{ "type": "Domain", "indicator": "response.data", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/response.data", "alexa": "http://www.alexa.com/siteinfo/response.data", "indicator": "response.data", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2990790925, "indicator": "response.data", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 44, "pulses": [ { "id": "681a2fbdb6a3c2b834cac40d", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "This report analyzes common techniques, tactics, and procedures (TTPs) used by several investment scam actors who lure victims with fake platforms, including crypto exchanges. Key TTPs include registering large numbers of domains algorithmically, embedding similar web forms to collect user data, hiding activity through traffic distribution systems, leveraging fake news with celebrity endorsements, and sharing website structures indicative of using kits. The report focuses on two notable actors, Reckless Rabbit and Ruthless Rabbit, detailing their distinct characteristics and DNS exploitation methods. It highlights the importance of DNS in building and maintaining scam infrastructure, emphasizing the use of registered domain generation algorithms (RDGAs) and traffic distribution systems (TDSs) to strengthen resilience and evade detection.", "modified": "2025-05-06T19:59:57.873000", "created": "2025-05-06T15:50:21.436000", "tags": [ "dns exploitation", "cryptocurrency", "social engineering", "investment scams", "registered domain generation algorithms" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1606.002", "name": "SAML Tokens", "display_name": "T1606.002 - SAML Tokens" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1585.002", "name": "Email Accounts", "display_name": "T1585.002 - Email Accounts" }, { "id": "T1592.004", "name": "Client Configurations", "display_name": "T1592.004 - Client Configurations" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 377668, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68114334e4803d326e4dd5fd", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "This intelligence report analyzes common techniques, tactics, and procedures (TTPs) used by threat actors in investment scams, particularly focusing on the abuse of DNS mechanisms. The actors often use registered domain generation algorithms (RDGAs) to create large numbers of domains, embed similar web forms to collect user data, hide activity through traffic distribution systems (TDS), and leverage fake news with celebrity endorsements. The report details two specific actors, Reckless Rabbit and Ruthless Rabbit, examining their distinct RDGA patterns and campaign strategies. It highlights the importance of DNS in detecting and blocking these scams at scale, as actors exploit DNS to build and maintain their infrastructure.", "modified": "2025-04-29T21:39:55.739000", "created": "2025-04-29T21:23:00.586000", "tags": [ "cloaking", "facebook ads", "dns abuse", "web forms", "tds", "rdga", "investment scams" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1606", "name": "Forge Web Credentials", "display_name": "T1606 - Forge Web Credentials" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 377667, "modified_text": "355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a4c7b73265bc0bd0a7dc0d", "name": "Japanese-Royal: Environment Harvesting and JavaScript RAT Delivered via Fake Developer Interview | ThreatProphet", "description": "A threat actor operating a fake recruiter persona on LinkedIn targeted blockchain developers with a CTO-level role at a fabricated Japanese e-commerce company (\"Commerce Media Inc.\"). After establishing credibility via a Google Docs project brief, the actor shared a malicious GitHub repository (Japanese-Royal) as a technical interview assessment.\nThe repository contains a multi-stage JavaScript implant with four independent execution triggers: VS Code folder open (tasks.json runOn:folderOpen), npm install (prepare hook), npm start, and npm run dev. On execution, Stage 1 exfiltrates the victim's complete process.env to an actor-controlled Vercel endpoint before delivering a beacon payload. The Stage 1 endpoint applies selective gating, returning a benign decoy response to low-value requests.\nStage 2 beacons to 174.138.188.80:3000 every 5 seconds with host fingerprint data, awaiting arbitrary JavaScript tasking via new Function('require', payload)(require).", "modified": "2026-03-31T22:38:14.498000", "created": "2026-03-01T23:11:47.738000", "tags": [ "linkedin-lure", "vscode", "javascript", "contagious-interview", "rat", "node-js", "environment-harvesting", "vercel", "stage", "vs code", "japaneseroyal", "lazarus group", "google docs", "tp2026001", "betfin", "git author", "linkedin", "commerce media", "royal", "cluster", "invisibleferret" ], "references": [ "https://threatprophet.com/posts/2026-02-25-japanese-royal/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ThreatProphet", "id": "384731", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_384731/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 17, "URL": 3, "domain": 2, "email": 1 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6996f8e93657831e2335e456", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams | Infoblox", "description": "Infoblox provides a comprehensive guide to the company's products, services and solutions for customers, companies, and other industry sectors, as well as offering a range of other products and services to customers.", "modified": "2026-02-19T11:50:01.821000", "created": "2026-02-19T11:50:01.821000", "tags": [ "strong", "april", "february", "figure", "november", "january", "december", "september", "august", "july", "june", "facebook", "cloud", "service", "protect", "malspam", "malware", "contact", "tools", "speed", "leverage", "polish", "meta", "form", "defense" ], "references": [ "https://www.infoblox.com/blog/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Russian Federation", "Poland", "Romania", "Kazakhstan" ], "malware_families": [], "attack_ids": [ { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 28, "domain": 97, "hostname": 5 }, "indicator_count": 133, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "59 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f45023af873e8d6ac165b9", "name": "UAlberta Alfresco Databreach -> EPS Crimestoppers Alberta RCMP HR Files", "description": "University of Alberta DataBreach(es) -> Alfresco HR Files (included in this Pulse) - Reported. \nCompromise of Edmonton Police Services (EPS), Alberta RCMP (AB RCMP), CrimeStoppers Alberta - All organizations notified, and provided with identified problems (e.g. criminals), offered solutions (e.g. to address compromised infrastructure). Data 'on hand' and publicly available (e.g. in this pulse). Criminal activity ramping up for 2026. Reported by multiple parties no luck, no response.", "modified": "2026-01-03T01:55:41.491000", "created": "2025-10-19T02:42:43.079000", "tags": [ "entity", "EPS", "Alfresco", "UAlberta", "EdmontonPolice" ], "references": [ "https://www.virustotal.com/graph/embed/g8b17f086c8ca45188352d1d054fa3f8948f81bddd2114ea7b99864e585604e72?theme=dark", "https://en.fofa.info/result?qbase64=ZWRtb250b25wb2xpY2UuY2E%3D", "", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 743, "FileHash-MD5": 75, "FileHash-SHA1": 60, "FileHash-SHA256": 1364, "domain": 688, "hostname": 763 }, "indicator_count": 3693, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "117 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691095202c2ba6d0e5d8a639", "name": "Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process", "description": "The article details a sophisticated cyber attack campaign linked to North Korea, characterized by its innovative Cross-Chain TxDataHiding techniques used for establishing a resilient command and control (C2) infrastructure across various blockchains, including TRON, Aptos, and Binance Smart Chain (BSC). This campaign demonstrates advanced obfuscation methods allowing malicious payloads to be hidden within blockchain data, categorized into smart contract storage, transaction data, and cross-chain techniques.\n\nCross-chain TxDataHiding employs multiple blockchains to minimize risks associated with takedown efforts. In the described methodology, addresses on different chains act as pointers to malicious payloads stored on BSC. For instance, malware first queries TRON or Aptos, extracts transaction hashes, then uses those to retrieve and decrypt encrypted payloads on BSC.", "modified": "2025-12-09T13:04:38.533000", "created": "2025-11-09T13:20:32.375000", "tags": [ "ransomware", "threat intelligence", "cybersecurity", "isac", "security community", "ransomware defense", "txdatahiding", "ethereum", "bsc transaction", "tron", "aptos", "apis", "tronaptos", "utf8", "obfuscation", "payload", "telegram", "malware", "trojan", "execution", "lazarus", "virustotal", "defender", "iocs", "spawns", "further persistence", "remote access", "second", "first", "timestamp", "devicename", "remoteip", "folderpath", "timestamp desc", "remoteurl", "actiontype", "remoteport", "filename", "filemodified", "hunt", "union", "supply chain" ], "references": [ "https://ransom-isac.org/blog/cross-chain-txdatahiding-crypto-heist/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1090.003", "name": "Multi-hop Proxy", "display_name": "T1090.003 - Multi-hop Proxy" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 5, "YARA": 2, "domain": 4, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 171, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6665315e25f9dd42a99e4f2f", "name": "UAlberta Alfresco Management Software Abuse -> Admin/Backdoor Edmonton Police Services", "description": "Just pulled down what was in my employee profile (I don't work there).\nDiscovered after being directed to some management system (unknown at the time).\nPulled down and scanned: 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075", "modified": "2025-10-10T19:03:58.376000", "created": "2024-06-09T04:36:46.536000", "tags": [ "note", "home", "lucene paths", "json descriptor", "lucene path", "company home", "actividades", "pageuser", "sie knnen", "sie auf", "link klicken", "recente", "u kunt", "attivit", "possibile", "activits", "vous", "report", "web link", "cvs report", "link", "chs placement", "chs student", "placement", "team", "google form", "university", "alberta", "automation", "please", "following", "followers", "ihnen", "mitarbeitern", "mitarbeiter", "hello", "foreign visitor", "fvca", "human resource", "fvca assessment", "incomplete", "regards", "klik", "wachtwoord", "mijn profiel", "klik op", "hoogachtend", "alfresco", "bonjour", "cliquez sur", "nous", "pour ce", "mon profil", "changer", "invito", "caro", "fare", "password", "il mio", "cambia password", "per rifiutare", "cordiali saluti", "my profile", "change password", "konto", "sie erstellt", "passwort", "wir legen", "ihnen nahe", "passwort bei", "anmeldung zu", "ndern", "gehen sie", "mmm yyyy", "nome utente", "nombre", "contrasea", "para hacerlo", "mi perfil", "atentamente", "account", "alfresco share", "hola", "haga", "los datos", "y seleccione", "si desea", "click", "einladung von", "hallo", "sie eingeladen", "site", "klicken sie", "konto fr", "alfresco client", "kofax index", "inhaltselement", "zur site", "gren alfresco", "pledged gift", "office", "advancement", "datetime", "university vpn", "date", "shared", "support", "auxiliary", "process", "priority", "medium high", "pay action", "sincerely", "uofa ecm", "link um", "aufgaben stehen", "verfgung", "prioritt", "niedrig mittel", "hoch", "klicken", "aufgabe zu", "il seguente", "disponibile", "priorit", "bassa media", "alta", "clicca", "clicca su", "la tche", "tre rcupre", "basse moyenne", "leve", "cliquez", "cordialement", "prioriteit", "laag gemiddeld", "hoog", "la siguiente", "prioridad", "media alta", "saludos", "kb content", "links content", "content url", "download url", "webdav url", "ttulo", "descripcin", "ninguno", "ninguna", "creador", "creado", "modificador", "modificado", "tamao", "webdav", "titre", "aucun", "aucune", "modificateur", "modifi", "taille", "ko liens", "du contenu", "dossier du", "url webdav", "titolo", "nessuno", "nessuna", "creato", "modificato", "dimensioni", "kb link", "al contenuto", "cartella", "ingen", "beskrivelse", "tittel", "opprettet", "modifikator", "modifisert", "strrelse", "lenker for", "innhold mappe", "descrio", "nome", "nenhum", "nenhuma", "criador", "criado", "tamanho", "geen", "beschrijving", "titel", "maker", "gemaakt", "gewijzigd", "grootte", "contenturl", "downloadurl", "beschreibung", "url zum", "keiner", "keine", "ersteller", "erstellt", "bearbeiter", "gendert", "kb links", "download", "navigatebrowse", "pagesite", "readme file", "yesno", "user name", "main", "function", "log debug", "record", "sample rm", "import", "njson", "forms", "sites", "documenttype", "commonfolder", "error", "value", "jsonfile", "service", "false", "moving", "prop", "null", "bearer", "uappol", "uappol function", "contentid", "param", "id var", "call", "post request", "json", "config", "coveo", "uappol metadata", "content id", "and not", "loads", "update", "uploader", "inbox", "rnrn", "create", "contenteml", "inbox folder", "number", "normal", "textpart", "backup", "createchildren", "backupname", "childlist", "name", "content", "array", "write", "childname2", "childname3", "childname4", "reviewgroup", "groupsite", "starting", "started", "delete email", "command", "found", "create content", "resources", "unknown command", "globals", "var title", "rnrncopyright", "copyright", "csvtoarray", "regexp", "jsonstr", "daily", "review", "az09", "format", "hrsfilescanner", "hrs document", "fromscanner", "not type", "matches1", "employee id", "third", "tempfilename", "ldap", "version", "this", "file share", "folder", "trimlr", "namearr", "personid", "document name", "ales file", "scanned", "shared drive", "last", "document type", "document", "advising notes", "debug", "debugstr", "schedule", "descriptorpath", "web service", "inbound rule", "web services", "collaborator", "groupeveryone", "check", "index", "taskassignee", "taskenddate", "filename", "localisotime", "startdatetime", "timeperiod", "uofa edrms", "author", "descommonnode", "nomatch", "iddocumenttype", "siteid", "span", "path", "term", "core", "cap report", "template", "object", "cap mail", "dev testing", "application", "aps status", "cap generate", "monthly report", "extension", "alfresco locale", "september", "pm mdt", "school", "didx", "json response", "cap final", "rebcapiddict", "finalcapiddict", "aps process", "trigger", "chsdocument", "message", "func", "msgstr", "emailobj", "emailtemplate", "emailsubject", "sitepath", "chs docs", "studentfiles", "faculty", "true", "chssiteid", "type", "aspect", "chsdocs", "nodeidx", "find", "expired", "chs school", "defunc", "facultykey", "program", "spasite", "ldapperson", "parent name", "securitytype", "formsengg", "limit", "enggfilescanner", "stuccid", "csv file", "studdept", "supccid", "supdept", "cosupccid", "relocation", "fgsr", "records site", "fgsr doc", "department", "start fgsr", "department doc", "completion of", "oral hlth", "form", "application for", "report of", "admission", "master", "music", "unknown", "comp", "class", "leave", "supervisor", "currentline", "return", "studentid", "superccid", "revdate", "code", "apstaskproperty", "converttocsv", "aps guideline", "aps task", "newdata", "hyperlink", "certificate", "first", "info", "procid", "filecontentstr", "query sort", "create header", "person id", "subject title", "node", "studentccid", "yyyymmdd", "lookupjson", "propidx", "input date", "iso format", "folder level", "query", "duedate", "test java", "dailyschedule", "upload", "ro adm", "workflow", "offset", "adm workflow", "data length", "startindex", "json object", "aps group", "acs site", "user", "getgroupid", "am mst", "acsaps group", "user sync", "january", "start january", "february", "start february", "december", "start december", "march", "start march", "am mdt", "consumer march", "aps student", "april", "start april", "june", "start june", "pm mst", "ro backscan", "edrmsteam", "group", "group december", "aps ro", "copy file", "aps api", "maxfile", "creator", "rand", "hrsbs", "july", "august", "hrsbssyncccids", "zhrroleuserresp", "edrms", "ccids", "prefix", "createdirectory", "directory", "actionreason", "safefilename", "employeeclass", "carry", "csv data", "host", "bachelor", "college level", "mike", "propname", "maxitems", "currjson", "fvca status", "important", "prod", "manual data", "doctoratephd", "medicine", "nodename", "employeeccid", "managerccid", "employeeid", "workingtitle", "regtempdescr", "findkey", "email", "new document", "doctypelabel", "competitive bid", "bid exception", "pcm competitive", "and aspect", "competitive", "nodes", "bid update", "acommonfolder", "formspcm", "peoplesoft", "no data", "qaselectednode", "qaselected", "qanotselected", "qa folder", "preqa", "qa var", "documentcount", "passcount", "qadocument", "qa selected", "moved", "attempts", "accepted", "rm file", "plan", "rm filing", "min to", "rm system", "batch", "time limit", "rmcfg", "string", "already", "load", "valid", "graddate", "uathdep", "ccid", "title", "abstract", "embargo", "datestr", "searchresult", "alfresco afa", "admissions", "student case", "files", "and type", "institution", "inst", "json config", "institution not", "if file", "logger", "needle", "xmlstr", "staus", "document linkn", "getlogfile", "documentlist", "xml field", "not found", "addaspect", "move aspect", "duplicate file", "makes", "to max", "checks", "workflow name", "workflow link", "emplid", "due daten", "total afa", "not path", "afabundling", "change", "not aspect", "logs", "ephesoft", "document moved", "epehsoft", "xmlsourcenode", "batchsize", "filemappingpdf", "entry", "move file", "getcsvfile", "batchprocess", "logging", "completed", "document link", "groupn", "created date", "stdapl", "person", "workflow desc", "json file", "list", "lastmonth", "daily qa", "default", "qastartdate", "query language", "finished", "afa bundle", "transcriptarr", "lucene query", "qacounter", "rrfgroupname", "uaroemplid", "uaropriority", "uaroduedate", "documentlistarr", "uarmm", "profile", "courseauditform", "status", "jile", "searchmatchmove", "logfoldername", "backscanreview", "smfstr", "rosm", "converter", "shortxml", "failedcsvfolder", "xml file", "qaoperatorindex", "qaoperatorlabel", "script", "suresh", "aws promotion", "file", "tasks", "bundlingprop", "tasktype", "grps2", "uarotasktype", "comments", "test", "ro scripts", "xmlnode", "shortdescr", "xmlcont", "firstname", "orgid", "middlename", "lastname", "middle", "final", "script started", "to now", "received date", "first name", "receiveddatestr", "dateofbirthstr", "getdefination", "2005 aug", "dropbox", "foldercreate", "scan doc", "officiality", "search match", "running script", "materialextid", "studentref", "ceeb", "materialcode", "memo", "jsoncontent", "ro document", "paperfileutils", "afaconfig", "ro workflow", "paperfileconfig", "applicationjson", "formsrso", "targetfile", "property name", "pinames today", "addp", "science addp", "addp move", "ro code", "scifilescanner", "desconfnode", "grabnodeprop", "copy", "consumer", "initiators", "hiring", "consigno", "offer letter", "match", "apsmaster", "match2", "reappointment", "expiry date", "today", "finaldate", "task info", "psperson", "complete basic", "hiring info", "employee", "resultdata", "delegategroup", "delegate group", "verify", "bind", "aps appointment", "trevor report", "sfsussl", "drawdown", "refund", "reporttype", "var document", "shareurl", "newgroup", "parentgrp", "group created", "var logfile", "rule folder", "site running", "report on", "get site", "foldername", "create file", "reportlogslogs", "reportlogs", "ist site", "running report", "count", "tran", "var csvfile", "result length", "processid", "process id", "delimiters", "quoted", "standard", "starting name", "morechildren", "pdf var", "length", "newname", "fiscal", "docnamearr", "filenode", "calendar year", "versionhistory", "new doc", "web deployed", "var startdate", "startdate", "maxcount", "prevmonth", "monthcount", "application id", "delete", "get path", "if node", "search length", "arra y", "if csv", "version history", "graduate", "graduate folder", "children", "graduate file", "searchmatchdob", "career", "appl nbr", "jan04 now", "counter", "thesis", "runyear", "spring", "service log", "everything", "this determine", "thesis deposit", "archival", "problem", "filepath", "md import", "arraytocsv", "found document", "start", "food", "yumna", "start kofax", "kofax", "admin", "subject", "sample email", "execute", "koafx", "apasresponseid", "merge", "recruitment", "transcripts", "review request", "admindate", "requesteddate", "approveddate", "approvereject", "getemailbody", "taskid", "sendemail", "request status", "siteconsumer", "sitemanager", "eval", "acshost", "global env", "config file", "apsprod", "params", "alloc", "checkpath", "newpath", "adding entity", "surnamechar", "adding person", "jsonfunction", "text", "syntaxerror", "arraytoxml", "xml related", "change xml", "xmltoarray", "xmlutil", "common folder", "random2digit", "maxlimit", "jsonarchive", "very", "returns", "sitecontext", "arrcounter", "node id", "items", "array