{ "type": "Domain", "indicator": "prototype.ba", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/prototype.ba", "alexa": "http://www.alexa.com/siteinfo/prototype.ba", "indicator": "prototype.ba", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 995041519, "indicator": "prototype.ba", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "6892e73b32af18aa302df0dc", "name": "Part 1.5", "description": "Dark web media \u2022 Political news \u2022 Malvertizing\nlocate \u2022\ntrack [stalk] \u2022 record calls \u2022 control media [youtube , etc] http://t.name?n[++i]=e:this.removeEventListener\t\t\nJeeng &\nPowebox [ accidentally left out in original post pulse]", "modified": "2025-09-05T04:03:06.929000", "created": "2025-08-06T05:25:15.369000", "tags": [ "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "june", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "impact", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "defense evasion", "t1480 execution", "file defense", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "script", "mitre att", "pattern match", "show technique", "iframe", "refresh", "august", "general", "local", "tools", "demo", "look", "verify", "restart", "url http", "small", "pulses url", "tellyoun", "showing", "entries", "url https", "indicator role", "title added", "active related", "type indicator", "role title", "added active", "related pulses", "cc08", "f06a6b", "sfurl", "filehashsha256", "types", "indicators show", "search", "pulses", "filehashsha1", "adversaries", "found", "webp image", "ascii text", "riff", "size", "encrypt", "legacy", "filehashmd5", "united", "flag", "server", "markmonitor", "name server", "llc name", "overview dns", "requests domain", "country", "win32", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "detections", "malware", "copy", "show", "icmp traffic", "packing t1045", "t1045", "pdb path", "pe resource", "extraction", "data upload", "enter sc", "type", "extra data", "please", "failed", "review", "exclude data", "included review", "ic data", "suggeste", "stop", "type onow", "domain", "passive dns", "urls", "files related", "pulses none", "related tags", "none google", "safe browsing", "sc data", "extr amanuav", "review included", "manualy", "sugges excluded", "filehash", "md5 add", "pulse pulses", "url add", "http", "hostname", "files domain", "pulses otx", "virustotal", "hsmi192547107", "pulses hostname", "r dec", "customer dec", "iski dec", "decision dec", "va dec", "bitcoin", "bitcoin dec", "petra", "torstatus dec", "paul dec", "sodesc", "planet dec", "emilia", "heroin dec", "difference dec", "palantir dec", "loraxlive dec", "chaturbate dec", "sandra", "free dec", "marvel dec", "benjis dec", "fresh dec", "sodesc dec", "srdirport", "srhostname", "link dec", "types of", "italy", "china", "australia", "france", "turkey", "discovery", "information", "ck ids", "t1005", "local system", "t1007", "system service", "part", "track", "locate", "political", "civil society", "news", "created", "hours ago", "report spam", "t1555", "password", "t1560", "collected data", "t1573", "channel", "t1574", "execution flow", "scan", "iocs", "t1497", "u0lhmq", "mtawmq", "t1480", "guardrails", "t1486", "data encrypted", "learn more", "unsubscribe aug", "protocol", "t1074", "staged", "t1083", "t1102", "web service", "t1105", "tool transfer", "t1140", "data engineer", "candidate", "tlsv1", "odigicert inc", "stcalifornia", "lsan jose", "oadobe systems", "incorporated", "cndigicert sha2", "push", "next", "high", "write c", "ireland as16509", "delete", "dirty", "tags", "t1012", "flow endpoint", "security scan", "t1106", "copyright", "levelblue" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 433, "FileHash-SHA256": 3663, "URL": 17104, "domain": 1316, "email": 39, "hostname": 4208, "SSLCertFingerprint": 17 }, "indicator_count": 27388, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c57c7b19b62c501601a", "name": "Hurricane Electric - csp.he.net :)", "description": "", "modified": "2023-12-06T14:59:35.479000", "created": "2023-12-06T14:59:35.