{ "type": "URL", "indicator": "https://ww1.modal.show", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://ww1.modal.show", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3162219112, "indicator": "https://ww1.modal.show", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 21, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "280 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773fc65ae5df98c10b7ecc0", "name": "https://fontawesome.io/ 85999a8fe53ac406df7722b64e788923bb763878b7a99cdb5446f2b042c5834d", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.\n5511a9b9f9144ed7bde4ccb074733b7c564d918d2a8b10d391afc6be5b3b1509\n89122eeb6c696ce683a6c279a7fbe814909e67645a0dcaf1d8de44c1856d636f", "modified": "2025-01-04T23:08:57.750000", "created": "2024-12-31T14:15:01.675000", "tags": [ "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "sha1", "cache entry", "gzip chrome", "woff chrome", "gzip", "submission", "vhash", "ssdeep", "file type", "html internet", "magic html", "ascii text", "trid file", "magika html", "icons", "vector icons", "svg icons", "free icons", "icon font", "webfont", "desktop icons", "svg", "font awesome free", "font awesome pro" ], "references": [ "https://www.vgt.pl/css/bootstrap.min.css", "https://www.vgt.pl/css/font-awesome.min.css", "https://www.vgt.pl/img/logo.png", "https://www.vgt.pl/css/style.css?2018-02-25", "https://fontawesome.io/", "http://fontawesome.io/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "hostname": 20, "URL": 97, "FileHash-SHA256": 336, "FileHash-MD5": 999, "FileHash-SHA1": 206 }, "indicator_count": 1673, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "512 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ed8f7d4b5483117bb66", "name": "abuse.ch", "description": "", "modified": "2023-12-06T15:10:16.397000", "created": "2023-12-06T15:10:16.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 223, "domain": 383, "URL": 1639, "hostname": 560, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708eb824dc4c51811f6de9", "name": "Indusface - in YOUR face ;)", "description": "", "modified": "2023-12-06T15:09:44.273000", "created": "2023-12-06T15:09:44.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 307, "hostname": 333, "domain": 192, "URL": 1143, "FileHash-MD5": 1 }, "indicator_count": 1976, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c1c5e2cc4dfe8d0ed97", "name": "CPANEL-TUCOWS \u2014malware hosting", "description": "", "modified": "2023-12-06T14:58:36.254000", "created": "2023-12-06T14:58:36.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 815, "hostname": 3487, "domain": 1182, "URL": 10194, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 15682, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63a3b9aaaca8891186e6f7a2", "name": "vt errors on edge 21 dec 2022", "description": "var n-i,n-n, r.test, is a new type of webpack, which uses a set of rules to store data in the form of a single address, or code.", "modified": "2023-01-21T00:01:41.590000", "created": "2022-12-22T01:58:02.495000", "tags": [ "eaca", "eace", "iaca", "iace", "boolean", "object", "path", "aacf", "customevent", "string", "span", "error", "code", "virustotal", "date", "null", "contact", "blank", "close", "twitter", "unknown", "download", "this", "easy", "desktop", "body", "requires", "footer", "refresh", "patch", "write", "cobalt strike", "shell", "zero", "harmless", "main", "aalfe", "getclass", "copy", "iframe", "divi", "roboto", "insert", "template", "class", "void", "form", "back", "ransomware", "trace", "comment", "tools", "premium", "bufferwriter", "bufferreader", "array", "typeerror", "vtuibutton", "number", "typeof o", "urls", "please", "javascript", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d651", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "references": [ "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BufferReader", "display_name": "BufferReader", "target": null }, { "id": "BufferWriter", "display_name": "BufferWriter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1051, "FileHash-SHA256": 204, "hostname": 275, "domain": 212, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1745, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "630aa58da975d104891c6565", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "", "modified": "2022-08-27T23:15:25.718000", "created": "2022-08-27T23:15:25.718000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": "62509a05316b00bcca30c693", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Hardtogiveafuck", "id": "205637", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 7, "modified_text": "1373 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62719a4dec6d0aa4631b9b2f", "name": "serverhub.com eonix.net", "description": "If you want to know what to do with your intercoms, spare a thought for e.intercom and add a new listener to your browser.. and use it to make the call.", "modified": "2022-06-02T00:03:59.540000", "created": "2022-05-03T21:10:37.722000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1460 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "626d5deabac11a947774de99", "name": "http://gczlau.com/c3af94f661", "description": "Live link sent via sms", "modified": "2022-05-29T00:01:17.829000", "created": "2022-04-30T16:03:54.153000", "tags": [ "move", "typetext", "typeemail", "typetel", "eace", "eacb", "aaed", "eachb", "yaay", "event", "cacb", "cacf", "typeof t", "text", "function", "load snowplow", "checks", "gets", "getmainpageub", "page", "clkg", "creates custom", "use visitor", "track form", "form", "support", "typeof", "text display", "typeof q", "typeof d", "post", "anura", "display support", "sympathizing", "quaker", "webview", "trident", "android", "date", "snowplow", "array", "anthon pang", "typeof e", "version", "author", "alex dean", "simon andersson", "fred blundun", "enter their", "phone number", "strong", "backstory", "privacy", "policy", "partner lookup", "partnerlookup", "diego", "new york", "contact", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "typeerror", "clickdataapi", "hidden", "typeof