length", "therecord", "award sponsor", "rso project", "res0012345", "iso88591", "util function", "project id", "proposal id", "doc name", "newdocname", "prod url", "199899", "property", "typeprop", "barcode", "accepts", "parent", "xmlfilename", "siteconfigjson", "qabatchgrp", "signeddate", "ephdocumenttype", "json document", "qapercentage", "entity", "broker", "add error", "getexecutetime", "qaoperator", "retain title", "idnumber", "assocname", "metaarr", "fund report", "csvcontent", "input folder", "doc00c200004txg", "xmlfile", "node1", "node2", "540am", "240pm", "metadata", "var folder", "filter", "mappedobj", "09azaz", "conditionval", "foldercondition", "file name", "xmlfileobj", "alfresco prop", "setup error", "formatjson", "id property", "move", "getrandomnumber", "result", "newdoctype", "no title", "clioacs update", "clio", "patch", "system overview", "system", "overview", "purpose", "aims", "objectives", "prerequisites", "total", "expected effort", "domain", "urls", "dept param", "department name", "done", "submit form", "saving", "label", "input", "approvers", "information", "user group", "request", "group request", "users", "single family", "edmonton ab", "coverage", "common law", "step workflow", "care", "dental benefits", "direct", "web scripts", "get http", "documentation", "web script", "http method", "http", "apis", "development", "knowledge", "java", "empty argument", "e1234", "im system", "lookupentity", "configfilename", "namespace", "searchterm", "access", "jsonuser", "alfresco search", "page search", "expires", "signer", "reason", "utf8", "stripcharacter", "pull hiring", "getapsdbid", "save", "processsetidset", "saved", "returndata", "boolean", "start building", "varname", "fill", "time click", "initiated all", "submissions", "all submissions", "process landing", "page", "initiators all", "maps initiated", "post doc", "student term", "start form", "middle name", "email address", "retype", "cell", "phone no", "fellow", "secureorigin", "expand", "thank", "here", "please check", "aps list", "pang", "subset", "display", "args", "task", "username", "save form", "data need", "cdkey", "checkdict", "item", "column", "anchor", "multi", "tasks filter", "search", "trigger aps", "process api", "apsprocess", "authentication", "webscript", "getapsperson", "process info", "initsavestatus", "step0statusfail", "signer1", "signer2", "appointment", "taskjson", "groupapiaccess", "checkapiuser", "fgsrpr", "psaudit", "statusname", "unsuccessful1", "apptreappt", "emplobject", "caps aps", "cap epsb", "applicant", "form submitted", "board review", "form applicant", "school district", "start date", "cap application", "home help", "pdfa format", "larger", "upload file", "please click", "uofacap", "applications", "jstr", "processjson", "invalid url", "associate dean", "edmonton public", "october", "elk island", "reutrn false", "mapdoctypeurl", "doctype", "cap document", "doctypes", "doctypemap", "schools", "public schools", "foip", "edmonton area", "epsb", "capid", "server", "aps user", "groupcapadmin", "assignuser", "cap ea", "successfully", "please wait", "successfully ea", "apsservice", "apsserviceprod", "requireddate", "bibliography", "reb approval", "letter", "cprbls", "ahsrespect", "ahscon", "immformdocs", "picvsc", "whmis", "condissi", "hspnet", "conphoto", "conclin", "college", "health", "submission date", "effective date", "expiration date", "chs admin", "student view", "typekey", "placementdocs", "warning", "jobj", "abraniuk", "wendy", "terry harris", "directorhrsbs", "level", "holiday pay", "part time", "payroll", "salariedreg aux", "cheat", "paramname", "getallurlparams", "hrsbs config", "data dictionary", "field", "responsejson", "workflowid", "workflow id", "context", "event", "statusevent", "uaesign", "success", "permission", "progress report", "postdoctoral", "sorry", "deptjson", "fgsr student", "process status", "select", "currentuser", "reports", "student ccid", "populated", "invalid student", "supervisor ccid", "co supervisor", "due date", "freedom", "report process", "fgsr forms", "list fgsr", "report fgsr", "report sorry", "review process", "fgsr supervisor", "thesis programs", "programs", "please enter", "student id", "submit button", "var taskid", "var currentuser", "review sorry", "raheel", "added", "urlorigin", "need", "raheel var", "elmid", "commentkeyarr", "override", "menu", "colour bar", "mdphd", "absence", "completion", "mbameng", "mbamsc", "meng", "jason", "acs property", "available", "subdoctype", "test person", "test effective", "modelnodepath", "sitename", "metadatamap", "sitefile", "google addon", "gtagra", "gta gra", "zhreformengresp", "id otherwise", "university home", "indicate", "monday", "tuesday", "wednesday", "thursday", "friday", "na note", "services", "please contact", "documentname", "time", "docs", "documentlink", "employee ccid", "conflict", "task assigned", "ist coi", "declaration", "jsonobj3", "parse", "stringify", "grouplist", "json post", "taskfilter", "applies", "assigntogroup", "retrieves", "assignee", "queries", "expects", "uri args", "json containing", "applyfilter", "assignment", "avm folder", "avm store", "store id", "fullpath", "store", "storeid", "avm stores", "search term", "blog query", "category", "api call", "returns json", "cached data", "keylabel", "rest", "ldap query", "resultstr", "jsonoutput", "campusid", "jsonobj", "suresh joshee", "raheel bhojani", "desrochers", "first check", "set message", "materialkey", "acommonfolderid", "hasaccess", "siteconfig", "unprocesseddata", "savemetadata", "getcustomscript", "sitetitle", "error occured", "afa admission", "afas", "change log", "date name", "description", "ebeaton script", "tfrith", "afa main", "runasuser", "afas name", "afa paper", "file test", "utility enter", "does", "student", "bad query", "parameters", "add all", "or condition", "batch ids", "case files", "batchid", "afns", "agricultural", "anaesthes", "life", "environmental", "anaesthesiology", "uappol content", "deanaheed", "programyear", "province", "agreementtype", "safety manual", "mtis", "cree", "blackfoot", "nakota sioux", "iroquois", "dene", "treaties", "first nations", "next", "refresh", "site viewer", "facetkey", "sortparameter", "textjavascript", "public site", "viewer access", "acs cron", "job error", "alfrescos", "unauthorized", "enter", "bear tracks", "main department", "choose", "library", "john", "reviewer", "embargodate", "actiondate", "convocation", "graduation", "nodeid", "thesis status", "match result", "match list", "name dob", "view", "searchcriteria", "main function", "method", "chs upload", "stuln", "filetype", "stuid", "chs agreement", "health sciences", "recreation fomd", "dentistry fomd", "fomd", "therapy fomd", "consent for", "disclosure of", "alberta freedom", "protection", "privacy act", "alberta health", "chs form", "intake", "tasks dashlet", "doccd", "val2", "a my", "view error", "view warning", "keyword search", "refresh list" ], "references": [ "old-AlfrescoToolkit.conf", "AlfrescoToolkit.info", "AlfrescoToolkit.conf", "activities-email_es.ftl", "activities-email_ja.ftl", "activities-email_de.ftl", "activities-email_nl.ftl", "activities-email.ftl", "activities-email_it.ftl", "activities-email_fr.ftl", "CAP-notify-monthly-report.ftl", "chs-commentUpdate.ftl", "chs-studentUploadNotification.ftl", "chs-Invalid.ftl", "chs-studentExpireSoon.ftl", "chs-studentExpired.ftl", "following-email.html_it.ftl", "following-email.html_fr.ftl", "following-email.html_ja.ftl", "following-email.html_nl.ftl", "following-email_de.html.ftl", "following-email_fr.html.ftl", "following-email_ja.html.ftl", "following-email_it.html.ftl", "following-email_nl.html.ftl", "following-email.html.ftl", "following-email.html_de.ftl", "fvca-reminder-email.ftl", "fvca-corrections-email.ftl", "invite-email_nl.html.ftl", "invite-email-add-direct.html.ftl", "invite-email-add-direct.html_fr.ftl", "invite-email_fr.html.ftl", "invite-email_it.html.ftl", "invite-email-add-direct.html_es.ftl", "invite-email-add-direct.html_de.ftl", "invite-email_ja.html.ftl", "invite-email-add-direct.html_nl.ftl", "new-user-email.html.ftl", "new-user-email_de.html.ftl", "invite-email-add-direct.html_ja.ftl", "invite-email-moderated.html.ftl", "new-user-email_fr.html.ftl", "new-user-email_it.html.ftl", "new-user-email_ja.html.ftl", "new-user-email_es.html.ftl", "new-user-email_nl.html.ftl", "invite-email-add-direct.html_it.ftl", "new-user-email_nl.html", "invite-email.html_nl.ftl", "invite-email.ftl", "invite-email_es.html.ftl", "invite-email.html.ftl", "invite-email_de.html.ftl", "invite_user_email.ftl", "kofaxFailedEmailTemplate.ftl", "notify_user_email.ftl", "notify_nl.htm", "notify_user_email_es.html.ftl", "notify_user_email_de.html.ftl", "notify_user_email_ooa_failed.ftl", "notify_user_email.html.ftl", "notify_user_email_it.html.ftl", "notify_user_email_e-transcript_failed.ftl", "notify_user_email_ja.html.ftl", "notify_user_email_fr.html.ftl", "notify_user_email_nl.html.ftl", "OOA-notify-email-template.ftl", "ADV-notify-terms-types.ftl", "appt-final-reminder.ftl", "appt-halfway-reminder.ftl", "sfs-wf-email.html.ftl", "sfs-wf-completed-email.html.ftl", "payActionDecision.html.ftl", "departmentAdhocTask.html.ftl", "wf-email.html_de.ftl", "wf-email.html.ftl", "wf-email_it.html.ftl", "wf-email_fr.html.ftl", "wf-email_nl.html.ftl", "wf-email_ja.html.ftl", "wf-email.html_fr.ftl", "wf-email.html_nl.ftl", "wf-email_es.html.ftl", "wf-email.html_ja.ftl", "wf-email.html_it.ftl", "wf-email_de.html.ftl", "wf-email.html_es.ftl", "emailbody_textplain_alfresco.ftl", "emailbody_textplain_alfresco_es.ftl", "emailbody_textplain_alfresco_fr.ftl", "emailbody_textplain_alfresco_it.ftl", "emailbody_textplain_alfresco_ja.ftl", "emailbody_textplain_alfresco_nb.ftl", "emailbody_textplain_alfresco_pt_BR.ftl", "emailbody_textplain_alfresco_nl.ftl", "emailbody_textplain_alfresco_ru.ftl", "emailbody_textplain_alfresco_zh_CN.ftl", "emailbody_textplain_share.ftl", "emailbody_textplain_share_de.ftl", "emailbody_textplain_share_es.ftl", "emailbody_textplain_share_it.ftl", "emailbody_textplain_share_ja.ftl", "emailbody_textplain_share_nb.ftl", "emailbody_textplain_share_nl.ftl", "emailbody_textplain_share_ru.ftl", "emailbody-alfresco-textplain.ftl", "emailbody-share-textplain.ftl", "emailbody_textplain_alfresco_de.ftl", "emailbody_textplain_share_zh_CN.ftl", "emailbody_textplain_share_fr.ftl", "emailbody_textplain_share_pt_BR.ftl", "uofa-pc-model.xml", "uofa-pllc-model.xml", "uofa-science-model.xml", "uofa-rso-model.xml", "uofa-set-model.xml", "uofa-sfs-model.xml", "uofa-slate-model.xml", "uofa-uappol-model.xml", "advext-model.xml", "assocModel.xml", "adv-model.xml", "cbsr-model.xml", "dynamicSecurityMarksModel", "ephesoft-educational.xml", "facopr-model.xml", "fgsr-model.xml", "faculty-model.xml", "psAudit-model.xml", "FVCA.xml", "roDocProcessing-model.xml", "ro-model.xml", "fgsr-thesis-deposit.xml", "security-group-model.xml", "ua-audit-generic-model.xml", "ua-dummy.xml", "calendar-year-model.xml", "ua-error-model.xml", "uafgsrsup-model.xml", "uaqa-model.xml", "transcript-model.xml", "uAlbertaWorkflowGeneral.xml", "uarmm-supplement-scanning.xml", "uarm-rma-filing-model.xml", "ua-search-model.xml", "ro-search-match.xml", "uatraining.xml", "uofa-ales-model.xml", "uofa-arts-model.xml", "uofa-aps-model.xml", "uofa-base-model.xml", "uawfh-model.xml", "uofa-augustana-model.xml", "uofa-business-model.xml", "uarmTempModel.xml", "uofa-cap-model.xml", "uofa-chs-model.xml", "uofa-chs-agreements-model.xml", "uofa-common-model.xml", "uofa-education-model.xml", "tamis-model.xml", "uofa-engg-coop-model.xml", "uofa-engg-model.xml", "uofa-fo-model.xml", "uofa-extension-model.xml", "uofa-esign-model.xml", "uofa-hrsbs-model.xml", "uofa-law-model.xml", "uofa-caps-model.xml", "uofa-hrs-model.xml", "uofa-native-studies-model.xml", "uofa-pllc-model.json", "uofa-rso-model.json", "uofa-pc-model.json", "uofa-native-studies-model.json", "uofa-slate-model.json", "uofa-uappol-model.json", "uofa-science-model.json", "uofa-workflowGeneral.json", "uofa-sfs-model.json", "adv-model.json", "advext-model.json", "assocModel.json", "calendar-year-model.json", "facopr-model.json", "cbsr-model.json", "ephesoft-educational.json", "faculty-model.json", "faculty-model.xml.json", "rma-model.json", "fgsr-model.json", "FVCA.json", "psAudit-model.json", "ro-aug-model.json", "ro-search-match.json", "tamis-model.json", "security-group-model.json", "fgsr-thesis-deposit.json", "transcript-model.json", "ro-model.json", "ua-audit-generic-model.json", "uafgsrsup-model.json", "uaqa-model.json", "uarmm-supplement-scanning.json", "uAlbertaWorkflowGeneral.json", "ua-error-model.json", "uofa-ales-model.json", "ua-search-model.json", "uarmTempModel.json", "uofa-aps-model.json", "uawfh-model.json", "uofa-arts-model.json", "uofa-cap-model.json", "uofa-chs-agreements-model.json", "uofa-augustana-model.json", "uofa-base-model.json", "uofa-chs-model.json", "uofa-engg-coop-model.json", "uofa-common-model.json", "uofa-engg-model.json", "uofa-extension-model.json", "uofa-hrsbs-model.json", "uofa-fo-model.json", "uofa-education-model.json", "uofa-law-model.json", "uofa-hrs-model.json", "uofa-esign-model.json", "uofa-business-model.json", "faculty-of-science-site.json", "FandO-Organizations.json", "FandO-Programs.json", "fgsr-awards.json", "fgsr-category-list.json", "fgsr-exam-list.json", "fgsr-official-list.json", "fgsr-programOfStudy.json", "fgsr-site.json", "fo-emergency-response-manual.json", "graduate-student-records-site.json", "fo-site.json", "fo-utilities.json", "hrs-benefits.json", "hrsbs-action-reasons.json", "graduate-student-records-v2-site.json", "hrsbs-doc-list.json", "hrsbs-file-structure.json", "hrsbs-owner-details.json", "hrsbs-functionalroles.json", "hrsbs-function-module.json", "hrsbs-review-month.json", "hrsbs-security-class.json", "hrsbs-site.json", "hrs-employeeApprovedDeductions.json", "hrs-bulkId.json", "hrsbs-review-cycle.json", "hrs-employmentFinancial.json", "hrs-personalInformation.json", "hrs-pension.json", "hrs-security-list.json", "hrs-leaves.json", "Institutions.json", "ist-site.json", "hrs-site.json", "my-site-site.json", "law-security-list.json", "native-studies-doc-list.json", "fgsr-credential-list.json", "law-doc-list.json", "native-studies-security-list.json", "office-of-advancement-record-types.json", "office-of-advancement-site.json", "pcm-category.json", "pllc-doc-list.json", "ro-academic-pre-pro-programs.json", "pllc-security-list.json", "ro-acad-group.json", "ro-admitType.json", "ro-applicant-type.json", "ro-campusSolutionsTerm.json", "hrsbs-employee-class.json", "pllc-site.json", "ro-indigenous-type.json", "ro-doctypes.json", "pcm-site.json", "ro-official.json", "ro-org-desc.json", "ro-related-record-types.json", "ro-relationship-to-institution.json", "ro-search-match-status.json", "ro-authenticity.json", "ro-slate-folio-material-non-school-scope.json", "ro-slate-institution-material.json", "ro-slate-folio-material-school-scope.json", "ro-method-receipt.json", "ro-slate-institutions.json", "ro-test-id.json", "rso-accounts-receivable-accounts-payable-doc-type.json", "rso-agreements-doc-category.json", "rso-bulk-scan-doc-type.json", "rso-cfi-purchasing-doc-type.json", "rso-cfi-financials-doc-type.json", "rso-financial-reconciliation-doc-type.json", "rso-financial-reporting-doc-type.json", "rso-financials-doc-type.json", "rso-mask.json", "rso-site.json", "rso-sponsor-names.json", "science-doc-list.json", "science-security-list.json", "school-of-business-site.json", "sfs-ussl-report-status.json", "staff-training-site.json", "student-financial-services-doc-list.json", "student-financial-services-site.json", "student-records-bulk-load-testing-site.json", "student-records-training-site.json", "student-records-site.json", "student-transcripts-site.json", "rso-forms-form-type.json", "support-documentation-site.json", "test-site-site.json", "uappol-category-heirarchy.json", "uappol-type.json", "uappol-site.json", "uoda-faculties.json", "academic-department.json", "adv-correspondence-type.json", "uoda-departments.json", "advsearch.json", "ales-security-list.json", "ales-doc-list.json", "arts-doc-list.json", "arts-security-list.json", "augustana-security-list.json", "augustana-site.json", "augustana-legacy-transcript-doc-list.json", "rso-activation-report-doc-type.json", "business-doc-list.json", "business-security-list.json", "bulkload-testing-site.json", "cap-site.json", "caps-school-board-list.json", "cbsrsite-site.json", "cbsrsite-sopTypes.json", "cbsr-study.json", "cbsr-worksheetType.json", "augustana-doc-list.json", "chs-ag-type.json", "chs-agreements-site.json", "chs-campus-list.json", "chs-degProgram-list.json", "chs-emailNotification.json", "chs-document-status.json", "chs-faculty-list.json", "chs-programYear-list.json", "chs-program-list.json", "canada-provinces-list.json", "demo-site-site.json", "education-doc-list.json", "department.json", "education-security-list.json", "chs-stuEmailNotification.json", "college-of-health-sciences-site.json", "chs-provinces-list.json", "engineering-coop-doc-list.json", "engineering-coop-security-list.json", "engineering-co-op-site.json", "engineering-doc-list.json", "extension-doc-list.json", "extension-security-list.json", "facopr-planTypes.json", "facopr-supportinDocField.json", "faculty-of-ales-site.json", "engineering-security-list.json", "faculty-of-education-site.json", "faculty-of-extension-site.json", "faculty-of-native-studies-site.json", "faculty-of-law-site.json", "faculty-of-arts-site.json", "faculty-of-engineering-site.json", "my_docs_inline.ftl", "my_docs.ftl", "my_spaces.ftl", "recent_docs.ftl", "translatable.ftl", "readme.ftl", "show_audit.ftl", "general_example.ftl", "my_summary.ftl", "doc_info.ftl", "localizable.ftl", "recordsCustomModel.xml", "imapConfig.json", "rm_event_config.json", "rmScriptThrowError.js", "report_rmr_transferReport.html.ftl", "report_rmr_destructionReport.html.ftl", "report_rmr_holdReport.html.ftl", "notify-records-due-for-review-email.ftl", "record-rejected-email.ftl", "record-superseded-email.ftl", "onCreate_supersedes.js", "rma_isClosed.js", "PaperFileconfig.json", "MyTasks-config.json", "AFAconfig.json", "roDocumentTypes.json", "uappol-upload-rule.js", "uappolCreateFolderRule.js", "uappolCreateFolder.js", "uappol-api.js", "uappol-functions.js", "command-utils.js", "backup and log.js", "backup.js", "example test script.js", "test return value.js", "start-pooled-review-workflow.js", "command-processor.js", "command-search.js", "alfresco docs.js", "append