{ "type": "Domain", "indicator": "jquery.map", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/jquery.map", "alexa": "http://www.alexa.com/siteinfo/jquery.map", "indicator": "jquery.map", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2829924269, "indicator": "jquery.map", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 25, "pulses": [ { "id": "69aa842cef967c844adef1de", "name": "CAPE Sandbox part 2 - see part 1", "description": "heartbreaking", "modified": "2026-04-05T11:04:28.804000", "created": "2026-03-06T07:37:16.417000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3905, "FileHash-SHA1": 3515, "FileHash-SHA256": 8002, "URL": 982, "hostname": 2532, "domain": 164, "email": 1 }, "indicator_count": 19101, "is_author": false, "is_subscribing": null, "subscriber_count": 49, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "116 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664bd9b732ecaf1b3c3beddf", "name": "Found some problems - Files from the UAlberta Google Drive Archive", "description": "Been looking for these...Gifts from the University of Alberta to the World apparently\n*Please note: I emptied out the Drive, however, there was a significant amount of abuse re: Google and Microsoft Accounts at the University of Alberta (reported).\n*On the Google side I utilized: Drive (a little), Docs/Slides/Sheets (when groupwork was required)\n*On the Microsoft side I utilized: OneDrive, Office 365 (Word, PPT, Excel, and OneNote). I used to also have a personal microsoft account (OneNote, OneDrive, Skype).\nThese were the applications I lived on for my studies. I could access the Gmail/Microsoft accounts for the University (however - 'bad things' usually happen because of this). I have no access to my personal Microsoft Account (i.e. myself and other affected student(s) do not have access to our personal stuff.", "modified": "2024-09-03T00:02:13.980000", "created": "2024-05-20T23:16:07.255000", "tags": [ "contact", "quick", "destination", "entry", "safety", "local", "health", "travel", "notification", "considerations", "service", "criminal", "showit", "click", "outcome", "step", "please", "class", "questions set", "question set", "unlock", "continue", "jointfilingyes", "jointfilingno", "minimum req", "domicileresusno", "joint sponsor", "sponsorjoint", "path", "href", "span", "activetab", "starton", "newpage", "searchq", "datasia", "datacon", "segfilter", "subsite", "issuance agency", "visas", "null", "state", "dialog field", "tabpanel", "recaptcha", "nameinputvisa", "fullnameinput1", "license headers", "tools", "templates", "sia contact", "visa", "website", "phoneregexp", "emailregexp", "azaz", "urlpattern", "example starter", "javascript", "fetch", "comptwo", "compone", "dateofbirth", "function", "date", "passport", "nameinput", "fullnameinput", "adult passport", "child passport", "new child", "new adult", "new passport", "datepicker", "ds5504", "hideit", "infinity", "false", "jquery", "error", "body", "trident", "simple", "turn", "back", "calendar", "format", "february", "april", "june", "august", "show", "page has", "bcdate", "col1child", "col2child", "coldatechild", "rowdisplay", "val1", "val2", "repaginate", "grab", "jandec", "86400000", "current", "namerbcontactme", "agency", "compliment", "complaint", "passportfees", "customerservice", "bymail", "namerbcategory", "brokenlink", "search", "departuredate", "calendar date", "picker", "change", "month", "vital", "records form", "component js", "select", "please enter", "azaz09", "dddddd", "woff2", "woff", "truetype", "css document", "efefef", "ffffff", "gradienttype0", "galaxy", "nexus", "iphone5", "abtn", "bbtn", "cbtn", "dbtn", "ebtn", "fbtn", "gbtn", "hbtn", "ibtn", "media query", "from", "fce68e", "font family", "bold", "document", "cc3333", "b7b7b7", "e2edff", "ced9ea", "pm author", "ipca csi", "helvetica", "arial", "cq aem", "feed classes", "f2cd54", "f4d97e", "portrait", "landscape", "ipad", "declare", "immigrant", "visa navigation", "navigation css", "georgia", "times new", "roman", "times", "verdana", "photomodal", "styles media", "ff0000", "queries", "form component", "typetext", "queries media", "phone media", "tablet styles", "media queries", "jumbo sized", "copyright", "gpl version", "http", "alpha", "button", "out width", "ui css", "framework", "icons", "misc", "mini", "input", "label", "textarea", "overlays", "csi page", "embassy info", "embassy data", "embassy names", "end adjust", "embassy nameso", "pages", "e1a04d", "c0c0c0", "ffffff url", "us survey", "component css", "country list", "e7eceb", "important", "additional css", "wizard", "corner radius", "f97800", "c61700", "largestbox", "thisbox", "csi navigation", "ui autocomplete", "ui menu", "noticeid", "countnote", "largestnote", "thisnote", "desktops", "43px", "42px", "large", "aem interface", "styles", "web email", "ytconfig", "typeerror", "facebook pixel", "pixel code", "symbol", "fblog", "typeof", "iterator", "pageview", "pixel", "facebook", "config", "meta", "propname", "dpjquerydpuuid", "this", "next", "atom", "cookie", "iframe", "close", "string", "number", "edge", "regexp", "silk", "sxa0", "object", "opera", "android", "void", "form", "UAlberta", "Android", "Mac", "iPhone", "Gov Alberta", "AWS", "AZURE", "ENTRA", "iCloud", "Telus", "Bitdefender", "Norton" ], "references": [ "Copy of clientlib.js(1).download", "Copy of clientlib.js(2).download", "Copy of clientlib.js(5).download", "Copy of clientlib.js(7).download", "Copy of clientlib.js(4).download", "Copy of clientlib.js(10).download", "Copy of clientlib.js(8).download", "Copy of clientlib.js(11).download", "Copy of clientlib.js(12).download", "Copy of clientlib.js(13).download", "Copy of clientlib.js(14).download", "Copy of clientlib.js(9).download", "Copy of clientlib.js(16).download", "Copy of clientlib.js(17).download", "Copy of clientlib.js(18).download", "Copy of clientlib.js(3).download", "Copy of clientlib.js(19).download", "Copy of clientlib.js(15).download", "Copy of clientlib.js(22).download", "Copy of clientlib.js(23).download", "Copy of clientlib.js(21).download", "Copy of clientlib.js(26).download", "Copy of clientlib.js(25).download", "Copy of clientlib.js(24).download", "Copy of clientlib.js(31).download", "Copy of clientlib.js(28).download", "Copy of clientlib.js(30).download", "Copy of clientlib.js(32).download", "Copy of clientlib.js(29).download", "Copy of clientlib.js(34).download", "Copy of clientlib.js(35).download", "Copy of clientlib.js(37).download", "Copy of clientlib.js(36).download", "Copy of clientlib.js(38).download", "Copy of clientlib.js(39).download", "Copy of clientlib.js(33).download", "Copy of clientlib.js(44).download", "Copy of clientlib.js(43).download", "Copy of clientlib.js(41).download", "Copy of clientlib.js(42).download", "Copy of clientlib.js(45).download", "Copy of clientlib.js(51).download", "Copy of clientlib.js(56).download", "Copy of clientlib.js(55).download", "Copy of clientlib.js(54).download", "Copy of clientlib.js(57).download", "Copy of clientlib.js(52).download", "Copy of clientlib.js(53).download", "Copy of clientlib.js(60).download", "Copy of clientlib(1).css", "Copy of clientlib.js(59).download", "Copy of clientlib(3).css", "Copy of clientlib(2).css", "Copy of clientlib(5).css", "Copy of clientlib.js(58).download", "Copy of clientlib(8).css", "Copy of clientlib(10).css", "Copy of clientlib(7).css", "Copy of clientlib(6).css", "Copy of clientlib(12).css", "Copy of clientlib(13).css", "Copy of clientlib(9).css", "Copy of clientlib(4).css", "Copy of clientlib(14).css", "Copy of clientlib(17).css", "Copy of clientlib(15).css", "Copy of clientlib(19).css", "Copy of clientlib(18).css", "Copy of clientlib(11).css", "Copy of clientlib(20).css", "Copy of clientlib(16).css", "Copy of clientlib(23).css", "Copy of clientlib(24).css", "Copy of