{ "type": "URL", "indicator": "https://this.f.next", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://this.f.next", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3157252662, "indicator": "https://this.f.next", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 32, "pulses": [ { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e2d7cb4228401888b63", "name": "possibly a central bank", "description": "", "modified": "2023-12-06T15:07:25.990000", "created": "2023-12-06T15:07:25.990000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 622, "domain": 2558, "URL": 4203, "hostname": 1221, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cc78755574d9812e4c8", "name": "one google maps api call and one generic key - causing a large chunk of cyber disruption and compromise", "description": "", "modified": "2023-12-06T15:01:27.166000", "created": "2023-12-06T15:01:27.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 135, "hostname": 149, "URL": 352, "domain": 53 }, "indicator_count": 689, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c57c7b19b62c501601a", "name": "Hurricane Electric - csp.he.net :)", "description": "", "modified": "2023-12-06T14:59:35.479000", "created": "2023-12-06T14:59:35.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 186, "hostname": 490, "URL": 1339, "domain": 311 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0f5981b6d81d0fa423", "name": "data102 and colohouse. Malware hosting", "description": "", "modified": "2023-12-06T14:58:23.206000", "created": "2023-12-06T14:58:23.206000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 458, "domain": 557, "URL": 2599, "hostname": 952 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708beba2ba8bcfb1d10237", "name": "hostkey - Industroyer&ReduceRight", "description": "", "modified": "2023-12-06T14:57:47.430000", "created": "2023-12-06T14:57:47.430000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 304, "hostname": 563, "domain": 407, "URL": 1776, "FileHash-SHA1": 2 }, "indicator_count": 3052, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708b72abe90961af1737c9", "name": "reCAPTCHA", "description": "", "modified": "2023-12-06T14:55:46.172000", "created": "2023-12-06T14:55:46.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 362, "domain": 330, "URL": 1790, "hostname": 586, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707e5b7df6f60133e8fb50", "name": "Jeeng / Powerbox", "description": "", "modified": "2023-12-06T13:59:55.129000", "created": "2023-12-06T13:59:55.129000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 9072, "domain": 2500, "hostname": 3584, "URL": 13548, "FileHash-MD5": 197, "FileHash-SHA1": 162, "email": 19, "CIDR": 20, "SSLCertFingerprint": 2, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1115 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed8628367c1a4f3f8e773a", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:26:00.959000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63ed86228ecb2b03d35b046f", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:25:54.305000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1128 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "634b4481d97a69446b750e82", "name": "adsbygoogle.js hybrid-A ts 55/100 seems mych worse here", "description": "", "modified": "2022-10-15T23:52:08.907000", "created": "2022-10-15T23:38:41.311000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "ansi", "memoryfile scan", "error", "null", "string", "runtime data", "number", "object", "chrome", "void", "date", "android", "path", "iframe", "window", "this", "trident", "meta", "suspicious", "infinity", "hybrid", "close", "click", "general", "strings", "malicious", "august" ], "references": [ "https://hybrid-analysis.com/sample/fbba6129666c709aae5bcc8f49cffc28ad0d0c6d5b22fb4ee69da66e5d5fd7d9/634753ff96b237006c46584e" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 62, "URL": 835, "domain": 65, "FileHash-SHA256": 81, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1045, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6280aa12040a569d19f6285f", "name": "possibly a central bank", "description": "Tobias Ahlin,", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T07:21:54.499000", "tags": [ "regexp", "typeof e", "function", "typeof t", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "reduceright", "number", "string", "l420", "g8m7ft2s1tv", "copyright", "json", "uint8array", "ssnull", "script", "closure library", "xdfunction", "adfunction", "typeerror", "symbol", "generator", "typeof n", "array", "promise", "weakmap", "typeof f", "natb", "409764", "animation", "suspense", "context", "forwardref", "deleted", "10252", "meta", "facebook", "unknown", "scroll", "backspace", "insert", "typeof symbol", "typeof c", "typeof s", "sprintf", "syntaxerror", "vhyj", "diefg", "bcdiefguxx", "constructor", "param", "rockn", "createclass", "source", "super", "infinity", "false", "contact", "internal", "phonenumber", "middle", "path", "redemption", "pass", "click", "cont", "albania", "armenia", "burma", "belarus", "cuba", "panama", "paraguay", "slovakia", "chad", "uruguay", "prop", "invert", "flip", "close", "small", "green", "union", "indonesia", "lucia", "martin", "mexico", "code", "apache", "blin", "slave", "gondi", "icelandic", "ganda", "zulu", "christmas", "burkina", "czech", "ukraine", "android", "format", "updater", "next", "hooks", "harmony", "trim", "python", "push", "shift", "slice", "shadowsizzle", "domdata", "hexchars", "agent", "launcher", "fail", "bind", "trident", "getclass", "body", "widget", "areasmodule", "duip", "hlwq", "fz5i", "dehu", "tbh0", "fwir", "x7am", "pcnd", "valr", "boolean", "portal", "partner", "ascio partner", "ascio", "tlds", "login en", "en de", "join today", "idns", "skip", "ascio domains", "tlds offered", "global whois", "checker", "helvetica neue", "arial", "d67a60", "inter", "baskerville", "15px", "180deg", "135deg", "video", "init", "wrap", "flip direction", "stop animation", "scale", "htmlelement", "hide", "typeof", "property", "fill", "noscroll", "matrix", "skew", "look", "julian garnier", "mit license", "typeof define", "typeof module", "htmlcollection", "255a", "qnull", "float32array", "nfunction", "tobias ahlin", "github", "spotify", "hyper island", "strong", "tobias", "read", "view", "ahlin bjerrome", "minecraft", "view project", "spinkit", "lookback", "ruby", "hello" ], "references": [ "xfe-URL-ascio.com-stix2-2.1-export.json", "https://tobiasahlin.com", "xfe-URL-tobiasahlin.com-stix2-2.1-export.json", "https://tobiasahlin.com/js/anime.min.js", "https://tobiasahlin.com/js/app.js?v=1", "https://tobiasahlin.com/js/portfolio.js", "https://tobiasahlin.com/css/site.css", "https://ascio.com", "https://portal.ascio.com/login", "https://static.zdassets.com/ekr/snippet.js?key=d814ea4a-a8eb-4a9c-aedd-cac0aa0e3551", "https://portal.ascio.com/7.602be6705ce7b901b821.js", "https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js", "https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js", "https://js.hs-scripts.com/20704235.js", "https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806", "https://www.ascio.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834", "https://www.ascio.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c", "https://www.ascio.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1", "https://www.ascio.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19", "xfe-URL-lodash.com-stix2-2.1-export.json", "https://www.ascio.