{
"type": "Domain",
"indicator": "prototype.run",
"general": {
"sections": [
"general",
"geo",
"url_list",
"passive_dns",
"malware",
"whois",
"http_scans"
],
"whois": "http://whois.domaintools.com/prototype.run",
"alexa": "http://www.alexa.com/siteinfo/prototype.run",
"indicator": "prototype.run",
"type": "domain",
"type_title": "Domain",
"validation": [],
"base_indicator": {
"id": 2690265704,
"indicator": "prototype.run",
"type": "domain",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 44,
"pulses": [
{
"id": "698904c316bc7710b967d01d",
"name": "Rare Tier 1 Persistence - Critical \"Patched\", Non Patched Vulnerabilities Remain bypassing Lockdown Mode",
"description": "Researcher Note (Feb 08, 2026):\nThis artifact represents a sophisticated Cross-Protocol Mesh. Observations confirm that the Cymt/Nemucod wrapper is being utilized as a delivery vehicle for a Firmware-resident ELF binary (Mirai variant).\nThe persistence is notable for its ability to survive Full DFU Restores and Faraday-isolated states, likely due to JTAG-level interaction with the Power Management IC (Chip 4799). This is not a standard opportunistic infection; it is a targeted provisioning event leveraging IDMSA (Identity Management) bridges and Verizon/Akamai Edge infrastructure.\nThe integration with CalendarKit and Maps for geofenced execution suggests a highly coordinated surveillance objective. Forensic analysts should pay specific attention to the sizeofrawdata_antidbg anomalies, which indicate a focus on bypassing Apple Lockdown Mode and Secure Enclave. \nresearcher credit: msudoSOS",
"modified": "2026-03-27T09:05:26.285000",
"created": "2026-02-08T21:48:49.147000",
"tags": [
"#supportsitewebsiteabuse #rootcertificatefailure #cryptographicf"
],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "msudosos",
"id": "381696",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 909,
"URL": 1779,
"CVE": 126,
"domain": 659,
"email": 23,
"JA3": 1,
"FileHash-MD5": 230,
"FileHash-SHA1": 227,
"FileHash-SHA256": 934,
"CIDR": 13
},
"indicator_count": 4901,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 54,
"modified_text": "23 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a54a663b348b34b12f97",
"name": "Command and Control - 199.59.243.224",
"description": "",
"modified": "2023-12-06T16:46:02.873000",
"created": "2023-12-06T16:46:02.873000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"domain": 827,
"FileHash-SHA256": 659,
"hostname": 1381,
"URL": 3637,
"email": 1,
"FileHash-MD5": 826,
"FileHash-SHA1": 150
},
"indicator_count": 7482,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a47560e3f989a5556289",
"name": "Typosquatting - httpsFreCodeCamp.org",
"description": "",
"modified": "2023-12-06T16:42:29.567000",
"created": "2023-12-06T16:42:29.567000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"domain": 827,
"FileHash-SHA256": 659,
"hostname": 1381,
"URL": 3637,
"email": 1,
"FileHash-MD5": 826,
"FileHash-SHA1": 150
},
"indicator_count": 7482,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a46fe2f276b4a4daa9f7",
"name": "Typosquatting - httpsFreCodeCamp.org",
"description": "",
"modified": "2023-12-06T16:42:23.297000",
"created": "2023-12-06T16:42:23.297000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"domain": 827,
"FileHash-SHA256": 659,
"hostname": 1381,
"URL": 3637,
"email": 1,
"FileHash-MD5": 826,
"FileHash-SHA1": 150
},
"indicator_count": 7482,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6570a468597b81d280b67f3b",
"name": "199.59.243.224 Command and Control",
"description": "",
"modified": "2023-12-06T16:42:16.587000",
"created": "2023-12-06T16:42:16.587000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"domain": 827,
"FileHash-SHA256": 659,
"hostname": 1381,
"URL": 3637,
"email": 1,
"FileHash-MD5": 826,
"FileHash-SHA1": 150
},
"indicator_count": 7482,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65709fad03b8f1cdc6abe334",
"name": "FreCodeCamp.org - Typosquating and or Malicious Redirect. Social Engineering and",
"description": "",
"modified": "2023-12-06T16:22:04.700000",
"created": "2023-12-06T16:22:04.700000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"domain": 827,
"FileHash-SHA256": 659,
"hostname": 1381,
"URL": 3637,
"email": 1,
"FileHash-MD5": 826,
"FileHash-SHA1": 150
},
"indicator_count": 7482,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "657090ec38f1bd5e40046c7b",
"name": "Twitter Widget Iframe - its astounding how corrupt twitter is for many and no-one seems to highlighting or addressing these issues",
"description": "",
"modified": "2023-12-06T15:19:08.396000",
"created": "2023-12-06T15:19:08.396000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 41,
"domain": 36,
"hostname": 87,
"URL": 287,
"FileHash-MD5": 11
},
"indicator_count": 462,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708efbe1108a2df26f5c5f",
"name": "Theconstantcompany.com \u2014>Elizabeth Messer – Spiritual Encouragement for your beautiful, messy life",
"description": "",
"modified": "2023-12-06T15:10:51.712000",
"created": "2023-12-06T15:10:51.712000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 538,
"hostname": 307,
"domain": 220,
"URL": 1053
},
"indicator_count": 2118,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708ef0cdb40fa0e7d239ca",
"name": "either emotet or a part of it",
"description": "",
"modified": "2023-12-06T15:10:40.867000",
"created": "2023-12-06T15:10:40.867000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 342,
"hostname": 456,
"domain": 349,
"URL": 1730,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 2879,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708ed8f7d4b5483117bb66",
"name": "abuse.ch",
"description": "",
"modified": "2023-12-06T15:10:16.397000",
"created": "2023-12-06T15:10:16.397000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 223,
"domain": 383,
"URL": 1639,
"hostname": 560,
"email": 1,
"FileHash-MD5": 2
},
"indicator_count": 2808,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 114,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708e456bdbf8ea8d0d504a",
"name": "whitehouse.gov",
"description": "",
"modified": "2023-12-06T15:07:49.577000",
"created": "2023-12-06T15:07:49.577000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 449,
"hostname": 639,
"domain": 245,
"URL": 1609,
"FileHash-MD5": 4
},
"indicator_count": 2946,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708e2d7cb4228401888b63",
"name": "possibly a central bank",
"description": "",
"modified": "2023-12-06T15:07:25.990000",
"created": "2023-12-06T15:07:25.990000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 622,
"domain": 2558,
"URL": 4203,
"hostname": 1221,
"CVE": 1
},
"indicator_count": 8605,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708e254b734f1efd8bd0ad",
"name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4",
"description": "",
"modified": "2023-12-06T15:07:17.380000",
"created": "2023-12-06T15:07:17.380000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1645,
"URL": 8598,
"domain": 1004,
"hostname": 2066,
"FileHash-MD5": 3
},
"indicator_count": 13316,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708c45f8a517d76d776231",
"name": "Malware - reliablesite.net",
"description": "",
"modified": "2023-12-06T14:59:17.346000",