n", "bootstrap", "regexp", "error", "mouseleave", "click", "dataspy", "body", "pseudo", "child", "sufeffxa0", "class", "attr", "null", "this", "guide my", "yes no", "male female", "romance", "analyzing", "get started", "enter", "your partner", "number" ], "references": [ "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://guidemyrelationship.com/assets/js/main.js", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1000, "hostname": 333, "FileHash-SHA256": 106, "domain": 170, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1611, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628d21a4558f3ccf49c07931", "name": "abuse.ch", "description": "Looking for wizard spider. Some domains have .ru and .su (Soviet Union)", "modified": "2022-05-24T18:19:16.027000", "created": "2022-05-24T18:19:16.027000", "tags": [ "twitter follow", "button follow", "reduceright", "number", "string", "regexp", "error", "f420", "gmzsj4f05dr", "copyright", "deviceandgeo", "googlesignals", "json", "date", "void", "sxa0", "typeerror", "cbfunction", "deferred", "closure library", "b1342177279", "this", "infinity", "iframe", "trident", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "button", "tridentmsieedge", "linux", "twttr", "area", "false", "twitter", "blank", "gvjsj", "gvjsyt", "license", "small batch", "apache license", "unless", "as is", "basis", "without", "warranties or", "null", "node", "dan vanderkam", "dygraph", "gc", "gvjs8s", "mmm dd", "infinity0", "gvjs6s", "mmm d", "axis", "cell", "column", "arial", "drawingframe", "select", "textarea", "line", "inside", "gvjsih", "rnrn", "roboto", "body", "template", "outside", "rial", "gvjsob", "azaz09", "array", "april", "june", "august", "february", "span", "android", "christ", "bbfunction", "twitter tweet", "font awesome", "free", "cc by", "sil ofl", "code", "mit license", "brands", "segoe ui", "emoji", "helvetica neue", "noto", "apple color", "symbol", "noto color", "typebutton", "sprymedia ltd", "datatables", "typeof f", "without any", "warranty", "merchantability", "fitness", "a particular", "adata", "first", "next", "typeof", "typeof n", "hide", "focusin", "focusout", "shown", "js foundation", "g5gqv3cj17n" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N", "https://bazaar.abuse.ch/js/jquery-3.5.1.min.js", "https://bazaar.abuse.ch/js/bootstrap.min.js", "https://bazaar.abuse.ch/js/datatables.min.js", "https://bazaar.abuse.ch/css/bootstrap.min.css", "https://bazaar.abuse.ch/css/all.min.css", "https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js", "https://www.gstatic.com/charts/50/loader.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js", "https://www.gstatic.com/charts/50/third_party/dygraphs/dygraph-tickers-combined.js", "https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_line_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js", "https://abuse.ch/js/twitter_widget.js", "https://abuse.ch/js/jquery-3.6.0.min.js", "https://abuse.ch/js/bootstrap.min.js", "https://abuse.ch/js/google-charts.js", "https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR", "https://platform.twitter.com/widgets/follow_button.f8c8d971a6ac545cf416e3c1ad4bbc65.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=abuse_ch&show_count=false&show_screen_name=true&size=l&time=1653415551742" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1639, "FileHash-SHA256": 223, "domain": 383, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1469 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628c310ac9ae8e3e8f352e3d", "name": "Indusface - in YOUR face ;)", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-24T01:12:42.216000", "created": "2022-05-24T01:12:42.216000", "tags": [ "fontawesome", "font awesome", "free", "license", "cc by", "sil ofl", "code", "mit license", "uf007", "uf017", "segoe ui", "emoji", "woff2", "roboto", "helvetica neue", "arial", "apple color", "symbol", "noto color", "type", "getcookie", "mxqueryparams", "samesitenone", "secure", "mxcookie", "date", "null", "domain", "orgcode", "message", "apino", "allow", "close", "safari", "large safari", "subscribe", "segment1", "segment2", "pushengage", "click", "scroll", "body", "iframe", "false", "typeof e", "array", "typeof t", "swiper", "most", "copyright", "july", "android", "win32", "version", "typeof n", "typeerror", "startr", "endr", "default", "typeof", "defaulttype", "function", "error", "shown", "flip", "regexp", "mozt", "mstransitionend", "webkitt", "dom element", "ua83948896", "gtmpf7h94q", "vendor site", "widget id", "page url", "write", "message api", "february", "april", "june", "august", "fbcd", "398410357733708", "prop", "init", "autoconfig", "protocol", "adnxsdomain", "aoldomain", "adrolltpc", "26015787", "reduceright", "tracking file", "number", "string", "aw827450946", "uint8array", "fnumber", "dustmap", "void", "class", "attr", "pseudo", "child", "typeof module", "trackevent", "trackpageview", "register", "path", "download", "verify", "xsnull", "script", "closure library", "xdfunction", "typeof window", "syntaxerror", "xmlhttprequest", "samesitelax", "innull", "ennull", "typeof symbol", "boolean", "circular", "customevent", "cuxref", "new r", "infinity", "image", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "ynull", "config", "meta", "accept" ], "references": [ "https://k.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/26015787", "https://dc.cux.io/analyzer.js", "https://sc.lfeeder.com/lftracker_v1_kn9Eq4R1l2K7RlvP.js", "https://www.google-analytics.com/gtm/js?id=GTM-PF7H94Q&t=gartner&cid=559436367.1653353775", "https://www.googletagmanager.com/gtm.js?id=GTM-PMC6JX", "https://www.indusface.com/js/fontawesome.js.pagespeed.jm.X4kSHwBNxI.js", "https://www.indusface.com/js/jquery.3.5.1.min.js.pagespeed.jm.A8biqtTJrt.js", "https://www.googletagmanager.com/gtag/js?id=AW-827450946", "https://tracking.g2crowd.com/attribution_tracking/conversions/2226.js?p=https://www.indusface.com/&e=", "https://bat.bing.com/p/action/26015787.js", "https://s.adroll.com/j/pre/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR/index.js", "https://d.adroll.com/consent/check/Q7CW4G7ZJJGWDLUB76P5IV?