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3", "https://www.googletagmanager.com/gtag/js?id=G-8M7FT2S1TV&l=dataLayer&cx=c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4203, "hostname": 1221, "domain": 2558, "FileHash-SHA256": 622, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1405 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "620c3b1f8af7ea0dcf2c1218", "name": "Jeeng / Powerbox", "description": "", "modified": "2022-06-12T22:01:23.105000", "created": "2022-02-15T23:45:35.234000", "tags": [ "Jeeng", "tim pool", "timcast" ], "references": [ "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 9072, "domain": 2500, "URL": 13548, "hostname": 3584, "FileHash-MD5": 197, "FileHash-SHA1": 162, "CVE": 3, "CIDR": 20, "SSLCertFingerprint": 2, "email": 19, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 97, "modified_text": "1406 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627a3399312417bb7f844a55", "name": "hoster.kz", "description": "WebPacker.ru is a web-based tool designed to help people find and find the best way to get through the web, but only if you are a browser user or an administrator.", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T09:42:49.434000", "tags": [ "regexp", "null", "shift", "function", "click", "bksp", "width", "body", "namedepartment", "altgr", "span", "date", "error", "class", "this", "refresh", "prop", "close", "accept", "jquery", "iframe", "embed", "inputmask", "void", "chrs", "alternation", "seeknext", "type", "input", "masktoken", "window", "mask", "form", "backspace", "insert", "qe", "copyright", "closure library", "trackevent", "number", "string", "version", "uint8array", "gtmn3zrpw", "host", "path", "derek", "code", "bapunycode", "s700", "index", "label", "link", "stylesheet", "textcss", "script", "array", "10000", "style", "xmlhttprequest", "load", "virtualpageview", "ymuid", "post" ], "references": [ "xfe-IP-185.100.65.26-stix2-2.1-export.json", "xfe-URL-Hoster.kz-stix2-2.1-export.json", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/?code=75455&protocol=https://&url=https://hoster.kz/", "https://bitrix.info/ba.js", "https://www.googletagmanager.com/gtm.js?id=GTM-N3ZRPW", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1055680023/?random=1652174969236&cv=9&fst=1652174969236&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhoster.kz%2F&ref=https%3A%2F%2Fhoster.kz%2F&tiba=%D0%A5%D0%BE%D1%81%D1%82%D0%B8%D0%BD%D0%B3%20%D0%B2%20%D0%9A%D0%B0%D0%B7%D0%B0%D1%85%D1%81%D1%82%D0%B0%D0%BD%D0%B5%2C%20%D0%BA%D1%83%D0%BF%D0", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/js/jquery.inputmask.bundle.js", "https://hoster.kz/js/html5.js", "https://hoster.kz/js/jcarousellite_1.0.1.pack.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "hostname": 1225, "domain": 1427, "FileHash-SHA256": 136, "CVE": 1, "email": 2 }, "indicator_count": 5801, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1410 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62752a3d78ce35783bfc85cc", "name": "SafeFrame Container", "description": "If you want to know what is going to happen when you create a non-iterable object, try these three pieces of code in the form of a new \"word\" or \"phrase\".", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T14:01:33.267000", "tags": [ "public", "typeof", "typeof define", "array", "typeerror", "typeof symbol", "error", "typeof enulle", "sdkversion", "internal", "date", "cnzzdata", "czuuid", "umdistinctid", "typeof e", "typeof t", "version", "swiper", "most", "copyright", "mit license", "april", "trident", "win32", "class", "lh", "vd", "function", "overlaylevel", "zdhxiong", "customevent", "symbol", "object", "string", "number", "null", "uint8array", "typeof b", "iframe", "android", "embed", "meta", "0x14a", "0x104", "0x97", "0xe1", "0x228", "0x12b", "0x14e", "0xf5", "0x11a", "0xc6", "sxa0", "typeof d", "closure library", "array int8array", "b1342177279", "regexp", "typeof r", "pseudo", "child", "typeof n", "template", "void", "this", "ienew ca", "quota", "aafunction", "dafunction", "gc", "trackpageview", "trackevent", "gtmmdcvhgd", "node", "element", "path", "reduceright", "p420", "gc3w7t6h5qw", "kafunction", "fafafa", "xlfunction", "kkfunction", "nkfunction", "qkfunction", "rkfunction", "skfunction", "span", "edge", "bad idp", "bad event", "crios", "invalid attempt", "afunction", "ufunction", "kfunction" ], "references": [ "xfe-URL-himado.com-stix2-2.1-export.json", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://himado.com/heihei/layui/layui.all.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://himado.com/heihei/js/swiper.min.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lh", "display_name": "Lh", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2262, "URL": 8251, "FileHash-SHA256": 1416, "domain": 2979 }, "indicator_count": 14908, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628d376ff4e346e1485cbea2", "name": "ZagreuS Ransomware Builder [ NEW! Ransomware as a Service ] - YouTube", "description": "If you want to find out more about this page, here is the full text of the code:w,c,S,R, E, T, Gd, W.S.", "modified": "2022-05-24T19:52:15.836000", "created": "2022-05-24T19:52:15.836000", "tags": [ "video", "sharing", "camera phone", "video phone", "free", "upload", "builder", "ransomware", "service", "press copyright", "contact", "privacy policy", "safety how", "youtube", "test", "google llc", "typeerror", "decorate", "customevent", "copyright", "error", "license", "array", "number", "typeof symbol", "generator", "matrix", "string", "date", "closure library", "xdfunction", "adfunction", "bdfunction", "lefunction", "qefunction", "0x589122", "0x543585", "0x5123f6", "0x1aac5a", "0x2762ce", "software", "a00x3d7e", "0x2bffcb", "0x4b870a", "0x2808ca", "push", "picasso", "phantom", "canvas", "nightmare", "slice", "shift", "hello", "object", "typeof e", "edge", "dataname", "intercom", "apple", "webkiti", "criosi", "trident", "xu", "select", "strong", "uint8array", "null", "math", "svoid", "this", "iframe", "verify", "android", "stop", "form", "body", "span", "enterprise", "click", "next" ], "references": [ "https://www.gstatic.com/recaptcha/releases/1_E1Jb45wiBZrQd45oGZ-2cU/recaptcha__en.js", "https://www.iubenda.com/cookie-solution/confs/js/33942990.js", "https://www.googletagmanager.com/gtag/js?id=UA-184179078-", "https://widget.intercom.io/widget/j3kafOpd", "https://cdn.iubenda.com/cs/iubenda_Cs.js", "https://sellix.io/cdn-cgi/bm/cv/669835187/api.js", "https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js", "https://youtu.be/ZKxvzrxDzt0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "xU", "display_name": "xU", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1132, "hostname": 286, "domain": 259, "FileHash-SHA256": 107, "email": 1, "FileHash-MD5": 1 }, "indicator_count": 1786, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1426 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6263b3b617c33c9a7644a9c6", "name": "psychz.net - malware", "description": "function:function t(t)var e.handleObj, a new type of JavaScript, for all types of window.. and data-api, in the form of \"transition end\".", "modified": "2022-05-23T00:00:56.946000", "created": "2022-04-23T08:07:18.262000", "tags": [ "error", "typeof e", "object", "typeof", "array", "typeof n", "typeof t", "boolean", "typeof r", "uff5c", "null", "date", "meta", "this", "scroll", "backspace", "insert", "unknown", "4096", "void", "copyright", "closure library", "reduceright", "vd", "number", "string", "regexp", "pageview", "uint8array", "gtm5pbn7g", "host", "path", "code", "typeerror", "version", "clickdataapi", "hidden", "show", "bootstrap", "click", "dataspy", "body", "mouseleave" ], "references": [ "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 120, "URL": 681, "domain": 