clientlib(26).css", "Copy of clientlib(25).css", "Copy of clientlib(28).css", "Copy of clientlib(22).css", "Copy of clientlib(27).css", "Copy of clientlib(31).css", "Copy of clientlib(29).css", "Copy of clientlib(30).css", "Copy of clientlib(32).css", "Copy of clientlib(34).css", "Copy of clientlib(35).css", "Copy of clientlib(33).css", "Copy of clientlib(38).css", "Copy of clientlib(37).css", "Copy of clientlib(36).css", "Copy of clientlib(40).css", "Copy of clientlib(39).css", "Copy of clientlib(43).css", "Copy of clientlib(21).css", "Copy of clientlib(41).css", "Copy of clientlib(44).css", "Copy of clientlib(42).css", "Copy of clientlib(46).css", "Copy of clientlib(45).css", "Copy of clientlib(47).css", "Copy of clientlib(48).css", "Copy of clientlib(49).css", "Copy of clientlib(50).css", "Copy of clientlib(52).css", "Copy of clientlib(54).css", "Copy of clientlibs.js(3).download", "Copy of clientlib(53).css", "Copy of clientlibs.js(2).download", "Copy of clientlibs(3).css", "Copy of clientlib(51).css", "Copy of clientlibs(1).css", "Copy of clientlibs(2).css", "Copy of clientlibs.js.download", "Copy of clientlibs.js(4).download", "Copy of clientlibs(5).css", "Copy of clientlibs.css", "Copy of clientlibs(4).css", "Copy of dir (1).c9r", "Copy of clientlib(55).css", "Copy of iframe_api", "Copy of fbevents.js.download", "Copy of clientlibs.js(1).download", "Copy of js", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "hxxps://portal[.]office[.]com/Account", "hxxps://myapplications[.]microsoft[.]com/", "https://tria.ge/240521-rvybaahb79", "https://tria.ge/240521-rxpf6ahd6w", "https://tria.ge/240521-r1yh8shd44", "https://tria.ge/240521-ry949ahe2z/behavioral1", "https://tria.ge/240521-r3mvhshd83" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Mexico", "Anguilla", "Aruba", "Panama", "Ukraine", "Trinidad and Tobago", "Saint Vincent and the Grenadines", "Saint Martin (French part)", "Sint Maarten (Dutch part)", "Philippines", "Netherlands", "Cura\u00e7ao", "Georgia", "Tanzania, United Republic of", "Costa Rica", "Guatemala", "Japan", "Barbados" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" } ], "industries": [ "Education", "Technology", "Government", "Healthcare", "Biotechnology", "Telecommunications", "Energy", "Construction", "Chemical", "Agriculture", "Finance", "Media", "Defense", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 251, "hostname": 188, "FileHash-SHA256": 142, "URL": 69, "FileHash-MD5": 77, "FileHash-SHA1": 77 }, "indicator_count": 804, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "712 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e5c72277117d3b0e00fbd", "name": "Command and Scripting Interpreter", "description": "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm", "modified": "2023-12-22T19:00:52.050000", "created": "2023-11-22T19:54:26.925000", "tags": [ "whois record", "contacted", "execution", "ssl certificate", "historical ssl", "resolutions", "problems", "red team", "whois whois", "referrer", "startpage", "generic malware", "cobaltstrike", "malware generic", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist https", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "malicious site", "malware site", "malicious url", "phishing site", "alexa", "phishing", "redline stealer", "bank", "team", "iframe", "downldr", "presenoker", "artemis", "live", "zbot", "united", "cyber threat", "covid19", "mail spammer", "malicious host", "anonymizer", "engineering", "purplewave", "malicious", "keybase", "union", "asyncrat", "cobalt strike", "dnspionage", "ransomware", "maltiverse", "malicious link", "detection list", "blacklist", "pattern match", "file", "ascii text", "windows nt", "appdata", "mitre att", "null", "date", "ck id", "show technique", "unknown", "accept", "hybrid", "local", "click", "strings", "class", "generator", "critical", "error", "fast", "blacklist http", "heur", "adware", "unsafe", "riskware", "agent", "swrort", "exploit", "crack", "opencandy", "tiggre", "cleaner", "conduit", "wacatac", "nircmd", "filetour", "outbreak", "downer", "shell", "mediamagnet", "sality", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "acint", "systweak", "behav", "genkryptik", "xtrat", "softcnapp", "fusioncore", "installpack", "xrat", "jquery", "content scraper", "malware hosting", "bid site", "https:/www.usaopps.com/government_contractors/contractor-5388777", "CVE-2017-11882", "CVE-2017-0147", "CVE-2017-8570", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-3153", "CVE-2014-6332", "CVE-2016-0189", "CVE-2017-0199", "CVE-2018-4893", "CVE-2020-0601", "CVE-2020-0674", "CVE-2021-27065", "CVE-2021-40444" ], "references": [ "https://www.hybrid-analysis.com/sample/bc437a855075805df699bd915cd27814a799969bb38db45f09f5f16a54ccc5b6/655e548bc2555fc8280ba976", "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [ "Business", "Economy", "Government", "Legal" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 312, "FileHash-SHA256": 1086, "URL": 2843, "domain": 341, "hostname": 1091, "CVE": 16 }, "indicator_count": 6297, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "848 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c1c5e2cc4dfe8d0ed97", "name": "CPANEL-TUCOWS \u2014malware hosting", "description": "", "modified": "2023-12-06T14:58:36.254000", "created": "2023-12-06T14:58:36.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 815, "hostname": 3487, "domain": 1182, "URL": 10194, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 15682, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b5e9b8ce0f5fd87fb98", "name": "ewqopweowia543.ga", "description": "", "modified": "2023-12-06T14:55:26.621000", "created": "2023-12-06T14:55:26.621000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "hostname": 706, "domain": 234, "FileHash-SHA256": 238, "URL": 1386 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dbbf6ae4f5433c2bab52e9", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:49:30.620000", "tags": [ "null", "copyright", "jan sorgalla", "built", "bill scott", "http", "error", "function", "title", "method", "play", "fast", "click", "return", "href", "target", "span", "pass", "linear", "timebuff", "block", "trigger", "nivoslider", "display", "width", "show", "next", "arrow", "restart", "stop", "iframe", "alpha", "factory", "type", "handle", "sizzle", "match", "check", "make sure", "elem", "name", "regexp", "hooks", "false", "date", "class", "internal", "done", "bind", "test", "body", "copy", "hold", "mozilla", "logic", "flash", "jquery", "fall", "bubble", "prop", "meta", "middle", "mark", "thus", "form", "script script", "a li", "div div", "mua bn", "link", "a div", "trang ch", "gii thiu", "tin tc", "header http2", "gmt cache", "gmt server", "litespeed", "443 ma2592000", "172.217.16.232", "http://lhr48s28-in-f8.1e100.net" ], "references": [ "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://m.bds247.vn/view/js/page.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://m.bds247.vn//view/js/jquery6_1.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "FileHash-SHA256": 82, "domain": 134, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1142 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62756a0d14664003affb0555", "name": "hush.com 301 to hushmail.com", "description": "var b[f, gw.b, \"dust\" - a.g - has been added to an Array by the end of the year, if there is any chance of it being added.