"created": "2023-12-06T14:59:17.346000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 238,
"domain": 565,
"hostname": 827,
"URL": 2233
},
"indicator_count": 3863,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708c37c54dd9e78f85c0fa",
"name": "\u7ea2\u674f\u89c6\u9891 malware",
"description": "",
"modified": "2023-12-06T14:59:03.859000",
"created": "2023-12-06T14:59:03.859000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 4,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1686,
"hostname": 2218,
"URL": 5740,
"domain": 901,
"FileHash-MD5": 3
},
"indicator_count": 10548,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708c0f5981b6d81d0fa423",
"name": "data102 and colohouse. Malware hosting",
"description": "",
"modified": "2023-12-06T14:58:23.206000",
"created": "2023-12-06T14:58:23.206000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 458,
"domain": 557,
"URL": 2599,
"hostname": 952
},
"indicator_count": 4566,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "657089bdb1d8a5ad0edc6614",
"name": "http://www.diapers.com.sg/GOO.N-Japan-Version-Diapers-Pants/",
"description": "",
"modified": "2023-12-06T14:48:29.397000",
"created": "2023-12-06T14:48:29.397000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 1,
"FileHash-SHA256": 307,
"domain": 149,
"hostname": 299,
"URL": 602,
"email": 4,
"FileHash-MD5": 59,
"FileHash-SHA1": 53
},
"indicator_count": 1474,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65707fe17dfdfe16066d16de",
"name": "Bexar.org",
"description": "",
"modified": "2023-12-06T14:06:25.800000",
"created": "2023-12-06T14:06:25.800000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 1735,
"hostname": 1833,
"domain": 1025,
"URL": 4668,
"email": 4,
"FileHash-MD5": 133,
"FileHash-SHA1": 6,
"CIDR": 5
},
"indicator_count": 9409,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65707f7f79257c3b4f276f35",
"name": "whitehouse.govapi_2.27.22",
"description": "",
"modified": "2023-12-06T14:04:47.874000",
"created": "2023-12-06T14:04:47.874000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 489,
"hostname": 405,
"domain": 306,
"URL": 1451,
"email": 1,
"FileHash-MD5": 4
},
"indicator_count": 2656,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65707e5b7df6f60133e8fb50",
"name": "Jeeng / Powerbox",
"description": "",
"modified": "2023-12-06T13:59:55.129000",
"created": "2023-12-06T13:59:55.129000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CVE": 3,
"FileHash-SHA256": 9072,
"domain": 2500,
"hostname": 3584,
"URL": 13548,
"FileHash-MD5": 197,
"FileHash-SHA1": 162,
"email": 19,
"CIDR": 20,
"SSLCertFingerprint": 2,
"BitcoinAddress": 1
},
"indicator_count": 29108,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6507d7f6b7377c6661892549",
"name": " Command and Control - 199.59.243.224",
"description": "",
"modified": "2023-09-18T04:54:14.378000",
"created": "2023-09-18T04:54:14.378000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "6500a5daf00fa294f0454541",
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 7653,
"FileHash-SHA256": 4241,
"domain": 1485,
"hostname": 2976,
"FileHash-MD5": 10625,
"FileHash-SHA1": 2805,
"CVE": 4,
"email": 1
},
"indicator_count": 29790,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "944 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6500a61e6dadf56df268be36",
"name": "Typosquatting - httpsFreCodeCamp.org",
"description": "",
"modified": "2023-09-12T23:03:58.658000",
"created": "2023-09-12T17:55:42.532000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "6500a5daf00fa294f0454541",
"export_count": 10,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 7653,
"FileHash-SHA256": 4241,
"domain": 1485,
"hostname": 2976,
"FileHash-MD5": 10625,
"FileHash-SHA1": 2805,
"CVE": 4,
"email": 1
},
"indicator_count": 29790,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "949 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6500a61b16728d0a29c7b6a7",
"name": "Typosquatting - httpsFreCodeCamp.org",
"description": "",
"modified": "2023-09-12T23:03:58.658000",
"created": "2023-09-12T17:55:39.783000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "6500a5daf00fa294f0454541",
"export_count": 10,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 7653,
"FileHash-SHA256": 4241,
"domain": 1485,
"hostname": 2976,
"FileHash-MD5": 10625,
"FileHash-SHA1": 2805,
"CVE": 4,
"email": 1
},
"indicator_count": 29790,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 219,
"modified_text": "949 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6500a5daf00fa294f0454541",
"name": "199.59.243.224 Command and Control ",
"description": "",
"modified": "2023-09-12T23:03:58.658000",
"created": "2023-09-12T17:54:34.352000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": "64d90dda3a7763b24267102d",
"export_count": 10,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 7653,
"FileHash-SHA256": 4241,
"domain": 1485,
"hostname": 2976,
"FileHash-MD5": 10625,
"FileHash-SHA1": 2805,
"CVE": 4,
"email": 1
},
"indicator_count": 29790,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 220,
"modified_text": "949 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64d90dda3a7763b24267102d",
"name": "FreCodeCamp.org - Typosquating and or Malicious Redirect. Social Engineering and",
"description": "Wannacry, Malware, Trojans, evaders, executables, Droppers,Trickbots,malware on discord Artemis, B.Scope adware Artemis, CVE, Apple phishing ,cve-2014-3931\ncve-2005-0068\ncve-2015-1701\ncve-2004-0790\ncve-2008-2938\ncve-2009-1535\ncve-2009-0233\ncve-2014-6345\ncontains-embedded-js\ncontains-elf\ncve-2008-1447\ncve-1999-0016\nnsis\nattachment\nupx\ncve-2016-2569\ncve-2017-0147\ncontains-pe\nbobsoft\nRulesets:\nTrickBot \nAPT10_Malware_Sample_Gen \nRuleset:\n(smtp) unknown command\nSURICATA SMTP Mime base64-decoding failed\nSURICATA SMTP Mime encoded line len exceeded\nSURICATA Applayer Detect protocol only one direction\nFile Found over SMTP and stored\nUnique rule identifier:\nPrivate collection.\nMALWARE\nRANSOM \nMALWARE RANSOM\nworm.mydoom/emailworm\ntrojan.wannacry/wannacryptor\ntrojan.heye/msil\nTrojan: LotAccessUI.EXE ( Win32 EXE \nexecutable\nwindows\nwin32\npe\npeexe\nMagic\t\nPE32 \nMITRE ATT&CK Navigator\nExecution\nTA0002\nPrivilege Escalation\nTA0004\nDefense Evasion\nTA0005\nCredential Access\nTA0006\nDiscovery\nTA0007\nCollection\nTA0009",
"modified": "2023-09-12T23:03:58.658000",
"created": "2023-08-13T17:07:38.032000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 13,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "OctoSeek",
"id": "243548",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 7653,
"FileHash-SHA256": 4241,
"domain": 1485,
"hostname": 2976,
"FileHash-MD5": 10625,
"FileHash-SHA1": 2805,
"CVE": 4,
"email": 1
},
"indicator_count": 29790,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 221,
"modified_text": "949 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "64407a3c423306cfb9d66c6d",
"name": "https://ads.twitter.com/?ref=gl-tw-tw-twitter-advertise0",
"description": "",
"modified": "2023-04-19T23:33:16.257000",
"created": "2023-04-19T23:33:16.257000",
"tags": [
"zarma"
],
"references": [
"https://hybrid-analysis.com/sample/98d509ee5c88d85c96e401cf9a599a9bed2799101079f99e7e4ae974131ebcc1/643e852b401612eba8065bbb"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1071",