192, "FileHash-SHA256": 188 }, "indicator_count": 1181, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1427 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f42dcc369f59f6a1e8b58", "name": "data102 and colohouse. Malware hosting", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T23:16:44.418000", "tags": [ "regexp", "rangeerror", "typeerror", "date", "array", "error", "this", "uint8array", "typeof b", "buffer", "class", "null", "path", "void", "marketo forms", "cross domain", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "label", "input", "typerange", "typecheckbox", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "u1ea01ef9", "franklin", "woff", "u20ab", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "gradienttype0", "webkitkeyframes", "span", "button", "tbody", "textarea", "helvetica neue", "tfoot", "body", "alpha", "twitter", "roboto", "pitch", "datasecret", "q1kg", "q17g", "d2dg", "c d3r", "q171zg", "e c2ttttb", "c g7", "6n184z", "6f6g", "typeof", "wpcf7redirect", "cf7mlscurrentfs", "handle fire", "popuptemplate", "templatename", "click", "fieldset", "cf7mlsbackfs", "section", "classwidget", "idmenu", "idfooter", "idwidget", "idcomment", "classmenu", "classfooter", "classcomment", "target", "blank", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "typeof wpcf7", "boolean", "modernizr", "custom build", "build", "afunction", "cfunction", "object", "documenttouch", "websocket", "symbol", "generator", "function", "select", "harvest", "mit license", "optgroup", "nnn n", "n nnnn", "explorer", "options", "abbr", "element", "unknownerror", "overquerylimit", "requestdenied", "zeroresults", "node", "edge", "android", "trident", "unknown", "false", "iframe", "marker", "hybrid", "tawkspinner", "failed", "resend", "tawkavatar", "tawkvideo", "tawkalert", "tawkemoji", "tawkicon", "enter", "number", "startchatbutton", "u26a1", "typeof t", "invalid attempt", "copyright", "marketo", "remove", "commentform", "author", "mouseenter", "secure", "ccpa", "bottom", "fixed", "widget", "embed", "trigger", "antispam", "please", "cleantalk", "typeof o", "ajaxnonce", "unkown", "apbctajaxerror", "typeof define", "typeof module", "html tags", "ox20trnf", "dom element", "attr", "pseudo", "child", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c", "qe", "string", "xhfunction", "yhfunction", "gtmptxlxz4", "host", "code", "script", "promise", "complete", "reduceright", "g7be8pmlskx", "r300", "typeof d", "caca", "ufunction", "ffunction", "gfunction", "mchtd", "azaz", "firefox", "opera", "chrome", "iemobile", "black", "incorrect", "xfunction", "typeof p", "typeof btoa", "vnode", "colohouse", "york", "learn more", "data center", "miami", "e cermak", "springs", "read", "cloud", "managed", "fast", "philadelphia", "bare", "metal", "chat", "accept", "placeheld", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "form", "animation", "value", "foundation", "migrate", "backcompat", "quirks mode", "typeof f", "html", "sufeffxa0", "legacy", "contenttype", "wivobjkey", "typehit", "data", "closure library", "pfunction", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-URL-Data102.com-stix2-2.1-export.json", "https://www.google-analytics.com/analytics.js", "https://chimpstatic.com/mcjs-connected/js/users/6c3abfa7ff8634c75cdb2b22e/ddf7a436c1746be666f330e4a.js", "https://app.whoisvisiting.com/who.js", "https://www.data102.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1", "https://www.data102.com/?wordfence_lh=1&hid=2D6A812A7EB197E80D5A3978A6386BE4&r=0.5029022326538093", "https://www.data102.com/wp-includes/js/wp-embed.min.js?ver=00b0ffc433836dcf9f57035fded0b908", "https://www.data102.com/wp-content/plugins/cta/shared//shortcodes/js/spin.min.js", "https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js", "https://colohouse.com/", "xfe-URL-colohouse.com-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-runtime.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-app.js", "https://munchkin.marketo.net/161/munchkin.js", "https://www.googletagmanager.com/gtag/js?id=G-7BE8PMLSKX&l=dataLayer&cx=c", "https://embed.tawk.to/5697c34527b9b5d40b66960f/default", "https://www.googletagmanager.com/gtm.js?id=GTM-PTXLXZ4", "https://colohouse.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8", "https://colohouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://colohouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173", "https://colohouse.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.4", "https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31", "https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1", "https://munchkin.marketo.net/munchkin.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-32507910.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-f163fcd0.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0b9454.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js", "https://app-ab02.marketo.com/js/forms2/js/forms2.min.js", "https://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyDR76rjQL_2raonHiZ6ZrPqJr-FPb7pGH0", "https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js", "https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7", "https://colohouse.com/wp-content/themes/Netrouting/js/vendor/modernizr-2.8.3-respond-1.4.2.min.js", "https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2", "https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485", "https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1", "https://colohouse.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6", "https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8", "https://colohouse.com/wp-content/plugins/wp-schema-pro/admin/assets/min-js/frontend.min.js?ver=2.7.2", "https://colohouse.com/wp-content/cache/autoptimize/css/autoptimize_5e11636f7dd8fb4f55e0ff84f0ed5faa.css", "https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext", "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6", "https://app-ab02.marketo.com/js/forms2/css/forms2.css", "https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css", "https://app-ab02.marketo.com/index.php/form/XDFrame" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2599, "hostname": 952, "FileHash-SHA256": 458, "domain": 557 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1431 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62572a94139a622eaf588448", "name": "Misc Malware", "description": "TacklingConsentEvents:function(e,t,n), Object.g.t.notes, in the full text of all the following:.-TackingConsents.", "modified": "2022-05-13T00:03:35.765000", "created": "2022-04-13T19:55:00.620000", "tags": [ "string", "regexp", "date", "error", "number", "typeerror", "symbol", "array int8array", "argument", "rafunction", "iframe", "eq", "edge", "ajfunction", "sxa0", "trident", "android", "ondomready", "function", "make sure", "gc", "65535", "boolean", "counter", "segoe ui", "lucida", "ecommerce", "ext link", "comic", "null", "form", "impact", "light", "cvrx", "typeof b", "copyright", "closure library", "f1518500249", "f1859775393", "f2400959708", "f3395469782", "body", "typeof e", "pseudo", "child", "typeof t", "sufeffxa0", "class", "attr", "this", "1rem", "tdtd", "rolebutton", "summary", "typecheckbox", "typenumber", "canvastext", "arrowup", "arrowdown", "htmlelement", "product", "domparser", "escape", "detailsmodal", "customevent", "post", "rfunction", "boomrstart", "samesitelax", "typeof", "typeof r", "array", "object", "iterator", "typeof window", "typeof self", "typeof g", "promise", "filereader", "invalid attempt", "modaldialog", "slidercomponent", "quantityinput", "event", "menudrawer", "headerdrawer", "modalopener", "deferredmedia", "span", "accept", "othis", "gdpr", "ccpa", "ithis" ], "references": [ "xfe-URL-youtubec3.top-stix2-2.1-export.json", "https://cdn.shopify.com/s/trekkie.storefront.7a1e33ad1202f755768e4821a6acd8fe61f84871.min.