copyright.js", "createDepartmentJSON.js", "hrsDaily.js", "hrsFolderCreateSchedule.js", "hrsScanned.js", "hrsCreateFolder.js", "hrsFolderCreateRule.js", "hrsFileShareFolder.js", "alesCreateFolderRestricted.js", "alesCreateFolderSchedule.js", "alesBulkShareFolder.js", "alesFileScanned.js", "alesCreateFolder.js", "alesDaily.js", "alesFileShareFolder.js", "alesCreateFolderConfidential.js", "alesCreateAdvisingNotes.js", "alesFolderCreateSchedule.js", "deployWebServiceDescriptor.js", "taskReportCSV-Appointment-prod.js", "artsFileScanned.js", "artsCreateFolderRule.js", "artsCreateFolder.js", "artsCreateFolderRestricted.js", "augCreateFolderRestricted.js", "augCreateFolder.js", "businessCreateFolderRule.js", "businessCreateFolder.js", "businessCreateFolderSchedule.js", "businessBulkShareFolder.js", "businessFileShareFolder.js", "businessCreateFolderRestricted.js", "businessDaily.js", "businessCreateAdvisingNotes.js", "businessFileScanned.js", "CAPSendMonthlyReportEmail.js", "CAPGenerateMonthlyReport.js", "CapFinalReportSubmit.js", "chsCreateFolderRule.js", "chsEmailOnUpdateComment.js", "chsReport.js", "EmailNotifCHSStudent.js", "SetExpiryDate.js", "chsCreateFolder.js", "chsFacultyReport.js", "chsAgreementCreateFolderRule.js", "chsAgreementCreateFolder.js", "scheduleJobTest.js", "every52MinPastHour.js", "every46MinPastHourBetween4PM12PM.js", "every57MinPastHour.js", "every47MinPastHourBetween4PM12PM.js", "everyDay4H30MinAM.js", "everyDay7H45MinAM.js", "every10MinStartingAt5MinPastHour.js", "every38MinPastHourBetween4PM12PM.js", "every20MinStartingAt15MinPastHour.js", "everyDay2H05MinAM.js", "every2MinStartingAt1MinPastHour.js", "everyDay1H05MinAM.js", "everyDay12H30MinAM.js", "everyDay7H30MinPM.js", "every30MinStartingAt19MinPastHour.js", "every30MinStartingAt11MinPastHour.js", "everyDay2H35MinAM.js", "every30MinStartingAt26MinPastHour.js", "every16MinPastHour.js", "everyDay1H45MinAM.js", "everyDay2H45MinAM.js", "every29MinPastHour.js", "every22MinPastHour.js", "everyDay11H30MinPM.js", "educationCreateFolderRule.js", "educationCreateFolder.js", "educationCreateAdvisingNotes.js", "enggCoopCreateFolderRestricted.js", "enggCoopCreateFolderRule.js", "enggCoopBulkUpload.js", "enggCreateFolderRule.js", "enggCreateFolderRestricted.js", "enggCreateFolder.js", "engineeringCreateAdvisingNotes.js", "enggCoopCreateFolder.js", "enggFileScanned.js", "enggCoopFileScanned.js", "extensionFileScanned.js", "extensionCreateFolder.js", "extensionCreateFolderRule.js", "fgsrCreateGuidelineAPSProcessFromCSV.js", "fgsrDocRestructure.js", "fgsrMigrationScript.js", "fgsrDocRelocation.js", "fgsrCreateFolderFromCSV.js", "guideline-reports.js", "fgsrMigrationScript-withTerminationLogic.js", "modfiyOrUpdatePropertyfromCSV.js", "fgsr-case-file-report.js", "fgsrCreateAPSProcessFromFolder.js", "fgsrCreateFolder.js", "fgsrCopyMetadataToFolderLevel.js", "fgsrCreateAPSProcessFromCSV.js", "foCreateFolder.js", "foCreateFolderRule.js", "Script1.js", "Script2.js", "scheduleRunEvery2-10PM.js", "scheduleRunEvery5PMTo10PM.js", "scheduleRunEvery30Minutes.js", "scheduleRunEvery60Minutes.js", "scheduleRunEveryday3PMto11PM.js", "scheduleRunEveryday12AMto6AM.js", "scheduleRunEvery20Minutes.js", "scheduleRunEvery2AM.js", "acsToApsUserUpdate.js", "2024-01-13-log.txt", "2024-01-15-log.txt", "2024-01-20-log.txt", "2024-01-21-log.txt", "2024-01-22-log.txt", "2024-01-23-log.txt", "2024-02-04-log.txt", "2024-02-05-log.txt", "2024-02-06-log.txt", "2024-02-07-log.txt", "2024-02-08-log.txt", "2024-01-14-log.txt", "2024-01-18-log.txt", "2024-01-11-log.txt", "2024-01-16-log.txt", "2024-01-19-log.txt", "2024-01-26-log.txt", "2024-01-28-log.txt", "2024-01-30-log.txt", "2024-01-12-log.txt", "2024-01-29-log.txt", "2024-01-27-log.txt", "2024-01-31-log.txt", "2024-01-24-log.txt", "2024-02-09-log.txt", "2024-02-02-log.txt", "2024-01-09-log.txt", "2024-02-03-log.txt", "2024-01-05-log.txt", "2024-01-06-log.txt", "2024-01-04-log.txt", "2024-02-01-log.txt", "2024-01-07-log.txt", "2024-01-08-log.txt", "2024-02-10-log.txt", "2024-02-11-log.txt", "2024-02-12-log.txt", "2024-02-13-log.txt", "2023-12-31-log.txt", "2024-02-15-log.txt", "2024-02-16-log.txt", "2024-02-14-log.txt", "2024-02-18-log.txt", "2024-02-20-log.txt", "2024-01-17-log.txt", "2024-02-19-log.txt", "2024-01-10-log.txt", "2024-02-23-log.txt", "2024-02-25-log.txt", "2024-02-21-log.txt", "2024-01-25-log.txt", "2024-02-28-log.txt", "2024-02-22-log.txt", "2024-02-29-log.txt", "2024-03-02-log.txt", "2024-03-03-log.txt", "2024-02-26-log.txt", "2024-03-04-log.txt", "2024-03-06-log.txt", "2024-03-07-log.txt", "2024-03-05-log.txt", "2024-03-08-log.txt", "2024-03-09-log.txt", "2024-03-11-log.txt", "2024-03-10-log.txt", "2024-03-12-log.txt", "2024-03-13-log.txt", "2024-03-14-log.txt", "2024-03-15-log.txt", "2024-03-16-log.txt", "2024-03-17-log.txt", "2024-03-18-log.txt", "2024-03-20-log.txt", "2024-03-21-log.txt", "2024-03-22-log.txt", "2024-03-19-log.txt", "2024-03-23-log.txt", "2024-03-01-log.txt", "2024-03-26-log.txt", "2024-03-25-log.txt", "2024-03-28-log.txt", "2024-03-29-log.txt", "2024-03-27-log.txt", "2024-03-24-log.txt", "2024-03-30-log.txt", "2024-04-02-log.txt", "2024-04-03-log.txt", "2024-03-31-log.txt", "2024-04-05-log.txt", "2024-04-06-log.txt", "2024-04-07-log.txt", "2024-04-08-log.txt", "2024-04-09-log.txt", "2024-04-04-log.txt", "2024-04-11-log.txt", "2024-04-12-log.txt", "2024-04-13-log.txt", "2024-02-17-log.txt", "2024-04-01-log.txt", "2024-04-16-log.txt", "2024-04-15-log.txt", "2024-04-10-log.txt", "2024-04-17-log.txt", "2024-02-24-log.txt", "2024-04-14-log.txt", "2024-04-19-log.txt", "2024-04-21-log.txt", "2024-04-22-log.txt", "2024-04-23-log.txt", "2024-04-24-log.txt", "2024-04-26-log.txt", "2024-04-25-log.txt", "2024-04-29-log.txt", "2024-04-30-log.txt", "2024-05-01-log.txt", "2024-05-02-log.txt", "2024-05-03-log.txt", "2024-05-04-log.txt", "2024-05-05-log.txt", "2024-05-06-log.txt", "2024-04-28-log.txt", "2024-05-07-log.txt", "2024-04-18-log.txt", "2024-05-08-log.txt", "2024-05-09-log.txt", "2024-05-10-log.txt", "2024-05-12-log.txt", "2024-05-14-log.txt", "2024-05-11-log.txt", "2024-05-16-log.txt", "2024-04-27-log.txt", "2024-05-17-log.txt", "2024-05-15-log.txt", "2024-05-18-log.txt", "2024-05-20-log.txt", "2024-05-21-log.txt", "2024-05-19-log.txt", "2024-05-22-log.txt", "2024-05-23-log.txt", "2024-05-25-log.txt", "2024-05-24-log.txt", "2024-05-26-log.txt", "2024-05-27-log.txt", "2024-05-28-log.txt", "2024-05-29-log.txt", "2024-05-30-log.txt", "2024-06-02-log.txt", "2024-05-13-log.txt", "2024-06-01-log.txt", "2024-05-31-log.txt", "2024-04-20-log.txt", "2024-06-03-log.txt", "2024-06-04-log.txt", "2024-06-05-log.txt", "2023-12-30-log.txt", "2023-12-01-log.txt", "2024-02-27-log.txt", "2023-12-29-log.txt", "gtaGraProcessToCSV.js", "gtaGraProcessToCSV-2AM.js", "hrs-benefit-report.js", "westCanDocumentMove.js", "hrsbsReviewCycleReport.js", "hrsbsCreateFolderRule.js", "HRSBS-SyncCCIDs.js", "hrsbsCreateFolder.js", "FVCA-data-import.js", "FVCA-manual-property-update.js", "istPerformanceReviewCreateFolder.js", "lawCreateFolderRestricted.js", "lawFileScanned.js", "lawCreateFolder.js", "lawCreateFolderRule.js", "nativeStudiesCreateFolderRestricted.js", "nsFolderCreateSchedule.js", "nativeStudiesCreateFolder.js", "nativeStudiesCreateFolderRule.js", "ADV-notify-type-mapping.json", "OOA-notify-email.js", "ADV-notify-terms-types.js", "pcm-grab-competitive-noderefs.js", "pcm-update-competitive-noderefs.js", "pcmCreateFolder.js", "psUpdateAlfrescoDepartment.js", "pllcCreateFolder.js", "qaProcess.js", "qaRelease.js", "rmOOABackgroundInformationFiling.js", "rmFilingDoc.js", "rmSearchmatchNomatchFiling.js", "rmFilingConfig.json", "thesisDestructionReport.js", "rmThesis.js", "add_document_type_ro.js", "updateSearchMatchStatus.js", "searchmatchFullDob.js", "createROReconciliationReports.js", "eTranscriptInstList.js", "folder-create-ro.js", "augTranscript.js", "addTimeStamp.js", "missingDocumentList-csv.js", "roAddAspectAndMoveAFA.js", "myTaskDownload.js", "roAddAspectAndMoveTranscript.js", "roAddBundlingAspect.js", "roAddSearchMatchAspect.js", "roCopyEphesoftMetadataXML.js", "roBatchScript.js", "addSearchMatchDocumentType.js", "roCreateEducationalCSV.js", "roCopyOlderScannedDocument.js", "roDocumentListAPLSTD.js", "roCopyOlderScannedDocumentAdHoc.js", "roEtranscriptReport.js", "roDailyQA.js", "roEtranscriptsBundleTest.js", "roFolderCreateLDAPLookup_no_notificatiion.js", "roFolderCreateLDAPLookup.js", "roEtranscriptsBundle.js", "roAddComment.js", "roCopyEphesoftMetadataScanned.js", "roMoveCompleted.js", "roMoveCompletedBackScan.js", "roMoveCompletedSearchMatch.js", "roEtranscriptPDFConverter.js", "roScanningMetadata.js", "roScript1.js", "RORoutingWorkflowUtil.js", "roScript3.js", "roScript2.js", "roScanningMetadataBackScan.js", "roScript7.js", "roScript6.js", "roScript9.js", "roScript1BackScan.js", "roSearchMatchNoMatchReport.js", "roSearchMatchQuery.js", "RONotification.js", "roSlateDocumentExport.js", "roTagAndFileRenderedPDFs.js", "roScript4.js", "roScript5.js", "roScript8.js", "createSlateFolioMaterialDropdown.js", "createSlateApplicationsCSV.js", "LaunchWorkflowUtils.js", "PaperFileUtils.js", "GenerateSponsornamesAndPinames.js", "rsoCreateFolder.js", "sciCreateFolderConfidential.js", "sciCreateFolderPublic.js", "sciCreateFolder.js", "sciCreateFolderRestricted.js", "scienceASDocumentImport.js", "sciFileADDPFileTypes.js", "sciFileShareFolder.js", "sciFileScanned.js", "sciBulkShareFolder.js", "copy-signed-offer-letter.js", "dept-config.js", "reappointment-generate-schedule.js", "reappointment-reminder-schedule.js", "reappointment-generate-process.js", "manual-generate-script.js", "reappointment-reminder-process.js", "reminder-email-util.js", "reappointment-tracking-schedule.js", "reappointment-tracking-process.js", "appointment-report.js", "appointment-report-schedule.js", "manual-tracking-script.js", "sfsCreateFolder.js", "sfsWorkflowStatus.js", "security-group-user.js", "createReportPermissionsFoldersInASite.js", "siteMembersReport.js", "createReportRecursiveGroupsAndUsersInASite.js", "search-responses.js", "advChangeDocumentType.js", "addFolderMetadata.js", "advChangeDocumentType_confidential.js", "consignOInitiatorOfferLetterChange.js", "advChangeDocumentType_background.js", "transcriptResponse.js", "change-fgsr-pdf-file-name-with-date.js", "copy-fgsr-to-graduate-students-records.js", "ADVDonationCalendarToFiscal.js", "document-query.js", "deletingCompletingWorkflow.js", "eTranscriptTemp.js", "eTranscript-bundled-02-jan.js", "eTranscriptVersionModifierFix.js", "fixCheckout.js", "removeDonationGrp.js", "eTranscriptVersioningFix.js", "move-fgsr-folder.js", "search-match-dob-add.js", "thesisDepositArchival.js", "moveThesesForTransfer.js", "eraReportGeneration.js", "kofaxMetadataMerge.js", "kofaxMetadataMergeMissing.js", "generic2min.js", "kofaxSendEmail.js", "PeopleSoft-eTranscript-XML-PDF.js", "startBenefitWorkflow.js", "peoplesoftMetadataMergeMissing.js", "securityWorkflowUtil.js", "startPayActionWorkflow.js", "startDepartmentAdhocApprovalWorkflow.js", "convertTranscript.js", "CreateTranscriptUserMemberships.js", "startTwoStepWorkflow.js", "fix_employee_names.js", "env.js", "folderCreateUtil.js", "folderCreateUtilAA.js", "generalSchedule.js", "JSON.js", "xmlUtil.js", "addPersonAspect.js", "addTimeStampRandomFileName.js", "archiveDocument.js", "luceneUtil.js", "util.js", "archivedItems.js", "getProjectDetails.js", "ADVChangeAuthor.js", "ADVcalendarToFiscal.js", "symplexUtils.js", "advBatchProcessing.js", "advChangeDocumentName.js", "ADVEphesoftMove.js", "advCreateFolderScheduled.js", "advErrorMessageReset.js", "advMetadataUpdate.js", "advMoveToFoldersScheduled.js", "ADVendFundReportFiling.js", "advReconcilliation.js", "ADVmoveRecordsToPreQA.js", "advScanningMetadata.js", "advScript2.js", "advScript3.js", "advScript4.js", "advScript1.js", "advScript5.js", "advScriptDaily.js", "advScriptMonthly.js", "advScriptKofax.js", "ADVSiteContext.js", "advMoveToFolder.js", "deleteEphesoftDoc.js", "advUtils.js", "folderCreateADV.js", "advScriptDaily30minFreq.js", "jsonUtils.js", "advScanning.js", "folderCreateDocumentADV.js", "moveToFolders.js", "symplexMetadataUpdate.js", "OOA_SOT_Name_change.js", "moveToFoldersRetainTitle.js", "advScriptWeekly.js", "symplexMoveToFolder.js", "clioToAcsDocUpdate.js", "ClioUpdateScheduledJob.js", "smartFoldersExample.json", "system-overview.html", "businessDocSetup.json", "uappolDocSetup.json", "businessConfig.json", "augConfig.json", "augDocSetup.json", "lawConfig.json", "uappolConfig.json", "UAlbertaSettings.json", "hrsbsDocSetup.json", "advConfig.json", "hrsbsConfig.json", "hrsConfig.json", "hrsDocSetup.json", "advSimplexMapping.json", "advDocSetup.json", "artsDocSetup.json", "alesConfig.json", "alesDocSetup.json", "archiveFolder.json", "artsConfig.json", "advScanningMapping.json", "collegeOfHealthSciencesConfig.json", "chsAgreementsConfig.json", "dropboxCommonAspects.json", "collegeOfHealthSciencesDocSetup.json", "chsAgreementsDocSetup.json", "educationConfig.json", "extensionConfig.json", "fgsrv2DocSetup.json", "foConfig.json", "foDocSetup.json", "educationDocSetup.json", "lawDocSetup.json", "nativeStudiesDocSetup.json", "pllcConfig.json", "pllcDocSetup.json", "roConfig.json", "fgsrv2Config.json", "rsoConfig.json", "rsoDocSetup.json", "sciConfig.json", "eTranscriptConfig.json", "sciDocSetup.json", "roDocSetup.json", "sfsDocSetup.json", "UAlbertaSettings.conf", "student-recordsConfig.json", "securityWorkflowSetting.json", "thesisDepositConfig.json", "globalHeader.html.ftl", "webFormDialog.html.ftl", "alfrescoUserGroupRequest.ftl", "pensionBenefit.html.ftl", "pinames.json", "sponsornames.json", "searchPageConfig.json", "pcmDocSetup.json", "pcmConfig.json", "qaConfig.json", "apsAppConfig.json", "fgsrCreateApsFromCSV.json", "fgsrCopyMetadata.json", "enggCoopDocSetup.json", "enggDocSetup.json", "enggConfig.json", "enggCoopConfig.json", "CapApsConfig.json", "extensionDocSetup.json", "readme.html", "readme_de.html", "readme_ja.html", "readme_fr.html", "advEndowmentName.get.desc.xml", "advEndowmentName.get.json.ftl", "advEndowmentName.get.js", "advEntityName.get.desc.xml", "advEntityName.get.js", "advEntityName.get.html.ftl", "search.get.desc.xml", "search.get.js", "search.get.html.ftl", "changeInitiatorAppt.put.desc.xml", "eSignatureStatusHistory.get.html.ftl", "changeInitiatorAppt.put.json.ftl", "eSignatureStatusHistory.get.desc.xml", "appointmentSubmit.get.js", "processIdProps.get.desc.xml", "changeInitiatorAppt.put.js", "processIdProps.get.json.ftl", "processIdProps.get.js", "appointmentLandingPage.get.desc.xml", "appointmentLandingPage.get.js", "appointmentLandingPage.get.html.ftl", "appointmentStart.get.desc.xml", "appointmentStart.get.html.ftl", "appointmentStart.get.js", "appointmentStartTest.get.desc.xml", "appointmentStartTest.get.js", "appointmentStartTest.get.html.ftl", "appointmentSubmit.get.desc.xml", "appointmentSubmit.get.html.ftl", "eSignatureStatusHistory.get.js", "apsApplicationList.get.desc.xml", "apsApplicationList.get.html.ftl", "assignuser.put.js", "assignuser.put.json.ftl", "claimtask.put.desc.xml", "claimtask.put.js", "claimtask.put.json.ftl", "completetask.post.desc.xml", "completetask.post.json.ftl", "completetask.post.js", "getapsdbid.get.desc.xml", "getapsdbid.get.json.ftl", "gettasks.get.desc.xml", "gettasks.get.json.ftl", "assignuser.put.desc.xml", "gettasks.get.js", "savetask.post.desc.xml", "savetask.post.js", "savetask.post.json.ftl", "taskForm.get.js", "taskForm.get.desc.xml", "tasklist.get.desc.xml", "apsApplicationList.get.js", "taskForm.get.json.ftl", "tasklist.get.html.ftl.jquery", "tasklist.get.html.ftl", "tasklist.get.js", "triggerapsprocess.post.desc.xml", "triggerapsprocess.post.js", "updatevariables.post.desc.xml.notused", "triggerapsprocess.post.json.ftl", "updatevariables.post.json.ftl.notused", "getapsdbid.get.js", "updatevariables.post.js.notused", "taskUtils.js", "apsGroupsConfig.json", "apsSitesConfig.json", "apptStepZeroStarter.post.desc.xml", "apptStepZeroStarter.post.json.ftl", "apptStepZeroStarter.post.js", "apptStepOneStarter.post.desc.xml", "apptStepOneStarter.post.js", "apptStepOneStarter.post.json.ftl", "apptStepOneSave.post.json.ftl", "apptStepOneSave.post.desc.xml", "apptStepOneSave.post.js", "apptStatusDocUpdate.post.desc.xml", "apptStatusDocUpdate.post.json.ftl", "apptStatusDocUpdate.post.js", "APSWorkflowStatus.get.desc.xml", "APSWorkflowStatus.put.html.ftl", "APSWorkflowStatus.get.html.ftl", "APSWorkflowInfo.put.html.ftl", "APSWorkflowStatus.put.desc.xml", "APSWorkflowInfo.put.desc.xml", "APSWorkflowStatus.get.js", "APSWorkflowStatus.put.js", "APSWorkflowInfo.put.js", "NodeInfo.get.desc.xml", "NodeInfo.get.html.ftl", "capinfo.get.js", "capstart.get.js", "epsb.get.js", "epsb.get.html.ftl", "capstart.get.html.ftl", "epsb.get.desc.xml", "schoolboard.get.html.ftl", "NodeInfo.get.js", "NodeInfoByCapId.get.desc.xml", "updateVariable.post.json.ftl", "updateVariable.post.js", "schoolboard.get.desc.xml", "updateVariable.post.desc.xml", "schoolboard.get.js", "capinfo.get.html.ftl.backup", "cap-file-load.post.json.ftl", "NodeInfoByCapId.get.js", "capinfo.get.html.ftl", "capstart.get.desc.xml", "cap-file-load.post.desc.xml", "capinfo.get.desc.xml", "cap-file-load.post.js", "capeamergedoc.get.js", "capeamergedoc.get.desc.xml", "capeamergedoc.get.html.ftl", "capConfig.js", "chsEnv.js", "chsConfig.js", "chsAdminStuView.get.desc.xml", "chsAdminStuView.get.html.ftl", "chsAdminStuView.get.js", "coupa.get.html.ftl", "coupa.get.desc.xml", "coupa.get.js", "coveoGetDocList.get.desc.xml", "coveoGetDocList.get.json.ftl", "coveoGetDocList.get.js", "getJson.get.desc.xml", "getJson.get.js", "getJson.get.json.ftl", "simpleupload.post.desc.xml", "simpleupload.post.json.ftl", "simpleupload.post.js", "consignoMessage.get.js", "consignoWebhook.post.js", "consignoWebhook.post.json.ftl", "consignoMessage.get.desc.xml", "consignoWebhook.post.desc.xml", "consignoMessage.get.json.ftl", "eSignDownload.get.js", "eSignDownload.get.html.ftl", "eSignDownload.get.desc.xml", "review-supervisorv2.get.desc.xml", "review-supervisorv2.get.js", "review-supervisorv2.get.html.ftl", "fgsrssgLanding.get.js", "review-comm01v2.get.desc.xml", "fgsrssgLanding.get.html.ftl", "review-comm01v2.get.html.ftl", "review-comm02v2.get.desc.xml", "review-comm02v2.get.html.ftl", "fgsrssgLanding.get.desc.xml", "review-studentv2.get.html.ftl", "review-comm03v2.get.html.ftl", "review-comm03v2.get.desc.xml", "review-studentv2.get.desc.xml", "review-cosupervisorv2.get.html.ftl", "review-comm02v2.get.js", "review-startv2.get.desc.xml", "review-studentv2.get.js", "review-cosupervisorv2.get.js", "review-startv2.get.js", "review-student-revisionv2.get.html.ftl", "review-student-revisionv2.get.desc.xml", "review-startv2.get.html.ftl", "review-comm03v2.get.js", "review-cosupervisorv2.get.desc.xml", "review-student-revisionv2.get.js", "review-comm01v2.get.js", "review-comm02.get.desc.xml", "review-comm02.get.html.ftl", "review-comm03.get.desc.xml", "review-comm02.get.js", "review-comm03.get.html.ftl", "review-cosupervisor.get.desc.xml", "review-cosupervisor.get.html.ftl", "review-cosupervisor.get.js", "review-nextdate.get.desc.xml", "review-comm03.get.js", "review-nextdate.get.js", "review-student.get.html.ftl", "review-student.get.js", "review-student-revision.get.desc.xml", "review-student.get.desc.xml", "review-student-revision.get.js", "review-studentTest.get.desc.xml", "review-supervisor.get.desc.xml", "review-studentTest.get.js", "review-supervisor.get.html.ftl", "review-supervisor.get.js", "review-comm01.get.desc.xml", "review-comm01.get.html.ftl", "review-comm01.get.js", "review-student-revision.get.html.ftl", "review-nextdate.get.html.ftl", "review-studentTest.get.html.ftl", "guidelines-supervisor.get.desc.xml", "guidelines-supervisor-revision.get.html.ftl", "guidelines-start.get.desc.xml", "guidelines-start.get.html.ftl", "guidelines-start.get.js", "guidelines-student.get.desc.xml", "guidelines-student.get.html.ftl", "guidelines-student-revision.get.js", "guidelines-student-revision.get.desc.xml", "guidelines-supervisor.get.html.ftl", "guidelines-supervisor-revision.get.desc.xml", "guidelines-student-revision.get.html.ftl", "guidelines-student.get.js", "guidelines-supervisor.get.js", "guidelines-supervisor-revision.get.js", "programExtensionScript.js", "customScript.js", "customCSS_FGSR2.css", "customCSS_FGSR.css", "fgsrEnv.js", "FGSR-Forms-Config.js", "config.js", "googleAddon.get.json.ftl", "googleAddon.get.desc.xml", "googleAddon.get.js", "gtaGraStatus.post.json.ftl", "gtaGraStatus.post.js", "gtaGraStatus.post.desc.xml", "wfh-manager.get.desc.xml", "wfh-form.get.js", "wfh-manager.get.html.ftl", "wfh-form.get.desc.xml", "wfh-revise.get.desc.xml", "wfh-revise.get.html.ftl", "wfh-revise.get.js", "wfh-seniormanager.get.desc.xml", "wfh-manager.get.js", "wfh-seniormanager.get.js", "wfh-seniormanager.get.html.ftl", "wfh-form.get.html.ftl", "hrsbsDocumentLinking.get.desc.xml", "hrsbsDocumentLinking.get.html.ftl", "hrsbsDocumentLinking.get.js", "coi-start.get.desc.xml", "coi-start.get.html.ftl", "coi-revise.get.html.ftl", "coi-employee.get.html.ftl", "coi-employee.get.desc.xml", "coi-revise.get.desc.xml", "coi-start.get.js", "coi-revise.get.js", "coi-supervisor.get.js", "coi-supervisor.get.desc.xml", "coi-employee.get.js", "coi-supervisor.get.html.ftl", "getTaskFilter.get.json.ftl", "queryTasks.get.json.ftl", "routableGroups.get.desc.xml", "routableGroups.get.js", "routableGroups.get.json.ftl", "queryTasks.get.desc.xml", "setTaskFilter.post.js", "setTaskFilter.post.json.ftl", "setTaskFilter.post.desc.xml", "applyTaskAction.post.js", "applyTaskAction.post.json.ftl", "applyTaskAction.post.desc.xml", "getTaskFilter.get.desc.xml", "getTaskFilter.get.js", "queryTasks.get.js", "avmbrowse.get.desc.xml", "avmbrowse.get.html.ftl", "avmbrowse.get.js", "avmstores.get.desc.xml", "avmstores.get.html.ftl", "blogsearch.get.atom.400.ftl", "blogsearch.get.html.400.ftl", "blogsearch.get.desc.xml", "blogsearch.get.js", "categorysearch.get.atom.404.ftl", "blogsearch.get.html.ftl", "categorysearch.get.html.404.ftl", "categorysearch.get.js", "categorysearch.get.html.ftl", "categorysearch.get.desc.xml", "folder.get.desc.xml", "folder.get.html.ftl", "folder.get.js", "psDeptAll.get.js", "psDeptSingle.get.json.ftl", "psDeptSingle.get.js", "psPerson.get.json.ftl", "psUtil.js", "psPerson.get.js", "psAcademicDeptAll.get.desc.xml", "psAcademicDeptAll.get.json.ftl", "psAuthorizedApprover.get.desc.xml", "psDeptAll.get.json.ftl", "psAuthorizedApprover.get.js", "psAuthorizedApprover.get.json.ftl", "psDeptAll.get.desc.xml", "psDeptSingle.get.desc.xml", "psPerson.get.desc.xml", "ceeb.get.desc.xml", "ceeb.get.json.ftl", "getSlateId.get.desc.xml", "getSlateId.get.js", "materials.get.json.ftl", "materials.get.desc.xml", "getSlateId.get.json.ftl", "ceeb.get.js", "materials.get.js", "edit.get.html.ftl", "edit.get.js", "save.post.js", "save.post.json.ftl", "scans.get.desc.xml", "scans.get.js", "uploadfile.post.desc.xml", "uploadfile.post.json.ftl", "edit.get.desc.xml", "uploadfile.post.js", "scans.get.html.ftl", "save.post.desc.xml", "AFA_Main.post.desc.xml", "AFA_MainFileOnly.post.desc.xml", "AFA_MainFileOnly.post.js", "AFA_Main.post.js", "AFA_MainFileOnly.post.json.ftl", "AFA_Main.post.json.ftl", "paperFileUtil.get.desc.xml", "paperFileUtil.get.js", "paperFileUtil.get.html.ftl", "rsoprojectdetails.get.html.ftl", "rsoprojectdetails.get.js", "rsoprojectdetails.get.desc.xml", "roslateapplist.get.html.ftl", "roslateapplist.get.desc.xml", "roslateapplist.get.json.ftl", "roslateexists.get.html.ftl", "roslateexists.get.desc.xml", "roslateapplist.get.js", "roslateexists.get.js", "uofaDepartmentList.get.desc.xml", "uofaDepartmentList.get.js", "uofaDepartmentList.get.html.ftl", "uofaDepartmentName.get.desc.xml", "uofaDepartmentName.get.html.ftl", "uofaFacultyList.get.html.ftl", "uofaFacultyList.get.desc.xml", "uofaDepartmentName.get.js", "uofapersonid.get.desc.xml", "uofapersonidrest.get.html.ftl", "uofapersonidrest.get.desc.xml", "uofapersonid.get.html.ftl", "uofapersonid.get.js", "uofapersonidrest.get.js", "uappolCategoryHeirarchy.get.desc.xml", "uappolCategoryHeirarchy.get.json.ftl", "uappol-metadata-query.get.desc.xml", "uappol-metadata-query.get.js", "uappol-metadata-query.get.json.ftl", "uappolCategoryHeirarchy.get.js", "siteFileViewer.get.desc.xml", "siteFileViewerConfig.js", "siteFileViewer.get.html.ftl", "siteFileViewer.get.js", "publicSiteFileViewer.get.html.ftl", "publicSiteFileViewer.get.desc.xml", "publicSiteFileViewer.get.js", "cronJob.post.desc.xml", "cronJob.post.js", "cronJob.post.json.ftl", "studentupload.get.html.ftl", "generatereport.get.json.ftl", "generatereport.get.desc.xml", "approvethesis.post.js", "generatereport.get.js", "search-match-attach.get.js", "search-match-list.get.html.ftl", "search-match-result.get.html.ftl", "search-match-result.get.js", "search-match-list.get.js.old", "chs-agreements.get.js", "chs-agreements.get.html.ftl", "chs-upload.get.html.ftl", "chs-upload.get.js", "uamytasks.config.get.js", "chsStudentView.get.js", "chsStudentView.get.html.ftl", "foModel.xml", "uofaDocTypes.xml", "uofaDocTypes.json", "foModel.json", "tim-sops", "FandO", "cbsr", "nanofab", "support-documentation", "Alfresco.zip - 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075", "https://www.virustotal.com/graph/embed/g05f1796a358b458d95751d31d1d529aa378f8ffadf0b4305b7fa0bd1c64fe228?theme=dark", "https://www.virustotal.com/gui/collection/63819e07111e9665ba8602777d782527c54f3fad71ef36f977405a004484787c/iocs", "https://viz.greynoise.io/analysis/0cd9177e-8328-4355-a2c0-d05704a64c72", "components.zip - 2b91fcf852a5f1f57be71a269d82497b37c9f544ebd8f32aaa240e4cde0ffeea", "https://www.virustotal.com/graph/embed/g2948a5c332eb4614973872a8243215f6aa1fba79749a48ea92806e9b934db91f?theme=dark", "https://viz.greynoise.io/ip/analysis/2610b635-c05a-4f28-a112-7278de8fdf9b" ], "public": 1, "adversary": "TA413 proposed (06.08.24), Callisto, APT38, APT 28/29 - too much time too many problems", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Healthcare", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 57, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7132, "hostname": 3118, "URL": 4909, "email": 20, "FileHash-SHA256": 2144, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 17381, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6821a0636fd8ecc5cab46ae0", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams | Infoblox", "description": "", "modified": "2025-05-12T07:16:51.783000", "created": "2025-05-12T07:16:51.783000", "tags": [ "strong", "april", "february", "figure", "november", "january", "march", "december", "september", "august", "june", "facebook", "cloud", "malspam", "malware", "contact", "tools", "speed", "protect", "service", "leverage", "polish", "meta", "form" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 1, "domain": 84, "hostname": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 263, "modified_text": "343 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68219035eb085df1baa61a16", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "", "modified": "2025-05-12T06:07:49.216000", "created": "2025-05-12T06:07:49.216000", "tags": [ "cloaking", "facebook ads", "dns abuse", "web forms", "tds", "rdga", "investment scams" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1606", "name": "Forge Web Credentials", "display_name": "T1606 - Forge Web Credentials" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "681446ee4f48e3d83ece3b9c", "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 263, "modified_text": "343 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681a1a760e587a481aefee0d", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams | Infoblox", "description": "", "modified": "2025-05-06T14:19:34.327000", "created": "2025-05-06T14:19:34.327000", "tags": [ "strong", "april", "february", "figure", "november", "january", "march", "december", "september", "august", "june", "facebook", "cloud", "malspam", "malware", "contact", "tools", "speed", "protect", "service", "leverage", "polish", "meta", "form" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 1, "domain": 84, "hostname": 4 }, "indicator_count": 92, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "348 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "681446ee4f48e3d83ece3b9c", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "", "modified": "2025-05-02T04:15:42.824000", "created": "2025-05-02T04:15:42.824000", "tags": [ "cloaking", "facebook ads", "dns abuse", "web forms", "tds", "rdga", "investment scams" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1606", "name": "Forge Web Credentials", "display_name": "T1606 - Forge Web Credentials" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "68130bac610fc8ffac1ee5a3", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 263, "modified_text": "353 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68130bac610fc8ffac1ee5a3", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "", "modified": "2025-05-01T05:50:36.555000", "created": "2025-05-01T05:50:36.555000", "tags": [ "cloaking", "facebook ads", "dns abuse", "web forms", "tds", "rdga", "investment scams" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1606", "name": "Forge Web Credentials", "display_name": "T1606 - Forge Web Credentials" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": "68114334e4803d326e4dd5fd", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 263, "modified_text": "354 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "553 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6660c1268a1f430e17236b55", "name": "Python: OVSAgentServer Document (autofilled name)", "description": "Here is the full text of the Vuze-dht-info script, which is written by \"Patrik Karlsson\" and followed by the following:-1-2-3. (Autofilled). This was pulled from a Windows 11 Hidden Folder from UAlberta Sample Device.", "modified": "2024-07-24T20:04:38.074000", "created": "2024-06-05T19:48:54.286000", "tags": [ "vuze", "dht service", "force", "port", "port state", "service version", "transaction id", "connection id", "vendor id", "azureus", "methods", "function", "method", "performs", "uri path", "same", "nmap", "see https", "buffer", "http post", "xdmcp", "session id", "mitmagiccookie1", "authorization", "displayid", "x display", "su p", "service", "patrik karlsson", "x server", "code", "xopendisplay", "checks", "tcp port", "xhost", "list", "host", "null", "retrieves", "wsdiscovery", "framework", "message id", "device wprt", "patrik", "author", "example", "john foo", "athens", "attiki", "domain name", "attempts", "service reason", "support", "active", "error", "false", "t3 protocol", "extrainfo", "weblogicversion", "t3 rmi", "daniel miller", "weblogic", "note", "cvss score", "isc bind", "todo", "cvss", "cpes", "sv output", "limit cves", "dot com", "mark", "elem", "stripnull", "wind debug", "wind river", "systems vxworks", "debug service", "boot line", "wdbprocedure", "agent", "vulnerable", "metasploit", "target", "seqnum", "vtam", "logon", "tn3270", "applid", "ibmtest", "cics", "dominic white", "tn3270 screen", "folder", "soldier", "path", "screen", "server", "cluster", "name", "http port", "admin port", "voldemort", "persistence", "driver", "apple remote", "desktop", "sasl", "aten", "vnc auth", "tries", "vnc server", "libvncserver", "bypass", "tight auth", "security", "mac os", "x security", "daemon", "220 vmware", "pass", "connectionpool", "xmpp", "login", "plain", "jabber", "soap api", "server version", "build", "os type", "product line", "header", "queries", "vmware server", "esxi", "vasto", "this", "body", "problem", "xmlns", "dns name", "tigase", "registration", "tonumber", "mlink", "connects", "citadel", "inside", "administrator", "root path", "database path", "sat mar", "version", "extracts", "versant object", "databases", "urls", "sniffed", "require", "sniffs", "http traffic", "ip address", "script output", "interface", "controls", "upnp service", "thomas buchanan", "table", "thisdb", "iana", "string", "arin", "boolean true", "comp", "meta", "trim", "actions", "openssh", "postfix smtpd", "msrpc", "runs", "comm", "prot", "group", "head", "admin", "phan", "ventrilo udp", "totpck", "totlen", "win32", "ping", "raid", "formats", "idera uptime", "intel", "gets", "domain", "arch", "linux", "smp fri", "x8664 x8664", "gnulinux", "info", "tso user", "user id", "userid", "tso logon", "valid user", "data", "nse object", "fakeuser", "razor", "blade", "plague", "tlvvalue", "ubiquiti", "probev1", "bb i2", "probev2", "tom sellers", "hidden", "zzzzz", "ooooo ssss", "enter", "fortran", "user", "skipped", "zero", "cool", "final", "scriptname", "ticketbleed", "tls session", "high", "tls stack", "hello", "done", "tls npn", "connection", "tls server", "npn extension", "spdy4a4", "spdy3", "hani benhabiles", "alpnname", "tls alpn", "client hello", "alpndone end", "alpn protocol", "filenotfound", "requesterror", "filefound", "enumerates", "tftp", "cisco", "script", "unknown", "kml file", "google earth", "geolocation", "italy", "getvalue", "rtt address", "sweden", "activetelnet", "hosttest2", "negotiate", "ntlm", "ntlmssp message", "netbios", "dnsdomainname", "dnscomputername", "dnstreename", "teamspeak", "udp packet", "cowclans", "service info", "traceroute scan", "hops", "inserts", "nmap scanning", "henri doreau", "nmap xml", "attribute", "loads", "address type", "ipv4", "ipv6", "filename", "telnet server", "freebsd", "option", "determines", "exploit", "linux advisory", "telnet", "default", "nick nikolaou", "make", "status", "driver object", "verdict", "target object", "telnet host", "telnet port", "password", "usersegs", "prefijo", "tablapalabras", "direccion", "prefixaux", "userright", "ipv6bin", "filler", "first", "iface", "ipv6 address", "targetstr", "slaac", "ipv6 host", "icmpv6 router", "advertisement", "nd host", "ipv6 stateless", "david fifield", "cidr notation", "bond", "simplified", "bsd license", "srcmac", "sends", "icmpv6 packet", "weilin", "icmpv6 echo", "svn server", "username", "crammd5", "helper", "result", "ipaux", "ipv6user", "ipv6network", "grantotal", "ipv6 subnet", "ipv4sub", "sslv2", "matthew boyle", "stuxnet", "infected", "stuxnetpaths", "stuxnetuuid", "stuxnetversion", "rpcgetversion", "smb session", "stuxnet service", "stdnse", "check", "secure socket", "https layer", "sstp traffic", "current sstp", "seil", "snippet", "ipmi", "exploitable", "output file", "calderon", "openssl", "heartbleed bug", "eof receiving", "match", "fingerprintfile", "ssl certificate", "littleblackbox", "apt1", "specify", "drown", "cve20160800", "sslv2 protocol", "tls ciphertext", "cve20153197", "cve20160703", "rsa data", "rfc1918", "ssl service", "issuer", "x509v3", "reports", "x509v3 subject", "steve benson", "sslv3", "ccs injection", "timeout", "ccs packet", "ssltls mitm", "protocol", "sweet32 attack", "ciphersuite", "chunksize", "gethellotable", "broken cipher", "find", "compressor", "format", "certificate", "pem return", "public key", "pcall", "delaware", "san jose", "california", "paypal", "accepted public", "keys", "checking key", "found", "connect", "actionend end", "specifies", "devin bjelland", "sshv1", "ssh server", "ssh protocol", "brandon enright", "modp group", "dsa group", "length", "diffiehellman", "ffffffff", "fromhex", "c4c6628b", "f25f1437", "e485b576", "generator", "tls port", "tls host", "tls serverhello", "unix timestamp", "jacob appelbaum", "returns", "poodle", "tlsfallbackscsv", "cve20143566", "ssl poodle", "ssl protocol", "authentication", "authenticated", "output", "privatekeyfile", "passphrase", "command", "ssh2 server", "kris katterjohn", "key comparison", "shows ssh", "md5 fingerprint", "ascii art", "matches", "sven klemm", "piotr olma", "socks proxy", "socks version", "guest", "iusredusrv011", "iwamedusrv011", "support388945a0", "tomcat", "socks", "snmp v1", "jetdirect", "jd117", "cidate", "system uptime", "security update", "windows media", "player", "windows server", "apache tomcat", "domain names", "mitigation apis", "kb911564", "kb924667v2", "kb925398", "explorer", "db2copy1", "lookup service", "application", "cryptographic", "db2das", "db2das00", "apache", "dcom", "launcher", "webapps", "value", "windows shares", "system idle", "process", "users", "system", "mib oids", "huawei", "hph3c locally", "snmp", "enterprisenums", "snmpv3 server", "security model", "snmpv3 get", "enterprise", "snmp community", "nextcommunity", "argument", "add ipv6", "vikas singhal", "serveraddress", "tftp server", "copystatus", "cisco router", "snmp rw", "fail", "config", "layer", "channel", "rfc3635", "ieee", "mac address", "obsolete", "generic", "voice", "prop", "terminal", "team", "test", "request", "joao correa", "mail server", "smtp", "diman todorov", "cyrus sasl", "auth", "postfix smtp", "authvuln", "cve20111720", "digestmd5", "activesmtp", "ehlo", "per rfc", "tls connection", "continue", "smtp ntlm", "ethernet", "macosx", "marek majkowski", "tiger", "rcpt", "vrfy", "expn", "socket", "user name", "mail from", "rcpt to", "duarte silva", "windows", "ron bowes", "vista", "srvsvc function", "wireshark", "p u137", "help", "ntlm login", "arturo buanzo", "busleiman", "lf line", "extended", "turn", "dkim", "exim", "exim server", "mail", "cve20111764", "exim daemon", "dkim format", "exim smtp", "webexservice", "handle", "runcommand", "windows account", "open", "cve20104344", "cve20104345", "sendrecv", "debianexim", "exim version", "could", "remote code", "webexec", "doesnotexist", "patched", "microsoft", "case", "msrc8742", "u137", "t139", "index", "define", "smtp server", "i2 i2", "microsoft smbv1", "reserved", "eternalblue", "wannacry", "ipc tree", "windows xp", "print spooler", "vulnerability", "lanman api", "september", "printer spooler", "stuxnet worm", "shareddocs", "smb server", "xp sp2", "windows vista", "gold", "smb request", "smb packet", "bsod", "dns server", "ms07029", "rpc interface", "rpc service", "notup", "server service", "execution", "ras rpc", "ms06025", "remote access", "rras", "rras memory", "routing", "systemroot", "reggetvalue", "installdate", "csdversion", "currentversion", "identifier", "productname", "model", "smbv1", "nt lm", "smbv3", "smbv2", "groups", "builtin", "account lockout", "samr", "connect4", "enumdomains", "invite", "options", "subscribe", "sip server", "cancel", "refer", "notify", "option request", "entry", "message signing", "smb security", "lmv2", "ntlmv2", "ms08068", "cve20093103", "process id", "advisory", "smbv2 protocol", "vista gold", "high header", "loop", "address", "reply", "ttl64", "comment", "ms08067", "conficker", "printer", "text", "service rpc", "lanman", "later", "service pack", "fqdn", "standard", "computer name", "sql2008", "workgroup", "servertypes", "typenames", "mssql server", "time capsule", "backup browser", "dfs root", "master browser", "sql server", "settings", "inetpub", "size time", "normal user", "description", "close", "bind", "clean", "infected2", "scanner", "namewin32", "read", "current user", "type", "readwrite", "usercanwrite", "current", "default share", "stypeipchidden", "write", "trojan", "changeddate", "names", "sids", "servicepaused", "servicestopped", "servicerunning", "gateway service", "manager", "shadow copy", "provider", "remote desktop", "tools", "spooler", "id process", "bytessec", "operationssec", "bytes", "pid ppid", "daniel", "rids", "homegroupuser", "windows system", "aliases", "lists", "double pulsar", "smb backdoor", "pulsar smb", "backdoor", "b i2", "luke jennings", "valid", "hostinfo", "invalidpassword", "userlist", "userlistindex", "blank", "third", "windows smb", "smb2 protocol", "smb2", "startdate", "starttime", "boot time", "date", "vuln", "securitymode", "smb2smb3", "file system", "leasing", "smbv2 server", "skype", "skype version", "skype author", "probes", "extension value", "number", "register sip", "file", "sip session", "true", "ekiga", "home", "user agent", "sip from", "request source", "request sip", "shodanapi key", "shodan", "shodan api", "sn pn", "apache httpd", "proto", "product parent", "xmltotext", "sunw", "instance urn", "product version", "product urn", "product defined", "instance id", "cpus", "probe", "xport", "samba", "samba heap", "cve20121182", "pidl", "zdican1503", "msrpc call", "szl request", "sendreceive", "offset", "siemens s7", "action", "plcscan", "copyright", "module type", "idle", "user on", "from since", "commondirs", "cve20177494", "payloadx86", "payloadx64", "samba remote", "rtsp", "rtsp urls", "describe", "setup", "play", "teardown", "roca", "detects", "return", "ssltls", "nse library", "pop3", "capa command", "user capa", "respcodes uidl", "pipelining stls", "top sasl", "rpc program", "rpc port", "sendpacket", "receivepacket", "rpc number", "rpc protocol", "host table", "port table", "winpcap", "getinfo", "pro1000 mt", "desktop adapter", "hamachi virtual", "winpcap remote", "capture daemon", "password1", "rmi registry", "tcclassdesc", "flags", "field count", "tcnull", "tcblockdata", "oraclesun", "custom data", "classpath", "java management", "custom", "martin holst", "swende", "performs brute", "unix rlogin", "unix", "item", "node name", "crypto version", "skerl version", "os mon", "basho version", "lager version", "cluster info", "luke version", "sasl version", "time", "odd response", "make sure", "diff", "unix rexec", "horizontal", "hostaction", "architecture", "filter", "redis", "realvnc", "cve20062369", "adderlink ip", "send", "cvssv2", "medium", "tpdu", "cve20120002", "ms12020 remote", "risk factor", "w2016", "credssp", "ntlmssp", "w16gasrv01", "success", "security layer", "early user", "rdstls", "rdp encryption", "fips", "rdp protocol", "knownprotocols", "wolfenstein", "enemy territory", "nexuiz", "quake iii", "arena", "openarena", "basic options", "other options", "getstatus", "statusresp", "quake3 game", "toni ruottu", "delay", "tcp packet", "maximum number", "mean", "numtrips", "delta", "qnx qconn", "qconn daemon", "root", "brendan coles", "puppet ca", "puppet naive", "csrs", "dummycsr", "defaultnode", "defaultenv", "paths", "response", "puppet server", "firmware", "pptp", "rt57i author", "activepop3", "pop3 ntlm", "pop3test2", "apop", "pop server", "pop3 account", "printer job", "language", "pjlreadymessage", "aaron leininger", "prev", "rstart", "ssl support", "force protocol", "ssl encryption", "plc type", "model number", "firmware date", "pcworx message", "nse script", "pcworx", "program", "phoenix contact", "pcanywhere", "xorkey", "mtus", "ipprotoudp", "ipprototcp", "pmtu", "pathmtuprobe", "path mtu", "drop", "hash", "key1", "seed", "noise", "oracle virtual", "server agent", "python", "http get", "basehttp", "virtual server", "get request", "oracle tns", "errcodes", "decodevsnnum", "decodes", "vsnnum version", "tns header", "tns packet", "unit size", "oracle", "checkaccount", "count", "oracle user", "october", "critical patch", "maxretries", "defaultaccounts", "dhiru kholia", "authvfrdata", "account", "device type", "uptime", "nack", "kernel version", "device", "mask", "alarm", "bad login", "nson", "openlookup", "arizona", "nson int", "parsefloat", "parses", "paradise", "ofpthello", "openflow", "initial packet", "newer", "jay smith", "mak kolybabi", "size", "memory card", "response code", "omron fins", "system use", "program area", "iom size", "expansion dm", "openvas manager", "target hosts", "firewall", "hosts", "nrpeprotocols", "warning", "nrpestates", "nrpecommands", "crc32constants", "i2 i4", "queries nagios", "remote plugin", "executor", "critical", "nepclientmacid", "serverhslen", "finalhslen", "nping echo", "echo mode", "activenntp", "nntp", "nntptest2", "ohost", "rhost", "job entry", "ohostrhost", "nje server", "nje password", "nje node", "mountpath", "nfsopen", "filesystem", "blocksize", "shows nfs", "showmount", "rpc query", "rpc library", "mount", "read lookup", "getattr", "readdirplus", "lookup", "delete", "loginresponse", "nexpose nsc", "netbuster", "netbus", "extends", "sv p", "defaultfields", "ntp server", "refid", "stratum", "network time", "reference", "applications", "log traffic", "volume", "wave", "synth", "netbus backdoor", "access", "netbus server", "nessus web", "nessus", "network data", "ndmp", "nas device", "amanda", "bacula", "ca arcserve", "commvault", "simpana", "emc networker", "exec", "device0000", "os version", "novell netware", "core protocol", "server name", "tree name", "windows2003", "skullsecurity", "netbios user", "netbios mac", "vmware", "servername", "workstationname", "netbios ns", "hewlett packard", "andrey zhukov", "ussc", "exported block", "readonly", "negotiation", "displays", "network block", "device protocol", "nbd server", "maps", "wan port", "nat port", "natpmp", "successfully", "wan ip", "apple airport", "natpmp protocol", "express", "extreme", "apple time", "capsule", "ddwrt", "mysql", "mariadbmysql", "mysqlmariadb", "mariadb", "cve20122122", "select distinct", "mysql database", "select host", "autocommit", "thread id", "support41auth", "mysql error", "mysql server", "kingcope", "dumps", "john", "ripper", "appropriate db", "review", "adminaccounts", "cis mysql", "skip", "create user", "verify", "super", "shutdown", "reload", "murmur", "udp port", "murmur server", "murmur service", "nmap service", "udp probe", "tcp service", "i4 i4", "igmp traceroute", "query", "source address", "static", "multicast group", "fwdcode", "library", "configuration", "enabled", "dns suffix", "dbcount", "tablecount", "select", "microsoft sql", "activesql", "dbtest2", "disconnect", "rslimit", "host