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T18:33:49.161000", "tags": [ "widget", "null", "regexp", "array", "copyright", "license", "calltrkswap", "date", "typeof s", "xmlhttprequest", "typeof r", "script", "vd", "number", "string", "ienew ca", "closure library", "error", "quota", "aafunction", "dafunction", "function", "typeof o", "reduceright", "aw1070742489", "uint8array", "void", "code", "typeof symbol", "wickedclientid", "wickedemail", "wickedurl", "wickednullurl", "typeof e", "direct", "typeof require", "modulenotfound", "mini", "cnull", "anull", "nl50", "pnull", "okcancel", "compiled", "true", "android", "trident", "form", "window", "false", "acronym", "body", "canvas", "embed", "footer", "iframe", "keygen", "legend", "mark", "meta", "ruby", "small", "span", "template", "blank", "twitter", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "width", "object", "this", "accept", "fnumber", "gtmmf25krh", "host", "path" ], "references": [ "xfe-URL-Hush.com-stix2-2.1-export.json", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "https://widget.wickedreports.com/widget.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "https://www.hushmail.com/status/", "https://script.tapfiliate.com/tapfiliate.js", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "OkCancel", "display_name": "OkCancel", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1917, "hostname": 698, "FileHash-SHA256": 116, "domain": 263 }, "indicator_count": 2994, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62750795ebc8c475f4a3033a", "name": "aquanx.com (PegTech botnet hosting)", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T11:33:41.174000", "tags": [ "function", "eu cookie", "version", "tamas schalk", "element", "lang", "datadelay", "dataexpire", "dataclass", "name", "date", "path", "null", "cookie", "regexp", "typeof e", "please", "typeof t", "pseudo", "child", "array", "error", "class", "void", "this", "extendedvps", "login register", "product group", "svssdlinux", "svssdwindows", "password", "client area", "aquanx english", "azerbaijani", "catal", "colocation\uff0ccustomized service\uff0cone-stop service\uff0caffordable cloud ", "aquanx", "metal cloud", "chat", "ddos migration", "network", "colocation", "cloud", "colocation bare", "cloud hosting", "private cloud", "bare", "service", "custom build", "https", "bootstrap", "bootstrap hover", "dropdown", "author", "cameron spear", "mattia larentis", "dropdown plugin", "http", "plugin", "copyright", "twitter", "conflict", "focus", "object", "click", "open", "next", "target", "trigger", "checkbox", "delta", "scroll", "false", "type", "expando", "typeof selector", "sizzle", "elem", "match", "data", "seed", "vd", "number", "string", "ienew ca", "closure library", "quota", "aafunction", "dafunction" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aquanx.com/js/bootstrap.js", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "https://aquanx.com/js/modernizr-custom.js", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "https://aquanx.com/", "https://user.aquanx.com/clientarea.php", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "xfe-URL-raksmart.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 560, "URL": 1236, "domain": 184, "FileHash-SHA256": 79 }, "indicator_count": 2059, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1414 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b070ed44bcc9ad7b76bab", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:28:46.014000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b06ae6171c5d04f1bab38", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:27:10.738000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1422 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1425 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62609c764fab13bbe96613f8", "name": "Pegasus - pegtech.com", "description": "New RegExp:function(a,b), a new type, has its own built-up property, as well as an ability to store information in place when it is not already available.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T23:51:18.734000", "tags": [ "fontface", "woff", "sans", "woff2", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "datasecret", "chrome", "opredge", "isoperaedge", "opera", "browsername", "gecko", "iphone", "body", "srchttp", "strhashchange", "software", "sectionindex", "srchttps", "etslidertimer", "copyright", "typeof define", "etslidesnumber", "columns", "date", "error", "cowboy", "function", "placeheld", "customevent", "click", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "null", "form", "fast", "false", "path", "next", "video lightbox", "plugin", "expand", "previous", "setposition", "isset", "srcyoutube", "srcvimeo", "image", "lightbox clone", "stephane caron", "typeof therel", "regexp", "play", "close", "pseudo", "child", "typeof b", "array", "sufeffxa0", "class", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75" ], "references": [ "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 856, "domain": 190, "hostname": 364, "FileHash-SHA256": 216 }, "indicator_count": 1626, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62601d5f1c8672141d3c2afb", "name": "Malware hosting - rackip.com = astutemedia.asia", "description": "New RegExp:function(a,b), a new type, has its own built-up property, as well as an ability to store information in place when it is not already available.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T14:49:03.781000", "tags": [ "datasecret", "easeoutcubic", "jquery", "select", "span", "class js", "html", "topsearch", "menu", "mobile", "menu dropdown", "class", "retinaimagepath", "copyright", "imulus", "mit license", "retina", "function", "xmlhttprequest", "head", "contenttype", "imagei", "viljamis", "navigation", "date", "typeof h", "woothemes", "tyler smith", "documenttouch", "number", "knumber", "previous", "next", "supersubs", "joel birch", "dual", "google group", "fontsize", "whitespace", "nowrap", "float", "superfish", "changelog", "visibility", "hidden", "setposition", "isset", "srcyoutube", "srcvimeo", "image", "lightbox clone", "stephane caron", "typeof therel", "regexp", "play", "close", "isotope", "commercial use", "http", "david desandro", "metafizzy", "moz webkit", "o ms", "reset", "null", "value", "clamp", "nullrgba", "nullhsla", "execresult", "cache", "local", "right", "including", "this software", "but not", "limited to", "terms of", "open", "bsd license", "redistribution", "redistributions", "neither", "direct", "placeheld", "form", "wpcf7", "alert", "minimum", "tooshort", "unittag", "false", "fast", "typesubmit", "form plugin", "version", "requires jquery", "examples", "typeof define", "typeimage", "formdata", "stop", "modernizr", "custom build", "build", "afunction", "cfunction", "typeerror", "object", "kfunction", "pseudo", "child", "typeof b", "array", "error", "sufeffxa0", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "ud83dudc6cud83c", "secure", "result" ], "references": [ "http://www.powr.io/powr.js", "http://astutemedia.asia/rackip/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9", "xfe-URL-astutemedia.asia-stix2-2.1-export.json", "http://astutemedia.asia/rackip/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/modernizr.js?ver=2.5.3", "http://astutemedia.asia/rackip/wp-includes/js/comment-reply.min.js?ver=5.5.9", "http://astutemedia.asia/rackip/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20", "http://astutemedia.asia/rackip/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.5.1", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.easing.js?ver=1.2", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.color.js?ver=2.0", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.isotope.min.js?ver=1.0", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.prettyPhoto.js?ver=3.0", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/superfish.js?ver=1.4.8", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/supersubs.js?ver=0.2", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.flexslider-min.js?ver=1.8", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/tinynav.min.js?ver=1.03", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/retina.min.js?ver=1.1.0", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/custom.js?ver=1.0", "http://astutemedia.asia/rackip/wp-includes/js/wp-embed.min.js?ver=5.5.9", "xfe-URL-Powr.io-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 515, "URL": 1487, "domain": 242, "FileHash-SHA256": 351, "CVE": 1 }, "indicator_count": 2596, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f6d2300f3002b1d0f8a68", "name": "CPANEL-TUCOWS \u2014malware hosting", "description": "FBEvents-PostalCodeType, a new type of phone number type, has been added to the list of \"signals\" that can be controlled by a specialised operator.