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/global.js?v=13511647614100697069", "https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392.js", "https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8.js?v=20210208", "https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js", "https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js", "https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/details-disclosure.js?v=9382762063644384478", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/details-modal.js?v=451176189667266969", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/cart-notification.js?v=11046494563428290095", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/predictive-search.js?v=3127871086358158403", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/base.css?v=14499708248636525874", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-predictive-search.css?v=16564466128908848865", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-search.css?v=9645568919885132178", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-menu-drawer.css?v=12673181874805599423", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-cart-notification.css?v=10701990056532666329", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-cart-items.css?v=3522426644373936959", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-loading-overlay.css?v=16731047084359357984", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/section-image-banner.css?v=17648756444066888014", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/disclosure.css?v=64659519099960134", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-rte.css?v=6991943663851532978", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-social.css?v=5221166315372665906", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-payment.css?v=6925396141077183850", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-menu.css?v=12926705887708249657", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-newsletter.css?v=10347248205600305355", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-rating.css?v=2457308526394124043", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-card.css?v=12741305300284413781", "http://code.jquery.com/jquery-3.3.1.min.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.NnK9YPjtg-w.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9KePDGVlGjp-rlXwDM1kUO2Eh4gg/cb=gapi.loaded_1?le=scs", "http://mc.yandex.ru/metrika/watch.js", "http://metrika.installtraffic.com/js/watch.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.NnK9YPjtg-w.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9KePDGVlGjp-rlXwDM1kUO2Eh4gg/cb=gapi.loaded_0?le=scs", "https://apis.google.com/js/plusone.js", "xfe-IP-185.44.14.140-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Eq", "display_name": "Eq", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1973, "hostname": 539, "FileHash-SHA256": 314, "domain": 352, "FileHash-MD5": 1 }, "indicator_count": 3179, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6253871aa38954c4426d475e", "name": "http://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "description": "In e, a new RegExp, has been added to the list of properties that can be used to store information in a single place, as well as a \"sizzle\" on the side of the page.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-11T01:40:42.011000", "tags": [ "strong", "imprint", "price", "address", "prima abnehmen", "usage return", "contact", "packs", "card", "digit code", "date", "back", "later", "function", "regexp", "edge", "elem", "webpackrequire", "return", "null", "handle", "expando", "match", "android", "target", "error", "false", "class", "mark", "harmony", "copy", "capture", "seed", "pass", "enough", "code", "never", "core", "local", "verify", "fall", "accept", "done", "find", "internal", "inject", "possible", "prop", "trigger", "typeof t", "typeof symbol", "typeerror", "object", "typeof e", "pseudo", "child", "this", "void", "array", "typeof n", "boolean", "messagechannel", "string", "symbol", "seventracker", "post", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "typedarraytag", "blink", "gecko", "webkit", "trident", "the author", "this software", "copyright", "software is", "provided", "as is", "disclaims all", "warranties with", "regard to", "including all", "direct", "generator", "backspace", "select", "uint8array", "math", "number", "iframe", "span", "form", "click", "enterprise", "infinity", "template", "next", "body", "typeof r", "64e3", "urlsearchparams", "ofunction", "pfunction", "bfunction", "ffunction", "ifunction", "load", "sans", "woff2", "semibold", "bold", "italic", "semibold italic", "bold italic", "u20b4", "u2de02dff", "ua640a69f", "sufeffxa0", "attr" ], "references": [ "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "https://tracking.premiumhealtheurope.com/code.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "https://js.mollie.com/v1/mollie.js", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "https://tracking.premiumhealth.eu/code.js", "https://eu-library.klarnaservices.com/lib.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 640, "URL": 1862, "FileHash-SHA256": 149, "domain": 341 }, "indicator_count": 2992, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6252df03791ceb2df29742fe", "name": "reCAPTCHA", "description": "var a,r, i,o, r, c+(((s>>>16)*c&65535)<<16, as well as the Object, to be used as a decoder.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T13:43:30.961000", "tags": [ "arial", "roboto", "helvetica neue", "typesubmit", "webkitkeyframes", "typeerror", "typeof t", "string", "object", "typeof e", "symbol", "typeof symbol", "typeof window", "typeof self", "typeof r", "date", "body", "html", "typeof n", "error", "version", "shown", "click", "dataspy", "trident", "window", "lpmlightbox", "messaging1", "chat0", "href", "tabindex", "copyright", "closure library", "info", "smsclientapi", "null", "typeof", "regexp", "debug", "chat", "scraper", "cookie", "stop", "iframe", "explorer", "small", "seppuku", "jsloader", "token", "viewed", "kbcontentclick", "blank", "post", "document", "typeof storage", "unknownerror", "element", "overquerylimit", "requestdenied", "zeroresults", "notfound", "node", "edge", "android", "unknown", "false", "june", "generator", "marker", "hybrid", "month", "azaz09", "hours", "function", "number", "fullyear", "controller", "christ", "sufeffxa0", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "directclick", "x22loansx22", "x221x22", "9o7nxzt", "x22applyx22", "x3dw", "x3dnew", "x22pageloadx22", "x22scriptx22", "x22uetqx22", "viewcontent", "addtocart", "purchase", "array", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "license", "calltrkswap", "typeof s", "xmlhttprequest", "65535", "awindow", "cwm fjordbank", "activexobject", "tfunction", "sfunction", "yfunction", "googlendt" ], "references": [ "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "http://instantfwding.com/px.js?ch=1", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "https://bat.bing.com/bat.js", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "https://bat.bing.com/p/action/56358236.