script", "port script", "sql servers", "getname", "servers", "objectid", "select name", "from", "johntheripper", "dump", "dac port", "browser service", "dedicated admin", "dac feature", "sqlserver", "sql mail", "database mail", "dmo xps", "login success", "policy agent", "dhcp client", "lrpc endpoint", "msrpc endpoint", "remote fw", "dvmrp ask", "neighbors", "dvmrp", "neighbor", "igmp", "dvmrp code", "iterate", "major", "publish", "mqtt broker", "sanity", "mqtt", "indicate", "mqtt protocol", "topic", "connack", "mongodb build", "server status", "mongodb", "database", "error message", "httpstorage", "gateway target", "modbus", "to response", "formrsid", "illegal data", "slave device", "scada modbus", "scada", "switchmode", "mobile mouse", "os x", "attempted", "rpa tech", "connected30", "api routeros", "xmlreq", "methodname", "param", "methodcall", "metasploit rpc", "xdax00x20", "ruby version", "api version", "gathers", "api guide", "host name", "reqid", "stat", "nodes", "hostname", "mnesia version", "stdlib version", "auth failure", "agentguid", "didier stevens", "msie", "start", "mcafee epolicy", "eposerver", "instroot", "sap max", "dbmserver", "tn3270e", "unit", "tn3270e server", "logical unit", "macdst", "cadmus computer", "host id", "ipv4 address", "icon image", "repeater ap", "lineage", "printervidpid", "lexmark s302", "hbn3", "lexmark", "dcnet", "dccqure", "cnusers", "ldap", "qfilter", "dcfunctid", "cnconfiguration", "dcfunc", "cnschema", "cnservers", "ocqure", "nmas get", "allow admin", "ldap username", "ldap password", "cnadmin", "cnpaka", "login correct", "openldap", "ldap base", "ad discussion", "kerberos realm", "kerberos", "krb5", "asn1encoder", "realm", "knx address", "knxdibknxmedium", "knx gateway", "knx description", "din en", "http", "niklaus schiess", "java debug", "wire protocol", "jdwp", "java", "internet", "michael schierl", "method run", "java class", "b i8", "sat aug", "daylight time", "portal", "name service", "isns", "auth reason", "collects", "receive", "irc server", "d p6667", "e binsh", "vv localhost", "authenticate", "cap req", "internet relay", "chat", "imap", "imap4rev1", "imap4 literal", "blocked", "nick", "none", "motd", "nquitn", "stats", "lusers", "pingpong", "nmap brutern", "rxbot", "agobot", "slackbot", "mytob", "rbot", "sdbot", "ircbot", "vanbot", "gtbot", "spybot", "storm", "knx search", "device mac", "knxhpaiport", "knxdibdevmac", "discovers", "ipv6 suffix", "cpu usage", "cisco ios", "november", "netscreen", "qtypenodename", "qtypenoop", "qtype", "stringify", "ipv6 node", "qtypestrings", "stevecasner", "ff02000000", "20060921", "19941101", "kanglee", "20070202", "ff0x000000", "discovery", "ssdp", "passauth", "userauth", "conninfo", "channel auth", "claudiu perta", "rakp cipher", "ipmi interface", "cipher zero", "state service", "ipmi rpc", "aggressive mode", "vpngroup", "main mode", "ikeresponse", "ike service", "main", "hybrid", "testfr", "startdt", "asdu address", "getasdu", "cicna1", "iec104", "startdt act", "meeina1", "cicna1broadcast", "ip id", "ip ids", "numprobes", "shortport", "sslcert", "https", "iphttps", "city", "islands", "republic", "united", "startpos", "philadelphia", "recordbuf", "char", "jackson", "download", "dayton", "hill", "terre", "austin", "rouge", "green", "phoenix", "rapid", "diego", "vegas", "albania", "armenia", "belarus", "cuba", "indonesia", "lucia", "mexico", "panama", "paraguay", "slovakia", "chad", "uruguay", "april", "placemark", "point", "nmap registry", "required", "google maps", "api key", "google map", "premium", "google static", "maps api", "png8", "bing maps", "bing map", "road", "rest api", "rest", "jpeg", "fremont", "apikey", "a sting", "new jersey", "icmp echo", "lan host", "icmp", "nmap host", "information", "results", "dbinfo", "ibm informix", "dynamic server", "select first", "dbhostname", "full", "driver class", "client name", "impress version", "remote server", "impress remote", "remote pin", "firefox os", "clientname", "bruteforce", "activeimap", "ntlm challenge", "starttls", "socket receive", "imap ntlm", "istag", "resptbl", "icap service", "icap", "echo", "echo demo", "urlcheck demo", "udp iax2", "revision", "control frame", "poke request", "voip", "ferdy riphagen", "asterisk iax2", "xssedsite", "xssedsearch", "xssedfound", "xssedfixed", "xssedmirror", "xssedurl", "vlc streamer", "developer", "user guides", "increase", "base path", "ange gutek", "peter hill", "search", "wordpressapiurl", "wp root", "wordpress", "defaultwpuri", "initial check", "default uri", "default uservar", "default passvar", "webdav", "propfind", "copy", "move", "post", "proppatch", "trace", "server header", "modsecurity", "webknight", "binarysec", "cloudflare", "bigip", "xml gateway", "airlock", "profense", "netscaler", "idsipswaf", "web application", "attackvectorsn1", "wafidsips", "barracuda", "phpids", "latest", "paul amar", "rob nicholls", "rompager", "andrew orr", "bid71744 cve", "wordpress rest", "injection", "sql injection", "joomla", "regexpsuccess", "sql statement", "mysql user", "python script", "intel active", "params", "cve20175689", "bid98269", "nonce", "apache struts", "cve20175638", "http method", "url path", "ms15034", "http protocol", "system account", "groovy", "elasticsearch", "rce exploit", "java version", "json", "cve20151427", "wordpress cm", "php code", "cm download", "manager plugin", "cve20148877", "php system", "drupal core", "drupal", "auth sql", "title", "formid", "cisco asa", "sip denial", "sip inspection", "cisco adaptive", "software", "bug id", "cscuh44052", "ssl vpn", "clientless ssl", "vpn session", "asdm privilege", "asdm access", "cscuj33496", "minor", "zimbra", "ajxmsg", "zmsg", "zmmsg", "ajxkeys", "zmkeys", "zdmsg", "december", "file inclusion", "concept", "url redirection", "web server", "referer header", "cve20136786", "xss injection", "rails", "ruby", "cve20130156", "cdata", "yaml", "parameter", "denial", "cve20121823", "web development", "html", "phpcgi", "reverse proxy", "apache http", "contextis", "lan ip", "security bypass", "bid49957", "proxy", "apache web", "head request", "pt80443", "bid49303", "coldfusion8", "hmac", "salt", "http server", "sha1 hmac", "traversal", "bid42342", "coldfusion", "cve20100738", "jboss target", "path2", "array", "object", "services", "blazeds", "livecycle data", "adobe xml", "external entity", "livecycle", "webmin", "usermin", "cve20063392", "webmin file", "disclosure", "cve20093733", "vmware path", "vmware esx", "tony flick", "shmoocon", "sha1", "sha256", "eicar test", "resource", "virustotal", "eicartestfile", "readfile", "searches", "http response", "identify", "characters", "spiders", "xfoo", "evoxabout", "trane tracer", "trane", "tracer sc", "hwver12ab", "airhandler", "xxxxx", "normalizepath", "depth", "http1", "http trace", "uri author", "tplink wireless", "wr740n", "wr740nd", "wr2543nd", "confirmed", "wr842nd", "wa901nd", "wr941n", "wr941nd", "scanme", "displaytitle", "wikipedia", "repository uuid", "repository root", "node kind", "elements", "url relative", "author count", "unfiltered", "crawls", "posts", "field", "phase", "crawler", "html escaping", "posted data", "form", "html title", "twitter", "xfwd", "otherwise", "mfctearsample", "phpcrawl", "httplibs", "nmap scripting", "engine", "snoopy", "zendhttpclient", "change", "status code", "eddie bell", "timewith", "bestopt", "slowloris dos", "slowloris", "halfhttp", "dos attack", "timewithout", "threadcount", "timelimit", "dosed", "monitor", "threads", "sendinterval", "servernotice", "stopall", "reason", "ubuntu", "request type", "cookie", "referer", "shellshock", "http shellshock", "http header", "sending", "setcookie", "deny", "hsts", "cachecontrol", "pragma", "xss filter", "will", "uris", "sandbox", "sap netweaver", "sap instance", "km unit", "disabled", "robtex", "robtex service", "add list", "discount", "nwshp news", "relpage", "univ cobrand", "url default", "august", "informs", "qweb server", "ssl port", "photo station", "device model", "firmware build", "force ssl", "v2 web", "network video", "music", "uploads", "http put", "http proxy", "shared", "phpself", "reflected cross", "site scripting", "phpselfprobe", "local file", "inclusion", "exploitquery", "defaultfile", "defaultdir", "remote file", "basepath", "passwd", "etcpasswd", "query string", "printing", "multi", "http redirect", "valid http", "pattern", "joao", "activeweb", "telme", "http ntlm", "android", "khtml", "gecko", "http verb", "vulnerable uri", "allow", "safemethods", "public", "public header", "unsafemethods", "balancer", "jvmroute", "lbgroup", "sticky", "jsessionid", "remove", "stisvc", "looks", "denis", "majordomo2", "cve20110049", "michael brooks", "web page", "pierre lalet", "litespeed web", "cve20102333", "http request", "joomla web", "internal ip", "leaked", "host header", "microsoft iis", "jsonp", "jsonp endpoint", "policy", "vinamra bhatia", "gosingle", "root folder", "iis document", "research paper", "apple id", "apple mobileme", "find my", "iphone", "macbook air", "wifi", "mobileme web", "mac mini", "hp ilo", "productid", "uuid", "xmldata", "xml file", "builtinpatterns", "validate", "azaz09", "email", "group1", "google", "safe browsing", "sign", "git revision", "project author", "span", "git repository", "trunclength", "jboss", "statusok", "rails web", "jboss java", "location", "look", "insert", "michael kohl", "citizen428", "frontpage", "frontpage login", "path prefix", "atm anything", "uservar", "passvar", "stop", "mime", "content", "uploadrequest", "exploits", "mime type", "destination", "separator", "trying path", "maxpagecount", "feeds", "feedsrefs", "please", "atom", "reads", "wd2500js60mhb1", "md5 hash", "element", "socialtext", "http default", "nasl script", "ftp server", "ftp login", "gutek", "tagtable", "gpstagtable", "gpstaglatitude", "tagmake", "tagmodel", "tagdatetime", "taggpsinfo", "gpstaglongitude", "flash", "speed", "error code", "checkdir", "general", "views", "pppoe", "echolife hg530", "huawei hg5xx", "boolean", "hg530x", "direct path", "modules", "themes", "token", "id file", "input", "jim brass", "warrick brown", "martin", "jsfuncpatterns", "jscallspatterns", "xss occur", "javascript", "please note", "dlink", "dir120", "di624s", "di524up", "di604s", "di604up", "di604", "tmg5240", "ascii", "genericlines", "landeskrc", "tlssessionreq", "getrequest", "httpoptions", "lpdstring", "weird", "consumingdetect", "html content", "rapiddetect", "html code", "callback", "django", "missing", "nagios", "cactiez", "logincombos", "httplike", "csrf", "form id", "form action", "cross site", "adobe flash", "adobe reader", "silverlight", "crossdomain", "forgery", "granto", "origin", "sharing", "cors", "get post", "options author", "patch", "examines", "specific url", "specific cookie", "grepphp", "mediawiki", "generic backup", "patterns", "line number", "maximum value", "cf version", "fri mar", "xmltags", "anyconnect", "cisco ssl", "ddos", "pngiconquery", "gificonquery", "stylesheetquery", "vendorsquery", "cakephp version", "cakephp visit", "hostip", "alpha", "bigipserver", "f5 bigip", "seth jackson", "spam", "virus firewall", "barracuda spam", "api password", "mta sasl", "gateway", "dns cache", "shadow", "apache axis2", "axis2services", "defaultpath", "axis2 service", "awstats totals", "defaultcmd", "defaulturi", "sort", "common", "awstats total", "avaya ip", "office", "office user", "listing", "office voip", "basic", "digest", "router", "unauthorized", "debug", "http debug", "debug request", "response body", "apache server", "apache version", "common default", "google adsense", "amazon", "site", "grabs", "adsense", "magicuri", "gethostname", "finds", "sheila berta", "hostmapserver", "vendor", "gatewaywithwifi", "ingraham", "linksys", "linksys e1200", "e1200", "hbase", "hbase version", "hbase compiled", "quorum", "apache hbase", "hadoop database", "wed may", "hadoop", "http status", "logs", "apache hadoop", "hadoop version", "checkpoint size", "checkpoint", "capacity", "non dfs", "datanodes", "live", "dead", "wed sep", "cest", "line", "state", "datanode http", "log directory", "watch", "gps time", "gpsd network", "sat apr", "gopher", "taxf", "tax forms", "load", "network", "transmitted", "mount point", "fs type", "gkrellm service", "size available", "goodbye", "corba naming", "ganglia", "ganglia version", "owner", "proftpd", "proftpd server", "cve20104221", "telnet iac", "telnetiac", "telnetkill", "cmdshellid", "shell command", "cve20112523", "syst", "mode", "no data", "syst error", "logged", "stream", "cmdshell", "send command", "opie", "cve20101938", "ftpd", "arciemowicz", "adam", "zabrocki", "sergey khegay", "ieuser", "freelancer", "rp server", "freelancer game", "niagara fox", "java hotspot", "server vm", "americachicago", "tridium", "systems", "billy rios", "flume", "environment", "se runtime", "target port", "helperport", "ethernet type", "eric leblond", "ip packet", "probetimeout", "icmp time", "icmp payload", "recvtimeout", "ip ttl", "firewalk", "combo", "cups service", "hp laserjet", "print", "documentation", "cups", "cemt", "access denied", "authorized", "cemt inquire", "dfltuser", "db2conn", "gutek ange", "welcome", "linux version", "fcrdns mismatch", "no ptr", "reverse dns", "ptr record", "address book", "safari", "event protocol", "buddy", "erlang port", "mapper daemon", "x00x01n", "gmbh", "corporation", "limited", "company", "automation", "encoder", "inst", "tips", "tech", "life", "pump", "peap", "eapttls", "eaptls", "eapmschapv2", "identity", "ttls", "mschap", "nbstat", "sshhostkey", "ssh host", "p445443", "win2ksrv001", "server platform", "instance name", "apache derby", "drda protocol", "drda excsat", "sample", "ibm db2", "informix", "get dpap", "ibm lotus", "domino", "mjacksson", "lotus domino", "peak", "console", "release", "windows32", "socketpool", "docker", "docker service", "gitcommit", "parsedomain", "cname", "scripttype", "parsetxt", "bulletproof", "sbl123456", "cn online", "ip range", "zeus botnet", "ztdns", "name ip", "dns update", "kerberos kdc", "change service", "catalog", "argfilter", "kerberos passwd", "ldap servers", "canon", "mg5200 series", "canon mg5200", "ivec", "bjnp protocol", "ftp version", "tcp portarg", "portarg", "dns service", "version196609", "version196616", "ossi0x1f6", "felix groebert", "txid", "duane wessels", "authority rrs", "answer rrs", "answer record", "get txt", "txtlen", "dns recursion", "ogjdvm author", "spoofed reply", "cve20081447", "nsid", "ch txt", "dns nameserver", "ssu p", "dnschars", "nsec", "dnscharsinv", "label", "nsec record", "removesuffix", "result name", "bumpdomain", "nsec response", "easy", "nsec3", "dnssec nsec3", "nsec3 walking", "dnsnsecenum", "getprefixmask", "dns lookup", "ipv6 network", "ipv6 prefix", "noerror", "nxdomain result", "peter", "bool", "slowdown", "launches", "david", "victoria", "halifax", "casper", "barry", "soa expire", "soa refresh", "soa retry", "soa mname", "soa record", "dns check", "refresh", "domains", "timedmultiplier", "timednumsamples", "stddev", "alexadomains", "aaaa", "dns bruteforce", "added target", "resolve", "commfile", "argcategory", "dns antispam", "spam received", "daemon command", "allows", "dict protocol", "show server", "index data", "client", "dicom service", "aet check", "dicom", "acceptreject", "dicom server", "titles", "hence", "dhcpinform", "dhcp request", "dhcp server", "dhcpack", "subnet mask", "dhcp option", "strfixedstart", "listfixedstart", "login error", "dictfixedstart", "db2 server", "transaction", "database server", "nodetype1", "db2commtcpip", "db2inst1", "control center", "db2 packet", "wed mar", "getsessionid", "daapitemlimit", "fever ray", "getdatabaseid", "limit", "daap server", "cvs pserver", "repo", "series", "ubu1110", "raw printer", "stopped", "cups printing", "cupspdf printer", "couchdb", "mochiweb", "admin party", "discard", "couchdb http", "testsuitedb", "testsuitedba", "moneyz", "block", "coap endpoint", "reporting", "payload", "coap", "u5683 su", "analyzes", "clamav", "scan", "scan command", "clamav remote", "citrixsrv01", "citrix xml", "citrix", "ica browser", "citrixsrv02", "anonymous", "notepad", "appdata", "settingkey", "xml service", "must change", "nextuser", "citrix pn", "cics user", "cics login", "cesl", "signon", "on to", "cics id", "valid cics", "cesf", "cesn", "cata", "numtrials", "cccam service", "trial", "cccam dvr", "cassandra", "cluster name", "cassinc", "test cluster", "account success", "manager control", "willing", "device pub", "computer", "wpad", "dhcp", "web proxy", "dhcp discovery", "dns discovery", "wpad host", "wpad file", "machex", "sent wol", "wol packet", "wakes", "mac return", "servicerequest", "model name", "bubbatwo dlna", "justin maggard", "model descr", "debian", "activation code", "tellsticknet", "acca12345678", "inet", "ping request", "sybase anywhere", "netmask", "romm", "firmm", "serial", "macserial", "romversion", "firmwareversion", "sonicwall", "ripng", "ripng response", "ripng request", "ripv2", "ripv2 request", "tags", "pppoe discovery", "pppoed", "ipv4 format", "ip header", "bbi2", "pim hello", "i2i2", "helloraw", "multicast", "pim multicast", "pcduo gateway", "pcduo remote", "srvname", "ospfv2 database", "print ospfv2", "ospfv2 hello", "ospfv2 ls", "area id", "destination mac", "captured ospfv2", "callit", "nbname", "broadcastaddr", "mssqldiscover", "yesno", "decoders", "uport", "hsrp", "dropbox", "server id", "slave port", "jenkins", "argaddress", "jenkinspkt", "jenkins auto", "apache jserv", "protocol server", "pathhelloworld", "hid discoveryd", "eigrp", "internal route", "external route", "max amount", "internal", "dropboxport", "key2", "listens", "nmap target", "dhcpoffer", "clientid", "ip pool", "ipid", "dhcpv6 request", "solicit", "message type", "advertise", "ba9876", "domain search", "db2getaddr", "ubu804db2e", "edusrv011", "devtype", "null udp", "cve20111002", "avahi null", "wait time", "header instance", "bbi2bbi4", "config info", "etherbroadcast", "pataoe", "brantley coile", "total", "nse argument", "dht protocol", "torrentfile", "dht discovery", "serviceproxy", "obtains", "bitcoin server", "prior", "node id", "lastblock", "bitcoin", "bacnet", "sdn bhd", "bacnet packet", "titan", "landis", "carrier", "simplex", "notifier", "walker", "aust", "savant", "monitoring", "energy", "starman", "covenant", "king", "etap", "echelon", "arcom", "vanti", "backorifice", "container", "bocrypt", "boversion", "bohostname", "system info", "magicstring", "ping reply", "pong", "pingpacket", "team cymru", "peer", "amqp", "erlangotp", "rabbitmq", "plain amqplain", "dragomir", "allseeing eye", "team death", "novodondo", "blue", "herox", "different ajp", "jsp test", "options request", "ajp service", "public folder", "shows afp", "utf8 server", "uams", "server flags", "flags hex", "password saving", "copy file", "machine type", "afpversion", "afpx03", "apple mac", "dir method", "maxfiles", "cve20100533", "directory", "afp server", "permission uid", "gid size", "time filename", "parameter error", "netatalk", "apple filing", "formatipv4", "isatap", "server ipv4", "client ipv4", "admin email", "parse daemon", "license", "acarsd" ], "references": [ "scripts", "vuze-dht-info.nse", "xmlrpc-methods.nse", "xdmcp-discover.nse", "x11-access.nse", "wsdd-discover.nse", "whois-domain.nse", "weblogic-t3-info.nse", "vulners.nse", "wdb-version.nse", "vtam-enum.nse", "voldemort-info.nse", "vnc-brute.nse", "vnc-title.nse", "vnc-info.nse", "vmauthd-brute.nse", "xmpp-brute.nse", "vmware-version.nse", "xmpp-info.nse", "versant-info.nse", "url-snarf.nse", "upnp-info.nse", "whois-ip.nse", "unusual-port.nse", "unittest.nse", "ventrilo-info.nse", "uptime-agent-info.nse", "tso-enum.nse", "ubiquiti-discovery.nse", "tn3270-screen.nse", "tso-brute.nse", "tls-ticketbleed.nse", "tls-nextprotoneg.nse", "tls-alpn.nse", "tftp-enum.nse", "traceroute-geolocation.nse", "telnet-ntlm-info.nse", "teamspeak2-version.nse", "targets-traceroute.nse", "targets-xml.nse", "telnet-encryption.nse", "targets-sniffer.nse", "telnet-brute.nse", "targets-ipv6-wordlist.nse", "targets-ipv6-multicast-mld.nse", "targets-ipv6-multicast-slaac.nse", "targets-asn.nse", "targets-ipv6-multicast-invalid-dst.nse", "targets-ipv6-multicast-echo.nse", "svn-brute.nse", "stun-version.nse", "targets-ipv6-map4to6.nse", "sslv2.nse", "stuxnet-detect.nse", "sstp-discover.nse", "supermicro-ipmi-conf.nse", "ssl-heartbleed.nse", "stun-info.nse", "ssl-known-key.nse", "sslv2-drown.nse", "ssl-cert-intaddr.nse", "ssl-ccs-injection.nse", "ssl-enum-ciphers.nse", "ssl-cert.nse", "ssh-publickey-acceptance.nse", "sshv1.nse", "ssl-dh-params.nse", "ssl-date.nse", "ssh-auth-methods.nse", "ssl-poodle.nse", "ssh-run.nse", "ssh2-enum-algos.nse", "ssh-hostkey.nse", "socks-auth-info.nse", "snmp-win32-users.nse", "socks-brute.nse", "snmp-sysdescr.nse", "snmp-win32-software.nse", "snmp-win32-services.nse", "snmp-win32-shares.nse", "ssh-brute.nse", "snmp-processes.nse", "snmp-hh3c-logins.nse", "snmp-info.nse", "snmp-brute.nse", "snmp-ios-config.nse", "snmp-interfaces.nse", "socks-open-proxy.nse", "snmp-netstat.nse", "smtp-strangeport.nse", "smtp-vuln-cve2011-1720.nse", "smtp-ntlm-info.nse", "sniffer-detect.nse", "smtp-enum-users.nse", "smb-server-stats.nse", "smtp-commands.nse", "smtp-vuln-cve2011-1764.nse", "smtp-brute.nse", "smb-webexec-exploit.nse", "smtp-vuln-cve2010-4344.nse", "smb-vuln-webexec.nse", "smb-vuln-regsvc-dos.nse", "smtp-open-relay.nse", "smb-vuln-ms17-010.nse", "smb-vuln-ms10-061.nse", "smb-vuln-ms10-054.nse", "smb-vuln-ms07-029.nse", "smb-vuln-ms06-025.nse", "smb-system-info.nse", "smb-protocols.nse", "smb-flood.nse", "smb-enum-domains.nse", "sip-methods.nse", "script.db", "smb-security-mode.nse", "smb-vuln-cve2009-3103.nse", "smb-psexec.nse", "smb-vuln-ms08-067.nse", "smb-print-text.nse", "smb-os-discovery.nse", "smb-mbenum.nse", "smb-ls.nse", "smb-enum-users.nse", "smb-vuln-conficker.nse", "smb-enum-shares.nse", "smb-enum-sessions.nse", "smb-enum-services.nse", "smb-enum-processes.nse", "smb-enum-groups.nse", "rsync-list-modules.nse", "smb-double-pulsar-backdoor.nse", "smb-brute.nse", "smb2-vuln-uptime.nse", "smb2-time.nse", "smb2-security-mode.nse", "smb2-capabilities.nse", "skypev2-version.nse", "sip-enum-users.nse", "sip-call-spoof.nse", "sip-brute.nse", "shodan-api.nse", "servicetags.nse", "samba-vuln-cve-2012-1182.nse", "s7-info.nse", "rusers.nse", "smb-vuln-cve-2017-7494.nse", "rtsp-url-brute.nse", "rtsp-methods.nse", "rsync-brute.nse", "rsa-vuln-roca.nse", "pop3-capabilities.nse", "rpcinfo.nse", "rpc-grind.nse", "rpcap-info.nse", "rpcap-brute.nse", "rmi-vuln-classloader.nse", "rmi-dumpregistry.nse", "rlogin-brute.nse", "riak-http-info.nse", "rfc868-time.nse", "rexec-brute.nse", "reverse-index.nse", "redis-info.nse", "redis-brute.nse", "realvnc-auth-bypass.nse", "rdp-vuln-ms12-020.nse", "rdp-ntlm-info.nse", "rdp-enum-encryption.nse", "quake3-master-getservers.nse", "quake3-info.nse", "qscan.nse", "qconn-exec.nse", "puppet-naivesigning.nse", "pptp-version.nse", "pop3-ntlm-info.nse", "pop3-brute.nse", "pjl-ready-message.nse", "port-states.nse", "pgsql-brute.nse", "pcworx-info.nse", "pcanywhere-brute.nse", "path-mtu.nse", "p2p-conficker.nse", "ovs-agent-version.nse", "oracle-tns-version.nse", "oracle-sid-brute.nse", "oracle-enum-users.nse", "oracle-brute-stealth.nse", "oracle-brute.nse", "openwebnet-discovery.nse", "openvas-otp-brute.nse", "openlookup-info.nse", "openflow-info.nse", "omron-info.nse", "omp2-enum-targets.nse", "omp2-brute.nse", "nrpe-enum.nse", "nping-brute.nse", "nntp-ntlm-info.nse", "nje-pass-brute.nse", "nje-node-brute.nse", "nfs-statfs.nse", "nfs-showmount.nse", "nfs-ls.nse", "nexpose-brute.nse", "netbus-version.nse", "ntp-info.nse", "netbus-info.nse", "netbus-brute.nse", "netbus-auth-bypass.nse", "nessus-xmlrpc-brute.nse", "nessus-brute.nse", "ndmp-version.nse", "ndmp-fs-info.nse", "ncp-serverinfo.nse", "ncp-enum-users.nse", "nbstat.nse", "nbns-interfaces.nse", "nbd-info.nse", "nat-pmp-mapport.nse", "nat-pmp-info.nse", "mysql-vuln-cve2012-2122.nse", "mysql-variables.nse", "mysql-users.nse", "mysql-query.nse", "mysql-info.nse", "mysql-enum.nse", "mysql-empty-password.nse", "mysql-dump-hashes.nse", "mysql-databases.nse", "mysql-brute.nse", "mysql-audit.nse", "murmur-version.nse", "mtrace.nse", "ms-sql-xp-cmdshell.nse", "ms-sql-tables.nse", "ms-sql-query.nse", "ms-sql-ntlm-info.nse", "ms-sql-hasdbaccess.nse", "ms-sql-empty-password.nse", "ms-sql-dump-hashes.nse", "ms-sql-dac.nse", "ms-sql-config.nse", "ms-sql-brute.nse", "msrpc-enum.nse", "mrinfo.nse", "mqtt-subscribe.nse", "ms-sql-info.nse", "mongodb-info.nse", "mongodb-databases.nse", "mongodb-brute.nse", "modbus-discover.nse", "mmouse-exec.nse", "mmouse-brute.nse", "mikrotik-routeros-brute.nse", "metasploit-xmlrpc-brute.nse", "metasploit-msgrpc-brute.nse", "metasploit-info.nse", "memcached-info.nse", "membase-http-info.nse", "membase-brute.nse", "mcafee-epo-agent.nse", "maxdb-info.nse", "lu-enum.nse", "lltd-discovery.nse", "lexmark-config.nse", "ldap-search.nse", "ldap-rootdse.nse", "ldap-novell-getpass.nse", "ldap-brute.nse", "krb5-enum-users.nse", "knx-gateway-info.nse", "jdwp-version.nse", "jdwp-inject.nse", "jdwp-info.nse", "jdwp-exec.nse", "isns-info.nse", "iscsi-info.nse", "iscsi-brute.nse", "irc-unrealircd-backdoor.nse", "irc-sasl-brute.nse", "imap-capabilities.nse", "irc-info.nse", "irc-brute.nse", "irc-botnet-channels.nse", "knx-gateway-discover.nse", "ipv6-ra-flood.nse", "ipv6-node-info.nse", "ipv6-multicast-mld-list.nse", "ipmi-version.nse", "ipmi-cipher-zero.nse", "ipmi-brute.nse", "ike-version.nse", "iec-identify.nse", "ipidseq.nse", "ip-https-discover.nse", "ip-geolocation-maxmind.nse", "ip-geolocation-map-kml.nse", "ip-geolocation-map-google.nse", "ip-geolocation-map-bing.nse", "ip-geolocation-ipinfodb.nse", "ip-geolocation-geoplugin.nse", "ip-forwarding.nse", "informix-tables.nse", "informix-query.nse", "informix-brute.nse", "impress-remote-discover.nse", "imap-ntlm-info.nse", "imap-brute.nse", "icap-info.nse", "iax2-version.nse", "iax2-brute.nse", "http-xssed.nse", "http-vlcstreamer-ls.nse", "http-wordpress-users.nse", "http-wordpress-enum.nse", "http-wordpress-brute.nse", "http-webdav-scan.nse", "http-waf-fingerprint.nse", "http-waf-detect.nse", "http-vuln-wnr1000-creds.nse", "http-vuln-misfortune-cookie.nse", "http-vuln-cve2017-1001000.nse", "http-vuln-cve2017-8917.nse", "http-vuln-cve2017-5689.nse", "http-vuln-cve2017-5638.nse", "http-vuln-cve2015-1635.nse", "http-vuln-cve2015-1427.nse", "http-vuln-cve2014-8877.nse", "http-vuln-cve2014-3704.nse", "http-vuln-cve2014-2129.nse", "http-vuln-cve2014-2128.nse", "http-vuln-cve2014-2127.nse", "http-vuln-cve2014-2126.nse", "http-vuln-cve2013-7091.nse", "http-vuln-cve2013-6786.nse", "http-vuln-cve2013-0156.nse", "http-vuln-cve2012-1823.nse", "http-vuln-cve2011-3368.nse", "http-vuln-cve2011-3192.nse", "http-vuln-cve2010-2861.nse", "http-vuln-cve2010-0738.nse", "http-vuln-cve2009-3960.nse", "http-vuln-cve2006-3392.nse", "http-vmware-path-vuln.nse", "http-virustotal.nse", "http-vhosts.nse", "http-userdir-enum.nse", "http-unsafe-output-escaping.nse", "http-trane-info.nse", "http-sitemap-generator.nse", "http-trace.nse", "http-tplink-dir-traversal.nse", "http-title.nse", "http-svn-info.nse", "http-svn-enum.nse", "http-stored-xss.nse", "http-traceroute.nse", "https-redirect.nse", "http-useragent-tester.nse", "http-sql-injection.nse", "http-slowloris-check.nse", "http-slowloris.nse", "http-headers.nse", "http-shellshock.nse", "http-server-header.nse", "http-security-headers.nse", "http-sap-netweaver-leak.nse", "http-robtex-shared-ns.nse", "http-robots.txt.nse", "http-rfi-spider.nse", "http-referer-checker.nse", "http-qnap-nas-info.nse", "http-put.nse", "http-proxy-brute.nse", "http-robtex-reverse-ip.nse", "http-phpself-xss.nse", "http-phpmyadmin-dir-traversal.nse", "http-passwd.nse", "http-open-redirect.nse", "http-open-proxy.nse", "http-ntlm-info.nse", "http-mobileversion-checker.nse", "http-method-tamper.nse", "http-methods.nse", "http-mcmp.nse", "http-malware-host.nse", "http-majordomo2-dir-traversal.nse", "http-ls.nse", "http-litespeed-sourcecode-download.nse", "http-joomla-brute.nse", "http-internal-ip-disclosure.nse", "http-jsonp-detection.nse", "http-iis-webdav-vuln.nse", "http-iis-short-name-brute.nse", "http-icloud-sendmsg.nse", "http-icloud-findmyiphone.nse", "http-hp-ilo-info.nse", "http-grep.nse", "http-google-malware.nse", "http-gitweb-projects-enum.nse", "http-git.nse", "http-generator.nse", "http-frontpage-login.nse", "http-form-fuzzer.nse", "http-form-brute.nse", "http-fileupload-exploiter.nse", "http-fetch.nse", "http-feed.nse", "hddtemp-info.nse", "http-favicon.nse", "ftp-anon.nse", "http-exif-spider.nse", "http-errors.nse", "http-enum.nse", "http-drupal-enum-users.nse", "http-huawei-hg5xx-vuln.nse", "http-drupal-enum.nse", "http-domino-enum-passwords.nse", "http-dombased-xss.nse", "http-dlink-backdoor.nse", "fingerprint-strings.nse", "http-devframework.nse", "http-default-accounts.nse", "http-date.nse", "http-csrf.nse", "http-cross-domain-policy.nse", "http-cors.nse", "http-cookie-flags.nse", "http-config-backup.nse", "http-comments-displayer.nse", "http-coldfusion-subzero.nse", "http-cisco-anyconnect.nse", "http-chrono.nse", "http-cakephp-version.nse", "http-brute.nse", "http-bigip-cookie.nse", "http-barracuda-dir-traversal.nse", "http-backup-finder.nse", "http-axis2-dir-traversal.nse", "http-awstatstotals-exec.nse", "http-avaya-ipoffice-users.nse", "http-auth-finder.nse", "http-auth.nse", "http-aspnet-debug.nse", "http-apache-server-status.nse", "http-apache-negotiation.nse", "http-affiliate-id.nse", "http-adobe-coldfusion-apsa1301.nse", "hostmap-robtex.nse", "hostmap-crtsh.nse", "hostmap-bfk.nse", "hnap-info.nse", "hbase-region-info.nse", "hbase-master-info.nse", "hadoop-tasktracker-info.nse", "hadoop-secondary-namenode-info.nse", "hadoop-namenode-info.nse", "hadoop-jobtracker-info.nse", "hadoop-datanode-info.nse", "gpsd-info.nse", "gopher-ls.nse", "gkrellm-info.nse", "giop-info.nse", "ganglia-info.nse", "ftp-vuln-cve2010-4221.nse", "ftp-vsftpd-backdoor.nse", "ftp-syst.nse", "ftp-proftpd-backdoor.nse", "ftp-libopie.nse", "ftp-brute.nse", "ftp-bounce.nse", "freelancer-info.nse", "fox-info.nse", "flume-master-info.nse", "firewall-bypass.nse", "firewalk.nse", "cups-queue-info.nse", "cics-info.nse", "finger.nse", "fcrdns.nse", "eppc-enum-processes.nse", "epmd-info.nse", "enip-info.nse", "eap-info.nse", "duplicates.nse", "drda-info.nse", "drda-brute.nse", "dpap-brute.nse", "domino-enum-users.nse", "domcon-cmd.nse", "domcon-brute.nse", "docker-version.nse", "dns-zone-transfer.nse", "dns-zeustracker.nse", "dns-update.nse", "dns-srv-enum.nse", "bjnp-discover.nse", "banner.nse", "dns-service-discovery.nse", "dns-recursion.nse", "dns-random-txid.nse", "auth-spoof.nse", "dns-random-srcport.nse", "dns-nsid.nse", "dns-nsec-enum.nse", "dns-nsec3-enum.nse", "dns-ip6-arpa-scan.nse", "dns-fuzz.nse", "dns-client-subnet-scan.nse", "dns-check-zone.nse", "dns-cache-snoop.nse", "dns-brute.nse", "dns-blacklist.nse", "distcc-cve2004-2687.nse", "dict-info.nse", "dicom-ping.nse", "dicom-brute.nse", "dhcp-discover.nse", "deluge-rpc-brute.nse", "db2-das-info.nse", "daytime.nse", "daap-get-library.nse", "cvs-brute-repository.nse", "cvs-brute.nse", "cups-info.nse", "creds-summary.nse", "couchdb-stats.nse", "couchdb-databases.nse", "coap-resources.nse", "clock-skew.nse", "clamav-exec.nse", "citrix-enum-servers-xml.nse", "citrix-enum-servers.nse", "citrix-enum-apps-xml.nse", "citrix-enum-apps.nse", "citrix-brute-xml.nse", "cics-user-enum.nse", "cics-user-brute.nse", "cics-enum.nse", "cccam-version.nse", "cassandra-info.nse", "cassandra-brute.nse", "broadcast-xdmcp-discover.nse", "broadcast-wsdd-discover.nse", "broadcast-wpad-discover.nse", "broadcast-wake-on-lan.nse", "broadcast-versant-locate.nse", "broadcast-upnp-info.nse", "broadcast-tellstick-discover.nse", "broadcast-sybase-asa-discover.nse", "broadcast-sonicwall-discover.nse", "broadcast-ripng-discover.nse", "broadcast-rip-discover.nse", "broadcast-pppoe-discover.nse", "broadcast-ping.nse", "broadcast-pim-discovery.nse", "broadcast-pc-duo.nse", "broadcast-pc-anywhere.nse", "broadcast-ospf2-discover.nse", "broadcast-novell-locate.nse", "broadcast-networker-discover.nse", "broadcast-netbios-master-browser.nse", "broadcast-ms-sql-discover.nse", "broadcast-listener.nse", "broadcast-jenkins-discover.nse", "ajp-headers.nse", "broadcast-hid-discoveryd.nse", "broadcast-eigrp-discovery.nse", "broadcast-dropbox-listener.nse", "broadcast-dns-service-discovery.nse", "broadcast-dhcp-discover.nse", "broadcast-dhcp6-discover.nse", "broadcast-db2-discover.nse", "broadcast-bjnp-discover.nse", "broadcast-avahi-dos.nse", "broadcast-ataoe-discover.nse", "bittorrent-discovery.nse", "bitcoinrpc-info.nse", "bitcoin-info.nse", "bitcoin-getaddr.nse", "bacnet-info.nse", "backorifice-info.nse", "backorifice-brute.nse", "auth-owners.nse", "asn-query.nse", "amqp-info.nse", "allseeingeye-info.nse", "ajp-request.nse", "ajp-methods.nse", "ajp-brute.nse", "ajp-auth.nse", "afp-showmount.nse", "afp-serverinfo.nse", "afp-path-vuln.nse", "afp-ls.nse", "afp-brute.nse", "address-info.nse", "acarsd-info.nse", "https://seclists.org/nmap-dev/2011/q4/420", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 107, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 288, "FileHash-MD5": 52, "URL": 218, "hostname": 180, "email": 33, "CIDR": 14, "CVE": 76, "FileHash-SHA1": 48, "FileHash-SHA256": 841 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6639853fc403f7be5bd6f27d", "name": "Facebook+", "description": "", "modified": "2024-05-07T01:34:55.365000", "created": "2024-05-07T01:34:55.365000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "65eea19a23474b8c7dca351f", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Phone2209", "id": "281168", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "713 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e254b734f1efd8bd0ad", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "", "modified": "2023-12-06T15:07:17.380000", "created": "2023-12-06T15:07:17.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1645, "URL": 8598, "domain": 1004, "hostname": 2066, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c8a9635f156e79238f1", "name": "intel gained from a spam text", "description": "", "modified": "2023-12-06T15:00:26.727000", "created": "2023-12-06T15:00:26.727000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 823, "domain": 717, "URL": 2245, "hostname": 615, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708b72abe90961af1737c9", "name": "reCAPTCHA", "description": "", "modified": "2023-12-06T14:55:46.172000", "created": "2023-12-06T14:55:46.172000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 362, "domain": 330, "URL": 1790, "hostname": 586, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a8b61abf1b451f2aebc", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:55.086000", "created": "2023-12-06T14:51:55.086000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a87eeed875a212dff0a", "name": "Botnet", "description": "", "modified": "2023-12-06T14:51:51.546000", "created": "2023-12-06T14:51:51.546000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "hostname": 619, "URL": 1547, "domain": 246, "FileHash-SHA256": 124 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708122b0514054bd29b713", "name": "a.pub.network:timcast-com:pubfig.min.js", "description": "", "modified": "2023-12-06T14:11:46.462000", "created": "2023-12-06T14:11:46.462000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "domain": 416, "URL": 2786, "FileHash-SHA256": 955, "hostname": 1095, "SSLCertFingerprint": 14, "FileHash-MD5": 66, "FileHash-SHA1": 24, "CIDR": 5, "email": 1 }, "indicator_count": 5363, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64dbc17fbfcf61a0c55492f0", "name": "Sophisticated, Highly-Targeted Attacks Continue to Plague npm", "description": "Phylum, a software risk detection platform, has detected a series of highly-targeted attacks on the npm website, targeting the platform\u2019s main operating system, and the software itself.", "modified": "2023-09-14T18:01:39.593000", "created": "2023-08-15T18:18:39.053000", "tags": [ "research", "phylum", "august", "june attack", "as16509 http", "date", "rustdesk", "c2 server", "guid", "javascript", "june", "first" ], "references": [ "https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 5, "hostname": 4 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64dbb09c96529f42dd0ead71", "name": "Sophisticated, Highly-Targeted Attacks Continue to Plague npm", "description": "Phylum, a software risk detection platform, has detected a series of highly-targeted attacks on the npm website, targeting the platform\u2019s main operating system, and the software itself.", "modified": "2023-09-14T17:03:28.480000", "created": "2023-08-15T17:06:36.342000", "tags": [ "research", "phylum", "august", "june attack", "as16509 http", "date", "rustdesk", "c2 server", "guid", "javascript", "june", "first" ], "references": [ "https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cyber74Team", "id": "202637", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_202637/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 5, "hostname": 4 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 164, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64db63f311b3e1ffb86c0948", "name": "New Wave of Malicious npm Packages", "description": "The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.\n\nSoftware supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.\n\nAs many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023. This includes: ws-paso-jssdk, pingan-vue-floating, srm-front-util, cloud-room-video, progress-player, ynf-core-loader, ynf-core-renderer, ynf-dx-scripts, and ynf-dx-webpack-plugins.\n\n\"Due to the sophisticated nature of the attack and the small number of affected packages, we suspect this is another highly targeted attack, likely with a social engineering aspect involved in order to get targets to install these packages,\" the company said.", "modified": "2023-09-14T11:01:03.127000", "created": "2023-08-15T11:39:31.195000", "tags": [ "research", "phylum", "august", "june attack", "as16509 http", "date", "rustdesk", "c2 server", "guid", "javascript", "june", "first" ], "references": [ "https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BITSecurity", "id": "103352", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_103352/resized/80/avatar_1540652530.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 5, "domain": 5, "hostname": 4 }, "indicator_count": 14, "is_author": false, "is_subscribing": null, "subscriber_count": 241, "modified_text": "948 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ab91d92c068999bbbb1146", "name": "FacebookAPI", "description": "Here's a brief guide to how to access Facebook's new users' profile, using the X-RapidAPI tool, as well as a few other tools, in the form of add-ons.", "modified": "2023-07-10T05:06:33.147000", "created": "2023-07-10T05:06:33.147000", "tags": [ "required", "urlsearchparams", "await" ], "references": [ "Node.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "sami9211", "id": "244372", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 1, "modified_text": "1015 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1115 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63a3b9aaaca8891186e6f7a2", "name": "vt errors on edge 21 dec 2022", "description": "var n-i,n-n, r.test, is a new type of webpack, which uses a set of rules to store data in the form of a single address, or code.", "modified": "2023-01-21T00:01:41.590000", "created": "2022-12-22T01:58:02.495000", "tags": [ "eaca", "eace", "iaca", "iace", "boolean", "object", "path", "aacf", "customevent", "string", "span", "error", "code", "virustotal", "date", "null", "contact", "blank", "close", "twitter", "unknown", "download", "this", "easy", "desktop", "body", "requires", "footer", "refresh", "patch", "write", "cobalt strike", "shell", "zero", "harmless", "main", "aalfe", "getclass", "copy", "iframe", "divi", "roboto", "insert", "template", "class", "void", "form", "back", "ransomware", "trace", "comment", "tools", "premium", "bufferwriter", "bufferreader", "array", "typeerror", "vtuibutton", "number", "typeof o", "urls", "please", "javascript", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d651", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "references": [ "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BufferReader", "display_name": "BufferReader", "target": null }, { "id": "BufferWriter", "display_name": "BufferWriter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1051, "FileHash-SHA256": 204, "hostname": 275, "domain": 212, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 1745, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "1185 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280921bfbaf2aace62511f1", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "Alibaba", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T05:39:39.040000", "tags": [ "typeerror", "object", "typeof t", "symbol", "typeof e", "typeof self", "webpackrequire", "typeof n", "json", "math", "body", "copyright", "apoorv saxena", "typeof", "typeof define", "detect ie", "typeof document", "substring", "\u963f\u91cc\u5df4\u5df4\uff0c1688\uff0c\u5fae\u5546\uff0c\u5fae\u5e97\uff0c\u8d27\u6e90\uff0c\u5973\u88c5\u6279\u53d1\uff0c\u7537\u88c5\uff0cb2b\uff0c\u6279\u53d1\uff0c\u91c7\u8d2d", "typeof symbol", "promise", "error", "date", "createclass", "array", "this", "typeof lib", "null", "mozilla", "regexp", "typeof require", "xmlhttprequest", "license", "xdomainrequest", "aplusscore", "s1e4", "cfunction", "html5", "span", "button", "android", "jupdate", "void", "webview", "kraken", "nundefined", "xfunction", "zfunction", "chrome", "xuexi", "nullj", "area", "mtopwvplugin", "activexobject", "post", "options", "function", "head", "delete", "false", "trace", "patch", "unknown", "alipay", "ff6a00", "opacity100", "opacity0", "f2f3f7", "e6e7eb", "f7f8fa", "helvetica neue", "helvetica", "tahoma", "arial", "\u963f\u91cc\u5df4\u5df4\uff0c\u91c7\u8d2d\u6279\u53d1\uff0c1688\uff0c\u884c\u4e1a\u95e8\u6237\uff0c\u7f51\u4e0a\u8d38\u6613\uff0cb2b\uff0c\u7535\u5b50\u5546\u52a1\uff0c\u5185\u8d38\uff0c\u5916\u8d38\uff0c\u6279\u53d1\uff0c\u884c\u4e1a\u8d44\u8baf\uff0c\u7f51\u4e0a\u8d38\u6613\uff0c\u7f51\u4e0a\u4ea4\u6613\uff0c\u4ea4\u6613\u5e02\u573a\uff0c\u5728", "1688", "1000", "yunos", "lazada", "http response", "gmt contenttype", "vary" ], "references": [ "xfe-URL-1688.com-stix2-2.1-export.