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 186, "hostname": 490, "URL": 1339, "domain": 311 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b5e9b8ce0f5fd87fb98", "name": "ewqopweowia543.ga", "description": "", "modified": "2023-12-06T14:55:26.621000", "created": "2023-12-06T14:55:26.621000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "hostname": 706, "domain": 234, "FileHash-SHA256": 238, "URL": 1386 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ea8bf5508d5839c2e68b66", "name": "This what you dont see your browser doing in the background", "description": "", "modified": "2022-08-03T14:53:41.744000", "created": "2022-08-03T14:53:41.744000", "tags": [ "regexp", "array", "attr", "class", "css1compat", "null", "string", "error", "function", "invalid json", "text", "date", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "classspan", "span", "typecheckbox", "gradienttype0", "typeradio", "classicon", "typesearch", "typesubmit", "href", "typebutton", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js" ], "references": [ "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "bootstrap.min.css", "ga.js", "bootmin-2013092601 2.js", "bootmin-2013092601.js", "jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 193, "hostname": 384, "domain": 146, "URL": 972 }, "indicator_count": 1695, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628077c330f33dfd254e5a8b", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-15T03:47:15.835000", "tags": [ "bomboraconsent", "gdpr", "ccpa", "date", "nthis", "array", "typeof e", "typeerror", "class", "image", "typeof symbol", "afsh", "copyright", "rights reserved", "comscore", "typeof o", "uspapi", "null", "s271733878", "secure hash", "algorithm", "sha1", "a1732584193", "1518500249", "imgurl", "oiqfpsjs", "script", "iframe", "oiqaddpagecat", "inte", "oiqdotag", "track", "regexp", "pseudo", "child", "typeof b", "error", "sufeffxa0", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75", "wpbruiserclient", "browserinfo", "mozinnerscreenx", "xmlhttprequest", "activexobject", "bf7e56f2f3", "zpbcat", "zcluidkrs", "promise", "boolean", "verification", "object", "reflect", "typeof proxy", "demo", "shareaholic", "sfunction", "bearer", "patch", "accept", "function", "symbol", "weakmap", "dataview", "typeof module", "cfunction", "event", "afunction", "efunction", "mfunction", "binnerheightc", "number", "string", "trackevent", "click", "uint8array", "gtmng3vqql", "classes", "path", "code", "typeof r", "function code", "typeof n", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "vd", "utmb", "firefox", "shockwave flash", "utma", "utmz", "ieproto", "typeof", "widgetrootqa", "driftconductor", "addcookiedomain", "hubspot", "typeof t", "quora pixel", "4294967295", "uint32array", "viewcontent", "infinity", "register domain names", "domain registration", "business web hosting services", "web hosting provider", "business email accounts", "web site hosting", "domain name registration", "ecommerce hosting services", "buy domains", "bulk domain search", "domain name search", "domain hosting", "registrations", "websites", "whois", "registrar", "registry", "domainpeople", "domain name", "registration", "year discount", "web hosting", "us whois", "us contact", "lookup alerts", "support login", "call" ], "references": [ "https://domainpeople.com", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://js.hubspot.com/analytics/1652585100000/210895.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://js-agent.newrelic.com/nr-1216.min.js", "https://js-na1.hs-scripts.com/210895.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://px.owneriq.net/stas/s/sholic.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://sb.scorecardresearch.com/beacon.js", "https://cdn.tynt.com/afsh.js", "xfe-URL-ml314.com-stix2-2.1-export.json", "xfe-URL-bombora.com-stix2-2.1-export.json", "xfe-URL-Owneriq.net-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BomboraConsent", "display_name": "BomboraConsent", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4185, "URL": 12454, "FileHash-SHA256": 1329, "CVE": 2, "domain": 2068, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1406 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261f2763fabd1214a79f0e5", "name": "Masterhost.ru - malware hosting", "description": "Here is the code-decode for the punycode-overflow test, which is based on the results of the following test-run by the UK's Office of National Statistics (ONS).", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:10:30.250000", "tags": [ "fffe37", "b76810", "helvetica", "arial", "pf din", "text comp", "circe", "span", "button", "90deg", "object", "typeof t", "date", "promise", "function", "array", "regexp", "error", "typeof symbol", "typeof n", "null", "backspace", "void", "window", "vd", "gc", "typeof e", "sufeffxa0", "class", "attr", "pseudo", "child", "typeof module", "string", "weakmap", "proxy", "number", "boolean", "trnf", "keepalive", "transitiongroup", "hello", "comment", "infinity", "this", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "65535", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "vwtabguid", "form", "impact", "light", "cureit", "bu