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1790, "hostname": 586, "FileHash-SHA256": 362, "domain": 330, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624fff22683106d256390a89", "name": "'Chinese botnet", "description": "\u00c2\u00a31.3m (838m euros) - that is the amount of money the Chinese government has to spend on upgrading the country's economy - but how much is it going to cost?", "modified": "2022-05-08T09:06:05.710000", "created": "2022-04-08T09:23:46.746000", "tags": [ "datav7a53b450", "microsoft yahei", "label", "arial", "verdana", "simsun", "simhei", "stheiti", "helvetica", "aba8a8", "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "0xb6f109", "0x9e4f21", "0x464801", "0x21c094", "object", "0x54da69", "0x28e5ab", "promise", "0x3aef82", "0x12d16a", "this", "push", "window", "code", "date", "bind", "error", "path", "target", "middle", "null", "open", "download", "blank", "refresh", "config", "span", "mark", "canvas", "mask", "9999", "close", "shift", "android", "encrypt", "getclass", "checker", "agent", "4328", "trim", "service", "slice", "crypto", "stop", "7910", "zero", "checkbox", "format", "model", "spinner", "clickdownload", "meta", "sport", "click", "next", "class", "hammer", "body", "boolean", "number", "string", "array", "typeof t", "function", "regexp", "typeof e", "generator", "4096", "ping", "f6cf32", "modulenotfound", "n noticecontent", "typeerror", "circular", "infinite", "mouseevent", "dommousescroll", "lotteryhallhome", "void", "bubble", "vnode", "vuessrcontext", "swiper", "typeof o", "mozperspective", "msperspective", "tridentg", "event", "bscroll", "u200", "typeof s", "newatchman", "fetch", "timeout", "ofunction", "zfunction", "watchman", "dfunction", "domutils", "typeof n", "4294967295", "parseint", "utf8", "utils", "post", "channelcode", "0xa60881", "0x1e0610", "0x489cca", "0x4d5bd1", "0x1a7a9a", "0x3145fc", "0x2d9acb", "0xbf1b3e", "0x47699d", "cookie", "info", "jb3tu", "0x1d9131", "0x180bcc", "0x4b6177", "0x13f349", "0x3bcb54", "0xbbe80d", "0x57b7de", "0x2ea74e", "0x4fb0f2", "0x25f113", "tencent", "barrio", "\u77ed\u89c6\u9891", "\u641e\u7b11\u89c6\u9891", "\u89c6\u9891\u5206\u4eab", "\u514d\u8d39\u89c6\u9891", "\u5728\u7ebf\u89c6\u9891", "\u9884\u544a\u7247", "yuwvm", "g 18", "720p", "hd luna", "hd 99", "ktvp", "part", "hd h", "dykthr", "jquery", "titlestr", "viewport" ], "references": [ "xfe-IP-154.36.230.14-stix2-2.0-export.json", "http://www.jxhykj1210.com/common.js", "http://www.jxhykj1210.com/tj.js", "https://17se.xyz/", "https://www.bibo18.app:2171/?agent=2207259251", "https://www.bibo18.app:2171/js/xinstall_inner_e.min.js?v=1004", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://www.shareinstall.com.cn/js/page/jshareinstall.min.js", "https://acstatic-dun.126.net/tool.min.js?t=1647252792143", "https://9755w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://9755w.com:2188/m/js/2203141811-LotteryHall~agent-doc~cpxpjLogin~download~game~home~member~sports~vnsoLogin~vnstLogin2.js", "https://9755w.com:2188/m/js/2203141811-JieBei~YuEBao~agent-center-modec~agent-center-new~bet~game~home~invite~member.js", "https://9755w.com:2188/m/js/2203141811-LotteryHall~home.js", "https://9755w.com:2188/m/js/2203141811-home.js", "https://9755w.com:2188/m/js/2203141811-fhcpLogin.js", "https://9755w.com:2188/m/js/2203141811-view-page.js", "https://9755w.com:2188/m/js/2203141811-chunk-vendors.js", "https://9755w.com:2188/m/js/2203141811-index.js", "https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css", "https://9755w.com:2188/m/css/fhcpLogin.css?v=2203141811" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 306, "URL": 1135, "FileHash-SHA256": 122, "domain": 172, "FileHash-MD5": 4 }, "indicator_count": 1739, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1442 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626957a1170a7e91146c5dea", "name": "one google maps api call and one generic key - causing a large chunk of cyber disruption and compromise", "description": "", "modified": "2022-04-27T14:48:01.672000", "created": "2022-04-27T14:48:01.672000", "tags": [ "error", "element", "unknownerror", "overquerylimit", "requestdenied", "zeroresults", "object", "edge", "node", "android", "null", "trident", "unknown", "false", "date", "generator", "iframe", "marker", "hybrid" ], "references": [ "https://maps.googleapis.com/maps/api/js?key=AIzaSyBaRgbnzMy4cEMm5e2h7pyryfYav7ComTo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 352, "FileHash-SHA256": 135, "hostname": 149, "domain": 53 }, "indicator_count": 689, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1453 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62617d42a6121d5abd3c6942", "name": "Hurricane Electric - csp.he.net :)", "description": "Here is the full text of the code that Google.com used to create its search engine, \"search.cse\", for the first time. and, in the event, it is:", "modified": "2022-04-21T15:50:26.260000", "created": "2022-04-21T15:50:26.260000", "tags": [ "flexslider", "target", "boolean", "slideshow", "next", "integer", "prev", "smooth height", "sync", "prevent ios", "pause", "date", "null", "privat", "leave", "sans", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "navtop", "currentdiv", "validation", "drop down", "collapse", "tool tips", "popovers", "fix navbar", "click", "scroll", "begin", "regexp", "span", "xmpb", "onwss", "styless", "mstransitionend", "text", "error", "infinity", "false", "february", "april", "june", "august", "gray", "e00000", "replaced", "gene", "dc143c", "align buttons", "for stuff", "inside this", "blockform", "woo hoo", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "string", "object", "number", "azaz09", "copyright", "closure library", "typeerror", "symbol", "vd", "silk", "edge", "style", "google", "android", "form", "trident", "template", "embed", "iframe", "keygen", "meta", "acronym", "code", "legend", "main", "mark", "small", "class", "close", "blank", "array", "attr", "function", "invalid json", "domparser", "ffffff", "cccccc", "c41130", "f6f6f6", "knew w", "hnew w", "lnew w" ], "references": [ "https://csp.he.net/styles/style.css", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://www.googleadservices.com/pagead/conversion.js", "https://ssl.google-analytics.com/ga.js", "http://fonts.googleapis.com/css?family=Open+Sans:300" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "FlexSlider", "display_name": "FlexSlider", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 490, "URL": 1339, "FileHash-SHA256": 186 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1459 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625eecb6fbc4353a109fe71c", "name": "hostkey - Industroyer&ReduceRight", "description": "Fbevents-PostalCodeType:f.exports, f.1, is a new addition to the list of \"signals\" that can be added to phone numbers.", "modified": "2022-04-19T17:09:10.196000", "created": "2022-04-19T17:09:10.196000", "tags": [ "livechat", "sign up", "free", "grow", "policy", "sign", "strong", "sorry", "identify", "increase", "lzutf8", "typeerror", "uint8array", "array", "error", "typeof r", "class", "invalid", "post", "uint32array", "date", "null", "papvisitorid", "string", "regexp", "value", "property", "valuenumber", "activexobject", "postaffparams", "object", "number", "boolean", "typeof e", "math", "first", "raid", "window", "service", "ukraine", "epsilon", "arrow", "target", "keepalive", "void", "shell", "econnaborted", "hkwfunction", "typeof symbol", "function", "promise", "request", "network error", "livechatwidget", "ticket form", "prechat survey", "postchat survey", "typeof n", "chat", "blank", "win32", "iframe", "reduceright", "copyright", "closure library", "xdfunction", "adfunction", "cdfunction", "ddfunction", "bded", "x3e div", "trackevent", "landingpagegpu", "x3e table", "gpudraw", "path", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "symbol", "iterator", "extractor", "pixel", "facebook", "meta", "65535", "counter", "segoe ui", "lucida", "ecommerce", "ext link", "comic", "form", "impact", "light" ], "references": [ "https://mc.yandex.ru/metrika/watch.js", "https://connect.facebook.net/signals/config/785878845108827", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-M9D76H", "https://www.googletagmanager.com/gtag/js?id=UA-73589630-1", "https://cdn.livechatinc.com/tracking.js", "https://rec.smartlook.com/main-20220331074633.js", "https://hostkey.com/hk/widgets/ext/build/stock.bundle.js", "https://hostkey.com/hk/widgets/ext/src/hostkey.js", "https://hostkey.postaffiliatepro.com/scripts/Oy173jux8", "https://hostkey.postaffiliatepro.com/scripts/Oy173rux8?accountld=default1&url=S_hostkey.com%2F&referrer=&isInlframe=false&getParams=&anchor=", "https://widget.trustpilot.com/trustboxes/5613c9cde69ddc09340c6beb/index.html?templateld=5613c9cde69ddc09340c6beb&businessunitld=55e46b640000ff000582c91e#locale=en-GB&styleHeight=100%25&styleWidth=100%25&theme=light", "https://secure.livechatinc.