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&_s=1316674c131c34cc157a9ad9119512a2&_b=2", "https://d.adroll.com/pixel/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&pv=54603716107.79724&cookie=BIJ6M3OZKNCW7OIMIJSZED%3A2%7CWH2M5MREOVC4HNKNZPPJZR%3A2%7CQ7CW4G7ZJJGWDLUB76P5IV%3A2&adroll_s_ref=&keyw=&adroll_external_data=", "https://s.adroll.com/j/sendrolling.js", "https://web.mxradon.com/t/WebTracker.aspx?p1=18917&p2=Web%20Application%20Security%2C%20WAF%2C%20SSL%20Certificates&p3=-1&p4=&p5=1&p6=8415a029-248f-4eeb-bc18-338560430ff7&p7=&p8=&p9=0", "https://trackcmp.net/visit?actid=223422163&e=&r=&u=https%3A%2F%2Fwww.indusface.com%2F", "https://www.gartner.com/reviews/public/Widget/js/widget.js", "https://www.indusface.com/js/cookieconsent.min.js.pagespeed.jm.FCA-2RWV9s.js", "https://www.indusface.com/js/popper.min.js+bootstrap.min.js+modernizr-custom.js+menu.js.pagespeed.jc.WlixBHq4Fv.js", "https://www.indusface.com/js/swiper.min.js.pagespeed.jm.47RtcloJQ-.js", "https://clientcdn.pushengage.com/core/80780b73b5a3f4655fee62041e51f1be.js", "https://web.mxradon.com/t/Tracker.js", "https://www.indusface.com/css/A.font-styles1.css+bootstrap.css+skin.css+responsive.css+menu.css+swiper.min.css,Mcc.nAV12exFII.css.pagespeed.cf.a_yWJedOjY.css", "https://kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css", "https://www.indusface.com/css/A.cookieconsent.min.css.pagespeed.cf.t1fRd9Ouvj.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1144, "hostname": 333, "FileHash-SHA256": 307, "domain": 192, "FileHash-MD5": 1 }, "indicator_count": 1977, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1469 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f6d2300f3002b1d0f8a68", "name": "CPANEL-TUCOWS \u2014malware hosting", "description": "FBEvents-PostalCodeType, a new type of phone number type, has been added to the list of \"signals\" that can be controlled by a specialised operator.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-20T02:17:07.272000", "tags": [ "tucows", "vimeo", "enter otp", "foruserlogin", "username", "email address", "phone number", "click", "null", "otpviamail", "otpviasms", "error", "regexp", "edge", "elem", "function", "handle", "return", "expando", "match", "selector", "android", "false", "date", "target", "class", "mark", "copy", "capture", "seed", "pass", "enough", "code", "never", "core", "local", "verify", "fall", "accept", "done", "find", "internal", "inject", "possible", "prop", "trigger", "qe", "number", "string", "copyright", "uint8array", "xhfunction", "yhfunction", "gtmwrdf3cb", "host", "path", "gaugescookie", "gaugesuniqueday", "gaugesgauges", "slice", "image", "gaugestracker", "gaugesunique", "script", "closure library", "typeerror", "symbol", "array int8array", "caregexp", "legacy", "extra", "bootstrap", "medium", "large", "segoe ui", "roboto", "oxygensans", "ubuntu", "cantarell", "helvetica neue", "dataalignleft", "figcaption", "video", "ff6c2c", "styles", "badges", "small", "woff2", "fontface", "sans", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "arial", "helvetica", "montserrat", "productnav", "secondarynav", "typecheckbox", "menlo", "monaco", "consolas", "twitter", "font awesome", "license", "brands", "duotone", "msie", "russia", "paypal", "enduser license", "agreement", "europe", "typeof t", "typeof e", "typeof", "version", "attr", "pseudo", "object", "array", "invalid attempt", "typeof symbol", "survey", "trident", "form", "fullscreen", "property", "311218982", "textjavascript", "piscriptnum", "hj", "hotjar", "email", "telefon", "meta", "cookie", "keypress", "live", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "ud83dudc6cud83c", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "project", "reduceright", "trackevent", "pageview", "gtmwb4lhq4", "void", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "thank", "f39c11", "quick question", "difficult", "easy", "poll", "typeof window", "invalid uuid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "iterator", "boolean", "service", "phonenumber", "facebook", "javascript", "1cend" ], "references": [ "xfe-URL-Cpanel.com-stix2-2.1-export.json", "https://pi.pardot.com/pd.js", "https://connect.facebook.net/signals/config/285857426541675?v=2.9.57&r=stable", "https://www.redditstatic.com/ads/pixel.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://static.ads-twitter.com/uwt.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://static.hotjar.com/c/hotjar-1683409.js?sv=7", "https://www.google-analytics.com/analytics.js", "https://consent.cookiebot.com/da52fc49-8e48-42b7-9ad3-c219404f6f92/cc.js?renew=false&referer=cpanel.net&dnt=false", "https://consentcdn.cookiebot.com/consentconfig/da52fc49-8e48-42b7-9ad3-c219404f6f92/cpanel.net/configuration.js", "https://www.googletagmanager.com/gtm.js?id=GTM-WB4LHQ4", "https://www.bugherd.com/sidebarv2.js?apikey=kmu00qbvuigehexs5chefq", "https://consent.cookiebot.com/uc.js", "https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/728582492/?random=1650418372747&cv=9&fst=1650418372747&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4", "https://www.googleadservices.com/pagead/conversion/854235671/?random=1650418372749&cv=9&fst=1650418372749&num=1&value=0&label=PRNxCIWemu8BEJe0qpcD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&data=ads_data_redaction%3Dfalse&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&gcs=G111&did=dMWZhNz&edid=dMWZhNz&auid=2050955691.1650418373&capi=2&hn=www.googleadservices.com&btty", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https%3A%2F%2Fcpanel.net%2F&referrer=", "https://www.1.cpanel.net/analytics?conly=true&visitor_id=311218274&visitor_id_sign=3e1116a56bfd91923fe15cac565b502779c6ec3fe7449557f3940ba04e77079951b9efb044c2275f4211d26742585a9d14544eae&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https://cpanel.net/&referrer=", "https://script.hotjar.com/survey-v2.3716506838f2208ab9e2.js", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/cpbase.js?ver=5.6", "https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6", "https://pro.fontawesome.com/releases/v5.13.1/css/all.css", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://cpanel.net/wp-content/themes/cPbase/style.css?ver=5.6", "https://cpanel.net/wp-includes/css/dist/block-library/style.min.css?ver=5.6", "https://fonts.googleapis.com/css?family=Open+Sans:100,200,300,400,500,600,700%7CMontserrat:100,200,300,400,500,600,700", "https://cpanel.net/wp-content/themes/cPbase/assets/css/version96.css", "https://cpanel.net/wp-content/themes/cPbase/assets/css/roadmap.css", "xfe-URL-pi.pardot.com-stix2-2.1-export.json", "xfe-URL-Cpanel.net-stix2-2.1-export.json", "https://secure.gaug.es/track.js", "https://www.googletagmanager.com/gtm.js?id=GTM-WRDF3CB", "https://149371662.v2.pressablecdn.com/wp-includes/js/jquery/jquery.js", "https://149371662.v2.pressablecdn.com/wp-content/plugins/user-verification/assets/front/js/scripts-otp.js", "https://player.vimeo.com/video/571271613", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "URL": 