durumda", "ip address", "devam", "yandex", "help section", "captcha code", "support service", "search", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "rangeerror", "webpackexports", "illegal input", "webpackrequire" ], "references": [ "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "https://site.yandex.net/v2.0/js/all.js", "https://mc.yandex.ru/metrika/tag.js", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1991, "hostname": 678, "FileHash-SHA256": 247, "domain": 404, "email": 1, "FileHash-MD5": 51 }, "indicator_count": 3372, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260d13ab57ec96e24359914", "name": "Malware - reliablesite.net", "description": "VUE-DEVTOOLs_GLOBAL_Hook__, a description of what it will look like when it comes to testing software, is based on the type of Object.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-21T03:36:26.313000", "tags": [ "date", "swiper", "value", "trigger", "gbps", "typeof define", "typeof module", "roboto", "helvetica neue", "arial", "small", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeerror", "typeof", "regexp", "tether error", "typeof rnullr", "anull", "typeof b", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "null", "void", "65536", "typeof f", "vd", "function", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "online", "livechat", "refreshurl", "title", "imageurl", "cssclass", "chat", "object", "string", "typeof t", "incorrect", "xfunction", "target", "typeof p", "typeof btoa", "vnode", "boolean", "typeof symbol" ], "references": [ "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://code.jquery.com/jquery-1.12.0.min.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2233, "hostname": 827, "domain": 565, "FileHash-SHA256": 238 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f2b6a1f2c9d5631d261d5", "name": "Choopa.com - vultr", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T21:36:42.286000", "tags": [ "regexp", "typeof e", "typeof t", "function", "width", "error", "object", "pseudo", "child", "form", "class", "null", "date", "this", "void", "accept", "680876936", "389564586", "17606105819", "1044525330", "176418897", "121200080426", "1473231341", "45705983", "71770035416", "1958414417", "copyright", "closure library", "trunc", "msie", "tagpath", "fbcd", "body", "html", "gettarget", "571256413046247", "prop", "click", "typeof l", "json", "array", "string", "8760", "image", "adveid", "typeof c", "typeerror", "typeof", "facebook pixel", "pixel code", "symbol", "iterator", "constantvalue", "globalvariable", "facebook", "boolean", "service", "phonenumber", "meta", "invalid uuid", "uint8array", "nullu", "1099511627776", "t4294967296", "typeof symbol", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "reduceright", "number", "gk6536fhn4d", "r300", "typeof d", "path", "caca", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "javascript", "code", "hoverpopup", "please", "output", "popupmodal", "country", "checkall", "invcid", "base64", "score", "attr", "js foundation", "typeof module", "ffffff", "acce22", "f0f0f0", "dadada", "typesubmit", "typebutton", "f4f4f4", "trebuchet ms", "tahoma", "woff", "footer", "segoe ui", "emoji", "tbody", "roboto", "helvetica neue", "arial", "apple color", "noto color", "type", "twitter", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "onclickpopup", "discountmonthly", "grayoverlay", "popup into", "popup var", "center", "price", "first", "classname", "eventkey", "event", "selector", "name", "datakey", "version", "default", "shown", "target", "close", "false", "trigger", "jquery", "delta", "open", "arrow", "protected", "leave", "dataspy", "typeof define", "eventlistener" ], "references": [ "xfe-URL-Choopa.com-stix2-2.1-export.json", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://www.choopa.com/_js/dragscroll.js", "https://www.choopa.com/_js/bootstrap.js", "https://www.choopa.com/_js/global.js?v=209", "https://ssl.google-analytics.com/ga.js", "https://www.choopa.com/css/bootstrap.css", "https://www.choopa.com/css/global.css?v=209", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://my.choopa.com/js/desktop.js?v=41", "https://my.choopa.com/js/global.js?v=41", "xfe-URL-Vultr.com-stix2-2.1-export.json", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.google-analytics.com/analytics.js", "https://www.redditstatic.com/ads/pixel.js", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://bat.bing.com/bat.js", "https://static.ads-twitter.com/uwt.js", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://connect.facebook.net/en_US/fbevents.js", "https://js.partnerstack.com/v1/", "https://bat.bing.com/p/action/17528422.