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Industroyer - S0604", "display_name": "Industroyer - S0604", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1125", "name": "Video Capture", "display_name": "T1125 - Video Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1778, "hostname": 563, "FileHash-SHA256": 304, "domain": 407, "FileHash-SHA1": 2 }, "indicator_count": 3054, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1461 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625028edfe0ff22af87b9d66", "name": "Virustotal.com", "description": "If you want to know how to delete an object from your browser, try these three-second-long, four-point-result-results-free-to-get-it-out-the-objectIterator.", "modified": "2022-04-08T12:22:05.307000", "created": "2022-04-08T12:22:05.307000", "tags": [ "symbol", "object", "string", "denis pushkarev", "json", "corejs", "source", "etrt", "atfunction", "stfunction", "error", "typeerror", "asynciterator", "generator", "typeof l", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "waaa", "bufferwriter", "bufferreader", "qace", "search", "cafebabe", "c2c url", "jgfunilwcpc", "gmbh", "return", "freemium gmbh", "open xml", "virustotal", "keep learning", "select", "uint8array", "array", "null", "function", "math", "edge", "number", "date", "this", "verify", "android", "iframe", "void", "trident", "span", "form", "click", "enterprise", "infinity", "template", "next", "body" ], "references": [ "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://www.virustotal.com/gui/main.6d41e0dc139508f21963.js", "https://www.recaptcha.net/recaptcha/api.js?render=explicit", "https://www.virustotal.com/gui/polyfills/regenerator-runtime.95dc763885f05111a2f88232a2d0cf2d.js", "https://www.virustotal.com/gui/polyfills/core-js.c92df5c57caa3e436cd3ef38e4b4f503.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "WAAA", "display_name": "WAAA", "target": null }, { "id": "QACE", "display_name": "QACE", "target": null }, { "id": "BufferReader", "display_name": "BufferReader", "target": null }, { "id": "BufferWriter", "display_name": "BufferWriter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 392, "URL": 1356, "domain": 330, "FileHash-SHA256": 177 }, "indicator_count": 2255, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6221551b54a802150336dc28", "name": "https://www.casarforcongress.com/_partials/wix-thunderbolt/dist/clientWorker.f2cee111.bundle.min.js", "description": "", "modified": "2022-03-03T23:54:03.339000", "created": "2022-03-03T23:54:03.339000", "tags": [ "location street", "name", "location state", "location city", "name t", "image width", "image height", "home page", "site image", "image", "next", "date", "alexa", "code", "null", "locale", "info" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 38, "URL": 84, "FileHash-SHA256": 18, "domain": 23, "FileHash-MD5": 1 }, "indicator_count": 164, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1507 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://tracking.premiumhealth.eu/code.js", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "https://cdn.onesignal.com/sdks/OneSignalSDK.js", "https://www.gstatic.com/firebasejs/8.1.2/firebase-app.js", "https://www.data102.com/wp-content/plugins/cta/shared//shortcodes/js/spin.min.js", "xfe-URL-Cnzz.com-stix2-2.1-export.json", "xfe-URL-Aliyun.com-stix2-2.1-export.json", "v6s.js", "https://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyDR76rjQL_2raonHiZ6ZrPqJr-FPb7pGH0", "https://eu-library.klarnaservices.com/lib.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/section-image-banner.css?v=17648756444066888014", "https://embed.tawk.to/5697c34527b9b5d40b66960f/default", "https://netdna.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://mc.yandex.ru/metrika/watch.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/base.css?v=14499708248636525874", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "https://9755w.com:2188/m/js/2203141811-LotteryHall~home.js", "https://colohouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", "https://colohouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8", "xfe-URL-ascio.com-stix2-2.1-export.json", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "https://www.google-analytics.com/analytics.js", "https://maps.googleapis.com/maps/api/js?key=AIzaSyBaRgbnzMy4cEMm5e2h7pyryfYav7ComTo", "https://ssl.google-analytics.com/ga.js", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/?code=75455&protocol=https://&url=https://hoster.kz/", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-payment.css?v=6925396141077183850", "https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js", "https://www.googletagmanager.com/gtag/js?id=G-7BE8PMLSKX&l=dataLayer&cx=c", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "https://tobiasahlin.com/css/site.css", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-newsletter.css?v=10347248205600305355", "https://js.hs-scripts.com/20704235.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-card.css?v=12741305300284413781", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.NnK9YPjtg-w.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9KePDGVlGjp-rlXwDM1kUO2Eh4gg/cb=gapi.loaded_0?le=scs", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://s4.cnzz.com/z_stat.php?id=1280305902&web_id=1280305902", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://portal.ascio.com/login", "https://c.cnzz.com/core.php?web_id=1280305902&t=z", "https://www.bibo18.app:2171/?agent=2207259251", "xfe-IP-154.36.230.14-stix2-2.0-export.json", "https://cstaticdun.126.net/load.min.js?v=2203141811", "https://9755w.com:2188/m/js/2203141811-chunk-vendors.js", "http://www.jxhykj1210.com/common.js", "https://himado.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1651842000", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1055680023/?random=1652174969236&cv=9&fst=1652174969236&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg590&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhoster.kz%2F&ref=https%3A%2F%2Fhoster.kz%2F&tiba=%D0%A5%D0%BE%D1%81%D1%82%D0%B8%D0%BD%D0%B3%20%D0%B2%20%D0%9A%D0%B0%D0%B7%D0%B0%D1%85%D1%81%D1%82%D0%B0%D0%BD%D0%B5%2C%20%D0%BA%D1%83%D0%BF%D0", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-runtime.js", "https://sellix.io/cdn-cgi/bm/cv/669835187/api.js", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/cart-notification.js?v=11046494563428290095", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.shareinstall.com.cn/js/page/jshareinstall.min.js", "https://www.googletagmanager.com/gtag/js?id=UA-122335014-2", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-loading-overlay.css?v=16731047084359357984", "https://www.recaptcha.net/recaptcha/api.js?render=explicit", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-social.css?v=5221166315372665906", "https://www.googletagmanager.com/gtm.js?id=GTM-N3ZRPW", "https://www.data102.com/wp-includes/js/wp-embed.min.js?ver=00b0ffc433836dcf9f57035fded0b908", "https://tobiasahlin.com", "https://hoster.kz/js/html5.js", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "webpack buildin global.