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-20T02:17:07.272000", "tags": [ "tucows", "vimeo", "enter otp", "foruserlogin", "username", "email address", "phone number", "click", "null", "otpviamail", "otpviasms", "error", "regexp", "edge", "elem", "function", "handle", "return", "expando", "match", "selector", "android", "false", "date", "target", "class", "mark", "copy", "capture", "seed", "pass", "enough", "code", "never", "core", "local", "verify", "fall", "accept", "done", "find", "internal", "inject", "possible", "prop", "trigger", "qe", "number", "string", "copyright", "uint8array", "xhfunction", "yhfunction", "gtmwrdf3cb", "host", "path", "gaugescookie", "gaugesuniqueday", "gaugesgauges", "slice", "image", "gaugestracker", "gaugesunique", "script", "closure library", "typeerror", "symbol", "array int8array", "caregexp", "legacy", "extra", "bootstrap", "medium", "large", "segoe ui", "roboto", "oxygensans", "ubuntu", "cantarell", "helvetica neue", "dataalignleft", "figcaption", "video", "ff6c2c", "styles", "badges", "small", "woff2", "fontface", "sans", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "arial", "helvetica", "montserrat", "productnav", "secondarynav", "typecheckbox", "menlo", "monaco", "consolas", "twitter", "font awesome", "license", "brands", "duotone", "msie", "russia", "paypal", "enduser license", "agreement", "europe", "typeof t", "typeof e", "typeof", "version", "attr", "pseudo", "object", "array", "invalid attempt", "typeof symbol", "survey", "trident", "form", "fullscreen", "property", "311218982", "textjavascript", "piscriptnum", "hj", "hotjar", "email", "telefon", "meta", "cookie", "keypress", "live", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "ud83dudc6cud83c", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "project", "reduceright", "trackevent", "pageview", "gtmwb4lhq4", "void", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "thank", "f39c11", "quick question", "difficult", "easy", "poll", "typeof window", "invalid uuid", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "iterator", "boolean", "service", "phonenumber", "facebook", "javascript", "1cend" ], "references": [ "xfe-URL-Cpanel.com-stix2-2.1-export.json", "https://pi.pardot.com/pd.js", "https://connect.facebook.net/signals/config/285857426541675?v=2.9.57&r=stable", "https://www.redditstatic.com/ads/pixel.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://static.ads-twitter.com/uwt.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://static.hotjar.com/c/hotjar-1683409.js?sv=7", "https://www.google-analytics.com/analytics.js", "https://consent.cookiebot.com/da52fc49-8e48-42b7-9ad3-c219404f6f92/cc.js?renew=false&referer=cpanel.net&dnt=false", "https://consentcdn.cookiebot.com/consentconfig/da52fc49-8e48-42b7-9ad3-c219404f6f92/cpanel.net/configuration.js", "https://www.googletagmanager.com/gtm.js?id=GTM-WB4LHQ4", "https://www.bugherd.com/sidebarv2.js?apikey=kmu00qbvuigehexs5chefq", "https://consent.cookiebot.com/uc.js", "https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/728582492/?random=1650418372747&cv=9&fst=1650418372747&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4", "https://www.googleadservices.com/pagead/conversion/854235671/?random=1650418372749&cv=9&fst=1650418372749&num=1&value=0&label=PRNxCIWemu8BEJe0qpcD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&data=ads_data_redaction%3Dfalse&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&gcs=G111&did=dMWZhNz&edid=dMWZhNz&auid=2050955691.1650418373&capi=2&hn=www.googleadservices.com&btty", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https%3A%2F%2Fcpanel.net%2F&referrer=", "https://www.1.cpanel.net/analytics?conly=true&visitor_id=311218274&visitor_id_sign=3e1116a56bfd91923fe15cac565b502779c6ec3fe7449557f3940ba04e77079951b9efb044c2275f4211d26742585a9d14544eae&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https://cpanel.net/&referrer=", "https://script.hotjar.com/survey-v2.3716506838f2208ab9e2.js", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/cpbase.js?ver=5.6", "https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6", "https://pro.fontawesome.com/releases/v5.13.1/css/all.css", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://cpanel.net/wp-content/themes/cPbase/style.css?ver=5.6", "https://cpanel.net/wp-includes/css/dist/block-library/style.min.css?ver=5.6", "https://fonts.googleapis.com/css?family=Open+Sans:100,200,300,400,500,600,700%7CMontserrat:100,200,300,400,500,600,700", "https://cpanel.net/wp-content/themes/cPbase/assets/css/version96.css", "https://cpanel.net/wp-content/themes/cPbase/assets/css/roadmap.css", "xfe-URL-pi.pardot.com-stix2-2.1-export.json", "xfe-URL-Cpanel.net-stix2-2.1-export.json", "https://secure.gaug.es/track.js", "https://www.googletagmanager.com/gtm.js?id=GTM-WRDF3CB", "https://149371662.v2.pressablecdn.com/wp-includes/js/jquery/jquery.js", "https://149371662.v2.pressablecdn.com/wp-content/plugins/user-verification/assets/front/js/scripts-otp.js", "https://player.vimeo.com/video/571271613", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3487, "URL": 10195, "domain": 1182, "FileHash-SHA256": 815, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 15683, "is_author": false, "is_subscribing": null, "subscriber_count": 73, "modified_text": "1431 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6253871aa38954c4426d475e", "name": "http://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "description": "In e, a new RegExp, has been added to the list of properties that can be used to store information in a single place, as well as a \"sizzle\" on the side of the page.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-11T01:40:42.011000", "tags": [ "strong", "imprint", "price", "address", "prima abnehmen", "usage return", "contact", "packs", "card", "digit code", "date", "back", "later", "function", "regexp", "edge", "elem", "webpackrequire", "return", "null", "handle", "expando", "match", "android", "target", "error", "false", "class", "mark", "harmony", "copy", "capture", "seed", "pass", "enough", "code", "never", "core", "local", "verify", "fall", "accept", "done", "find", "internal", "inject", "possible", "prop", "trigger", "typeof t", "typeof symbol", "typeerror", "object", "typeof e", "pseudo", "child", "this", "void", "array", "typeof n", "boolean", "messagechannel", "string", "symbol", "seventracker", "post", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "typedarraytag", "blink", "gecko", "webkit", "trident", "the author", "this software", "copyright", "software is", "provided", "as is", "disclaims all", "warranties with", "regard to", "including all", "direct", "generator", "backspace", "select", "uint8array", "math", "number", "iframe", "span", "form", "click", "enterprise", "infinity", "template", "next", "body", "typeof r", "64e3", "urlsearchparams", "ofunction", "pfunction", "bfunction", "ffunction", "ifunction", "load", "sans", "woff2", "semibold", "bold", "italic", "semibold italic", "bold italic", "u20b4", "u2de02dff", "ua640a69f", "sufeffxa0", "attr" ], "references": [ "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "https://tracking.premiumhealtheurope.com/code.