10195, "domain": 1182, "FileHash-SHA256": 815, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 15683, "is_author": false, "is_subscribing": null, "subscriber_count": 74, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "625f2b6a1f2c9d5631d261d5", "name": "Choopa.com - vultr", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T21:36:42.286000", "tags": [ "regexp", "typeof e", "typeof t", "function", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "680876936", "389564586", "17606105819", "1044525330", "176418897", "121200080426", "1473231341", "45705983", "71770035416", "1958414417", "copyright", "closure library", "trunc", "msie", "tagpath", "fbcd", "body", "html", "gettarget", "571256413046247", "prop", "click", "typeof l", "json", "array", "string", "8760", "image", "adveid", "typeof c", "typeerror", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "service", "phonenumber", "meta", "invalid uuid", "uint8array", "nullu", "1099511627776", "t4294967296", "typeof symbol", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "reduceright", "number", "gk6536fhn4d", "r300", "typeof d", "path", "caca", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "javascript", "code", "hoverpopup", "please", "output", "popupmodal", "country", "checkall", "invcid", "base64", "score", "attr", "js foundation", "typeof module", "ffffff", "acce22", "f0f0f0", "dadada", "typesubmit", "typebutton", "f4f4f4", "trebuchet ms", "tahoma", "woff", "footer", "segoe ui", "emoji", "tbody", "roboto", "helvetica neue", "arial", "apple color", "noto color", "type", "twitter", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "onclickpopup", "discountmonthly", "grayoverlay", "popup into", "popup var", "center", "price", "first", "classname", "eventkey", "event", "selector", "name", "datakey", "version", "default", "shown", "target", "close", "false", "trigger", "jquery", "delta", "open", "arrow", "protected", "leave", "dataspy", "typeof define", "eventlistener" ], "references": [ "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://www.choopa.com/css/bootstrap.css", "https://www.choopa.com/css/global.css?v=209", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://my.choopa.com/js/global.js?v=41", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.google-analytics.com/analytics.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://static.ads-twitter.com/uwt.js", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://js.partnerstack.com/v1/", "https://bat.bing.com/p/action/17528422.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/sendrolling.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1241, "URL": 3454, "domain": 430, "FileHash-SHA256": 453 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62509a05316b00bcca30c693", "name": "Live Sexcams: XXX Adult Shows - Free Porn Chat - BongaCams", "description": "Here is the full text of the code for the new animation, which will take place at 20:00 GMT on Friday, 1:30 BST.. (19:45 GMT)..", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T20:24:37.141000", "tags": [ "hammer", "gc", "vob", "tvb", "service", "date", "check favorite", "dare", "continuecta", "vote", "goprivate", "buycredits", "ff8d00", "favorite", "error", "null", "nonce", "enterprise", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "eenterprise", "object", "customevent", "ethis", "layouttest", "faceliftlayout", "stubbutton", "similarmodels", "purchasepagev3", "langtag", "newbannerchat", "image", "typeof atrkopts", "dailagill", "strong", "streams", "your", "source of", "pleasure", "live sex", "normal", "cosplay", "fingering", "chat", "deepthroat", "close", "live", "free cams", "sex chat", "live porn", "sex cam", "livesex", "webcamsex", "adult cams", "free live sex chat", "webcam sex", "chat online", "free adults hd", "mins", "xxx cams", "xxx porn", "free live cam", "adult sex", "material", "majority", "here looking", "for child", "pornography", "move on", "on this", "website", "we will", "turn over", "free porn webcams", "live webcam", "online sex cam", "xxx girls", "live sex chat", "teen sexchat", "amateur video", "web cam", "sexcams", "shows", "porn chat", "bongacams", "function", "i2c1", "xeir", "cef4", "m4sr", "e4c4", "math", "ttmt", "y4giwe", "h5gg", "window", "css1062", "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "twitter", "web design", "iran", "author url", "github", "regexp", "pseudo", "child", "typeof n", "typeof t", "class", "attr", "typeof module", "this" ], "references": [ "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "https://payvtylhwjxnr.xyz/Content/script?v=2", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://payvtylhwjxnr.xyz/Content/style?v=1", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://static.selfpuc.com/mnpw3.js", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "https://bongacams.com/GianaWatson", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia", "New Zealand" ], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "Tvb", "display_name": "Tvb", "target": null }, { "id": "Vob", "display_name": "Vob", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 425, "domain": 459, "URL": 1412, "FileHash-SHA256": 125 }, "indicator_count": 