"name": "Application Layer Protocol",
"display_name": "T1071 - Application Layer Protocol"
},
{
"id": "T1083",
"name": "File and Directory Discovery",
"display_name": "T1083 - File and Directory Discovery"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer",
"display_name": "T1105 - Ingress Tool Transfer"
},
{
"id": "T1480",
"name": "Execution Guardrails",
"display_name": "T1480 - Execution Guardrails"
},
{
"id": "T1497",
"name": "Virtualization/Sandbox Evasion",
"display_name": "T1497 - Virtualization/Sandbox Evasion"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
},
{
"id": "T1555",
"name": "Credentials from Password Stores",
"display_name": "T1555 - Credentials from Password Stores"
},
{
"id": "T1574",
"name": "Hijack Execution Flow",
"display_name": "T1574 - Hijack Execution Flow"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 5,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 178,
"hostname": 612,
"URL": 1892,
"email": 4,
"IPv4": 5,
"FileHash-SHA256": 63,
"FileHash-MD5": 59,
"FileHash-SHA1": 58
},
"indicator_count": 2871,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 92,
"modified_text": "1095 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "63ed8628367c1a4f3f8e773a",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:26:00.959000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "63ed86228ecb2b03d35b046f",
"name": "just a load of errors on edge watching twitch",
"description": "load of unknown user pics, but that could just be a twitch thing",
"modified": "2023-03-18T00:05:45.328000",
"created": "2023-02-16T01:25:54.305000",
"tags": [
"object",
"typeerror",
"typeof symbol",
"error",
"typeof t",
"array",
"string",
"typeof e",
"typeof n",
"referenceerror",
"date",
"body",
"null",
"local",
"generator",
"class",
"typeof tcfapi",
"tcfapi",
"daten",
"image",
"typeof comscore",
"true",
"regexp",
"config",
"nolbundle",
"novmsjs",
"nlssdk",
"retry request",
"nolsdkbundle",
"typeof o",
"bsdk check",
"optout",
"basever",
"lsid",
"qqfunction",
"nielsen log",
"info",
"stop",
"logger",
"android",
"donate",
"ukraine relief",
"requestbuilder",
"slotbuilder",
"uint8array",
"nthis",
"promise",
"symbol",
"fullscreen",
"adload",
"false",
"facebook",
"unknown",
"meta",
"direct",
"this",
"close",
"locale",
"model",
"survey",
"companion",
"scroll",
"backspace",
"insert",
"infinity",
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"runtime data",
"ansi",
"path",
"hybrid analysis",
"api call",
"registry access",
"function",
"calls",
"window",
"hybrid",
"general",
"click",
"ransomware",
"february",
"strings",
"suspicious",
"irequestslot",
"islotbuilder",
"amazonerrorcode",
"errortype",
"adunit",
"conflict",
"please"
],
"references": [
"https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520",
"webpack buildin global.js",
"SlotBuilder.ts",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"apstag.js",
"nlsSDK600.bundle.min.js",
"v6s.js",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=",
"https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/",
"beacon.js",
"https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "SlotBuilder",
"display_name": "SlotBuilder",
"target": null
},
{
"id": "RequestBuilder",
"display_name": "RequestBuilder",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "callmeDoris",
"id": "205385",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1353,
"hostname": 363,
"domain": 201,
"FileHash-SHA256": 203,
"FileHash-MD5": 9,
"FileHash-SHA1": 3
},
"indicator_count": 2132,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 90,
"modified_text": "1128 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "62e41774491bb401deeb6e35",
"name": "Twitter Widget Iframe - its astounding how corrupt twitter is for many and no-one seems to highlighting or addressing these issues",
"description": "",
"modified": "2022-08-28T00:01:38.268000",
"created": "2022-07-29T17:23:00.402000",
"tags": [
"script",
"satellite",
"promise",
"date",
"pageview",
"click",
"twitter",
"image",
"event",
"button",
"null",
"accept",
"void",
"scroll",
"iframe",
"body",
"twitter widget"
],
"references": [
"https://platform.twitter.com/widgets/widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html?origin=https%3A%2F%2Fbusiness.twitter.com",
"widget_iframe.dc05643fdb8d0e2b89e5cc3c1d26d1b5.html",
"many script present on business twitter com pg no acc access for me.txt",
"Connect on Twitter.pdf",
"from my twitter analytics using the unknown account id.pdf",
"Events Manager new in twitter analytics.pdf",
"twitter crashing only displays home tweets - i8nl script url from view source.pdf",
"from unlogged in twitter https accounts.google.com gsi client- URL - 2ca11d6133b5a313fb740fbdb8c4f6a2a99482dd30044c82635e53f43e16d.pdf"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "dorkingbeauty1",
"id": "80137",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 87,
"URL": 287,
"domain": 36,
"FileHash-SHA256": 41,
"FileHash-MD5": 11
},
"indicator_count": 462,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 391,
"modified_text": "1330 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "62e1ca167a1591e7b4ca1129",
"name": "VirusTotal view-source on https://www.virustotal.com/en/file/undefined/analysis/",
"description": "someone really needs to figure out wtf this is all doing it has to be part of the net.sh",
"modified": "2022-07-28T02:05:04.183000",
"created": "2022-07-27T23:28:22.504000",
"tags": [
"array",
"object",
"typeof t",
"layer1",
"error",
"path",
"function",
"typeerror",
"date",
"svg export",
"span",
"null",
"unknown",
"click",
"february",
"april",
"june",
"august",
"this",
"void",
"bounce",
"string",
"regexp",
"number",
"sxa0",
"amptoken",
"optout",
"notfound",
"contenttype",
"form",
"copyright",
"element",
"polymer project",
"authors",
"bsd style",
"code",
"google",
"software",
"window",
"generator",
"comment",
"trident",
"typeof e",
"typeof symbol",
"typeof btoa",
"btoa",
"typeof reflect",
"boolean",
"customevent",
"plugin",
"build",
"home",
"intelligence",
"graph",
"report",
"urls",
"please",
"javascript",
"https://www.virustotal.com/en/file/undefined/analysis/",
"net.sh"
],
"references": [
"entity%3Aip%20whois%3Ainfo%40anodicnetwork.com.html",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"0.main.bundle.a9d68f5204cd3ac257b6.js",
"webcomponent-polyfill.js",
"analytics.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"\" Page not found Elizabeth Messer – Spiritual Encouragement for your beautiful, messy life",
"description": "This is blasphemy",
"modified": "2022-05-26T03:20:44.885000",
"created": "2022-05-26T03:11:27.710000",
"tags": [
"5deg",
"3deg",
"10deg",
"30px",
"15px",
"4px0",
"20deg",
"sans",
"styles",
"type",
"form",
"widget",
"helvetica neue",
"typeemail",
"typetext",
"classshare",
"typetel",
"typeurl",
"typecheckbox",
"canvas",
"typeradio",
"segoe ui",
"roboto",
"span",
"open",
"click",
"getclicktarget",
"date",
"contexttrack",
"view",
"installtrigger",
"processlink",
"typeof blog",
"msie",
"image",
"paul irish",
"typeof b",
"kfunction",
"true",
"body",
"optinid",
"pageid",
"listid",
"cookieduration",
"scrollpos",
"etbloompopup",
"etbloomformleft",
"service",
"typebutton",
"choose file",
"reset",
"submit",
"screenw",
"containerh",
"function",
"ratio1",
"ratio2",
"containerw",
"index",