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "https://s.adroll.com/j/sendrolling.js", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1241, "URL": 3454, "domain": 430, "FileHash-SHA256": 453 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1431 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625045b8e764847c54ed286e", "name": "ewqopweowia543.ga", "description": "If you want to know what type of Touches you will get when you get stuck in the middle of a page, then ask for a random number of letters or numbers, or, if you can't find one.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T14:24:56.301000", "tags": [ "90deg", "250px", "helvetica neue", "helvetica", "roboto", "georgia", "typesearch", "typecheckbox", "label", "liberation mono", "function", "constructor", "param", "object", "class", "event", "abide", "number", "initializes", "drilldown", "window", "sticky", "false", "null", "body", "this", "date", "path", "anchor", "open", "trigger", "small", "close", "void", "form", "fast", "prop", "error", "shift", "test", "burn", "android", "back", "killswitch", "find", "desktop", "fall", "linear", "value", "webpackrequire", "return", "mouse", "factory", "moduleid", "apple cmd", "regexp", "elem", "handle", "expando", "match", "selector", "type", "sizzle", "target", "mark", "copy", "capture", "seed", "pass", "code", "bind", "core", "local", "verify", "accept", "done", "internal", "inject", "possible", "hold", "camel", "first", "middle", "gc", "eq", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "65535", "boolean", "counter", "segoe ui", "typeerror", "lucida", "ecommerce", "ext link", "comic", "impact", "light" ], "references": [ "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "https://mc.yandex.ru/metrika/watch.js", "https://ssl.google-analytics.com/ga.js", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "https://vestacp.com/js/app.js", "https://vestacp.com/css/app.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Eq", "display_name": "Eq", "target": null }, { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 706, "URL": 1386, "CVE": 1, "FileHash-SHA256": 238, "domain": 234 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1442 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62617d42a6121d5abd3c6942", "name": "Hurricane Electric - csp.he.net :)", "description": "Here is the full text of the code that Google.com used to create its search engine, \"search.cse\", for the first time. and, in the event, it is:", "modified": "2022-04-21T15:50:26.260000", "created": "2022-04-21T15:50:26.260000", "tags": [ "flexslider", "target", "boolean", "slideshow", "next", "integer", "prev", "smooth height", "sync", "prevent ios", "pause", "date", "null", "privat", "leave", "sans", "woff2", "fontface", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "navtop", "currentdiv", "validation", "drop down", "collapse", "tool tips", "popovers", "fix navbar", "click", "scroll", "begin", "regexp", "span", "xmpb", "onwss", "styless", "mstransitionend", "text", "error", "infinity", "false", "february", "april", "june", "august", "gray", "e00000", "replaced", "gene", "dc143c", "align buttons", "for stuff", "inside this", "blockform", "woo hoo", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva", "string", "object", "number", "azaz09", "copyright", "closure library", "typeerror", "symbol", "vd", "silk", "edge", "style", "google", "android", "form", "trident", "template", "embed", "iframe", "keygen", "meta", "acronym", "code", "legend", "main", "mark", "small", "class", "close", "blank", "array", "attr", "function", "invalid json", "domparser", "ffffff", "cccccc", "c41130", "f6f6f6", "knew w", "hnew w", "lnew w" ], "references": [ "https://csp.he.net/styles/style.css", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://www.googleadservices.com/pagead/conversion.js", "https://ssl.google-analytics.com/ga.js", "http://fonts.googleapis.com/css?family=Open+Sans:300" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "FlexSlider", "display_name": "FlexSlider", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 490, "URL": 1339, "FileHash-SHA256": 186 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1459 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624fed60bce30600620313bb", "name": "malware-porcelinux.com", "description": "var Ta,Ua, Va, Ra, Qa - a list of names, terms, phrases, symbols, numbers, characters - for all types of search, as well as the search engine.", "modified": "2022-04-08T08:08:00.818000", "created": "2022-04-08T08:08:00.818000", "tags": [ "helvetica", "ffffff", "verdana", "index", "eeeeee", "top100px", "yincr", "inurl", "xincr", "faction", "contenttype", "activexobject", "posttext", "xmlhttp", "xmlhttprequest", "fotorandom", "zxmlhttp", "line number", "column", "domparser", "null", "array", "drag", "drop", "ddobj", "walter zorn", "function", "resetz", "resizable", "resize", "body", "copy", "window", "alpha", "false", "date", "post", "xava", "gbva", "hbva", "ibva", "lcva", "cdva", "oeva", "peva" ], "references": [ "https://ssl.google-analytics.com/ga.js", "https://porcelinux.com/js/wz_dragdrop.js", "https://porcelinux.com/js/zxml.js", "https://porcelinux.com/js/myhome.js", "http://codice.shinystat.com/cgi-bin/getcod.cgi?USER=adgweb", "https://porcelinux.com/estilo.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 387, "domain": 58, "hostname": 250, "FileHash-SHA256": 23 }, "indicator_count": 718, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://csp.he.net/styles/style.css", "tarrantcountydf.pdf", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://connect.facebook.net/signals/config/828098694004178?v=2.9.57&r=stable", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js", "https://www.google.com/cse/cse.js?cx=016402751031109241230:v7vojvfohnq", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://connect.facebook.net/en_US/fbevents.js", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "https://domainpeople.com", "https://code.jquery.com/jquery-1.12.0.min.js", "TarrantCounty20df.pdf", "TarrantCounty7df.pdf", "bootmin-2013092601.js", "xfe-URL-Choopa.com-stix2-2.1-export.json", "tarrant23df.pdf", "TarrantCounty6df.pdf", "https://www.virustotal.com/en/file/undefined/analysis/", "TarrantCounty18df.pdf", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://px.owneriq.net/stas/s/sholic.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "bootmin-2013092601 2.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://www.choopa.com/_js/global.js?v=209", "TarrantCounty4df.pdf", "https://js.partnerstack.com/v1/", "https://www.choopa.com/css/global.css?v=209", "https://www.googletagmanager.com/gtag/js?id=G-K6536FHN4D&l=dataLayer&cx=c", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://js-na1.hs-scripts.com/210895.js", "https://porcelinux.com/js/wz_dragdrop.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://s.adroll.com/j/sendrolling.js", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "TarrantCounty10df.pdf", "https://bat.bing.com/bat.js", "https://vestacp.com/bower_components/foundation-sites/dist/js/foundation.js", "https://vestacp.com/bower_components/what-input/dist/what-input.js", "https://site.yandex.net/v2.0/js/all.js", "https://ssl.google-analytics.com/ga.js", "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://www.google-analytics.com/analytics.js", "https://www.google.com/cse/static/element/3e1664f444e6eb06/cse_element__en.js?usqp=CAI%3D", "https://my.choopa.com/js/global.js?v=41", "https://bat.bing.com/p/action/17528422.js", "https://mc.yandex.ru/metrika/tag.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "tarrantcounty8df.pdf", "https://www.choopa.com/commonimages/jquery-3.5.1.min.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://my.choopa.com/js/jquery-3.5.1.min.js", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://connect.facebook.net/signals/config/571256413046247?v=2.9.57&r=stable", "https://connect.facebook.net/signals/config/438248060937995?v=2.9.57&r=stable", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf", "https://www.redditstatic.com/ads/pixel.js", "TarrantCounty5df.pdf", "https://www.googleadservices.com/pagead/conversion.js", "https://mc.yandex.ru/metrika/watch.js", "https://js.hubspot.com/analytics/1652585100000/210895.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://static.ads-twitter.com/uwt.js", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://vestacp.com/bower_components/jquery/dist/jquery.