2421, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624dbf64e7682b3bf049129c", "name": "Malware-USA", "description": "Shopseg Sistemas, a company specialising in software and equipamentos for supermercados, wedi dweud eu s\u00f4n i'n \u00f4l.", "modified": "2022-05-06T16:01:29.122000", "created": "2022-04-06T16:27:16.842000", "tags": [ "dataaos", "100px00", "dataaosfade", "100px0", "dataaoszoom", "dataaosflip", "woff2", "fontface", "sans", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "reduceright", "number", "string", "gtl5jtn10ss", "regexp", "error", "r300", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "const", "click", "select", "scroll", "mobile", "template", "template url", "license", "easy selector", "easy event", "easy", "back", "typeof e", "typeof t", "this", "main", "swiper", "button", "most", "mit license", "android", "win32", "null", "dblock", "email form", "validation", "action", "formdata", "api url", "typeof define", "typeof module", "gplv3", "metafizzy", "math", "plyr", "typeof symbol", "typeerror", "tnull", "cnull", "typeof", "inject", "playbook", "name", "getconfig", "default", "area", "event", "shadowroot", "boolean", "window", "trident", "body", "ofunction", "symbol", "mfunction", "sfunction", "quando", "quem", "fundada em", "informtica", "sistemas", "segurana", "softwares", "supermercados", "lojas", "restaurantes", "padarias" ], "references": [ "http://www.shopsegsistemas.com.br/", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "http://www.shopsegsistemas.com.br/assets/js/main.js", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "xfe-IP-50.116.87.164-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Quando", "display_name": "Quando", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 254, "URL": 815, "FileHash-SHA256": 168, "domain": 174 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "624dbf641e6a04169629e662", "name": "Malware-USA", "description": "Shopseg Sistemas, a company specialising in software and equipamentos for supermercados, wedi dweud eu s\u00f4n i'n \u00f4l.", "modified": "2022-05-06T16:01:29.122000", "created": "2022-04-06T16:27:16.093000", "tags": [ "dataaos", "100px00", "dataaosfade", "100px0", "dataaoszoom", "dataaosflip", "woff2", "fontface", "sans", "u0259", "u1e001eff", "u2020", "u20a020ab", "u20ad20cf", "u2113", "u2c602c7f", "reduceright", "number", "string", "gtl5jtn10ss", "regexp", "error", "r300", "copyright", "dafunction", "gafunction", "uint8array", "date", "path", "void", "const", "click", "select", "scroll", "mobile", "template", "template url", "license", "easy selector", "easy event", "easy", "back", "typeof e", "typeof t", "this", "main", "swiper", "button", "most", "mit license", "android", "win32", "null", "dblock", "email form", "validation", "action", "formdata", "api url", "typeof define", "typeof module", "gplv3", "metafizzy", "math", "plyr", "typeof symbol", "typeerror", "tnull", "cnull", "typeof", "inject", "playbook", "name", "getconfig", "default", "area", "event", "shadowroot", "boolean", "window", "trident", "body", "ofunction", "symbol", "mfunction", "sfunction", "quando", "quem", "fundada em", "informtica", "sistemas", "segurana", "softwares", "supermercados", "lojas", "restaurantes", "padarias" ], "references": [ "http://www.shopsegsistemas.com.br/", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "http://www.shopsegsistemas.com.br/assets/js/main.js", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "xfe-IP-50.116.87.164-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null }, { "id": "Quando", "display_name": "Quando", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 254, "URL": 815, "FileHash-SHA256": 168, "domain": 174 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1487 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621fff12d2c54f70fea90576", "name": "Bexar.org", "description": "", "modified": "2022-04-01T00:01:54.852000", "created": "2022-03-02T23:34:42.531000", "tags": [], "references": [ "www.bexar.org - urlscan.io.pdf", "bexar api 4.pdf", "bexar api 8.pdf", "bexar 6.pdf", "bexar api 2.pdf", "bexar api 7.pdf", "bexar api 3.pdf", "bexar api 9.pdf", "bexar api 12.pdf", "bexar api 17.pdf", "bexar api 15.pdf", "bexar api 18.pdf", "bexar api 10.pdf", "bexar api 19.pdf", "bexar api 20.pdf", "bexar api 13.pdf", "bexar api 21.pdf", "bexar api 14.pdf", "bexar api 22.pdf", "bexar1.pdf", "bexar api5.pdf", "bexar2.pdf", "bexar3.pdf", "bexar.org 3.2.22.pdf", "bexar6.pdf", "bexar5.pdf", "bexar api_1.pdf", "bexar10.pdf", "bexar api.pdf", "bexar_v1df.pdf", "bexarv4df.pdf", "bexarv2df.pdf", "bexarv6df.pdf", "bexasv3df.pdf", "bexarv7df.pdf", "bear_v apidf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1833, "URL": 4669, "domain": 1025, "FileHash-SHA256": 1735, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9410, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1522 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://d.adroll.com/pixel/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&pv=54603716107.79724&cookie=BIJ6M3OZKNCW7OIMIJSZED%3A2%7CWH2M5MREOVC4HNKNZPPJZR%3A2%7CQ7CW4G7ZJJGWDLUB76P5IV%3A2&adroll_s_ref=&keyw=&adroll_external_data=", "http://www.shopsegsistemas.com.br/assets/vendor/isotope-layout/isotope.pkgd.min.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://static.hotjar.com/c/hotjar-1683409.js?sv=7", "https://www.indusface.com/js/fontawesome.js.pagespeed.jm.X4kSHwBNxI.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://guidemyrelationship.com/assets/css/bootstrap.min.css", "https://player.vimeo.com/video/571271613", "https://www.gstatic.com/charts/50/js/jsapi_compiled_line_module.js", "https://www.indusface.com/js/popper.min.js+bootstrap.min.js+modernizr-custom.js+menu.js.pagespeed.jc.WlixBHq4Fv.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://www.gstatic.com/charts/50/third_party/dygraphs/dygraph-tickers-combined.js", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "bexarv4df.pdf", "https://web.mxradon.com/t/Tracker.js", "https://pi.pardot.com/pd.