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-cart-items.css?v=3522426644373936959", "https://hybrid-analysis.com/sample/fbba6129666c709aae5bcc8f49cffc28ad0d0c6d5b22fb4ee69da66e5d5fd7d9/634753ff96b237006c46584e", "https://www.hushmail.com/status/", "https://tobiasahlin.com/js/app.js?v=1", "https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-fa61fd11817b231631d2fe43dc869d0b1d14a06332792d42f1a1d94bda5aa31e.js", "cf20ed53-cb6d-4dfd-a4e8-794fbe163efc.pcap", "https://17se.xyz/", "https://secure.livechatinc.com/", "xfe-URL-Data102.com-stix2-2.1-export.json", "apstag.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://app-ab02.marketo.com/index.php/form/XDFrame", "https://tracking.premiumhealtheurope.com/code.js", "xfe-URL-lodash.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-menu-drawer.css?v=12673181874805599423", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.NnK9YPjtg-w.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9KePDGVlGjp-rlXwDM1kUO2Eh4gg/cb=gapi.loaded_1?le=scs", "https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css", "https://www.data102.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://widget.wickedreports.com/widget.js", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext", "https://csp.he.net/styles/style.css", "https://connect.facebook.net/signals/config/785878845108827", "https://www.googletagmanager.com/gtm.js?id=GTM-MDCVHGD", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://widget.trustpilot.com/trustboxes/5613c9cde69ddc09340c6beb/index.html?templateld=5613c9cde69ddc09340c6beb&businessunitld=55e46b640000ff000582c91e#locale=en-GB&styleHeight=100%25&styleWidth=100%25&theme=light", "https://cdn.iubenda.com/cs/iubenda_Cs.js", "https://www.bibo18.app:2171/js/xinstall_inner_e.min.js?v=1004", "https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js", "https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "https://acstatic-dun.126.net/tool.min.js?t=1647252792143", "https://hostkey.postaffiliatepro.com/scripts/Oy173rux8?accountld=default1&url=S_hostkey.com%2F&referrer=&isInlframe=false&getParams=&anchor=", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "https://colohouse.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8", "xfe-IP-185.100.65.26-stix2-2.1-export.json", "https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6", "https://colohouse.com/", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "https://bat.bing.com/p/action/56358236.js", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "https://rec.smartlook.com/main-20220331074633.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://cdn.livechatinc.com/tracking.js", "https://www.gstatic.com/recaptcha/releases/1_E1Jb45wiBZrQd45oGZ-2cU/recaptcha__en.js", "https://9755w.com:2188/m/js/2203141811-index.js", "https://www.googleadservices.com/pagead/conversion.js", "https://www.virustotal.com/gui/polyfills/core-js.c92df5c57caa3e436cd3ef38e4b4f503.js", "http://www.jxhykj1210.com/tj.js", "https://www.ascio.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://app-ab02.marketo.com/js/forms2/css/forms2.css", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-rte.css?v=6991943663851532978", "https://www.psychz.net/assets/js/bootstrap.min.js", "SlotBuilder.ts", "https://js.mollie.com/v1/mollie.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "xfe-URL-tobiasahlin.com-stix2-2.1-export.json", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173", "https://portal.ascio.com/7.602be6705ce7b901b821.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/details-disclosure.js?v=9382762063644384478", "https://www.iubenda.com/cookie-solution/confs/js/33942990.js", "https://9755w.com:2188/m/css/fhcpLogin.css?v=2203141811", "http://instantfwding.com/px.js?ch=1", "https://colohouse.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6", "https://himado.com/heihei/js/swiper.min.js", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "https://ascio.com", "https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1", "https://apis.google.com/js/plusone.js", "https://colohouse.com/wp-content/plugins/wp-schema-pro/admin/assets/min-js/frontend.min.js?ver=2.7.2", "https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-32507910.js", "https://chimpstatic.com/mcjs-connected/js/users/6c3abfa7ff8634c75cdb2b22e/ddf7a436c1746be666f330e4a.js", "https://tobiasahlin.com/js/portfolio.js", "https://app.whoisvisiting.com/who.js", "https://www.googletagmanager.com/gtag/js?id=G-8M7FT2S1TV&l=dataLayer&cx=c", "https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js", "xfe-URL-Psychz.net-stix2-2.1-export.json", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "beacon.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.iTmf4rxOyWc.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-LTnDn-AS2QlMWYZdnaV1OuFR7Iw/cb=gapi.loaded_0?le=scs", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "https://www.virustotal.com/gui/polyfills/regenerator-runtime.95dc763885f05111a2f88232a2d0cf2d.js", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "xfe-IP-146.148.236.187-stix2-2.1-export.json", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31", "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "https://www.ascio.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "https://www.googletagmanager.com/gtag/js?id=UA-73589630-1", "https://281cecd8ae73dff542e13679e60d5fb9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://colohouse.com/wp-content/cache/autoptimize/css/autoptimize_5e11636f7dd8fb4f55e0ff84f0ed5faa.css", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-list-menu.css?v=12926705887708249657", "https://munchkin.marketo.net/161/munchkin.js", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "https://9755w.com:2188/m/js/2203141811-view-page.js", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "http://fonts.googleapis.com/css?family=Open+Sans:300", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://tobiasahlin.com/js/anime.min.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/details-modal.js?v=451176189667266969", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "https://bitrix.info/ba.js", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "https://hostkey.com/hk/widgets/ext/build/stock.bundle.js", "https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485", "https://www.virustotal.com/gui/main.6d41e0dc139508f21963.js", "https://almapbx.hoster.kz/hoster_v2/widget/lead_hunter/js/jquery.inputmask.bundle.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "xfe-URL-Hush.com-stix2-2.1-export.json", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-app.js", "http://metrika.installtraffic.com/js/watch.js", "https://himado.com/heihei/layui/layui.all.js", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "https://www.googletagmanager.com/gtag/js?id=UA-184179078-", "https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3", "https://colohouse.com/wp-content/themes/Netrouting/js/vendor/modernizr-2.8.3-respond-1.4.2.min.js", "xfe-URL-youtubec3.top-stix2-2.1-export.json", "https://9755w.com:2188/m/js/2203141811-JieBei~YuEBao~agent-center-modec~agent-center-new~bet~game~home~invite~member.js", "http://code.jquery.com/jquery-3.3.1.min.js", "https://9755w.com:2188/m/js/2203141811-fhcpLogin.