"nectar",
"null",
"youtubeid",
"jquery",
"nnull",
"annull",
"touch swipe",
"touchswipe",
"method",
"phasemove",
"phaseend",
"phasecancel",
"left",
"right",
"typeof define",
"typeof module",
"typeof t",
"mspointerdown",
"input",
"touch",
"gplv3",
"license",
"copyright",
"metafizzy",
"typeof require",
"new dateu",
"flash player",
"arrow",
"chinese",
"typeof symbol",
"wrapper",
"javascript",
"flash",
"error",
"fullscreen",
"czech",
"icelandic",
"korean",
"slovak",
"infinite scroll",
"easeoutcubic",
"bind",
"destroy",
"html",
"resume",
"luke shumard",
"mit license",
"next",
"unknown",
"false",
"done",
"minimal",
"transparent",
"megamenu",
"edge",
"superfish menu",
"plugin",
"joel birch",
"dual",
"ttttttt ttttttt",
"gravatar",
"ttttttttname",
"tttttt tttttt",
"tttttt ttttt",
"symbol",
"array",
"typeof window",
"typeof self",
"string",
"object",
"ieproto",
"activexobject",
"typeerror",
"asynciterator",
"generator",
"number",
"closure library",
"xdfunction",
"adfunction",
"bdfunction",
"lefunction",
"qefunction",
"boolean",
"moz o",
"custom build",
"https",
"android",
"mobile safari",
"chrome",
"phone",
"worker",
"typeof n",
"typeof e",
"uint8array",
"vcgitemlink",
"addingtocart",
"addedtocart",
"button",
"version",
"requires",
"thanks",
"window",
"please wait",
"typeof f",
"html tags",
"ox20trnf",
"dom element",
"regexp",
"class",
"attr",
"pseudo",
"child",
"bible studies",
"bible study",
"leed",
"ebay",
"microsoft",
"jesus",
"john",
"saint ignatius",
"loyola"
],
"references": [
"http://www.elizabethmesser.com/",
"http://theconstantcompany.com",
"http://www.elizabethmesser.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0",
"http://www.elizabethmesser.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2",
"http://www.elizabethmesser.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.5.1",
"http://www.elizabethmesser.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.5.1",
"http://www.elizabethmesser.com/wp-content/plugins/js_composer_salient/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.0.1",
"https://stats.wp.com/s-202221.js",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/modernizr.js?ver=2.6.2",
"https://www.googletagmanager.com/gtag/js?id=UA-115476727-1",
"http://www.elizabethmesser.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001",
"http://www.elizabethmesser.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9",
"http://www.elizabethmesser.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0",
"http://www.elizabethmesser.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.5.1",
"https://secure.gravatar.com/js/gprofiles.js?ver=202221",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/superfish.js?ver=1.4.8",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/infinitescroll.js?ver=1.1",
"http://www.elizabethmesser.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/flickity.min.js?ver=1.1.1",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/touchswipe.min.js?ver=1.0",
"http://www.elizabethmesser.com/wp-content/plugins/js_composer_salient/assets/js/dist/js_composer_front.min.js?ver=5.0.1",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/js/jquery.uniform.min.js?ver=1.1.8",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/js/custom.js?ver=1.1.8",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/js/idle-timer.min.js?ver=1.1.8",
"https://stats.wp.com/e-202221.js",
"http://www.elizabethmesser.com/wp-content/plugins/jetpack/css/jetpack.css?ver=10.9.1",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/css/style.css?ver=1.1.8"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Bible Study",
"display_name": "Bible Study",
"target": null
},
{
"id": "Bible Studies",
"display_name": "Bible Studies",
"target": null
}
],
"attack_ids": [
{
"id": "T1055",
"name": "Process Injection",
"display_name": "T1055 - Process Injection"
},
{
"id": "T1566",
"name": "Phishing",
"display_name": "T1566 - Phishing"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 11,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "adjadex1@gmail.com",
"id": "187163",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 220,
"hostname": 307,
"URL": 1054,
"FileHash-SHA256": 538
},
"indicator_count": 2119,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 70,
"modified_text": "1424 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "628d21a4558f3ccf49c07931",
"name": "abuse.ch",
"description": "Looking for wizard spider. Some domains have .ru and .su (Soviet Union)",
"modified": "2022-05-24T18:19:16.027000",
"created": "2022-05-24T18:19:16.027000",
"tags": [
"twitter follow",
"button follow",
"reduceright",
"number",
"string",
"regexp",
"error",
"f420",
"gmzsj4f05dr",
"copyright",
"deviceandgeo",
"googlesignals",
"json",
"date",
"void",
"sxa0",
"typeerror",
"cbfunction",
"deferred",
"closure library",
"b1342177279",
"this",
"infinity",
"iframe",
"trident",
"show",
"typeof e",
"version",
"hidden",
"bootstrap",
"click",
"javascript",
"clickdataapi",
"collapse",
"typeof t",
"class",
"attr",
"pseudo",
"child",
"function",
"typeof module",
"button",
"tridentmsieedge",
"linux",
"twttr",
"area",
"false",
"twitter",
"blank",
"gvjsj",
"gvjsyt",
"license",
"small batch",
"apache license",
"unless",
"as is",
"basis",
"without",
"warranties or",
"null",
"node",
"dan vanderkam",
"dygraph",
"gc",
"gvjs8s",
"mmm dd",
"infinity0",
"gvjs6s",
"mmm d",
"axis",
"cell",
"column",
"arial",
"drawingframe",
"select",
"textarea",
"line",
"inside",
"gvjsih",
"rnrn",
"roboto",
"body",
"template",
"outside",
"rial",
"gvjsob",
"azaz09",
"array",
"april",
"june",
"august",
"february",
"span",
"android",
"christ",
"bbfunction",
"twitter tweet",
"font awesome",
"free",
"cc by",
"sil ofl",
"code",
"mit license",
"brands",
"segoe ui",
"emoji",
"helvetica neue",
"noto",
"apple color",
"symbol",
"noto color",
"typebutton",
"sprymedia ltd",
"datatables",
"typeof f",
"without any",
"warranty",
"merchantability",
"fitness",
"a particular",
"adata",
"first",
"next",
"typeof",
"typeof n",
"hide",
"focusin",
"focusout",
"shown",
"js foundation",
"g5gqv3cj17n"
],
"references": [
"https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N",
"https://bazaar.abuse.ch/js/jquery-3.5.1.min.js",
"https://bazaar.abuse.ch/js/bootstrap.min.js",
"https://bazaar.abuse.ch/js/datatables.min.js",
"https://bazaar.abuse.ch/css/bootstrap.min.css",
"https://bazaar.abuse.ch/css/all.min.css",
"https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js",
"https://www.gstatic.com/charts/50/loader.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js",
"https://www.gstatic.com/charts/50/third_party/dygraphs/dygraph-tickers-combined.js",
"https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_line_module.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js",
"https://abuse.ch/js/twitter_widget.js",
"https://abuse.ch/js/jquery-3.6.0.min.js",
"https://abuse.ch/js/bootstrap.min.js",
"https://abuse.ch/js/google-charts.js",
"https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR",
"https://platform.twitter.com/widgets/follow_button.f8c8d971a6ac545cf416e3c1ad4bbc65.en.html#dnt=false&id=twitter-widget-0&lang=en&screen_name=abuse_ch&show_count=false&show_screen_name=true&size=l&time=1653415551742"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Gc",
"display_name": "Gc",
"target": null