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/cpbase.js?ver=5.6", "https://consent.cookiebot.com/uc.js", "https://script.hotjar.com/survey-v2.3716506838f2208ab9e2.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.google-analytics.com/gtm/js?id=GTM-PF7H94Q&t=gartner&cid=559436367.1653353775", "bexar api 9.pdf", "https://www.choopa.com/_js/dragscroll.js", "bexar1.pdf", "https://www.googletagmanager.com/gtm.js?id=GTM-WB4LHQ4", "https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i%7CRaleway:300,300i,400,400i,500,500i,600,600i,700,700i%7CPoppins:300,300i,400,400i,500,500i,600,600i,700,700i", "https://serverhub.com/modules/system/assets/js/framework.js", "https://www.indusface.com/js/cookieconsent.min.js.pagespeed.jm.FCA-2RWV9s.js", "bexarv2df.pdf", "https://www.indusface.com/css/A.cookieconsent.min.css.pagespeed.cf.t1fRd9Ouvj.css", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "xfe-IP-50.116.87.164-stix2-2.0-export.json", "bexar api_1.pdf", "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css", "bexar10.pdf", "bexar6.pdf", "https://www.clarity.ms/tag/uet/26015787", "https://widget.intercom.io/widget/rbc8ok9w", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js", "https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js", "https://www.google.com/recaptcha/enterprise.js?&render=6LeY5wkeAAAAAHNlJZXiHgJrpCTsD-Qu0O2GlYgB", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://bazaar.abuse.ch/js/jquery-3.5.1.min.js", "https://fontawesome.io/", "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", "bexar api 3.pdf", "https://www.gstatic.com/charts/50/loader.js", "https://www.1.cpanel.net/analytics?conly=true&visitor_id=311218274&visitor_id_sign=3e1116a56bfd91923fe15cac565b502779c6ec3fe7449557f3940ba04e77079951b9efb044c2275f4211d26742585a9d14544eae&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https://cpanel.net/&referrer=", "https://www.vgt.pl/css/bootstrap.min.css", "https://i.bcicdn.com/js-min/1NCJjq/27984029c73362dbf9ec0727.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/pre/Q7CW4G7ZJJGWDLUB76P5IV/WH2M5MREOVC4HNKNZPPJZR/index.js", "bexar.org 3.2.22.pdf", "https://payvtylhwjxnr.xyz/Content/style?v=1", "https://www.gartner.com/reviews/public/Widget/js/widget.js", "https://www.indusface.com/js/swiper.min.js.pagespeed.jm.47RtcloJQ-.js", "https://cpanel.net/wp-content/themes/cPbase/style.css?ver=5.6", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "xfe-URL-pi.pardot.com-stix2-2.1-export.json", "https://trackcmp.net/visit?actid=223422163&e=&r=&u=https%3A%2F%2Fwww.indusface.com%2F", "https://www.googletagmanager.com/gtag/js?id=G-TL5JTN10SS", "http://www.shopsegsistemas.com.br/", "https://www.vgt.pl/css/style.css?2018-02-25", "https://platform.twitter.com/widgets/follow_button.f8c8d971a6ac545cf416e3c1ad4bbc65.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=abuse_ch&show_count=false&show_screen_name=true&size=l&time=1653415551742", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://www.choopa.com/css/bootstrap.css", "http://fontawesome.io/", "https://guidemyrelationship.com/assets/js/main.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "https://bazaar.abuse.ch/js/datatables.min.js", "https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3730.503584706544!2d-41.67284568552043!3d-20.770905270369408!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0xbb93dcc0beb01f%3A0x97397d38847b3692!2sShopSeg%20Sistemas!5e0!3m2!1spt-BR!2sbr!4v1636561779046!5m2!1spt-BR!2sbr", "https://s.adroll.com/j/sendrolling.js", "bexarv6df.pdf", "xfe-URL-Intercom.io-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR", "https://www.googletagmanager.com/gtm.js?id=GTM-WRDF3CB", "http://www.shopsegsistemas.com.br/assets/vendor/swiper/swiper-bundle.min.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js", "bexar api 8.pdf", "https://js.hscollectedforms.net/collectedforms.js", "bexar api 2.pdf", "https://bcprm.com/promo.php?c=716918&type=embed_chat&page=popular_chat&top_model=1&stream_only_size=full", "https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6", "bexar api 19.pdf", "https://web.mxradon.com/t/WebTracker.aspx?p1=18917&p2=Web%20Application%20Security%2C%20WAF%2C%20SSL%20Certificates&p3=-1&p4=&p5=1&p6=8415a029-248f-4eeb-bc18-338560430ff7&p7=&p8=&p9=0", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.js", "bexar api 22.pdf", "https://consent.cookiebot.com/da52fc49-8e48-42b7-9ad3-c219404f6f92/cc.js?renew=false&referer=cpanel.net&dnt=false", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", "https://149371662.v2.pressablecdn.com/wp-includes/js/jquery/jquery.js", "https://js.partnerstack.com/v1/", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://cpanel.net/wp-content/themes/cPbase/assets/css/version96.css", "bexarv7df.pdf", "https://sc.lfeeder.com/lftracker_v1_kn9Eq4R1l2K7RlvP.js", "https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N", "https://bazaar.abuse.ch/js/bootstrap.min.js", "https://fonts.googleapis.com/css?family=Open+Sans:100,200,300,400,500,600,700%7CMontserrat:100,200,300,400,500,600,700", "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", "bexar api 4.pdf", "https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js", "https://bongacams.com/GianaWatson", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://bazaar.abuse.ch/css/all.min.css", "https://149371662.v2.pressablecdn.com/wp-content/plugins/user-verification/assets/front/js/scripts-otp.js", "bexar api 21.pdf", "https://abuse.ch/js/google-charts.js", "xfe-URL-payvtylhwjxnr.xyz-stix2-2.1-export.json", "bexasv3df.pdf", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4", "bexar api 17.pdf", "https://bat.bing.com/bat.js", "https://www.google-analytics.com/analytics.js", "bexar api 15.pdf", "https://guidemyrelationship.com/assets/js/bootstrap.min.js", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "bexar api.pdf", "https://bat.bing.com/p/action/26015787.js", "https://cpanel.net/wp-content/themes/cPbase/assets/css/roadmap.css", "bexar api 14.pdf", "xfe-URL-Cpanel.net-stix2-2.1-export.json", "https://bat.bing.com/p/action/17528422.js", "https://abuse.ch/js/bootstrap.min.js", "bexar2.pdf", "http://www.shopsegsistemas.com.br/assets/js/main.js", "https://connect.facebook.net/en_US/fbevents.js", "xfe-IP-172.67.151.101-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-PMC6JX", "https://www.vgt.pl/css/font-awesome.min.css", "bexar api 20.pdf", "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "http://www.shopsegsistemas.com.br/assets/vendor/aos/aos.css", "https://kit-free.fontawesome.com/releases/latest/css/free-v4-font-face.min.css", "https://www.indusface.com/js/jquery.3.5.1.min.js.pagespeed.jm.A8biqtTJrt.