts", "nlsSDK600.bundle.min.js", "f5Y41t9wqY4.html", "js", "jquery.ui.sortable.min.js.pobrane", "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=mathworks.com", "bootstrap.26.css", "content.css", "search_impl.js.pobrane", "https://fast.appcues.com/79878.js", "http://www.salesmanago.pl/static/sm.js", "util.js.pobrane", "https://rules.quantcount.com/rules-p-zfNtLVVEHXE-1.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "djmegamenu.26.css", "magnific.js.pobrane", "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "bootstrap_responsive.26.css", "main.js.pobrane", "animate.min.css", "beacon.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "jquery-noconflict.js.pobrane", "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=m" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Slotbuilder", "Requestbuilder", "Reduceright", "Gc" ], "industries": [], "unique_indicators": 40125 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/s.next", "whois": "http://whois.domaintools.com/s.next", "domain": "s.next", "hostname": "r.s.next" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "6844240c68255798e08beb3b", "name": "Bilety online: Tw\u00f3j kolejowy partner w podr\u00f3\u017cy", "description": "Microsoft has created a new version of its XMLHttpRequest, which allows users to access a website, via a browser or browser without the permission of a third party, using the same address.", "modified": "2025-07-07T00:01:51.704000", "created": "2025-06-07T11:35:40.942000", "tags": [ "sign", "google sign", "forgot email", "criminalip", "create account", "bilety online", "sprzeday biletw", "polregio", "ssdeep", "license", "typeerror", "regexp", "promise", "function", "version", "typeof symbol", "copyright", "google llc", "apache license", "date", "without", "error", "blank", "trident", "generator", "class", "mountain view", "android", "submission", "california", "common name", "google inc", "unit android", "country code", "us state", "sha1", "sha256", "imphash", "pehash", "file type", "vhash", "authentihash" ], "references": [ "http://bilety.polregio.pl", "https://bilety.polregio.pl", "http://www.salesmanago.pl/static/sm.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1295, "hostname": 302, "domain": 137, "FileHash-SHA256": 996, "FileHash-MD5": 38, "FileHash-SHA1": 40, "IPv4": 1 }, "indicator_count": 2809, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "329 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "353 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1158 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed86228ecb2b03d35b046f", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:25:54.305000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed8628367c1a4f3f8e773a", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:26:00.959000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1171 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1438 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62925b989eba65cefe8c5f88", "name": "Mathworks.com (work in progress) extractor is malfunctioning", "description": "defineProperty(t,n), Object.prototype, E.S.D, e.CmpApiModel, \"DeepClone\", \"deepClones\" - a description of all the functions in this.", "modified": "2022-05-28T17:43:49.055000", "created": "2022-05-28T17:27:52.332000", "tags": [ "optin", "elqsitevisited", "qnew date", "rnew date", "dlkey", "dllookup", "image", "httponly", "typeof e", "typeerror", "typeof symbol", "string", "array", "date", "efunction", "sfunction", "target", "typeof h", "typeof t", "typeof n", "typeof", "copyright", "event", "jquery", "typeof u", "uspapi", "confirmation", "matlab", "matlab speaks", "video", "system toolbox", "international", "learning", "computer vision", "analytics", "toolbox", "shell", "loans", "b0b6c1", "send", "caced6", "qualaroo", "thank", "ffd700", "simulink", "blank", "pass", "undef", "false", "null", "martin", "6464", "12224", "survey", "close", "tools", "python", "typeof require", "error", "modulenotfound", "abcdef", "typeof visitor", "adcloud", "typeof alloy" ], "references": [ "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=m", "https://www.everestjs.net/static/le/last-event-tag-latest.min.js", "https://s3.amazonaws.com/ki.js/49559/ahy.js", "https://rules.quantcount.com/rules-p-zfNtLVVEHXE-1.js", "https://secure.quantserve.com/quant.js", "https://quantcast.mgr.consensu.org/tcfv2/27/cmp2.js?referer=mathworks.com", "https://img03.en25.com/i/elqCfg.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 156, "hostname": 192, "URL": 608, "FileHash-SHA256": 22, "FileHash-MD5": 2 }, "indicator_count": 980, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://r.s.next", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://r.s.next", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780350615.4490333 }