},
{
"id": "ReduceRight",
"display_name": "ReduceRight",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 12,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "adjadex1@gmail.com",
"id": "187163",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 560,
"URL": 1639,
"FileHash-SHA256": 223,
"domain": 383,
"email": 1,
"FileHash-MD5": 2
},
"indicator_count": 2808,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 73,
"modified_text": "1426 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6260d13ab57ec96e24359914",
"name": "Malware - reliablesite.net",
"description": "VUE-DEVTOOLs_GLOBAL_Hook__, a description of what it will look like when it comes to testing software, is based on the type of Object.",
"modified": "2022-05-20T00:01:19.453000",
"created": "2022-04-21T03:36:26.313000",
"tags": [
"date",
"swiper",
"value",
"trigger",
"gbps",
"typeof define",
"typeof module",
"roboto",
"helvetica neue",
"arial",
"small",
"error",
"show",
"typeof e",
"version",
"hidden",
"bootstrap",
"click",
"javascript",
"clickdataapi",
"collapse",
"typeerror",
"typeof",
"regexp",
"tether error",
"typeof rnullr",
"anull",
"typeof b",
"pseudo",
"child",
"array",
"sufeffxa0",
"class",
"attr",
"null",
"void",
"65536",
"typeof f",
"vd",
"function",
"activexobject",
"number",
"utmb",
"firefox",
"shockwave flash",
"utma",
"utmz",
"iframe",
"online",
"livechat",
"refreshurl",
"title",
"imageurl",
"cssclass",
"chat",
"object",
"string",
"typeof t",
"incorrect",
"xfunction",
"target",
"typeof p",
"typeof btoa",
"vnode",
"boolean",
"typeof symbol"
],
"references": [
"xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js",
"https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js",
"https://code.jquery.com/jquery-1.12.0.min.js",
"https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js",
"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Vd",
"display_name": "Vd",
"target": null
}
],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "adjadex1@gmail.com",
"id": "187163",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 2233,
"hostname": 827,
"domain": 565,
"FileHash-SHA256": 238
},
"indicator_count": 3863,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 68,
"modified_text": "1430 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "62606584633e2b9a3bc935b9",
"name": "\u7ea2\u674f\u89c6\u9891 malware",
"description": "function s(t,e), o, is a new type of function, which throws new TypeError when it comes to trying to make a function out of its own language or its form.",
"modified": "2022-05-20T00:01:19.453000",
"created": "2022-04-20T19:56:52.162000",
"tags": [
"typeof t",
"typeof define",
"moztransform",
"success",
"error",
"make sure",
"stop",
"ajax",
"action",
"click",
"open",
"active",
"button",
"toggle btn",
"body",
"scroll",
"isotope",
"preloader",
"function",
"javascript",
"mit license",
"typeof module",
"gplv3",
"license",
"copyright",
"metafizzy",
"math",
"typeof",
"typeerror",
"hidden",
"show",
"typeof n",
"version",
"hide",
"focusin",
"focusout",
"shown",
"startr",
"endr",
"federico zivolo",
"distributed",
"html",
"statict",
"flip",
"regexp",
"null",
"void",
"width",
"object",
"pseudo",
"child",
"class",
"date",
"accept",
"webpackrequire",
"name",
"number",
"arraybuffer",
"iterator",
"typedarray",
"prototype",
"string",
"index",
"meta",
"target",
"infinity",
"zero",
"epsilon",
"observer",
"android",
"trim",
"enumerate",
"freeze",
"internal",
"bind",
"window",
"next",
"find",
"this",
"rest",
"middle",
"canvas",
"slidercaptcha",
"createelement",
"textdanger",
"plugin",
"rgba",
"imagedata",
"false",
"touchstart",
"trident",
"applewebkit",
"safari",
"base",
"presto",
"gecko",
"khtml",
"micromessenger",
"typeof e",
"swiper",
"most",
"september",
"customevent",
"image",
"typeof c",
"twitter",
"bootstrap",
"rolemenu",
"typeof f",
"typeof g",
"cookie plugin",
"https",
"klaus hartl",
"register",
"nodecommonjs",
"factory",
"jquery",
"write",
"typeof b",
"array",
"sufeffxa0",
"attr",
"\u706b\u7bad\u5185\u6d4b\u7b7e\u540d",
"0x1d9131",
"0x180bcc",
"0x4b6177",
"0x13f349",
"0x3bcb54",
"0xbbe80d",
"0x57b7de",
"0x2ea74e",
"0x4fb0f2",
"0x25f113",
"push",
"shift",
"tencent",
"barrio",
"slice",
"symbol",
"typeof window",
"maximum",
"typeof symbol",
"udc66udc67",
"ud83d",
"ufe0f",
"ud83e",
"udc68udc69",
"udfcbudfcc",
"u2640u2642",
"ufe0fg",
"ud83dudc6cud83c",
"ud83dudc6dud83c",
"welcome",
"datav66d78640",
"datav2f8052f5",
"90deg",
"datav5f1e575c",
"datave97d7462",
"helvetica neue",
"helvetica",
"10px",
"pingfang sc",
"arial",
"45deg",
"typenumber",
"opacity0",
"mozopacity0",
"khtmlopacity0",
"opacity100",
"event",
"boolean",
"uint8array",
"errordetails",
"info",
"checker",
"generator",
"blink",
"keepalive",
"4096",
"unknown",
"meteor",
"rhino",
"mini",
"comment",
"verify",
"yeke",
"codec",
"media",
"live",
"speed",
"headname",
"axiostimeout",
"apiurl",
"bmi86hjtsk",
"root",
"length",
"indexof",
"x0ax20x20x20x20",
"location",
"0x10",
"0x18",
"history",
"config",
"cookie",
"onload",
"video",
"afunction",
"indexnotice",
"sitehome",
"x20trnf",
"please",
"strong"
],
"references": [
"xfe-URL-sys95.com-stix2-2.1-export.json",
"https://2001.habyc.com/?channelNo=2001#/home",
"https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw",
"https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js",
"https://sdk.51.la/js-sdk-pro.min.js",
"https://2001.habyc.com/js/config.js",
"xfe-URL-2001.habyc.com-stix2-2.1-export.json",
"https://2001.habyc.com/static/js/chunk-vendors.9d7684f4.js",
"xfe-URL-habyc.com-stix2-2.1-export.json",
"https://2001.habyc.com/static/css/chunk-vendors.6a41b67e.css",
"https://2001.habyc.com/static/css/app.88afcfd8.css",
"https://2001.habyc.com/static/css/chunk-7d5d3bac.e1a32335.css",
"https://2001.dwlww.com/?channelNo=2001#/home",
"https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js",
"https://2001.dwlww.com/js/config.js",
"https://2001.dwlww.com/static/js/chunk-vendors.9d7684f4.js",
"https://2001.dwlww.com/static/js/app.9d5d18d7.js",
"https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css",
"https://2001.dwlww.com/static/css/app.88afcfd8.css",
"https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css",
"https://www.tidio.com/talk/kv6vcosd7tmhsetmarsoawzaglejnny4",
"https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4",
"https://widget-v4.tidiochat.com/code/kv6vcosd7tmhsetmarsoawzaglejnny4.js",
"https://m4244.com:35003/",
"https://www.8098.app:21568/?agent=7691755704",
"https://www.8098.app:21568/js/jquery-1.11.3.min.js",
"https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004",
"https://app.ynsdty.cn//package/GmCC6WISh",
"https://app.ynsdty.cn/dist/js/jquery.min.js",
"https://app.ynsdty.cn/dist/js/jquery.cookie.js",
"https://app.ynsdty.cn/dist/vendors/bootstrap/js/bootstrap.min.js",
"https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js",
"https://app.ynsdty.cn/dist/js/app.base.js",
"https://app.ynsdty.cn/dist/js/longbow.slidercaptcha.js",
"https://app.ynsdty.cn/dist/vendors/core-js/core.js",
"xfe-URL-sun.net.hk-stix2-2.1-export.json",
"https://www.sunnetwork.com.sg/sun_21/js/vendor/jquery-3.5.0.min.js",
"https://www.sunnetwork.com.sg/sun_21/js/popper.min.js",
"https://www.sunnetwork.com.sg/sun_21/js/bootstrap.min.js",
"https://www.sunnetwork.com.sg/sun_21/js/isotope.pkgd.min.js",