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js", "https://static.ads-twitter.com/uwt.js", "https://staticx1.dditscdn.com/mbl/frontend_backbone/static/_common/modular-member-client/script/maincontext_9af26.min.js", "https://s.adroll.com/j/roundtrip.js", "bexar api 7.pdf", "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", "http://www.shopsegsistemas.com.br/assets/vendor/glightbox/js/glightbox.min.js", "https://pro.fontawesome.com/releases/v5.13.1/css/all.css", "xfe-IP-104.21.72.150-stix2-2.1-export.json", "https://d.adroll.com/consent/check/Q7CW4G7ZJJGWDLUB76P5IV?adroll_fpc=7c06a492879ac231294c1fe2e6e394f3-1653353535991&arrfrr=https%3A%2F%2Fwww.indusface.com%2F&_s=1316674c131c34cc157a9ad9119512a2&_b=2", "https://abuse.ch/js/twitter_widget.js", "https://consentcdn.cookiebot.com/consentconfig/da52fc49-8e48-42b7-9ad3-c219404f6f92/cpanel.net/configuration.js", "xfe-URL-Eonix.net-stix2-2.1-export.json", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/728582492/?random=1650418372747&cv=9&fst=1650418372747&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4", "bexar api 12.pdf", "https://clientcdn.pushengage.com/core/80780b73b5a3f4655fee62041e51f1be.js", "https://www.googletagmanager.com/gtag/js?id=AW-827450946", "bexar api 10.pdf", "https://payvtylhwjxnr.xyz/Content/css/banks.css", "https://en.bongacams.com/popular-chat-popup?livetab=female&top_model=1&c=716918&hit_url=https%3A%2F%2Fbongacams.com%2Ftrack%3Fc%3D716918%26ps%3Dembed_chat&stream_only=1&amute=1&classic=on", "xfe-URL-Vultr.com-stix2-2.1-export.json", "bexar_v1df.pdf", "https://dc.cux.io/analyzer.js", "https://static.selfpuc.com/mnpw3.js", "https://m.bimbim.com/en/DailaGill?psid=crakmedia2&psprogram=revs&pstool=450_1&utm_campaign=main&utm_content=redirect&utm_medium=webmaster&utm_source=promotools", "bexar api 18.pdf", "https://k.clarity.ms/s/0.6.34/clarity.js", "https://www.vgt.pl/img/logo.png", "https://bazaar.abuse.ch/css/bootstrap.min.css", "https://www.indusface.com/css/A.font-styles1.css+bootstrap.css+skin.css+responsive.css+menu.css+swiper.min.css,Mcc.nAV12exFII.css.pagespeed.cf.a_yWJedOjY.css", "https://my.choopa.com/js/global.js?v=41", "http://www.shopsegsistemas.com.br/assets/vendor/php-email-form/validate.js", "https://js.hsleadflows.net/leadflows.js", "https://www.choopa.com/css/global.css?v=209", "https://tracking.g2crowd.com/attribution_tracking/conversions/2226.js?p=https://www.indusface.com/&e=", "xfe-URL-Cpanel.com-stix2-2.1-export.json", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https%3A%2F%2Fcpanel.net%2F&referrer=", "bexar 6.pdf", "bexar5.pdf", "bexar api5.pdf", "https://secure.gaug.es/track.js", "https://abuse.ch/js/jquery-3.6.0.min.js", "https://connect.facebook.net/signals/config/285857426541675?v=2.9.57&r=stable", "bear_v apidf.pdf", "https://js.hs-scripts.com/3844463.js", "https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js", "www.bexar.org - urlscan.io.pdf", "https://www.googleadservices.com/pagead/conversion/854235671/?random=1650418372749&cv=9&fst=1650418372749&num=1&value=0&label=PRNxCIWemu8BEJe0qpcD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&data=ads_data_redaction%3Dfalse&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&gcs=G111&did=dMWZhNz&edid=dMWZhNz&auid=2050955691.1650418373&capi=2&hn=www.googleadservices.com&btty", "bexar3.pdf", "https://cpanel.net/wp-includes/css/dist/block-library/style.min.css?ver=5.6", "https://www.bugherd.com/sidebarv2.js?apikey=kmu00qbvuigehexs5chefq", "xfe-URL-Choopa.com-stix2-2.1-export.json", "bexar api 13.pdf", "https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js", "https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js", "https://payvtylhwjxnr.xyz/Content/script?v=2", "http://www.shopsegsistemas.com.br/assets/vendor/bootstrap/js/bootstrap.bundle.min.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Anda", "Trackingclient", "Rabu", "Gc", "Vui", "Vob", "Qe", "Hammer", "Vasaris", "Hj", "Bufferreader", "Tvb", "Bufferwriter", "Srpanj", "Quando", "Tente", "Outubro", "Reduceright" ], "industries": [ "Government" ], "unique_indicators": 70505 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/modal.show", "whois": "http://whois.domaintools.com/modal.show", "domain": "modal.show", "hostname": "ww1.modal.show" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 21, "pulses": [ { "id": "68abf75bf3b03b94a6762409", "name": "(Repost) How to connect listeners to e.intercom | serverhub.com eonix.net", "description": "", "modified": "2025-08-25T05:40:43.552000", "created": "2025-08-25T05:40:43.552000", "tags": [ "context", "error", "ajaxupdate", "request", "requestdata", "name", "xoctoberassets", "datarequest", "typesubmit", "typetext", "click", "function", "typeof c", "bootstrap", "javascript", "azaz", "popover", "typeof f", "typeof g", "typeof h", "vui", "anda", "tente", "outubro", "trackingclient", "srpanj", "rabu", "vasaris", "image", "typeof atrkopts", "800px", "40px", "i18n", "blockedemail", "typeof i18n", "hubspot", "captcha", "date", "please", "april", "august", "close", "february", "june", "form", "klik", "download", "window", "this", "next", "null", "blank", "este", "anna", "rserver", "mais", "void", "object", "typeerror", "array", "symbol", "bound", "typeof window", "typeof t", "invalid path", "unknown method", "phonenumber", "ninja", "typeof e", "edge", "dataname", "intercom", "typeof symbol", "apple", "webkiti", "criosi", "trident" ], "references": [ "xfe-URL-Eonix.net-stix2-2.1-export.json", "xfe-URL-Serverhub.com-stix2-2.1-export.json", "xfe-URL-Enom.com-stix2-2.1-export 2.json", "https://widget.intercom.io/widget/rbc8ok9w", "https://js.hscollectedforms.net/collectedforms.js", "https://js.hsleadflows.net/leadflows.js", "https://d31qbv1cthcecs.cloudfront.net/atrk.js", "https://serverhub.com/combine/a059fe7a562c0b582328162f0ee69fda-1426025688", "https://serverhub.com/modules/system/assets/js/framework.js", "https://js.hs-scripts.com/3844463.js", "xfe-URL-Cloudfront.net-stix2-2.1-export.json", "xfe-URL-Intercom.