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "https://js.mollie.com/v1/mollie.js", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "https://tracking.premiumhealth.eu/code.js", "https://eu-library.klarnaservices.com/lib.js", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 640, "URL": 1862, "FileHash-SHA256": 149, "domain": 341 }, "indicator_count": 2992, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1440 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625045b8e764847c54ed286e", "name": "ewqopweowia543.ga", "description": "If you want to know what type of Touches you will get when you get stuck in the middle of a page, then ask for a random number of letters or numbers, or, if you can't find one.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T14:24:56.301000", "tags": [ "90deg", "250px", "helvetica neue", "helvetica", "roboto", "georgia", "typesearch", "typecheckbox", "label", "liberation mono", "function", "constructor", "param", "object", "class", "event", "abide", "number", "initializes", "drilldown", "window", "sticky", "false", "null", "body", "this", "date", "path", "anchor", "open", "trigger", "small", "close", "void", "form", "fast", "prop", "error", "shift", "test", "burn", "android", "back", "killswitch", "find", "desktop", "fall", "linear", "value", "webpackrequire", "return", "mouse", "factory", "moduleid", "apple cmd", "regexp", "elem", "handle", "expando", "match", "selector", "type", "sizzle", "target", "mark", "copy", "capture", "seed", "pass", "code", "bind", "core", "local", "verify", "accept", "done", "internal", "inject", "possible", "hold", "camel", "first", "middle", "gc", "eq", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "65535", "boolean", "counter", "segoe ui", "typeerror", "lucida", "ecommerce", "ext link", "comic", "impact", "light" ], "references": [ "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "https://mc.yandex.ru/metrika/watch.js", "https://ssl.google-analytics.com/ga.js", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "https://vestacp.com/js/app.js", "https://vestacp.com/css/app.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Eq", "display_name": "Eq", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 706, "URL": 1386, "CVE": 1, "FileHash-SHA256": 238, "domain": 234 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1442 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1482 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "CommonScripts.js.pobrane", "https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6", "https://connect.facebook.net/signals/config/285857426541675?v=2.9.57&r=stable", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "Copy of clientlibs(1).css", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://m.bds247.vn/view/js/page.js 443 Script", "https://www.1.cpanel.net/analytics?conly=true&visitor_id=311218274&visitor_id_sign=3e1116a56bfd91923fe15cac565b502779c6ec3fe7449557f3940ba04e77079951b9efb044c2275f4211d26742585a9d14544eae&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https://cpanel.net/&referrer=", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://tria.ge/240521-r3mvhshd83", "Copy of clientlib(5).css", "https://vestacp.com/css/app.css", "https://www.yunshipei.com/assets/js/amazeui.min.js", "xfe-URL-Psi.de-stix2-2.1-export.json", "ceidg-master.js.pobrane", "Copy of clientlib(55).css", "https://aquanx.com/js/modernizr-custom.js", "Copy of clientlib.js(30).download", "Copy of clientlib.js(55).download", "https://www.googletagmanager.com/gtag/js?id=UA-59480575-2", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/modernizr.js?ver=2.5.3", "Copy of clientlib.js(9).download", "https://cpanel.net/wp-content/themes/cPbase/style.css?ver=5.6", "Copy of clientlib(21).css", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "Copy of clientlib.js(57).download", "Copy of clientlib.js(11).download", "Copy of clientlib(24).css", "https://fm.ipinyou.com/j/a.js", "Copy of clientlib(6).css", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "Copy of clientlib(15).css", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", "Copy of clientlib.js(8).download", "Copy of clientlib.js(36).download", "jquery-3.0.0.js.pobrane", "Copy of clientlib(1).css", "jquery.maskedinput-1.2.2.js.pobrane", "jquery-ui.js.pobrane", "https://pro.fontawesome.com/releases/v5.13.1/css/all.css", "https://player.vimeo.com/video/571271613", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.easing.js?ver=1.2", "Copy of clientlib(29).css", "Copy of clientlib(31).css", "Copy of clientlib.js(16).download", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/supersubs.js?ver=0.2", "https://script.hotjar.com/survey-v2.3716506838f2208ab9e2.js", "Copy of clientlib(44).css", "Copy of clientlib(42).css", "https://alpha99.raksmart.com/whmcs/assets/js/cookie-warn.js", "Copy of clientlib(8).css", "Copy of clientlib.js(33).download", "Copy of clientlib.js(12).download", "Copy of clientlib(3).css", "jquery.cookie.js.pobrane", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Prima/Scripts/Main.js?bust=2a0b1c62", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm", "https://149371662.v2.pressablecdn.com/wp-content/plugins/user-verification/assets/front/js/scripts-otp.js", "Copy of clientlib.js(24).download", "Copy of clientlibs.js(3).download", "dataTables.input.js.pobrane", "http://www.powr.io/powr.js", "https://cdn.getaddress.io/scripts/getaddress-autocomplete-1.1.2.min.js", "Copy of clientlib(34).css", "Copy of clientlib(43).css", "jquery.inputmask.min.js.pobrane", "Copy of clientlibs(3).css", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.yunshipei.com/", "ScriptResource.axd", "https://www.yunshipei.com/assets/js/app.min.js", "Copy of clientlib.js(14).download", "https://tria.ge/240521-rxpf6ahd6w", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://consent.cookiebot.com/uc.js", "Copy of clientlibs.js.download", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6", "Copy of clientlib.js(56).download", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://tria.ge/240521-r1yh8shd44", "Copy of clientlib.js(54).download", "https://www.googletagmanager.com/gtm.js?id=GTM-WB4LHQ4", "Copy of clientlib.js(38).download", "https://www.yunshipei.com/assets/js/jquery.js", "https://static.cloudflareinsights.com/beacon.min.js", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "Copy of clientlib(41).css", "Copy of clientlib.js(42).download", "Copy of clientlib(49).css", "AdminLTE.css", "moment-with-locales.min.js.pobrane", "http://dk9ctyhidjrvgn.xyz/index_files/jquery.js", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.isotope.min.js?ver=1.0", "Copy of clientlib.js(26).download", "Copy of clientlib(47).css", "Copy of clientlib.js(37).download", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://prima-abnehmen-shop.com/uk/order-now.html?affiliate=24&source=418&subid2=ddukc&subid3=35908921", "Copy of clientlibs.css", "Copy of clientlib.js(44).download", "Copy of clientlib(30).css", "https://tria.ge/240521-rvybaahb79", "Copy of clientlib(48).css", "Copy of clientlibs(4).css", "Copy of clientlib(46).css", "Copy of clientlib.js(58).download", "Copy of clientlib.js(18).download", "biznes.css", "Copy of clientlib(50).css", "dataTables.bootstrap4.js.pobrane", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://tracking.premiumhealth.eu/code.js", "http://astutemedia.asia/rackip/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.5.1", "Copy of clientlib(25).css", "http://astutemedia.asia/rackip/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489", "Copy of clientlib(13).css", "https://aquanx.com/", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/custom.js?ver=1.0", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "Copy of clientlib.js(31).download", "Copy of clientlib.js(4).download", "https://cpanel.net/wp-content/themes/cPbase/assets/css/version96.css", "Copy of