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://js-agent.newrelic.com/nr-1216.min.js", "TarrantCounty3df.pdf", "TarrantCounty19df.pdf", "http://fonts.googleapis.com/css?family=Open+Sans:300", "https://porcelinux.com/js/zxml.js", "TarrantCounty14df.pdf", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://porcelinux.com/js/myhome.js", "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "https://my.choopa.com/js/desktop.js?v=41", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1650555348274&cv=9&fst=1650555348274&num=1&label=viUgCKmAuwMQr9yu_QM&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fhe.net%2F&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&hn=www.googleadservices.com&rfmt=3&fmt=4", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "xfe-URL-bombora.com-stix2-2.1-export.json", "tarrantcounty22df.pdf", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "https://d.adroll.com/pixel/DUKHAKVYIJASHDUBG4V7RE/E23RMKDBEFAEXMXLWK3IWO?adroll_fpc=838a57acc6141112b6107bdce5e3fde6-1650403057055&arrfrr=https%3A%2F%2Fwww.vultr.com%2F&pv=70707106758.07146&cookie=&adroll_s_ref=&keyw=", "https://cdn.tynt.com/afsh.js", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "bootstrap.min.css", "https://vestacp.com/js/app.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858656304/?random=1650403054497&cv=9&fst=1650403054497&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=3&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.vultr.com%2F&tiba=SSD%20VPS%20Servers%2C%20Cloud%20Servers%20and%20Cloud%20Hosting%20by%20Vultr%20-%20Vultr.com&hn=www.googleadservices.com&rfmt=3&fmt=4", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "https://www.choopa.com/_js/bootstrap.js", "TarrantCounty1df.pdf", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "ga.js", "xfe-URL-Vultr.com-stix2-2.1-export.json", "TarantCounty2df.pdf", "https://s.adroll.com/j/exp/DUKHAKVYIJASHDUBG4V7RE/index.js", "http://codice.shinystat.com/cgi-bin/getcod.cgi?USER=adgweb", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "TarrantCounty12df.pdf", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "TarrantCounty9df.pdf", "jquery.min.js", "xfe-URL-ewqopweowia543.ga-stix2-2.0-export.json", "xfe-URL-Owneriq.net-stix2-2.1-export.json", "TarrantCounty17df.pdf", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js", "TarrantCounty21df.pdf", "https://porcelinux.com/estilo.css", "https://s.adroll.com/j/roundtrip.js", "https://vestacp.com/css/app.css", "https://www.choopa.com/_js/dragscroll.js", "TarrantCounty15df.pdf", "https://www.choopa.com/css/bootstrap.css", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "https://sb.scorecardresearch.com/beacon.js", "xfe-URL-ml314.com-stix2-2.1-export.json" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Reduceright", "Eq", "Flexslider", "Vd", "Gc", "Bomboraconsent" ], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "6892e73b32af18aa302df0dc", "name": "Part 1.5", "description": "Dark web media \u2022 Political news \u2022 Malvertizing\nlocate \u2022\ntrack [stalk] \u2022 record calls \u2022 control media [youtube , etc] http://t.name?n[++i]=e:this.removeEventListener\t\t\nJeeng &\nPowebox [ accidentally left out in original post pulse]", "modified": "2025-09-05T04:03:06.929000", "created": "2025-08-06T05:25:15.369000", "tags": [ "chromeua", "optout", "object", "path", "value", "access type", "setval", "windir", "localappdata", "null", "win64", "error", "generator", "close", "roboto", "date", "format", "light", "span", "template", "void", "android", "body", "trident", "mexico", "sonic", "black", "critical", "desktop", "dark", "meta", "this", "june", "hybrid", "apache", "write", "crypto", "autodetect", "face", "courier", "gigi", "impact", "shadow", "click", "strings", "cray", "smwg", "eret", "footer", "infinity", "window", "canvas", "legend", "nuke", "lion", "4629", "ahav", "olsa", "false", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "defense evasion", "t1480 execution", "file defense", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "script", "mitre att", "pattern match", "show technique", "iframe", "refresh", "august", "general", "local", "tools", "demo", "look", "verify", "restart", "url http", "small", "pulses url", "tellyoun", "showing", "entries", "url https", "indicator role", "title added", "active related", "type indicator", "role title", "added active", "related pulses", "cc08", "f06a6b", "sfurl", "filehashsha256", "types", "indicators show", "search", "pulses", "filehashsha1", "adversaries", "found", "webp image", "ascii text", "riff", "size", "encrypt", "legacy", "filehashmd5", "united", "flag", "server", "markmonitor", "name server", "llc name", "overview dns", "requests domain", "country", "win32", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "medium risk", "yara", "detections", "malware", "copy", "show", "icmp traffic", "packing t1045", "t1045", "pdb path", "pe resource", "extraction", "data upload", "enter sc", "type", "extra