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png", "https://www.ascio.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-search.css?v=9645568919885132178", "https://www.data102.com/?wordfence_lh=1&hid=2D6A812A7EB197E80D5A3978A6386BE4&r=0.5029022326538093", "https://9755w.com:2188/m/js/2203141811-HomeLogin~LotteryHall~VnsLogin~activity~amhgLogin~aqvnsLogin~betnewLocgin~blrLogin~blushLogin~cLogin~6995ba01.js", "https://www.ascio.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834", "https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "xfe-URL-colohouse.com-stix2-2.1-export.json", "https://www.ascio.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1", "https://widget.intercom.io/widget/j3kafOpd", "https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js", "https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-8efd97e96728f91aa74d4a6e8acbe8011adda17d2c0b6ccd8600a1bdd2453392.js", "xfe-URL-himado.com-stix2-2.1-export.json", "https://hoster.kz/js/jcarousellite_1.0.1.pack.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-cart-notification.css?v=10701990056532666329", "xfe-URL-Hoster.kz-stix2-2.1-export.json", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "https://www.googletagmanager.com/gtag/js?id=G-C3W7T6H5QW&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://app-ab02.marketo.com/js/forms2/js/forms2.min.js", "https://colohouse.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.4", "nlsSDK600.bundle.min.js", "https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-b61f50798075db890698930c4405673937fe89353f7fea7be88b5ce16a9c0af8.js?v=20210208", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050201.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-f163fcd0.js", "https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022050201.js", "https://www.googletagmanager.com/gtm.js?id=GTM-PTXLXZ4", "https://www.googletagmanager.com/gtm.js?id=GTM-M9D76H", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/predictive-search.js?v=3127871086358158403", "https://9755w.com:2188/m/js/2203141811-LotteryHall~agent-doc~cpxpjLogin~download~game~home~member~sports~vnsoLogin~vnstLogin2.js", "https://securepubads.g.doubleclick.net/tag/js/gpt.js", "https://static.zdassets.com/ekr/snippet.js?key=d814ea4a-a8eb-4a9c-aedd-cac0aa0e3551", "https://cdn.ampproject.org/rtv/012204221712000/amp4ads-host-v0.js", "http://mc.yandex.ru/metrika/watch.js", "https://youtu.be/ZKxvzrxDzt0", "https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-rating.css?v=2457308526394124043", "xfe-IP-185.44.14.140-stix2-2.1-export.json", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/global.js?v=13511647614100697069", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://cdn.shopify.com/s/trekkie.storefront.7a1e33ad1202f755768e4821a6acd8fe61f84871.min.js", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1", "https://hostkey.com/hk/widgets/ext/src/hostkey.js", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js", "https://9755w.com:2188/m/js/2203141811-home.js", "https://himado.com/heihei/node_modules/mdui/dist/js/mdui.min.js", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/disclosure.css?v=64659519099960134", "https://cdn.shopify.com/s/files/1/0613/4340/0109/t/1/assets/component-predictive-search.css?v=16564466128908848865", "https://hostkey.postaffiliatepro.com/scripts/Oy173jux8", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0b9454.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "zetalytics .pdf", "https://script.tapfiliate.com/tapfiliate.js", "https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js", "https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1", "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://munchkin.marketo.net/munchkin.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Flexslider", "Waaa", "Win32:cryptor", "Requestbuilder", "Win.virus.polyransom-5704625-0", "Bufferwriter", "Bufferreader", "Alf:pua:block:iobit.r!mtb", "Slotbuilder", "Qace", "Reduceright", "Xu", "Qe", "Industroyer - s0604", "Okcancel", "Eq", "Telper:cert:softwarebundler:win32/bunpredelt", "Lh", "Trojan:win32/danabot.g", "Backdoor:win32/poison.e", "Vd", "Gc" ], "industries": [], "unique_indicators": 100962 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/f.next", "whois": "http://whois.domaintools.com/f.next", "domain": "f.next", "hostname": "this.f.next" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 32, "pulses": [ { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708e2d7cb4228401888b63", "name": "possibly a central bank", "description": "", "modified": "2023-12-06T15:07:25.990000", "created": "2023-12-06T15:07:25.990000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 622, "domain": 2558, "URL": 4203, "hostname": 1221, "CVE": 1 }, "indicator_count": 8605, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d657f0895a860febf8f", "name": "SafeFrame Container", "description": "", "modified": "2023-12-06T15:04:05.932000", "created": "2023-12-06T15:04:05.932000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1416, "domain": 2979, "URL": 8250, "hostname": 2262 }, "indicator_count": 14907, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708cc78755574d9812e4c8", "name": "one google maps api call and one generic key - causing a large chunk of cyber disruption and compromise", "description": "", "modified": "2023-12-06T15:01:27.166000", "created": "2023-12-06T15:01:27.166000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 135, "hostname": 149, "URL": 352, "domain": 53 }, "indicator_count": 689, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c57c7b19b62c501601a", "name": "Hurricane Electric - csp.he.net :)", "description": "", "modified": "2023-12-06T14:59:35.479000", "created": "2023-12-06T14:59:35.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 186, "hostname": 490, "URL": 1339, "domain": 311 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0f5981b6d81d0fa423", "name": "data102 and colohouse. Malware hosting", "description": "", "modified": "2023-12-06T14:58:23.206000", "created": "2023-12-06T14:58:23.206000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 458, "domain": 557, "URL": 2599, "hostname": 952 }, "indicator_count": 4566, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708beba2ba8bcfb1d10237", "name": "hostkey - Industroyer&ReduceRight", "description": "", "modified": "2023-12-06T14:57:47.430000", "created": "2023-12-06T14:57:47.430000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 304, "hostname": 563, "domain": 407, "URL": 1776, "FileHash-SHA1": 2 }, "indicator_count": 3052, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708b72abe90961af1737c9", "name": "reCAPTCHA", "description": "", "modified": "2023-12-06T14:55:46.172000", "created": "2023-12-06T14:55:46.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 362, "domain": 330, "URL": 1790, "hostname": 586, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707e5b7df6f60133e8fb50", "name": "Jeeng / Powerbox", "description": "", "modified": "2023-12-06T13:59:55.129000", "created": "2023-12-06T13:59:55.129000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 3, "FileHash-SHA256": 9072, "domain": 2500, "hostname": 3584, "URL": 13548, "FileHash-MD5": 197, "FileHash-SHA1": 162, "email": 19, "CIDR": 20, "SSLCertFingerprint": 2, "BitcoinAddress": 1 }, "indicator_count": 29108, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://this.f.next", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://this.f.next", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776629934.7283564 }