"https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js",
"https://www.sunnetwork.com.sg/sun_21/js/main.js",
"https://www.sunnetwork.com.sg/sun_21/js/ajax-form.js",
"https://www.sunnetwork.com.sg/sun_21/js/slick.min.js"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1059",
"name": "Command and Scripting Interpreter",
"display_name": "T1059 - Command and Scripting Interpreter"
},
{
"id": "T1547",
"name": "Boot or Logon Autostart Execution",
"display_name": "T1547 - Boot or Logon Autostart Execution"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 8,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "adjadex1@gmail.com",
"id": "187163",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"domain": 901,
"URL": 5740,
"hostname": 2218,
"FileHash-SHA256": 1686,
"FileHash-MD5": 3
},
"indicator_count": 10548,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 69,
"modified_text": "1430 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "625f42dcc369f59f6a1e8b58",
"name": "data102 and colohouse. Malware hosting",
"description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.",
"modified": "2022-05-19T00:00:49.028000",
"created": "2022-04-19T23:16:44.418000",
"tags": [
"regexp",
"rangeerror",
"typeerror",
"date",
"array",
"error",
"this",
"uint8array",
"typeof b",
"buffer",
"class",
"null",
"path",
"void",
"marketo forms",
"cross domain",
"typetext",
"typeurl",
"typeemail",
"typetel",
"typenumber",
"typedate",
"color",
"label",
"input",
"typerange",
"typecheckbox",
"woff2",
"fontface",
"u1c801c88",
"u20b4",
"u2de02dff",
"ua640a69f",
"ufe2efe2f",
"u04b004b1",
"u2116",
"u1ea01ef9",
"franklin",
"woff",
"u20ab",
"u0259",
"u1e001eff",
"u2020",
"u20a020ab",
"u20ad20cf",
"gradienttype0",
"webkitkeyframes",
"span",
"button",
"tbody",
"textarea",
"helvetica neue",
"tfoot",
"body",
"alpha",
"twitter",
"roboto",
"pitch",
"datasecret",
"q1kg",
"q17g",
"d2dg",
"c d3r",
"q171zg",
"e c2ttttb",
"c g7",
"6n184z",
"6f6g",
"typeof",
"wpcf7redirect",
"cf7mlscurrentfs",
"handle fire",
"popuptemplate",
"templatename",
"click",
"fieldset",
"cf7mlsbackfs",
"section",
"classwidget",
"idmenu",
"idfooter",
"idwidget",
"idcomment",
"classmenu",
"classfooter",
"classcomment",
"target",
"blank",
"typeof e",
"formdata",
"typeof symbol",
"customevent",
"post",
"refill",
"wpcf7",
"wpcf7locale",
"wpcf7unittag",
"typeof wpcf7",
"boolean",
"modernizr",
"custom build",
"build",
"afunction",
"cfunction",
"object",
"documenttouch",
"websocket",
"symbol",
"generator",
"function",
"select",
"harvest",
"mit license",
"optgroup",
"nnn n",
"n nnnn",
"explorer",
"options",
"abbr",
"element",
"unknownerror",
"overquerylimit",
"requestdenied",
"zeroresults",
"node",
"edge",
"android",
"trident",
"unknown",
"false",
"iframe",
"marker",
"hybrid",
"tawkspinner",
"failed",
"resend",
"tawkavatar",
"tawkvideo",
"tawkalert",
"tawkemoji",
"tawkicon",
"enter",
"number",
"startchatbutton",
"u26a1",
"typeof t",
"invalid attempt",
"copyright",
"marketo",
"remove",
"commentform",
"author",
"mouseenter",
"secure",
"ccpa",
"bottom",
"fixed",
"widget",
"embed",
"trigger",
"antispam",
"please",
"cleantalk",
"typeof o",
"ajaxnonce",
"unkown",
"apbctajaxerror",
"typeof define",
"typeof module",
"html tags",
"ox20trnf",
"dom element",
"attr",
"pseudo",
"child",
"udc66udc67",
"ud83d",
"ufe0f",
"ud83e",
"udc68udc69",
"udfcbudfcc",
"u2640u2642",
"source",
"image",
"ud83dudc6cud83c",
"qe",
"string",
"xhfunction",
"yhfunction",
"gtmptxlxz4",
"host",
"code",
"script",
"promise",
"complete",
"reduceright",
"g7be8pmlskx",
"r300",
"typeof d",
"caca",
"ufunction",
"ffunction",
"gfunction",
"mchtd",
"azaz",
"firefox",
"opera",
"chrome",
"iemobile",
"black",
"incorrect",
"xfunction",
"typeof p",
"typeof btoa",
"vnode",
"colohouse",
"york",
"learn more",
"data center",
"miami",
"e cermak",
"springs",
"read",
"cloud",
"managed",
"fast",
"philadelphia",
"bare",
"metal",
"chat",
"accept",
"placeheld",
"minimum",
"tooshort",
"wpcf7wfreetext",
"alert",
"invert",
"form",
"animation",
"value",
"foundation",
"migrate",
"backcompat",
"quirks mode",
"typeof f",
"html",
"sufeffxa0",
"legacy",
"contenttype",
"wivobjkey",
"typehit",
"data",
"closure library",
"pfunction",
"zfunction",
"bfunction",
"mvoid",
"ofunction"
],
"references": [
"xfe-URL-Data102.com-stix2-2.1-export.json",
"https://www.google-analytics.com/analytics.js",
"https://chimpstatic.com/mcjs-connected/js/users/6c3abfa7ff8634c75cdb2b22e/ddf7a436c1746be666f330e4a.js",
"https://app.whoisvisiting.com/who.js",
"https://www.data102.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp",
"https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1",
"https://www.data102.com/?wordfence_lh=1&hid=2D6A812A7EB197E80D5A3978A6386BE4&r=0.5029022326538093",
"https://www.data102.com/wp-includes/js/wp-embed.min.js?ver=00b0ffc433836dcf9f57035fded0b908",
"https://www.data102.com/wp-content/plugins/cta/shared//shortcodes/js/spin.min.js",
"https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js",
"https://colohouse.com/",
"xfe-URL-colohouse.com-stix2-2.1-export.json",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-runtime.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-app.js",
"https://munchkin.marketo.net/161/munchkin.js",
"https://www.googletagmanager.com/gtag/js?id=G-7BE8PMLSKX&l=dataLayer&cx=c",
"https://embed.tawk.to/5697c34527b9b5d40b66960f/default",
"https://www.googletagmanager.com/gtm.js?id=GTM-PTXLXZ4",
"https://colohouse.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8",
"https://colohouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0",
"https://colohouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173",
"https://colohouse.com/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.4",
"https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31",
"https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1",
"https://munchkin.marketo.net/munchkin.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-32507910.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-f163fcd0.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0b9454.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js",
"https://app-ab02.marketo.com/js/forms2/js/forms2.min.js",
"https://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyDR76rjQL_2raonHiZ6ZrPqJr-FPb7pGH0",
"https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js",
"https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7",
"https://colohouse.com/wp-content/themes/Netrouting/js/vendor/modernizr-2.8.3-respond-1.4.2.min.js",
"https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2",
"https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485",
"https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1",
"https://colohouse.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6",
"https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8",
"https://colohouse.com/wp-content/plugins/wp-schema-pro/admin/assets/min-js/frontend.min.js?ver=2.7.2",
"https://colohouse.com/wp-content/cache/autoptimize/css/autoptimize_5e11636f7dd8fb4f55e0ff84f0ed5faa.css",
"https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext",
"https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6",
"https://app-ab02.marketo.com/js/forms2/css/forms2.css",
"https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css",