data", "please", "failed", "review", "exclude data", "included review", "ic data", "suggeste", "stop", "type onow", "domain", "passive dns", "urls", "files related", "pulses none", "related tags", "none google", "safe browsing", "sc data", "extr amanuav", "review included", "manualy", "sugges excluded", "filehash", "md5 add", "pulse pulses", "url add", "http", "hostname", "files domain", "pulses otx", "virustotal", "hsmi192547107", "pulses hostname", "r dec", "customer dec", "iski dec", "decision dec", "va dec", "bitcoin", "bitcoin dec", "petra", "torstatus dec", "paul dec", "sodesc", "planet dec", "emilia", "heroin dec", "difference dec", "palantir dec", "loraxlive dec", "chaturbate dec", "sandra", "free dec", "marvel dec", "benjis dec", "fresh dec", "sodesc dec", "srdirport", "srhostname", "link dec", "types of", "italy", "china", "australia", "france", "turkey", "discovery", "information", "ck ids", "t1005", "local system", "t1007", "system service", "part", "track", "locate", "political", "civil society", "news", "created", "hours ago", "report spam", "t1555", "password", "t1560", "collected data", "t1573", "channel", "t1574", "execution flow", "scan", "iocs", "t1497", "u0lhmq", "mtawmq", "t1480", "guardrails", "t1486", "data encrypted", "learn more", "unsubscribe aug", "protocol", "t1074", "staged", "t1083", "t1102", "web service", "t1105", "tool transfer", "t1140", "data engineer", "candidate", "tlsv1", "odigicert inc", "stcalifornia", "lsan jose", "oadobe systems", "incorporated", "cndigicert sha2", "push", "next", "high", "write c", "ireland as16509", "delete", "dirty", "tags", "t1012", "flow endpoint", "security scan", "t1106", "copyright", "levelblue" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 608, "FileHash-SHA1": 433, "FileHash-SHA256": 3663, "URL": 17104, "domain": 1316, "email": 39, "hostname": 4208, "SSLCertFingerprint": 17 }, "indicator_count": 27388, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "226 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c57c7b19b62c501601a", "name": "Hurricane Electric - csp.he.net :)", "description": "", "modified": "2023-12-06T14:59:35.479000", "created": "2023-12-06T14:59:35.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 186, "hostname": 490, "URL": 1339, "domain": 311 }, "indicator_count": 2326, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c0791fece390b1a096e", "name": "Choopa.com - vultr", "description": "", "modified": "2023-12-06T14:58:15.734000", "created": "2023-12-06T14:58:15.734000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 453, "hostname": 1241, "domain": 430, "URL": 3454 }, "indicator_count": 5578, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b5e9b8ce0f5fd87fb98", "name": "ewqopweowia543.ga", "description": "", "modified": "2023-12-06T14:55:26.621000", "created": "2023-12-06T14:55:26.621000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "hostname": 706, "domain": 234, "FileHash-SHA256": 238, "URL": 1386 }, "indicator_count": 2565, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ea8bf5508d5839c2e68b66", "name": "This what you dont see your browser doing in the background", "description": "", "modified": "2022-08-03T14:53:41.744000", "created": "2022-08-03T14:53:41.744000", "tags": [ "regexp", "array", "attr", "class", "css1compat", "null", "string", "error", "function", "invalid json", "text", "date", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "classspan", "span", "typecheckbox", "gradienttype0", "typeradio", "classicon", "typesearch", "typesubmit", "href", "typebutton", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js" ], "references": [ "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "bootstrap.min.css", "ga.js", "bootmin-2013092601 2.js", "bootmin-2013092601.js", "jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 193, "hostname": 384, "domain": 146, "URL": 972 }, "indicator_count": 1695, "is_author": false, "is_subscribing": null, "subscriber_count": 391, "modified_text": "1355 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628077c330f33dfd254e5a8b", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-15T03:47:15.835000", "tags": [ "bomboraconsent", "gdpr", "ccpa", "date", "nthis", "array", "typeof e", "typeerror", "class", "image", "typeof symbol", "afsh", "copyright", "rights reserved", "comscore", "typeof o", "uspapi", "null", "s271733878", "secure hash", "algorithm", "sha1", "a1732584193", "1518500249", "imgurl", "oiqfpsjs", "script", "iframe", "oiqaddpagecat", "inte", "oiqdotag", "track", "regexp", "pseudo", "child", "typeof