clientlib(16).css", "https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js", "feedback.js.pobrane", "https://fonts.googleapis.com/css?family=Open+Sans:100,200,300,400,500,600,700%7CMontserrat:100,200,300,400,500,600,700", "https://user.aquanx.com/clientarea.php", "jquery.dataTables.js.pobrane", "saved_resource.html", "Copy of clientlib(27).css", "Copy of clientlib(45).css", "xfe-URL-Cpanel.com-stix2-2.1-export.json", "https://www.hushmail.com/shared/javascript/jquery-3.5.1.min.js", "https://mc.yandex.ru/metrika/watch.js", "Copy of clientlib(54).css", "bootstrap.js.pobrane", "Copy of clientlib(22).css", "Copy of clientlibs.js(2).download", "Copy of clientlib.js(35).download", "bootstrap-gov-pl.css", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs", "SessionTimeout.js.pobrane", "https://aquanx.com/js/bootstrap-hover-dropdown.min.js", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/tinynav.min.js?ver=1.03", "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20", "Copy of clientlib.js(7).download", "Copy of clientlib(19).css", "Copy of clientlib(9).css", "Copy of clientlib.js(22).download", "Copy of iframe_api", "Copy of clientlib.js(13).download", "https://script.tapfiliate.com/tapfiliate.js", "Copy of clientlib.js(53).download", "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "zetalytics .pdf", "https://m.bds247.vn//view/js/jquery6_1.js", "https://aquanx.com/js/jquery-1.12.4.min.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "xfe-URL-pi.pardot.com-stix2-2.1-export.json", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "Copy of js", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "dataTables.bootstrap4.css", "Copy of clientlib(17).css", "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/cpbase.js?ver=5.6", "Copy of clientlib(11).css", "Copy of clientlib.js(28).download", "https://consent.cookiebot.com/da52fc49-8e48-42b7-9ad3-c219404f6f92/cc.js?renew=false&referer=cpanel.net&dnt=false", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.flexslider-min.js?ver=1.8", "Copy of clientlib.js(60).download", "Copy of clientlibs(5).css", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.color.js?ver=2.0", "jquery.session.js.pobrane", "http://astutemedia.asia/rackip/wp-includes/js/wp-embed.min.js?ver=5.5.9", "https://aquanx.com/js/cookie-warn.js?v=1_xSax0l", "Copy of clientlib.js(29).download", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "https://www.googletagmanager.com/gtm.js?id=GTM-WRDF3CB", "jquery-migrate-1.2.1.js.pobrane", "Copy of clientlib.js(10).download", "Copy of clientlib.js(51).download", "daterangepicker.css", "https://www.hybrid-analysis.com/sample/bc437a855075805df699bd915cd27814a799969bb38db45f09f5f16a54ccc5b6/655e548bc2555fc8280ba976", "https://widget.wickedreports.com/widget.js", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "Copy of clientlib(2).css", "https://cpanel.net/wp-includes/css/dist/block-library/style.min.css?ver=5.6", "Copy of clientlib.js(34).download", "Copy of clientlib.js(41).download", "xfe-URL-Cpanel.net-stix2-2.1-export.json", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn//view/js/jquery6_1.js 443", "xfe-URL-raksmart.com-stix2-2.1-export.json", "Copy of clientlib.js(52).download", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "UE_pl_top_sm.svg", "Copy of clientlib(33).css", "Copy of clientlib.js(45).download", "CommonResponsive.js.pobrane", "xfe-URL-Hush.com-stix2-2.1-export.json", "Copy of clientlib(18).css", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://js.mollie.com/v1/mollie.js", "https://static.ads-twitter.com/uwt.js", "dataTables.lang.js.pobrane", "https://tria.ge/240521-ry949ahe2z/behavioral1", "Copy of clientlib.js(1).download", "jquery.easing.1.3.js.pobrane", "xfe-URL-dk9ctyhidjrvgn.xyz-stix2-2.1-export.json", "Copy of fbevents.js.download", "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861793229&ids%5B%5D=431115301", "http://astutemedia.asia/rackip/wp-includes/js/comment-reply.min.js?ver=5.5.9", "Copy of dir (1).c9r", "Copy of clientlib.js(32).download", "Copy of clientlib.js(23).download", "https://consentcdn.cookiebot.com/consentconfig/da52fc49-8e48-42b7-9ad3-c219404f6f92/cpanel.net/configuration.js", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "Copy of clientlib(35).css", "https://www.googleadservices.com/pagead/conversion_async.js", "http://astutemedia.asia/rackip/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20", "Copy of clientlib.js(59).download", "http://dk9ctyhidjrvgn.xyz/index_files/sss.css", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/728582492/?random=1650418372747&cv=9&fst=1650418372747&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4", "Copy of clientlib(39).css", "https://eu-library.klarnaservices.com/lib.js", "adminlte.min.js.pobrane", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js", "https://user.aquanx.com/templates/aquanx20190627/js/scripts.min.js?v=8a99af", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/retina.min.js?ver=1.1.0", "https://js.callrail.com/group/0/7c8f964bc12313c75ad2/06ababf0-8852-4eef-95e1-285ae467a93a/poll.js?t=1651861725881&ids%5B%5D=431115301", "Copy of clientlib(32).css", "Copy of clientlib.js(17).download", "jquery.notify.min.js.pobrane", "Copy of clientlib(14).css", "Copy of clientlib.js(15).download", "https://tracking.premiumhealtheurope.com/code.js", "ui.datepicker-pl.js.pobrane", "Copy of clientlib(36).css", "hxxps://portal[.]office[.]com/Account", "Copy of clientlib.js(25).download", "dataTables.responsive.js.pobrane", "xfe-URL-astutemedia.asia-stix2-2.1-export.json", "daterangepicker.js.pobrane", "Copy of clientlib.js(5).download", "Copy of clientlib(26).css", "https://secure.gaug.es/track.js", "Copy of clientlibs(2).css", "ceidg.css", "https://static.hotjar.com/c/hotjar-1683409.js?sv=7", "EntryChangeHistory.aspx.js.pobrane", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css", "https://www.gstatic.com/recaptcha/releases/Y-cOIEkAqcfDdup_qnnmkxIC/recaptcha__en.js", "Copy of clientlib(7).css", "http://astutemedia.asia/rackip/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "json2.js.pobrane", "Copy of clientlib.js(19).download", "Copy of clientlib(51).css", "inputmask.binding.js.pobrane", "Copy of clientlib.js(43).download", "Copy of clientlibs.js(1).download", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://pi.pardot.com/pd.js", "https://vestacp.com/js/app.js", "UE_pl_top.svg", "Copy of clientlib.js(2).download", "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "xfe-URL-Powr.io-stix2-2.1-export.json", "Copy of clientlib.js(21).download", "Copy of clientlibs.js(4).download", "popper.js.pobrane", "Copy of clientlib(4).css", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "Copy of clientlib.js(3).download", "jquery.feedbackBadge.min.js.pobrane", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.redditstatic.com/ads/pixel.js", "Copy of clientlib.js(39).download", "https://149371662.v2.pressablecdn.com/wp-includes/js/jquery/jquery.js", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "https://cpanel.net/wp-content/themes/cPbase/assets/css/roadmap.css", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://www.googletagmanager.com/gtag/js?id=UA-1837381-13", "responsive.bootstrap4.js.pobrane", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/superfish.js?ver=1.4.8", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c", "https://www.bugherd.com/sidebarv2.js?apikey=kmu00qbvuigehexs5chefq", "https://www.google-analytics.com/analytics.js", "Copy of clientlib(38).css", "Copy of clientlib(12).css", "jquery.alerts.js.pobrane", "responsive.bootstrap4.css", "https://www.hushmail.com/status/", "https://www.googleadservices.com/pagead/conversion/854235671/?random=1650418372749&cv=9&fst=1650418372749&num=1&value=0&label=PRNxCIWemu8BEJe0qpcD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&data=ads_data_redaction%3Dfalse&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&gcs=G111&did=dMWZhNz&edid=dMWZhNz&auid=2050955691.1650418373&capi=2&hn=www.googleadservices.com&btty", "https://www.jelenia-gora.so.gov.pl/", "https://prima-abnehmen-shop.com/_Resources/Static/Packages/Seven.Offerpage.Checkout/Scripts/main.min.js?bust=ef22ff16", "Copy of clientlib(40).css", "ui.notify.css", "Copy of clientlib(20).css", "http://www.jelenia-gora.so.gov.pl/", "Copy of clientlib(10).css", "https://www.hushmail.com/javascriptinclude/eNrLKC3OyE3MzIkvT00qzixJtSpITE_V98lPz8xzyy_K1csqtjI0MzK2MDcwsbS0ysCq2qkov7w4tSi4JLGkGFUDAF_tIM0,.