"https://app-ab02.marketo.com/index.php/form/XDFrame"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [
{
"id": "Qe",
"display_name": "Qe",
"target": null
},
{
"id": "ReduceRight",
"display_name": "ReduceRight",
"target": null
}
],
"attack_ids": [
{
"id": "T1036",
"name": "Masquerading",
"display_name": "T1036 - Masquerading"
},
{
"id": "T1049",
"name": "System Network Connections Discovery",
"display_name": "T1049 - System Network Connections Discovery"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"display_name": "T1140 - Deobfuscate/Decode Files or Information"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 3,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "adjadex1@gmail.com",
"id": "187163",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 2599,
"hostname": 952,
"FileHash-SHA256": 458,
"domain": 557
},
"indicator_count": 4566,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 69,
"modified_text": "1431 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "6236fd4f28c3eb5b44fc33ae",
"name": "http://www.diapers.com.sg/GOO.N-Japan-Version-Diapers-Pants/",
"description": "",
"modified": "2022-04-19T00:01:05.210000",
"created": "2022-03-20T10:09:19.042000",
"tags": [
"sandbox",
"malware",
"analysis",
"online",
"submit",
"vxstream",
"sample",
"download",
"trojan",
"apt",
"ansi",
"data",
"decrypted ssl",
"threat level",
"date",
"windows nt",
"sha256",
"pcap",
"pcap processing",
"report domain",
"accept",
"path",
"error",
"suspicious",
"malicious",
"this",
"vvsc",
"hybrid",
"close",
"click",
"hosts",
"general",
"local",
"trident",
"strings"
],
"references": [
"https://hybrid-analysis.com/sample/d6efd0eda408fff305f6281307657f61e344e24345dfbbb166b4ca50f7abff0d/6236eaf4900f62451b39492f"
],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [
{
"id": "T1012",
"name": "Query Registry",
"display_name": "T1012 - Query Registry"
},
{
"id": "T1573",
"name": "Encrypted Channel",
"display_name": "T1573 - Encrypted Channel"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "dorkingbeauty1",
"id": "80137",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 602,
"hostname": 299,
"domain": 149,
"FileHash-SHA256": 307,
"email": 4,
"CVE": 1,
"FileHash-MD5": 59,
"FileHash-SHA1": 53
},
"indicator_count": 1474,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 395,
"modified_text": "1461 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "621fff12d2c54f70fea90576",
"name": "Bexar.org",
"description": "",
"modified": "2022-04-01T00:01:54.852000",
"created": "2022-03-02T23:34:42.531000",
"tags": [],
"references": [
"www.bexar.org - urlscan.io.pdf",
"bexar api 4.pdf",
"bexar api 8.pdf",
"bexar 6.pdf",
"bexar api 2.pdf",
"bexar api 7.pdf",
"bexar api 3.pdf",
"bexar api 9.pdf",
"bexar api 12.pdf",
"bexar api 17.pdf",
"bexar api 15.pdf",
"bexar api 18.pdf",
"bexar api 10.pdf",
"bexar api 19.pdf",
"bexar api 20.pdf",
"bexar api 13.pdf",
"bexar api 21.pdf",
"bexar api 14.pdf",
"bexar api 22.pdf",
"bexar1.pdf",
"bexar api5.pdf",
"bexar2.pdf",
"bexar3.pdf",
"bexar.org 3.2.22.pdf",
"bexar6.pdf",
"bexar5.pdf",
"bexar api_1.pdf",
"bexar10.pdf",
"bexar api.pdf",
"bexar_v1df.pdf",
"bexarv4df.pdf",
"bexarv2df.pdf",
"bexarv6df.pdf",
"bexasv3df.pdf",
"bexarv7df.pdf",
"bear_v apidf.pdf"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Kailula4",
"id": "131997",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"hostname": 1833,
"URL": 4669,
"domain": 1025,
"FileHash-SHA256": 1735,
"email": 4,
"FileHash-MD5": 133,
"FileHash-SHA1": 6,
"CIDR": 5
},
"indicator_count": 9410,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 407,
"modified_text": "1479 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "621bc13f579cdd25d609b309",
"name": "whitehouse.govapi_2.27.22",
"description": "",
"modified": "2022-03-29T00:03:34.773000",
"created": "2022-02-27T18:21:51.099000",
"tags": [
"show",
"download go",
"full url",
"reverse dns",
"request",
"windows nt",
"win64",
"khtml",
"gecko",
"response",
"main",
"accept",
"february",
"behaviour",
"lookup go",
"rescan add",
"verdict report",
"de summary",
"http",
"redirects links",
"similar dom",
"content api",
"value",
"search domain",
"scan url",
"search url",
"meta",
"detected",
"akamaiasn1",
"google",
"expand overall",
"page url",
"iframe"
],
"references": [
"whitehouse.govapi_2.27.22.pdf",
"whithouse.gov 2.27.22 4.pdf",
"whitehouse.gov 2.27.22 2.pdf",
"whitehouse.gov 2.27.22 1.pdf",
"whitehouse.gov 2.27.22 6.pdf",
"whitehouse.gov 2.27.22 3.pdf",
"whitehouse.gov 2.27.22 5.pdf",
"whitehouse.gov 2.28.22 8.pdf",
"whitehouse.gov 2.27.22 7.pdf",
"whitehouse.gov 2.27.22 8.pdf"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America"
],
"malware_families": [],
"attack_ids": [
{
"id": "T1199",
"name": "Trusted Relationship",
"display_name": "T1199 - Trusted Relationship"
}
],
"industries": [],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Kailula4",
"id": "131997",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"URL": 1452,
"hostname": 405,
"domain": 306,
"FileHash-SHA256": 489,
"email": 1,
"FileHash-MD5": 4
},
"indicator_count": 2657,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 408,
"modified_text": "1482 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"references": [
"bexar api 2.pdf",
"https://www.googletagmanager.com/gtag/js?id=AW-1070742489&l=dataLayer&cx=c",
"https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js",
"https://www.gstatic.com/charts/50/third_party/webfontloader/webfont.js",
"bexar api 12.pdf",
"https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C700%2C700italic%2C900%2C900italic&subset=greek%2Clatin%2Cvietnamese%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek-ext&ver=2.9.6",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js",
"xfe-URL-sun.net.hk-stix2-2.1-export.json",
"https://2001.dwlww.com/?channelNo=2001#/home",
"https://www.data102.com/wp-content/plugins/contact-form-7/includes/js/scripts.js",
"https://app.ynsdty.cn/dist/js/jquery.cookie.js",
"https://colohouse.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js?ver=1.1",
"https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js",
"https://bazaar.abuse.ch/css/bootstrap.min.css",
"https://www.ascio.com/wp-content/themes/Ascio/dist/js/front.js?ver=1648137806",
"https://script.tapfiliate.com/tapfiliate.js",
"https://2001.dwlww.com/static/js/chunk-7d5d3bac.efb700c7.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-4fe9d5dd.js",
"12.main.bundle.50be73a11d1d3745a5ee.js",
"http://www.elizabethmesser.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.5.1",
"https://www.sunnetwork.com.sg/sun_21/js/imagesloaded.pkgd.min.js",
"https://chatting.page/kv6vcosd7tmhsetmarsoawzaglejnny4",
"bear_v apidf.pdf",
"5.main.bundle.e92e5e24e074f9c2a52b.js",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_bar_module.js",
"https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js",
"beacon.js",
"bexar10.pdf",
"https://www.8098.app:21568/js/xinstall_inner_e.min.js?v=1004",
"xfe-IP-47.89.52.178-stix2-2.1-export.json",
"bexar api.pdf",
"https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop",
"http://g.alicdn.com/assets-group/croco/0.0.8/index.js",
"bexarv6df.pdf",
"https://www.data102.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1",
"many script present on business twitter com pg no acc access for me.txt",