b", "error", "sufeffxa0", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75", "wpbruiserclient", "browserinfo", "mozinnerscreenx", "xmlhttprequest", "activexobject", "bf7e56f2f3", "zpbcat", "zcluidkrs", "promise", "boolean", "verification", "object", "reflect", "typeof proxy", "demo", "shareaholic", "sfunction", "bearer", "patch", "accept", "function", "symbol", "weakmap", "dataview", "typeof module", "cfunction", "event", "afunction", "efunction", "mfunction", "binnerheightc", "number", "string", "trackevent", "click", "uint8array", "gtmng3vqql", "classes", "path", "code", "typeof r", "function code", "typeof n", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "vd", "utmb", "firefox", "shockwave flash", "utma", "utmz", "ieproto", "typeof", "widgetrootqa", "driftconductor", "addcookiedomain", "hubspot", "typeof t", "quora pixel", "4294967295", "uint32array", "viewcontent", "infinity", "register domain names", "domain registration", "business web hosting services", "web hosting provider", "business email accounts", "web site hosting", "domain name registration", "ecommerce hosting services", "buy domains", "bulk domain search", "domain name search", "domain hosting", "registrations", "websites", "whois", "registrar", "registry", "domainpeople", "domain name", "registration", "year discount", "web hosting", "us whois", "us contact", "lookup alerts", "support login", "call" ], "references": [ "https://domainpeople.com", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://js.hubspot.com/analytics/1652585100000/210895.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://js-agent.newrelic.com/nr-1216.min.js", "https://js-na1.hs-scripts.com/210895.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://px.owneriq.net/stas/s/sholic.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://sb.scorecardresearch.com/beacon.js", "https://cdn.tynt.com/afsh.js", "xfe-URL-ml314.com-stix2-2.1-export.json", "xfe-URL-bombora.com-stix2-2.1-export.json", "xfe-URL-Owneriq.net-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BomboraConsent", "display_name": "BomboraConsent", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4185, "URL": 12454, "FileHash-SHA256": 1329, "CVE": 2, "domain": 2068, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1406 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261f2763fabd1214a79f0e5", "name": "Masterhost.ru - malware hosting", "description": "Here is the code-decode for the punycode-overflow test, which is based on the results of the following test-run by the UK's Office of National Statistics (ONS).", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:10:30.250000", "tags": [ "fffe37", "b76810", "helvetica", "arial", "pf din", "text comp", "circe", "span", "button", "90deg", "object", "typeof t", "date", "promise", "function", "array", "regexp", "error", "typeof symbol", "typeof n", "null", "backspace", "void", "window", "vd", "gc", "typeof e", "sufeffxa0", "class", "attr", "pseudo", "child", "typeof module", "string", "weakmap", "proxy", "number", "boolean", "trnf", "keepalive", "transitiongroup", "hello", "comment", "infinity", "this", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "65535", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "vwtabguid", "form", "impact", "light", "cureit", "bu durumda", "ip address", "devam", "yandex", "help section", "captcha code", "support service", "search", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "rangeerror", "webpackexports", "illegal input", "webpackrequire" ], "references": [ "https://admin.verbox.ru/support/support.js?h=afe80d31a1cabd6ae5c00580688f27d2", "https://www.youtube.com/s/player/534c466c/www-widgetapi.vflset/www-widgetapi.js", "https://site.yandex.net/v2.0/js/all.js", "https://mc.yandex.ru/metrika/tag.js", "https://www.googletagmanager.com/gtag/js?id=UA-36935570-1", "https://masterhost.ru/s/masterhost_v2/build/js/app.js?v=WivgGVzt/Ynv", "https://masterhost.ru/s/masterhost_v2/build/js/compiled.min.js?v=Q/hhNATxy3sx", "https://static.me-talk.ru/cabinet/build/chat/modern.support.js", "https://masterhost.ru/s/masterhost_v2/build/css/global.css?v=MUmvaY06hvKf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1991, "hostname": 678, "FileHash-SHA256": 247, "domain": 404, "email": 1, "FileHash-MD5": 51 }, "indicator_count": 3372, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1429 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "prototype.ba", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "prototype.ba", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776615393.5810745 }