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vui", "display_name": "Vui", "target": null }, { "id": "Outubro", "display_name": "Outubro", "target": null }, { "id": "Tente", "display_name": "Tente", "target": null }, { "id": "Anda", "display_name": "Anda", "target": null }, { "id": "Vasaris", "display_name": "Vasaris", "target": null }, { "id": "Rabu", "display_name": "Rabu", "target": null }, { "id": "Srpanj", "display_name": "Srpanj", "target": null }, { "id": "TrackingClient", "display_name": "TrackingClient", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": "62719a4dec6d0aa4631b9b2f", "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5708, "hostname": 1541, "FileHash-SHA256": 876, "domain": 915, "CVE": 1, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "280 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6773fc65ae5df98c10b7ecc0", "name": "https://fontawesome.io/ 85999a8fe53ac406df7722b64e788923bb763878b7a99cdb5446f2b042c5834d", "description": "Dane obrazu png, 8-bit/kolor RGBA, bez przeplotu gyda'rzeg i'wch wrthod wybodaeth.\n5511a9b9f9144ed7bde4ccb074733b7c564d918d2a8b10d391afc6be5b3b1509\n89122eeb6c696ce683a6c279a7fbe814909e67645a0dcaf1d8de44c1856d636f", "modified": "2025-01-04T23:08:57.750000", "created": "2024-12-31T14:15:01.675000", "tags": [ "segoe ui", "emoji", "href", "roboto", "helvetica neue", "arial", "apple color", "symbol", "typecheckbox", "typeradio", "twitter", "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha256", "rozmiar", "kontekst https", "typ tekst", "opis tekst", "ascii z", "crlf proces", "sha1", "cache entry", "gzip chrome", "woff chrome", "gzip", "submission", "vhash", "ssdeep", "file type", "html internet", "magic html", "ascii text", "trid file", "magika html", "icons", "vector icons", "svg icons", "free icons", "icon font", "webfont", "desktop icons", "svg", "font awesome free", "font awesome pro" ], "references": [ "https://www.vgt.pl/css/bootstrap.min.css", "https://www.vgt.pl/css/font-awesome.min.css", "https://www.vgt.pl/img/logo.png", "https://www.vgt.pl/css/style.css?2018-02-25", "https://fontawesome.io/", "http://fontawesome.io/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 15, "hostname": 20, "URL": 97, "FileHash-SHA256": 336, "FileHash-MD5": 999, "FileHash-SHA1": 206 }, "indicator_count": 1673, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "512 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "595 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ed8f7d4b5483117bb66", "name": "abuse.ch", "description": "", "modified": "2023-12-06T15:10:16.397000", "created": "2023-12-06T15:10:16.397000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 223, "domain": 383, "URL": 1639, "hostname": 560, "email": 1, "FileHash-MD5": 2 }, "indicator_count": 2808, "is_author": false, "is_subscribing": null, "subscriber_count": 114, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708eb824dc4c51811f6de9", "name": "Indusface - in YOUR face ;)", "description": "", "modified": "2023-12-06T15:09:44.273000", "created": "2023-12-06T15:09:44.273000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 307, "hostname": 333, "domain": 192, "URL": 1143, "FileHash-MD5": 1 }, "indicator_count": 1976, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708d2dc7aa57db55aab29c", "name": "serverhub.com eonix.net", "description": "", "modified": "2023-12-06T15:03:09.373000", "created": "2023-12-06T15:03:09.373000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 876, "URL": 5708, "hostname": 1541, "domain": 915, "FileHash-MD5": 1 }, "indicator_count": 9042, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c1c5e2cc4dfe8d0ed97", "name": "CPANEL-TUCOWS \u2014malware hosting", "description": "", "modified": "2023-12-06T14:58:36.254000", "created": "2023-12-06T14:58:36.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 815, "hostname": 3487, "domain": 1182, "URL": 10194, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 15682, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63a3b9aaaca8891186e6f7a2", "name": "vt errors on edge 21 dec 2022", "description": "var n-i,n-n, r.test, is a new type of webpack, which uses a set of rules to store data in the form of a single address, or code.", "modified": "2023-01-21T00:01:41.590000", "created": "2022-12-22T01:58:02.495000", "tags": [ "eaca", "eace", "iaca", "iace", "boolean", "object", "path", "aacf", "customevent", "string", "span", "error", "code", "virustotal", "date", "null", "contact", "blank", "close", "twitter", "unknown", "download", "this", "easy", "desktop", "body", "requires", "footer", "refresh", "patch", "write", "cobalt strike", "shell", "zero", "harmless", "main", "aalfe", "getclass", "copy", "iframe", "divi", "roboto", "insert", "template", "class", "void", "form", "back", "ransomware", "trace", "comment", "tools", "premium", "bufferwriter", "bufferreader", "array", "typeerror", "vtuibutton", "number", "typeof o", "urls", "please", "javascript", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d651", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "references": [ "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BufferReader", "display_name": "BufferReader", "target": null }, { "id": "BufferWriter", "display_name": "BufferWriter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1051, "FileHash-SHA256": 204, "hostname": 275, "domain": 212, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1745, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1227 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://ww1.modal.show", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://ww1.modal.show", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780354677.1025977 }