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.hushmail.com/javascriptinclude/eNpNzEEOQDAQQNEbtVoM7Sks7GXopB0pkQ5xfWJl-5P3JWGh4AvukSRzoKKtqlWlf0Wt4k3rnG2g641Pl6QNOU83zcIn-QMj6ZHpHQ2FF97jiHOmj0ED4FxfwQOf9yPU.en_US.68448bd8190f2f2bae9633f547bbbbbe.0.js", "https://ssl.google-analytics.com/ga.js", "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https%3A%2F%2Fcpanel.net%2F&referrer=", "hxxps://myapplications[.]microsoft[.]com/", "http://astutemedia.asia/rackip/wp-content/themes/servereza/js/jquery.prettyPhoto.js?ver=3.0", "https://widget.wickedreports.com/v2/3469/wr-dafa9fae816c2f65d24d1eb593b58626.js", "https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=4bdc496b000064000505a89d#locale=en-US&styleHeight=28px&styleWidth=100%25&theme=light", "https://www.googletagmanager.com/gtm.js?id=GTM-MF25KRH", "https://aquanx.com/js/bootstrap.js", "Copy of clientlib(37).css", "Copy of clientlib(28).css", "Copy of clientlib(23).css", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "Copy of clientlib(53).css", "Copy of clientlib(52).css", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "https://www.google.com/recaptcha/api.js?render=6LerjKkcAAAAAHIvlsndboXTiYDGt_xACa77alyA", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "", "Okcancel", "Selectedindex", "Eq", "Win.virus.polyransom-5704625-0", "Vd", "Reduceright", "Qe", "Backdoor:win32/poison.e", "Alf:pua:block:iobit.r!mtb", "Hj", "Gc", "Trojan:win32/danabot.g", "Serwer", "Telper:cert:softwarebundler:win32/bunpredelt", "Win32:cryptor" ], "industries": [ "Government", "Technology", "Healthcare", "Business", "Telecommunications", "Energy", "Transportation", "Media", "Agriculture", "Biotechnology", "Finance", "Construction", "Defense", "Chemical", "Legal", "Economy", "Education" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 25, "pulses": [ { "id": "69aa842cef967c844adef1de", "name": "CAPE Sandbox part 2 - see part 1", "description": "heartbreaking", "modified": "2026-04-05T11:04:28.804000", "created": "2026-03-06T07:37:16.417000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3905, "FileHash-SHA1": 3515, "FileHash-SHA256": 8002, "URL": 982, "hostname": 2532, "domain": 164, "email": 1 }, "indicator_count": 19101, "is_author": false, "is_subscribing": null, "subscriber_count": 49, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "116 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "230 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "552 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "664bd9b732ecaf1b3c3beddf", "name": "Found some problems - Files from the UAlberta Google Drive Archive", "description": "Been looking for these...Gifts from the University of Alberta to the World apparently\n*Please note: I emptied out the Drive, however, there was a significant amount of abuse re: Google and Microsoft Accounts at the University of Alberta (reported).\n*On the Google side I utilized: Drive (a little), Docs/Slides/Sheets (when groupwork was required)\n*On the Microsoft side I utilized: OneDrive, Office 365 (Word, PPT, Excel, and OneNote). I used to also have a personal microsoft account (OneNote, OneDrive, Skype).\nThese were the applications I lived on for my studies. I could access the Gmail/Microsoft accounts for the University (however - 'bad things' usually happen because of this). I have no access to my personal Microsoft Account (i.e. myself and other affected student(s) do not have access to our personal stuff.", "modified": "2024-09-03T00:02:13.980000", "created": "2024-05-20T23:16:07.255000", "tags": [ "contact", "quick", "destination", "entry", "safety", "local", "health", "travel", "notification", "considerations", "service", "criminal", "showit", "click", "outcome", "step", "please", "class", "questions set", "question set", "unlock", "continue", "jointfilingyes", "jointfilingno", "minimum req", "domicileresusno", "joint sponsor", "sponsorjoint", "path", "href", "span", "activetab", "starton", "newpage", "searchq", "datasia", "datacon", "segfilter", "subsite", "issuance agency", "visas", "null", "state", "dialog field", "tabpanel", "recaptcha", "nameinputvisa", "fullnameinput1", "license headers", "tools", "templates", "sia contact", "visa", "website", "phoneregexp", "emailregexp", "azaz", "urlpattern", "example starter", "javascript", "fetch", "comptwo", "compone", "dateofbirth", "function", "date", "passport", "nameinput", "fullnameinput", "adult passport", "child passport", "new child", "new adult", "new passport", "datepicker", "ds5504", "hideit", "infinity", "false", "jquery", "error", "body", "trident", "simple", "turn", "back", "calendar", "format", "february", "april", "june", "august", "show", "page has", "bcdate", "col1child", "col2child", "coldatechild", "rowdisplay", "val1", "val2", "repaginate", "grab", "jandec", "86400000", "current", "namerbcontactme", "agency", "compliment", "complaint", "passportfees", "customerservice", "bymail", "namerbcategory", "brokenlink", "search", "departuredate", "calendar date", "picker", "change", "month", "vital", "records form", "component js", "select", "please enter", "azaz09", "dddddd", "woff2", "woff", "truetype", "css document", "efefef", "ffffff", "gradienttype0", "galaxy", "nexus", "iphone5", "abtn", "bbtn", "cbtn", "dbtn", "ebtn", "fbtn", "gbtn", "hbtn", "ibtn", "media query", "from", "fce68e", "font family", "bold", "document", "cc3333", "b7b7b7", "e2edff", "ced9ea", "pm author", "ipca csi", "helvetica", "arial", "cq aem", "feed classes", "f2cd54", "f4d97e", "portrait", "landscape", "ipad", "declare", "immigrant", "visa navigation", "navigation css", "georgia", "times new", "roman", "times", "verdana", "photomodal", "styles media", "ff0000", "queries", "form component", "typetext", "queries media", "phone media", "tablet styles", "media queries", "jumbo sized", "copyright", "gpl version", "http", "alpha", "button", "out width", "ui css", "framework", "icons", "misc", "mini", "input", "label", "textarea", "overlays", "csi page", "embassy info", "embassy data", "embassy names", "end adjust", "embassy nameso", "pages", "e1a04d", "c0c0c0", "ffffff url", "us survey", "component css", "country list", "e7eceb", "important", "additional css", "wizard", "corner radius", "f97800", "c61700", "largestbox", "thisbox", "csi navigation", "ui autocomplete", "ui menu", "noticeid", "countnote", "largestnote", "thisnote", "desktops", "43px", "42px", "large", "aem interface", "styles", "web email", "ytconfig", "typeerror", "facebook pixel", "pixel code", "symbol", "fblog", "typeof", "iterator", "pageview", "pixel", "facebook", "config", "meta", "propname", "dpjquerydpuuid", "this", "next", "atom", "cookie", "iframe", "close", "string", "number", "edge", "regexp", "silk", "sxa0", "object", "opera", "android", "void", "form", "UAlberta", "Android", "Mac", "iPhone", "Gov Alberta", "AWS", "AZURE", "ENTRA", "iCloud", "Telus", "Bitdefender", "Norton" ], "references": [ "Copy of clientlib.js(1).download", "Copy of clientlib.js(2).download", "Copy of clientlib.js(5).download", "Copy of clientlib.js(7).download", "Copy of clientlib.js(4).download", "Copy of clientlib.js(10).download", "Copy of clientlib.js(8).download", "Copy of clientlib.js(11).download", "Copy of clientlib.js(12).download", "Copy of