"P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js",
"https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz",
"https://colohouse.com/wp-includes/js/wp-embed.min.js?ver=5.8",
"https://contabo.com/client/client-30e55c50.css",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/cleantalk-modal.min.js?ver=5.173",
"bexar_v1df.pdf",
"https://app.whoisvisiting.com/who.js",
"bexarv4df.pdf",
"bexar1.pdf",
"https://www.googletagmanager.com/gtag/js?id=UA-115476727-1",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/flickity.min.js?ver=1.1.1",
"https://hybrid-analysis.com/sample/98d509ee5c88d85c96e401cf9a599a9bed2799101079f99e7e4ae974131ebcc1/643e852b401612eba8065bbb",
"https://www.googletagmanager.com/gtag/js?id=G-MZSJ4F05DR",
"whitehouse.gov 2.27.22 8.pdf",
"from unlogged in twitter https accounts.google.com gsi client- URL - 2ca11d6133b5a313fb740fbdb8c4f6a2a99482dd30044c82635e53f43e16d.pdf",
"https://snap.licdn.com/li.lms-analytics/insight.min.js",
"https://app-ab02.marketo.com/js/forms2/css/forms2-theme-simple.css",
"https://munchkin.marketo.net/161/munchkin.js",
"https://g.alicdn.com/alilog/mlog/aplus_wap.js",
"https://fast.appcues.com/79878.js",
"https://www.virustotal.com/en/file/undefined/analysis/",
"https://colohouse.com/wp-content/plugins/link-whisper-premium/js/frontend.js?ver=1632756485",
"https://bazaar.abuse.ch/js/bootstrap.min.js",
"whitehouse.gov 2.27.22 3.pdf",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/js/jquery.uniform.min.js?ver=1.1.8",
"https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js",
"webcomponent-polyfill.js",
"xfe-URL-Hush.com-stix2-2.1-export.json",
"https://sdk.51.la/event/js-sdk-event.min.js?u=JdoUNv3VSW0GHUpw",
"xfe-URL-2001.habyc.com-stix2-2.1-export.json",
"https://cdn.heapanalytics.com/js/heap-3501642718.js",
"https://colohouse.com/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.31",
"https://abuse.ch/js/twitter_widget.js",
"https://2001.habyc.com/static/js/chunk-7d5d3bac.efb700c7.js",
"https://www.8098.app:21568/js/jquery-1.11.3.min.js",
"https://munchkin.marketo.net/munchkin.js",
"http://www.elizabethmesser.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9",
"https://colohouse.com/wp-content/themes/Netrouting/assets/chosen/chosen.jquery.min.js",
"Events Manager new in twitter analytics.pdf",
"bexar3.pdf",
"https://app-ab02.marketo.com/js/forms2/js/forms2.min.js",
"bexar api 13.pdf",
"https://page.1688.com/shtml/static/wrongpage.html",
"bexar.org 3.2.22.pdf",
"https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js",
"bexar api 7.pdf",
"https://bazaar.abuse.ch/js/datatables.min.js",
"https://portal.ascio.com/runtime.48adad1e07e2679eb1f4.js",
"https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js",
"http://www.elizabethmesser.com/wp-content/plugins/bloom/js/idle-timer.min.js?ver=1.1.8",
"https://2001.dwlww.com/static/css/chunk-vendors.6a41b67e.css",
"https://www.gstatic.com/charts/50/js/jsapi_compiled_fw_module.js",
"https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-common.js",
"https://www.hotjar.com/ensureSegmentId.js",
"https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/modernizr.js?ver=2.6.2",
"xfe-URL-lodash.com-stix2-2.1-export.json",
"https://platform.twitter.com/js/button.3ccb64e61d4c01fae12cd2b0ed9b2bab.js",
"https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js",
"www.bexar.org - urlscan.io.pdf",
"https://2001.habyc.com/js/config.js",
"https://colohouse.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7",
"https://www.sunnetwork.com.sg/sun_21/js/slick.min.js",
"nlsSDK600.bundle.min.js",
"https://sdk.51.la/js-sdk-pro.min.js",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public.min.js?ver=5.173",
"https://colohouse.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.13.1",
"http://www.elizabethmesser.com/",
"bexar api 19.pdf",
"https://app.ynsdty.cn/dist/vendors/swiper/swiper.min.js",
"https://code.jquery.com/jquery-1.12.0.min.js",
"http://www.elizabethmesser.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16",
"https://abuse.ch/js/google-charts.js",
"https://colohouse.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2",
"https://colohouse.com/wp-content/plugins/cleantalk-spam-protect/js/apbct-public--functions.min.js?ver=5.173",
"https://app.ynsdty.cn/dist/js/jquery.min.js",
"v6s.js",
"https://cdn.callrail.com/companies/431115301/7c8f964bc12313c75ad2/12/swap.js",
"14.main.bundle.91f9f7ff635e0b797de3.js",
"https://bazaar.abuse.ch/js/jquery-3.5.1.min.js",
"bexar api 9.pdf",
"https://tobiasahlin.com/js/anime.min.js",
"whitehouse.govapi_2.27.22.pdf",
"https://app.ynsdty.cn/dist/js/app.base.js",
"xfe-URL-colohouse.com-stix2-2.1-export.json",
"https://www.google-analytics.com/gtm/optimize.js?id=OPT-NVZ8RF3",
"https://cdn.pendo.io/agent/static/783a696b-ddf4-4152-439e-f3761f54f088/pendo.js",
"https://2001.dwlww.com/static/css/chunk-7d5d3bac.e1a32335.css",
"bexar api 3.pdf",
"bexar2.pdf",
"bexar api 15.pdf",
"http://www.elizabethmesser.com/wp-content/themes/salient/js/superfish.js?ver=1.4.8",
"xfe-URL-mind.1688.com-stix2-2.1-export.json",
"bexar5.pdf",
"xfe-URL-1688.com-stix2-2.1-export.json",
"https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604",
"http://www.elizabethmesser.com/wp-content/plugins/js_composer_salient/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.0.1",
"\" Page not found Elizabeth Messer – Spiritual Encouragement for your beautiful, messy life",
"description": "",
"modified": "2023-12-06T15:10:51.712000",
"created": "2023-12-06T15:10:51.712000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 538,
"hostname": 307,
"domain": 220,
"URL": 1053
},
"indicator_count": 2118,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 110,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708ef0cdb40fa0e7d239ca",
"name": "either emotet or a part of it",
"description": "",
"modified": "2023-12-06T15:10:40.867000",
"created": "2023-12-06T15:10:40.867000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 342,
"hostname": 456,
"domain": 349,
"URL": 1730,
"FileHash-MD5": 1,
"FileHash-SHA1": 1
},
"indicator_count": 2879,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 109,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
},
{
"id": "65708ed8f7d4b5483117bb66",
"name": "abuse.ch",
"description": "",
"modified": "2023-12-06T15:10:16.397000",
"created": "2023-12-06T15:10:16.397000",
"tags": [],
"references": [],
"public": 1,
"adversary": "",
"targeted_countries": [],
"malware_families": [],
"attack_ids": [],
"industries": [],
"TLP": "green",
"cloned_from": null,
"export_count": 2,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "api",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "StreamMiningEx",
"id": "262917",
"avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-SHA256": 223,
"domain": 383,
"URL": 1639,
"hostname": 560,
"email": 1,
"FileHash-MD5": 2
},
"indicator_count": 2808,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 114,
"modified_text": "865 days ago ",
"is_modified": false,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "domain",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "prototype.run",
"type": "Domain"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "prototype.run",
"found": false,
"verdict": "clean",
"urls": [],
"error": null
},
"from_cache": true,
"_cached_at": 1776630233.8877409
}