clientlib.js(13).download", "Copy of clientlib.js(14).download", "Copy of clientlib.js(9).download", "Copy of clientlib.js(16).download", "Copy of clientlib.js(17).download", "Copy of clientlib.js(18).download", "Copy of clientlib.js(3).download", "Copy of clientlib.js(19).download", "Copy of clientlib.js(15).download", "Copy of clientlib.js(22).download", "Copy of clientlib.js(23).download", "Copy of clientlib.js(21).download", "Copy of clientlib.js(26).download", "Copy of clientlib.js(25).download", "Copy of clientlib.js(24).download", "Copy of clientlib.js(31).download", "Copy of clientlib.js(28).download", "Copy of clientlib.js(30).download", "Copy of clientlib.js(32).download", "Copy of clientlib.js(29).download", "Copy of clientlib.js(34).download", "Copy of clientlib.js(35).download", "Copy of clientlib.js(37).download", "Copy of clientlib.js(36).download", "Copy of clientlib.js(38).download", "Copy of clientlib.js(39).download", "Copy of clientlib.js(33).download", "Copy of clientlib.js(44).download", "Copy of clientlib.js(43).download", "Copy of clientlib.js(41).download", "Copy of clientlib.js(42).download", "Copy of clientlib.js(45).download", "Copy of clientlib.js(51).download", "Copy of clientlib.js(56).download", "Copy of clientlib.js(55).download", "Copy of clientlib.js(54).download", "Copy of clientlib.js(57).download", "Copy of clientlib.js(52).download", "Copy of clientlib.js(53).download", "Copy of clientlib.js(60).download", "Copy of clientlib(1).css", "Copy of clientlib.js(59).download", "Copy of clientlib(3).css", "Copy of clientlib(2).css", "Copy of clientlib(5).css", "Copy of clientlib.js(58).download", "Copy of clientlib(8).css", "Copy of clientlib(10).css", "Copy of clientlib(7).css", "Copy of clientlib(6).css", "Copy of clientlib(12).css", "Copy of clientlib(13).css", "Copy of clientlib(9).css", "Copy of clientlib(4).css", "Copy of clientlib(14).css", "Copy of clientlib(17).css", "Copy of clientlib(15).css", "Copy of clientlib(19).css", "Copy of clientlib(18).css", "Copy of clientlib(11).css", "Copy of clientlib(20).css", "Copy of clientlib(16).css", "Copy of clientlib(23).css", "Copy of clientlib(24).css", "Copy of clientlib(26).css", "Copy of clientlib(25).css", "Copy of clientlib(28).css", "Copy of clientlib(22).css", "Copy of clientlib(27).css", "Copy of clientlib(31).css", "Copy of clientlib(29).css", "Copy of clientlib(30).css", "Copy of clientlib(32).css", "Copy of clientlib(34).css", "Copy of clientlib(35).css", "Copy of clientlib(33).css", "Copy of clientlib(38).css", "Copy of clientlib(37).css", "Copy of clientlib(36).css", "Copy of clientlib(40).css", "Copy of clientlib(39).css", "Copy of clientlib(43).css", "Copy of clientlib(21).css", "Copy of clientlib(41).css", "Copy of clientlib(44).css", "Copy of clientlib(42).css", "Copy of clientlib(46).css", "Copy of clientlib(45).css", "Copy of clientlib(47).css", "Copy of clientlib(48).css", "Copy of clientlib(49).css", "Copy of clientlib(50).css", "Copy of clientlib(52).css", "Copy of clientlib(54).css", "Copy of clientlibs.js(3).download", "Copy of clientlib(53).css", "Copy of clientlibs.js(2).download", "Copy of clientlibs(3).css", "Copy of clientlib(51).css", "Copy of clientlibs(1).css", "Copy of clientlibs(2).css", "Copy of clientlibs.js.download", "Copy of clientlibs.js(4).download", "Copy of clientlibs(5).css", "Copy of clientlibs.css", "Copy of clientlibs(4).css", "Copy of dir (1).c9r", "Copy of clientlib(55).css", "Copy of iframe_api", "Copy of fbevents.js.download", "Copy of clientlibs.js(1).download", "Copy of js", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/iocs", "https://www.virustotal.com/gui/collection/7196cbc5285fb7e155a529980dc1797d3ab3884e20c77c66d9b1b971c313fe56/graph", "hxxps://go[.]microsoft[.]com/fwlink/?LinkId=2033498", "hxxps://portal[.]office[.]com/Account", "hxxps://myapplications[.]microsoft[.]com/", "https://tria.ge/240521-rvybaahb79", "https://tria.ge/240521-rxpf6ahd6w", "https://tria.ge/240521-r1yh8shd44", "https://tria.ge/240521-ry949ahe2z/behavioral1", "https://tria.ge/240521-r3mvhshd83" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Mexico", "Anguilla", "Aruba", "Panama", "Ukraine", "Trinidad and Tobago", "Saint Vincent and the Grenadines", "Saint Martin (French part)", "Sint Maarten (Dutch part)", "Philippines", "Netherlands", "Cura\u00e7ao", "Georgia", "Tanzania, United Republic of", "Costa Rica", "Guatemala", "Japan", "Barbados" ], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" } ], "industries": [ "Education", "Technology", "Government", "Healthcare", "Biotechnology", "Telecommunications", "Energy", "Construction", "Chemical", "Agriculture", "Finance", "Media", "Defense", "Transportation" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 251, "hostname": 188, "FileHash-SHA256": 142, "URL": 69, "FileHash-MD5": 77, "FileHash-SHA1": 77 }, "indicator_count": 804, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "712 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "655e5c72277117d3b0e00fbd", "name": "Command and Scripting Interpreter", "description": "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm", "modified": "2023-12-22T19:00:52.050000", "created": "2023-11-22T19:54:26.925000", "tags": [ "whois record", "contacted", "execution", "ssl certificate", "historical ssl", "resolutions", "problems", "red team", "whois whois", "referrer", "startpage", "generic malware", "cobaltstrike", "malware generic", "tag count", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "blacklist https", "cisco umbrella", "site", "safe site", "alexa top", "million", "malware", "malicious site", "malware site", "malicious url", "phishing site", "alexa", "phishing", "redline stealer", "bank", "team", "iframe", "downldr", "presenoker", "artemis", "live", "zbot", "united", "cyber threat", "covid19", "mail spammer", "malicious host", "anonymizer", "engineering", "purplewave", "malicious", "keybase", "union", "asyncrat", "cobalt strike", "dnspionage", "ransomware", "maltiverse", "malicious link", "detection list", "blacklist", "pattern match", "file", "ascii text", "windows nt", "appdata", "mitre att", "null", "date", "ck id", "show technique", "unknown", "accept", "hybrid", "local", "click", "strings", "class", "generator", "critical", "error", "fast", "blacklist http", "heur", "adware", "unsafe", "riskware", "agent", "swrort", "exploit", "crack", "opencandy", "tiggre", "cleaner", "conduit", "wacatac", "nircmd", "filetour", "outbreak", "downer", "shell", "mediamagnet", "sality", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "acint", "systweak", "behav", "genkryptik", "xtrat", "softcnapp", "fusioncore", "installpack", "xrat", "jquery", "content scraper", "malware hosting", "bid site", "https:/www.usaopps.com/government_contractors/contractor-5388777", "CVE-2017-11882", "CVE-2017-0147", "CVE-2017-8570", "CVE-2005-1790", "CVE-2009-3672", "CVE-2010-3962", "CVE-2012-3993", "CVE-2014-3153", "CVE-2014-6332", "CVE-2016-0189", "CVE-2017-0199", "CVE-2018-4893", "CVE-2020-0601", "CVE-2020-0674", "CVE-2021-27065", "CVE-2021-40444" ], "references": [ "https://www.hybrid-analysis.com/sample/bc437a855075805df699bd915cd27814a799969bb38db45f09f5f16a54ccc5b6/655e548bc2555fc8280ba976", "https:/www.usaopps.com/government_contractors/contractor-5388777-SIERRA-PIPELINE-INC-.htm" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [ "Business", "Economy", "Government", "Legal" ], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 312, "FileHash-SHA256": 1086, "URL": 2843, "domain": 341, "hostname": 1091, "CVE": 16 }, "indicator_count": 6297, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "848 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "jquery.map", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "jquery.map", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776622488.8161688 }