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "http://polyfill.alicdn.com/", "xfe-URL-Alijk.com-stix2-2.1-export.json", "http://i.alicdn.com/", "http://is.alicdn.com/", "http://1688.com/", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8598, "hostname": 2066, "domain": 1004, "FileHash-SHA256": 1645, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1406 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62298f3e6e3fb7012a880988", "name": "a.pub.network:timcast-com:pubfig.min.js", "description": "a.pub.network:timcast-com:pubfig.min.js.webloc", "modified": "2022-06-12T22:01:23.105000", "created": "2022-03-10T05:40:14.909000", "tags": [], "references": [ "a.pub.network:timcast-com:pubfig.min.js.webloc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2786, "FileHash-SHA256": 955, "hostname": 1095, "FileHash-MD5": 66, "FileHash-SHA1": 24, "domain": 416, "email": 1, "CIDR": 5, "SSLCertFingerprint": 14, "CVE": 1 }, "indicator_count": 5363, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "1407 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b070ed44bcc9ad7b76bab", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:28:46.014000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1423 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "626b06ae6171c5d04f1bab38", "name": "PSI Software AG - Software f\u00fcr Energieversorger, Industrieunternehmen und Infrastrukturbetreiber", "description": "PSI Software AG (PSI) is best known for its smart city software, which is also its Smart City software and a range of other product-enhancing technologies, such as smart cities.", "modified": "2022-05-28T00:03:46.141000", "created": "2022-04-28T21:27:10.738000", "tags": [ "span", "tbody", "tfoot", "thead", "fontawesome", "multiple", "woff", "truetype", "type", "href", "alpha", "twitter", "false", "parsley", "error", "typeof t", "fieldmultiple", "function", "regexp", "select", "typeof", "validator", "typeof n", "form", "datavalidation", "user", "return", "body", "cursor", "validate", "checkbox", "write", "selectedindex", "date", "true", "value", "index", "null", "name", "prop", "class", "hooks", "this", "jquery", "open", "scroll", "click", "seed", "target", "code", "accept", "local", "speed", "back", "bounce", "february", "april", "june", "august", "next", "string", "number", "trackevent", "copyright", "path", "host", "uint8array", "xhfunction", "download", "void", "softwarel\u00f6sungen", "prozesssteuerung", "leitsystem", "branchensoftware", "erp", "mes", "pps", "netzleittechnik", "fertigungsleitsystem", "automatisierung", "psi software", "psi blog", "toggle dropdown", "aktienrckkauf", "news", "umsatzwachstum", "formwechsel", "software", "versorger und", "english deutsch", "green", "messen" ], "references": [ "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "selectedIndex", "display_name": "selectedIndex", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 232, "URL": 425, "FileHash-SHA256": 157, "domain": 225, "FileHash-MD5": 4 }, "indicator_count": 1043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1423 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1425 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6266f7e0e0264cba210a4e9e", "name": "intel gained from a spam text", "description": "var b[f]=g, if b(f) is not allowed to reach its maximum by the end of a set, then a.b(b) will be able to do so at the same time as a", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T19:34:56.772000", "tags": [ "array", "typeerror", "symbol", "null", "string", "iterator", "object", "error", "boolean", "function", "service", "date", "phonenumber", "facebook", "meta", "typeof e", "typeof u", "typeof window", "es modules", "use esm", "webkit", "component", "typeof", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "typeof n", "promise", "weakmap", "dataview", "typeof t", "webpackrequire", "modulenotfound", "e1342177279", "array int8array", "loanup", "insurance", "group", "health", "solutions", "policy", "site", "america", "company", "life", "plan", "direct", "media", "alliance", "click", "team", "never", "advantage", "general", "light", "february", "april", "june", "august", "footer", "protect", "banker", "explorer", "fast", "martin", "union", "carrier", "next", "colony", "energy", "empire", "gerber", "philadelphia", "hippo", "king", "agent", "mercury", "moss", "premium", "nextgen", "oscar", "phoenix", "loans", "pure", "ramsey", "ranger", "solar", "titan", "tristate", "viking", "easy", "push", "code", "stop", "carriers", "live", "lucky", "moral", "story", "back", "lfunction", "dfunction", "cfunction", "typeof self", "number", "copyright", "closure library", "xdfunction", "cdfunction", "ddfunction", "bded", "kefunction", "reduceright", "gj9pcw0f6jv", "regexp", "r420", "uint8array", "typeof d", "void" ], "references": [ "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 615, "URL": 2246, "FileHash-SHA256": 823, "domain": 717, "CVE": 1, "email": 4, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 4412, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1426 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6261fd6a8d527fa569351e63", "name": "Malware hosting - unrealservers.net & heymman.com", "description": "function S.name, a.com, has been added to the end of a page to make sure it does not end up in an unauthorised place. and it will not get any more.", "modified": "2022-05-21T00:03:44.725000", "created": "2022-04-22T00:57:14.125000", "tags": [ "e2f0fc", "fd7a07", "f0482b", "gradienttype0", "a5bcce", "helvetica", "negative", "arial", "bcd3e4", "style sheet", "nonce", "script", "please do", "not copy", "and paste", "this code", "cgrecaptchacfg", "ngrecaptcha", "recaptchaapi", "render", "onload", "select", "error", "strong", "uint8array", "string", "null", "number", "function", "input", "array", "iframe", "date", "android", "verify", "stop", "this", "span", "enterprise", "click", "widget", "window", "form", "generator", "reload", "void", "dd2d2f", "e8e8e8", "d8d8d8", "fcfcfc", "e5e5e5", "lucida", "unicode", "lucida grande", "f9f9f9", "footer", "unavailable", "ngsanitize", "order now", "invalid", "snippet", "month", "hours", "fullyear", "regexp", "eeee", "mmmm d", "mena", "christ" ], "references": [ "xfe-URL-heymman.com-stix2-2.1-export.json", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js", "https://www.heymman.com/script.js", "https://www.heymman.com/style/main.css", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "https://www.google.com/recaptcha/api.js", "https://unrealservers.net/master.css", "xfe-URL-Ndevix.com-stix2-2.1-export.json", "xfe-URL-Misk.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 427, "URL": 1183, "FileHash-SHA256": 162, "domain": 441, "email": 4 }, "indicator_count": 2217, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1430 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1432 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6252df03791ceb2df29742fe", "name": "reCAPTCHA", "description": "var a,r, i,o, r, c+(((s>>>16)*c&65535)<<16, as well as the Object, to be used as a decoder.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T13:43:30.961000", "tags": [ "arial", "roboto", "helvetica neue", "typesubmit", "webkitkeyframes", "typeerror", "typeof t", "string", "object", "typeof e", "symbol", "typeof symbol", "typeof window", "typeof self", "typeof r", "date", "body", "html", "typeof n", "error", "version", "shown", "click", "dataspy", "trident", "window", "lpmlightbox", "messaging1", "chat0", "href", "tabindex", "copyright", "closure library", "info", "smsclientapi", "null", "typeof", "regexp", "debug", "chat", "scraper", "cookie", "stop", "iframe", "explorer", "small", "seppuku", "jsloader", "token", "viewed", "kbcontentclick", "blank", "post", "document", "typeof storage", "unknownerror", "element", "overquerylimit", "requestdenied", "zeroresults", "notfound", "node", "edge", "android", "unknown", "false", "june", "generator", "marker", "hybrid", "month", "azaz09", "hours", "function", "number", "fullyear", "controller", "christ", "sufeffxa0", "class", "attr", "pseudo", "child", "js foundation", "typeof module", "directclick", "x22loansx22", "x221x22", "9o7nxzt", "x22applyx22", "x3dw", "x3dnew", "x22pageloadx22", "x22scriptx22", "x22uetqx22", "viewcontent", "addtocart", "purchase", "array", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "license", "calltrkswap", "typeof s", "xmlhttprequest", "65535", "awindow", "cwm fjordbank", "activexobject", "tfunction", "sfunction", "yfunction", "googlendt" ], "references": [ "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "http://instantfwding.com/px.js?ch=1", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "https://bat.bing.com/bat.js", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "https://bat.bing.com/p/action/56358236.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1790, "hostname": 586, "FileHash-SHA256": 362, "domain": 330, "email": 1 }, "indicator_count": 3069, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1441 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249814713d29e4f994fc037", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:11.584000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6249814433d08ebcfc2b6e2a", "name": "Botnet", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-05-03T00:01:26.398000", "created": "2022-04-03T11:13:08.540000", "tags": [ "hide", "regexp", "enter", "date", "arrowup", "down", "arrowdown", "left", "arrowleft", "right", "blank", "typeof e", "function", "arraybuffer", "promise", "matt zabriskie", "typeof", "typeof define", "array", "typeof formdata", "error", "null", "typeof console", "mit license", "object", "tfunction", "knew t", "qfunction", "typeof window", "typeof r", "string", "azaz", "button", "vnode", "number", "backspace", "uint8array", "typeof t", "typeof location", "blob", "typeof symbol", "typeof n", "javascript", "please", "strong", "tbody", "span", "thead", "tfoot", "typecheckbox", "typeradio", "href", "typesearch", "typedate", "typetime", "twitter", "applewebkit", "gecko", "khtml", "safari", "mac os", "alert", "base", "trident", "presto", "android", "webpackrequire", "name", "iterator", "typedarray", "prototype", "index", "meta", "target", "infinity", "zero", "epsilon", "observer", "trim", "enumerate", "freeze", "internal", "bind", "window", "next", "find", "this", "rest", "middle", "sweetalert2", "yfunction", "boolean", "cancel", "typeof document", "n okn", "canceln n", "cfunction", "typeof c", "copyright", "bootstrap", "rolemenu", "typeof f", "typeof g", "cookie plugin", "https", "klaus hartl", "register", "nodecommonjs", "factory", "jquery", "write", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr" ], "references": [ "https://app.fanzhi.xyz/dist/js/jquery.min.js", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "https://pv.sohu.com/cityjson?ie=utf-8", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "https://app.fanzhi.xyz/dist/js/app.base.js", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "https://app.fanzhi.xyz/dist/css/vip.css", "https://fengweics.com/", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "https://kf.cdsanheli.com/js/socket.io.min.js", "https://kf.cdsanheli.com/js/vue.min.js", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "https://kf.cdsanheli.com/js/axios.min.js", "https://kf.cdsanheli.com/js/online.3de8ba00.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1547, "domain": 246, "hostname": 619, "FileHash-SHA256": 124, "CVE": 2 }, "indicator_count": 2538, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624a5795ec3cb505e626ba10", "name": "ylnedriuopegrle33689.org is the WAF", "description": "function m(b,c,e) is a new type of Float32Array, which can be used as a \"flip-flap\" to create new units for each of its three functions.", "modified": "2022-04-04T02:27:33.664000", "created": "2022-04-04T02:27:33.664000", "tags": [ "typeof o", "datavde206a4a", "span", "helvetica neue", "135deg", "2022 2022", "webkitkeyframes", "90deg", "font awesome", "license", "font", "object", "boolean", "string", "number", "refresh", "viewbox", "dxeu", "nrt3", "uszq", "dmi4", "error", "imel", "date", "regexp", "left", "typeof h", "array", "color x", "y blur", "shapiro", "shim", "hooks", "alpha", "green", "d9d9d9", "n color", "datav71159637", "datav9306cb64", "info", "android", "canvas" ], "references": [ "http://ylnedriuopegrle33689.org/mobile/static/lib/velocity.min.js", "http://ylnedriuopegrle33689.org/mobile/static/js/0.fc97dceb0dbb60948b0f.js", "http://ylnedriuopegrle33689.org/mobile/static/css/app.726f146ac9040074723077dbffe13bf7.css", "http://ylnedriuopegrle33689.org/mobile/static/js/app.9074e5240bf3d0f7b264.js", "http://ylnedriuopegrle33689.org/mobile/static/js/manifest.2cf63ac462750c8b3a2f.js", "http://ylnedriuopegrle33689.org/mobile/static/js/151.f5cad57280238b18aa58.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 99, "URL": 495, "hostname": 153, "FileHash-SHA256": 79 }, "indicator_count": 826, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1477 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "", "http-sitemap-generator.nse", "business-security-list.json", "rso-financials-doc-type.json", "search-match-attach.get.js", "https://lptag.liveperson.net/lptag/api/account/22027291/configuration/applications/taglets/.jsonp?v=2.0&df=2&b=2", "unittest.nse", "ro-slate-folio-material-non-school-scope.json", "2024-04-03-log.txt", "rsoConfig.json", "afp-brute.nse", "enggCoopCreateFolder.js", "wfh-revise.get.js", "wf-email_de.html.ftl", "following-email.html_ja.ftl", "pcm-site.json", "2024-03-09-log.txt", "domcon-brute.nse", "uofa-cap-model.xml", "ssh-brute.nse", "ipv6-multicast-mld-list.nse", "coi-revise.get.js", "test return value.js", "2024-01-21-log.txt", "enggConfig.json", "fgsr-site.json", "show_audit.ftl", "ip-geolocation-map-bing.nse", "activities-email_es.ftl", "domino-enum-users.nse", "AFA_MainFileOnly.post.desc.xml", "https://kf.cdsanheli.com/js/socket.io.min.js", "fgsrEnv.js", "augustana-legacy-transcript-doc-list.json", "guideline-reports.js", "traceroute-geolocation.nse", "NodeInfo.get.html.ftl", "rmThesis.js", "http-vuln-cve2014-2127.nse", "2024-01-17-log.txt", "cap-file-load.post.desc.xml", "pcm-update-competitive-noderefs.js", "eSignDownload.get.desc.xml", "psAuthorizedApprover.get.js", "rso-agreements-doc-category.json", "roDocumentTypes.json", "epsb.get.desc.xml", "rtsp-url-brute.nse", "http-drupal-enum.nse", "googleAddon.get.desc.xml", "fgsrv2Config.json", "new-user-email_fr.html.ftl", "folderCreateADV.js", "broadcast-ping.nse", "murmur-version.nse", "msrpc-enum.nse", "uofa-esign-model.xml", "hrs-leaves.json", "scienceASDocumentImport.js", "lawCreateFolderRestricted.js", "Institutions.json", "roDocProcessing-model.xml", "getSlateId.get.desc.xml", "broadcast-ospf2-discover.nse", "rso-bulk-scan-doc-type.json", "tasklist.get.html.ftl", "mqtt-subscribe.nse", "fo-emergency-response-manual.json", "reappointment-reminder-schedule.js", "roTagAndFileRenderedPDFs.js", "dns-client-subnet-scan.nse", "hadoop-jobtracker-info.nse", "2024-05-02-log.txt", "netbus-brute.nse", "snmp-sysdescr.nse", "translatable.ftl", "edit.get.js", "nfs-ls.nse", "AlfrescoToolkit.conf", "sciCreateFolderRestricted.js", "modbus-discover.nse", "department.json", "iscsi-info.nse", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "snmp-interfaces.nse", "cccam-version.nse", "rso-mask.json", "2024-02-20-log.txt", "psAuthorizedApprover.get.json.ftl", "ua-error-model.json", "fgsrCreateGuidelineAPSProcessFromCSV.js", "wf-email.html_de.ftl", "review-nextdate.get.js", "sip-methods.nse", "hadoop-tasktracker-info.nse", "afp-path-vuln.nse", "coupa.get.html.ftl", "2024-01-26-log.txt", "psDeptAll.get.desc.xml", "hrsCreateFolder.js", "new-user-email_de.html.ftl", "https://lpcdn.lpsnmedia.net/le_re/3.50.0.1-release_5103/jsv2/overlay.js?_v=3.50.0.1-release_5103", "https://app.fanzhi.xyz/dist/vendors/bootstrap/js/bootstrap.min.js", "EmailNotifCHSStudent.js", "advScanningMetadata.js", "lexmark-config.nse", "imapConfig.json", "couchdb-databases.nse", "sslv2.nse", "coi-revise.get.desc.xml", "coap-resources.nse", "fgsrDocRelocation.js", "everyDay7H30MinPM.js", "getapsdbid.get.js", "augDocSetup.json", "dicom-brute.nse", "hrsFolderCreateRule.js", "gettasks.get.js", "2024-05-04-log.txt", "hddtemp-info.nse", "coi-employee.get.js", "citrix-enum-apps-xml.nse", "ndmp-version.nse", "educationCreateFolderRule.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "UAlbertaSettings.json", "http-svn-enum.nse", "2024-04-18-log.txt", "https://munchkin.marketo.net/munchkin.js", "ldap-novell-getpass.nse", "uofa-ales-model.xml", "lawCreateFolderRule.js", "apptStatusDocUpdate.post.json.ftl", "kofaxFailedEmailTemplate.ftl", "hrs-benefit-report.js", "roCopyOlderScannedDocument.js", "http-git.nse", "http-csrf.nse", "http-ls.nse", "FVCA-manual-property-update.js", "advScriptKofax.js", "rmFilingDoc.js", "broadcast-dropbox-listener.nse", "2024-03-11-log.txt", "Script2.js", "manual-generate-script.js", "roScript9.js", "enggCoopConfig.json", "AFA_Main.post.json.ftl", "ip-https-discover.nse", "generatereport.get.json.ftl", "MyTasks-config.json", "hrs-benefits.json", "vnc-title.nse", "smb-psexec.nse", "realvnc-auth-bypass.nse", "readme.ftl", "2024-01-14-log.txt", "nsFolderCreateSchedule.js", "http-ntlm-info.nse", "roScript7.js", "arts-security-list.json", "domcon-cmd.nse", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649597153888&ids%5B%5D=448598242", "2024-04-14-log.txt", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "fo-site.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "emailbody_textplain_alfresco_nl.ftl", "UAlbertaSettings.conf", "ro-official.json", "review-cosupervisorv2.get.desc.xml", "drda-info.nse", "smb-protocols.nse", "sponsornames.json", "chsConfig.js", "uofa-native-studies-model.xml", "SetExpiryDate.js", "http-majordomo2-dir-traversal.nse", "ua-search-model.xml", "s7-info.nse", "ipmi-version.nse", "CAP-notify-monthly-report.ftl", "2024-01-22-log.txt", "native-studies-doc-list.json", "uofa-education-model.xml", "removeDonationGrp.js", "https://www.virustotal.com/gui/main.900e36f7a852b9863014.js", "smb-vuln-regsvc-dos.nse", "imap-brute.nse", "APSWorkflowStatus.put.desc.xml", "ssl-date.nse", "review-studentTest.get.js", "2024-05-28-log.txt", "guidelines-supervisor-revision.get.desc.xml", "smb2-vuln-uptime.nse", "http-vuln-cve2012-1823.nse", "samba-vuln-cve-2012-1182.nse", "enggCoopFileScanned.js", "notify_nl.htm", "advConfig.json", "http-fetch.nse", "uofapersonidrest.get.html.ftl", "giop-info.nse", "routableGroups.get.json.ftl", "every30MinStartingAt11MinPastHour.js", "hrsFolderCreateSchedule.js", "2024-05-13-log.txt", "docker-version.nse", "emailbody-share-textplain.ftl", "uafgsrsup-model.xml", "AFA_MainFileOnly.post.js", "advEntityName.get.js", "businessCreateFolderRestricted.js", "guidelines-student-revision.get.desc.xml", "appointmentStartTest.get.html.ftl", "pllcCreateFolder.js", "kofaxMetadataMerge.js", "fix_employee_names.js", "2024-04-11-log.txt", "https://kf.cdsanheli.com/online.html?cid=e3e6922f27c54ad485cf59aee1204615", "archivedItems.js", "chsAgreementsConfig.json", "smtp-vuln-cve2011-1764.nse", "FVCA.xml", "snmp-win32-software.nse", "2024-04-20-log.txt", "completetask.post.desc.xml", "nntp-ntlm-info.nse", "transcript-model.json", "apptStepZeroStarter.post.desc.xml", "triggerapsprocess.post.desc.xml", "consignoMessage.get.js", "http-waf-fingerprint.nse", "kofaxSendEmail.js", "eTranscriptTemp.js", "faculty-model.xml", "mikrotik-routeros-brute.nse", "activities-email_fr.ftl", "emailbody_textplain_alfresco_ru.ftl", "wfh-manager.get.html.ftl", "nbstat.nse", "banner.nse", "mysql-variables.nse", "2024-03-17-log.txt", "pcanywhere-brute.nse", "2024-01-24-log.txt", "2024-02-03-log.txt", "ms-sql-hasdbaccess.nse", "invite-email-add-direct.html_de.ftl", "APSWorkflowInfo.put.desc.xml", "https://www.virustotal.com/gui/vt-ui-sw-installer.e0eb1a1e08d6512ba355.js/ Depreciated", "rdp-ntlm-info.nse", "roCopyOlderScannedDocumentAdHoc.js", "extensionDocSetup.json", "pop3-brute.nse", "duplicates.nse", "2024-01-07-log.txt", "roSearchMatchNoMatchReport.js", "emailbody_textplain_alfresco_ja.ftl", "mysql-vuln-cve2012-2122.nse", "http-vuln-cve2011-3368.nse", "2024-01-06-log.txt", "ike-version.nse", "http-open-proxy.nse", "script.db", "tso-brute.nse", "customCSS_FGSR2.css", "2024-03-19-log.txt", "2024-05-03-log.txt", "uofa-native-studies-model.json", "https://insurancerateusa.com/framework-19eddc0d879a49dfe606.js", "tasklist.get.desc.xml", "2024-02-07-log.txt", "ro-relationship-to-institution.json", "mongodb-databases.nse", "ftp-proftpd-backdoor.nse", "http-coldfusion-subzero.nse", "myTaskDownload.js", "roDocumentListAPLSTD.js", "uofa-fo-model.json", "every30MinStartingAt19MinPastHour.js", "dns-nsid.nse", "chsAdminStuView.get.html.ftl", "ro-search-match-status.json", "http-vuln-cve2017-1001000.nse", "savetask.post.js", "getProjectDetails.js", "smb-webexec-exploit.nse", "following-email.html_nl.ftl", "augCreateFolderRestricted.js", "http://instantfwding.com/px.js?ch=1", "wfh-revise.get.html.ftl", "wf-email.html_nl.ftl", "https://integration.silvercloudinc.com/js/bundle/vendor.js", "emailbody_textplain_alfresco_es.ftl", "generatereport.get.desc.xml", "uarmTempModel.json", "everyDay11H30MinPM.js", "2024-03-06-log.txt", "http://1688.com/", "2024-05-01-log.txt", "alesCreateFolderSchedule.js", "http-vuln-cve2014-2128.nse", "chsFacultyReport.js", "enggCoopDocSetup.json", "alesCreateAdvisingNotes.js", "citrix-enum-servers-xml.nse", "ales-doc-list.json", "maxdb-info.nse", "https://maps.googleapis.com/maps/api/js?key=AIzaSyAMbtdeFB5s623T4LwRldWj_Vdy2t4wLkw&libraries=places", "faculty-model.json", "clock-skew.nse", "cassandra-info.nse", "rso-sponsor-names.json", "https://use.fortawesome.com/03018d9d.js", "http-internal-ip-disclosure.nse", "2024-02-17-log.txt", "whois-ip.nse", "https://www.virustotal.com/graph/embed/g2948a5c332eb4614973872a8243215f6aa1fba79749a48ea92806e9b934db91f?theme=dark", "wfh-form.get.desc.xml", "2024-06-03-log.txt", "support-documentation", "readme_ja.html", "uofaDepartmentList.get.desc.xml", "uafgsrsup-model.json", "hrs-personalInformation.json", "dns-nsec-enum.nse", "foModel.xml", "gtaGraStatus.post.desc.xml", "http-hp-ilo-info.nse", "2024-02-10-log.txt", "NodeInfo.get.js", "savetask.post.desc.xml", "ncp-serverinfo.nse", "ua-audit-generic-model.json", "foModel.json", "review-comm01v2.get.js", "allseeingeye-info.nse", "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", "membase-http-info.nse", "uofa-law-model.xml", "capstart.get.html.ftl", "pcmCreateFolder.js", "afp-ls.nse", "nje-pass-brute.nse", "https://app.fanzhi.xyz/dist/vendors/sweetalert2/sweetalert2.min.js", "http-iis-short-name-brute.nse", "APSWorkflowStatus.put.js", "avmbrowse.get.desc.xml", "categorysearch.get.html.404.ftl", "mysql-dump-hashes.nse", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "uoda-departments.json", "2024-02-29-log.txt", "epmd-info.nse", "http://ylnedriuopegrle33689.org/mobile/static/js/0.fc97dceb0dbb60948b0f.js", "faculty-of-education-site.json", "qconn-exec.nse", "capstart.get.desc.xml", "rsoprojectdetails.get.js", "rso-financial-reconciliation-doc-type.json", "uofaDepartmentList.get.js", "2024-01-30-log.txt", "dns-check-zone.nse", "http-wordpress-users.nse", "xfe-URL-1688.com-stix2-2.1-export.json", "2024-02-23-log.txt", "recordsCustomModel.xml", "sshv1.nse", "roScript1BackScan.js", "transcriptResponse.js", "securityWorkflowUtil.js", "fvca-reminder-email.ftl", "emailbody_textplain_alfresco_de.ftl", "ua-search-model.json", "hrs-site.json", "consignoMessage.get.desc.xml", "enggCreateFolderRestricted.js", "review-student.get.html.ftl", "metasploit-xmlrpc-brute.nse", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "APSWorkflowStatus.get.desc.xml", "broadcast-sonicwall-discover.nse", "fixCheckout.js", "cap-file-load.post.js", "distcc-cve2004-2687.nse", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "2024-02-11-log.txt", "dhcp-discover.nse", "cbsr-worksheetType.json", "netbus-auth-bypass.nse", "save.post.desc.xml", "faculty-of-arts-site.json", "dict-info.nse", "snmp-hh3c-logins.nse", "http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js", "stun-version.nse", "scheduleRunEvery60Minutes.js", "capstart.get.js", "ceeb.get.json.ftl", "2024-03-15-log.txt", "businessDocSetup.json", "https://integration.silvercloudinc.com/js/bundle/8.engageware-bundle.js", "emailbody_textplain_share_de.ftl", "ro-applicant-type.json", "jsonUtils.js", "2024-03-26-log.txt", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "uappol-category-heirarchy.json", "moveToFoldersRetainTitle.js", "uofaDepartmentName.get.html.ftl", "broadcast-pc-anywhere.nse", "targets-ipv6-multicast-invalid-dst.nse", "psUpdateAlfrescoDepartment.js", "dept-config.js", "nfs-statfs.nse", "foCreateFolder.js", "ssl-ccs-injection.nse", "nativeStudiesDocSetup.json", "review-student-revisionv2.get.js", "roScript1.js", "staff-training-site.json", "https://fm.ipinyou.com/j/a.js", "broadcast-ripng-discover.nse", "invite-email_ja.html.ftl", "augustana-security-list.json", "Script1.js", "reappointment-reminder-process.js", "fgsrCreateFolderFromCSV.js", "https://www.googletagmanager.com/gtag/js?id=UA-185991747-1", "adv-model.json", "ADVSiteContext.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "2024-04-08-log.txt", "hrsbs-security-class.json", "capinfo.get.js", "xdmcp-discover.nse", "my_docs_inline.ftl", "2024-05-22-log.txt", "ro-aug-model.json", "departmentAdhocTask.html.ftl", "categorysearch.get.desc.xml", "review-student-revision.get.js", "folder.get.html.ftl", "https://www.googleadservices.com/pagead/conversion_async.js", "updateVariable.post.json.ftl", "uappol-api.js", "sip-call-spoof.nse", "http://ylnedriuopegrle33689.org/mobile/static/js/151.f5cad57280238b18aa58.js", "http-generator.nse", "ro-method-receipt.json", "APSWorkflowStatus.get.js", "dns-brute.nse", "every46MinPastHourBetween4PM12PM.js", "hrsConfig.json", "oracle-enum-users.nse", "http-vuln-cve2014-2129.nse", "chsCreateFolder.js", "startPayActionWorkflow.js", "tso-enum.nse", "http-apache-negotiation.nse", "advScriptDaily.js", "flume-master-info.nse", "alesCreateFolder.js", "googleAddon.get.js", "broadcast-tellstick-discover.nse", "emailbody_textplain_share_fr.ftl", "2024-05-15-log.txt", "add_document_type_ro.js", "sciCreateFolderConfidential.js", "googleAddon.get.json.ftl", "smb-enum-services.nse", "fgsr-category-list.json", "uappol-metadata-query.get.json.ftl", "peoplesoftMetadataMergeMissing.js", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "uofa-pc-model.json", "school-of-business-site.json", "getapsdbid.get.json.ftl", "rmi-vuln-classloader.nse", "assocModel.json", "businessDaily.js", "caps-school-board-list.json", "2024-05-14-log.txt", "notify_user_email_fr.html.ftl", "2024-03-27-log.txt", "roCopyEphesoftMetadataScanned.js", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "chs-studentExpireSoon.ftl", "smartFoldersExample.json", "http-cookie-flags.nse", "createROReconciliationReports.js", "http-brute.nse", "jdwp-version.nse", "uoda-faculties.json", "appointmentSubmit.get.html.ftl", "blogsearch.get.html.ftl", "https-redirect.nse", "https://www.infoblox.com/blog/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/", "payActionDecision.html.ftl", "smb-vuln-ms17-010.nse", "http-huawei-hg5xx-vuln.nse", "my_summary.ftl", "sciFileShareFolder.js", "http-put.nse", "fgsrCopyMetadataToFolderLevel.js", "customScript.js", "eTranscriptInstList.js", "faculty-of-science-site.json", "guidelines-student-revision.get.js", "uappolCreateFolder.js", "ADVmoveRecordsToPreQA.js", "guidelines-supervisor-revision.get.html.ftl", "notify_user_email_e-transcript_failed.ftl", "appointmentLandingPage.get.html.ftl", "enggCoopCreateFolderRestricted.js", "following-email.html_fr.ftl", "simpleupload.post.js", "2024-04-07-log.txt", "scheduleRunEvery30Minutes.js", "2024-05-07-log.txt", "scans.get.desc.xml", "createReportPermissionsFoldersInASite.js", "extensionConfig.json", "smb-enum-domains.nse", "categorysearch.get.atom.404.ftl", "uofapersonidrest.get.desc.xml", "CapFinalReportSubmit.js", "hnap-info.nse", "advChangeDocumentType.js", "getTaskFilter.get.json.ftl", "icap-info.nse", "rlogin-brute.nse", "krb5-enum-users.nse", "fgsrMigrationScript.js", "every10MinStartingAt5MinPastHour.js", "http-referer-checker.nse", "siteFileViewer.get.html.ftl", "rtsp-methods.nse", "enggCreateFolderRule.js", "consignoWebhook.post.desc.xml", "rma_isClosed.js", "coveoGetDocList.get.js", "redis-brute.nse", "every2MinStartingAt1MinPastHour.js", "http-auth-finder.nse", "2024-02-16-log.txt", "ADVcalendarToFiscal.js", "document-query.js", "roMoveCompletedBackScan.js", "cbsr", "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams", "review-student-revision.get.html.ftl", "broadcast-bjnp-discover.nse", "http-virustotal.nse", "hrsbsReviewCycleReport.js", "http-robtex-reverse-ip.nse", "moveToFolders.js", "coi-supervisor.get.html.ftl", "review-comm02v2.get.js", "broadcast-versant-locate.nse", "new-user-email_ja.html.ftl", "processIdProps.get.js", "completetask.post.js", "generatereport.get.js", "psDeptAll.get.js", "mysql-empty-password.nse", "emailbody_textplain_share_nl.ftl", "schoolboard.get.js", "invite-email_de.html.ftl", "ip-geolocation-map-kml.nse", "openflow-info.nse", "http://pxlgnpgecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=11&customerId=7CUHNT0E1", "quake3-master-getservers.nse", "avmstores.get.desc.xml", "2024-05-29-log.txt", "rmFilingConfig.json", "rsoCreateFolder.js", "smtp-vuln-cve2011-1720.nse", "port-states.nse", "ms-sql-dac.nse", "ms-sql-config.nse", "fgsrssgLanding.get.js", "following-email_de.html.ftl", "uofaFacultyList.get.html.ftl", "notify_user_email_it.html.ftl", "APSWorkflowInfo.put.js", "smb-system-info.nse", "ftp-anon.nse", "Node.js", "test-site-site.json", "ssh-hostkey.nse", "coi-start.get.js", "2023-12-29-log.txt", "uofa-common-model.json", "hrsbs-owner-details.json", "broadcast-sybase-asa-discover.nse", "faculty-of-engineering-site.json", "approvethesis.post.js", "review-comm01.get.html.ftl", "fgsrv2DocSetup.json", "uofa-hrsbs-model.xml", "FandO-Programs.json", "alesCreateFolderRestricted.js", "hrsbs-employee-class.json", "http-rfi-spider.nse", "uofa-ales-model.json", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0", "publicSiteFileViewer.get.desc.xml", "ldap-rootdse.nse", "rmi-dumpregistry.nse", "mongodb-brute.nse", "review-supervisor.get.html.ftl", "http-vuln-cve2013-6786.nse", "review-studentTest.get.html.ftl", "smb-server-stats.nse", "gkrellm-info.nse", "AFA_Main.post.desc.xml", "fgsrssgLanding.get.desc.xml", "hrsbs-doc-list.json", "uofa-caps-model.xml", "securityWorkflowSetting.json", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "alesFolderCreateSchedule.js", "targets-traceroute.nse", "roslateapplist.get.js", "istPerformanceReviewCreateFolder.js", "paperFileUtil.get.html.ftl", "http://i.alicdn.com/", "rsync-brute.nse", "2024-04-12-log.txt", "xfe-URL-Misk.com-stix2-2.1-export.json", "knx-gateway-info.nse", "lawFileScanned.js", "pcm-category.json", "siteFileViewerConfig.js", "ro-admitType.json", "everyDay2H45MinAM.js", "appt-halfway-reminder.ftl", "https://tag.perfectaudience.com/serve/5f59021d1911b61034000d8d.js", "url-snarf.nse", "ms-sql-ntlm-info.nse", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "everyDay1H45MinAM.js", "CreateTranscriptUserMemberships.js", "snmp-ios-config.nse", "notify_user_email_es.html.ftl", "https://cdn.callrail.com/companies/448598242/66d5efd6cbf06378ea1f/12/swap.js", "law-doc-list.json", "http://ylnedriuopegrle33689.org/mobile/static/lib/velocity.min.js", "uofa-uappol-model.xml", "gettasks.get.json.ftl", "invite-email-add-direct.html_es.ftl", "chsAgreementCreateFolder.js", "roEtranscriptsBundle.js", "advMetadataUpdate.js", "pcmDocSetup.json", "wf-email.html_fr.ftl", "artsCreateFolderRestricted.js", "student-records-training-site.json", "2024-02-09-log.txt", "readme_de.html", "extensionCreateFolderRule.js", "uofa-chs-model.xml", "enggDocSetup.json", "broadcast-ataoe-discover.nse", "addSearchMatchDocumentType.js", "clioToAcsDocUpdate.js", "wf-email.html_it.ftl", "vuze-dht-info.nse", "getTaskFilter.get.desc.xml", "following-email_it.html.ftl", "following-email_nl.html.ftl", "RORoutingWorkflowUtil.js", "2024-03-25-log.txt", "wf-email.html.ftl", "graduate-student-records-v2-site.json", "http-awstatstotals-exec.nse", "coi-revise.get.html.ftl", "nexpose-brute.nse", "appointmentStart.get.html.ftl", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "pcm-grab-competitive-noderefs.js", "ADV-notify-type-mapping.json", "uAlbertaWorkflowGeneral.xml", "artsDocSetup.json", "http-adobe-coldfusion-apsa1301.nse", "search.get.js", "http-iis-webdav-vuln.nse", "review-cosupervisor.get.html.ftl", "rexec-brute.nse", "foConfig.json", "business-doc-list.json", "facopr-planTypes.json", "2024-03-30-log.txt", "getJson.get.json.ftl", "wfh-form.get.js", "smb2-security-mode.nse", "psDeptSingle.get.json.ftl", "chs-upload.get.html.ftl", "snmp-win32-shares.nse", "https://bat.bing.com/bat.js", "roFolderCreateLDAPLookup_no_notificatiion.js", "OOA_SOT_Name_change.js", "hrsbsDocumentLinking.get.js", "acarsd-info.nse", "smb-enum-sessions.nse", "emailbody_textplain_share.ftl", "coi-start.get.html.ftl", "dns-recursion.nse", "http-vuln-cve2017-5689.nse", "notify-records-due-for-review-email.ftl", "consignoWebhook.post.json.ftl", "hrsbs-function-module.json", "ssl-poodle.nse", "mtrace.nse", "broadcast-dhcp6-discover.nse", "http-vuln-cve2010-2861.nse", "blogsearch.get.desc.xml", "psPerson.get.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "2024-04-17-log.txt", "https://app.fanzhi.xyz/dist/js/app.base.js", "hrsScanned.js", "FandO", "ClioUpdateScheduledJob.js", "dns-random-txid.nse", "chsAgreementCreateFolderRule.js", "alesConfig.json", "hrsbs-review-month.json", "demo-site-site.json", "uofa-sfs-model.json", "my_spaces.ftl", "academic-department.json", "folderCreateDocumentADV.js", "iscsi-brute.nse", "paperFileUtil.get.js", "2024-05-20-log.txt", "hrs-employeeApprovedDeductions.json", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88", "2023-12-30-log.txt", "2024-02-28-log.txt", "https://bat.bing.com/p/action/56358236.js", "augTranscript.js", "http-avaya-ipoffice-users.nse", "getJson.get.desc.xml", "https://kf.cdsanheli.com/js/vue-i18n.min.js", "http-gitweb-projects-enum.nse", "change-fgsr-pdf-file-name-with-date.js", "xfe-URL-Psi.de-stix2-2.1-export.json", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "apptStepZeroStarter.post.json.ftl", "applyTaskAction.post.json.ftl", "ndmp-fs-info.nse", "https://seclists.org/nmap-dev/2011/q4/420", "review-comm03.get.html.ftl", "guidelines-supervisor.get.js", "http-vuln-cve2006-3392.nse", "faculty-of-law-site.json", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "uappolCategoryHeirarchy.get.desc.xml", "http-exif-spider.nse", "searchmatchFullDob.js", "review-student-revisionv2.get.desc.xml", "2024-05-10-log.txt", "http-cross-domain-policy.nse", "wfh-form.get.html.ftl", "smb-vuln-conficker.nse", "chsReport.js", "epsb.get.html.ftl", "ro-slate-institution-material.json", "consignoMessage.get.json.ftl", "imap-ntlm-info.nse", "fvca-corrections-email.ftl", "ceeb.get.desc.xml", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "2024-04-09-log.txt", "snmp-win32-services.nse", "rdp-vuln-ms12-020.nse", "engineering-co-op-site.json", "updatevariables.post.js.notused", "uofa-engg-coop-model.json", "student-records-bulk-load-testing-site.json", "roslateapplist.get.desc.xml", "ssh-publickey-acceptance.nse", "http-qnap-nas-info.nse", "servicetags.nse", "smtp-strangeport.nse", "review-studentv2.get.js", "omp2-enum-targets.nse", "http-vmware-path-vuln.nse", "http://www.jelenia-gora.so.gov.pl/", "cbsr-model.json", "cronJob.post.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "hrsbs-functionalroles.json", "daap-get-library.nse", "eap-info.nse", "search.get.html.ftl", "review-supervisorv2.get.html.ftl", "archiveFolder.json", "rso-cfi-financials-doc-type.json", "backup.js", "eSignDownload.get.js", "svn-brute.nse", "fgsr-programOfStudy.json", "emailbody_textplain_share_ru.ftl", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-e2b75d5cfe54ba9b7d678cb1c848421f.merged.js", "augConfig.json", "ro-test-id.json", "2024-01-31-log.txt", "changeInitiatorAppt.put.json.ftl", "scheduleRunEveryday12AMto6AM.js", "rso-cfi-purchasing-doc-type.json", "hrsbsDocumentLinking.get.html.ftl", "hrsbsDocSetup.json", "emailbody_textplain_alfresco_zh_CN.ftl", "daytime.nse", "folderCreateUtil.js", "everyDay7H45MinAM.js", "CAPGenerateMonthlyReport.js", "alesCreateFolderConfidential.js", "rsoprojectdetails.get.desc.xml", "siteFileViewer.get.desc.xml", "Alfresco.zip - 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075", "2024-02-21-log.txt", "startBenefitWorkflow.js", "ip-geolocation-geoplugin.nse", "http-tplink-dir-traversal.nse", "recent_docs.ftl", "http-config-backup.nse", "2024-05-17-log.txt", "http://ylnedriuopegrle33689.org/mobile/static/js/manifest.2cf63ac462750c8b3a2f.js", "coupa.get.js", "APSWorkflowStatus.get.html.ftl", "science-security-list.json", "2024-03-31-log.txt", "uofaDocTypes.xml", "netbus-version.nse", "firewall-bypass.nse", "wf-email_nl.html.ftl", "apsGroupsConfig.json", "https://www.zealcu.org/app/uploads/cache/js/aggregated_single_eb9d05879e4cb943b965deb3cccf05ee.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "broadcast-hid-discoveryd.nse", "roAddComment.js", "uofa-science-model.xml", "https://www.google-analytics.com/plugins/ua/linkid.js", "chs-Invalid.ftl", "http-favicon.nse", "eTranscript-bundled-02-jan.js", "roEtranscriptsBundleTest.js", "http-dombased-xss.nse", "roScript2.js", "cbsr-model.xml", "pllcConfig.json", "bitcoin-getaddr.nse", "2024-03-12-log.txt", "stuxnet-detect.nse", "qaConfig.json", "https://js.callrail.com/group/0/66d5efd6cbf06378ea1f/02836fdf-c99c-4a90-b31b-373093db654e/poll.js?t=1649598014683&ids%5B%5D=448598242", "invite-email-add-direct.html_ja.ftl", "student-recordsConfig.json", "2024-03-18-log.txt", "advScript5.js", "reappointment-generate-schedule.js", "eTranscriptVersionModifierFix.js", "rm_event_config.json", "onCreate_supersedes.js", "http-icloud-sendmsg.nse", "ssl-cert.nse", "roslateexists.get.js", "http-waf-detect.nse", "http-sql-injection.nse", "ro-model.json", "engineering-coop-doc-list.json", "ceeb.get.js", "2024-02-22-log.txt", "uofa-rso-model.json", "http-drupal-enum-users.nse", "2024-02-05-log.txt", "2024-05-26-log.txt", "hrsDocSetup.json", "http-google-malware.nse", "xfe-URL-Ndevix.com-stix2-2.1-export.json", "appt-final-reminder.ftl", "https://code.jquery.com/jquery-3.4.1.min.js?ver=3.4.1", "psAudit-model.json", "membase-brute.nse", "record-rejected-email.ftl", "ssl-heartbleed.nse", "uofa-esign-model.json", "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/", "scheduleRunEveryday3PMto11PM.js", "guidelines-supervisor-revision.get.js", "sfs-wf-completed-email.html.ftl", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "snmp-brute.nse", "https://kf.cdsanheli.com/js/vue.min.js", "capeamergedoc.get.desc.xml", "https://lptag.liveperson.net/tag/tag.js?site=22027291", "advext-model.xml", "AlfrescoToolkit.info", "uappol-metadata-query.get.js", "mysql-audit.nse", "https://www.zealcu.org/app/uploads/cache/css/aggregated_cd3154a65f0e94fa98c08398cba54caa.css", "snmp-processes.nse", "http-wordpress-brute.nse", "https://insurancerateusa.com/polyfill-036b4a134d8725752ba0.js", "irc-unrealircd-backdoor.nse", "2024-05-23-log.txt", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "sfsWorkflowStatus.js", "businessCreateFolderRule.js", "backorifice-brute.nse", "ro-slate-institutions.json", "taskReportCSV-Appointment-prod.js", "ssl-dh-params.nse", "advEndowmentName.get.desc.xml", "unusual-port.nse", "2024-01-27-log.txt", "advDocSetup.json", "https://www.google.com/recaptcha/api.js", "hrsFileShareFolder.js", "iax2-version.nse", "simpleupload.post.json.ftl", "advScanningMapping.json", "mysql-info.nse", "https://insurancerateusa.com/bfcc7b67-0b189ba6da3fc3ae8b88.js", "fingerprint-strings.nse", "uofa-engg-model.xml", "uofa-rso-model.xml", "wf-email.html_ja.ftl", "xmpp-info.nse", "2024-03-04-log.txt", "ajp-request.nse", "uofa-business-model.json", "http-dlink-backdoor.nse", "ventrilo-info.nse", "advScriptDaily30minFreq.js", "chs-campus-list.json", "review-student.get.desc.xml", "2024-02-18-log.txt", "http-wordpress-enum.nse", "dns-random-srcport.nse", "pptp-version.nse", "2024-03-10-log.txt", "programExtensionScript.js", "rso-activation-report-doc-type.json", "http-useragent-tester.nse", "gpsd-info.nse", "chs-emailNotification.json", "smb-vuln-ms06-025.nse", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "appointmentStartTest.get.desc.xml", "ephesoft-educational.xml", "ipv6-ra-flood.nse", "psPerson.get.json.ftl", "advChangeDocumentType_confidential.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "categorysearch.get.js", "addFolderMetadata.js", "triggerapsprocess.post.js", "capeamergedoc.get.html.ftl", "engineering-coop-security-list.json", "2024-03-01-log.txt", "moveThesesForTransfer.js", "2024-04-24-log.txt", "roScript4.js", "https://www.heymman.com/style/main.css", "uofa-science-model.json", "every29MinPastHour.js", "ftp-brute.nse", "setTaskFilter.post.js", "dns-nsec3-enum.nse", "scheduleRunEvery2-10PM.js", "chs-studentUploadNotification.ftl", "gettasks.get.desc.xml", "chsStudentView.get.js", "office-of-advancement-record-types.json", "fo-utilities.json", "http-cakephp-version.nse", "eTranscriptVersioningFix.js", "sfs-ussl-report-status.json", "broadcast-wpad-discover.nse", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "ro-campusSolutionsTerm.json", "supermicro-ipmi-conf.nse", "2024-04-22-log.txt", "fgsrCreateApsFromCSV.json", "sniffer-detect.nse", "nat-pmp-mapport.nse", "edit.get.html.ftl", "enip-info.nse", "faculty-model.xml.json", "ADV-notify-terms-types.js", "coi-supervisor.get.desc.xml", "tamis-model.xml", "2024-04-10-log.txt", "coi-employee.get.desc.xml", "everyDay1H05MinAM.js", "my-site-site.json", "cvs-brute.nse", "roslateexists.get.html.ftl", "apptStepOneSave.post.json.ftl", "generic2min.js", "hrs-security-list.json", "augustana-doc-list.json", "chs-agreements.get.js", "folder-create-ro.js", "2023-12-01-log.txt", "apptStepZeroStarter.post.js", "broadcast-pc-duo.nse", "https://viz.greynoise.io/analysis/0cd9177e-8328-4355-a2c0-d05704a64c72", "review-cosupervisor.get.desc.xml", "apsAppConfig.json", "chs-agreements.get.html.ftl", "http-backup-finder.nse", "broadcast-dns-service-discovery.nse", "bacnet-info.nse", "xfe-URL-heymman.com-stix2-2.1-export.json", "blogsearch.get.atom.400.ftl", "stun-info.nse", "scheduleRunEvery5PMTo10PM.js", "fox-info.nse", "http-shellshock.nse", "appointmentSubmit.get.desc.xml", "uofa-uappol-model.json", "sciDocSetup.json", "businessCreateFolderSchedule.js", "http-slowloris.nse", "engineeringCreateAdvisingNotes.js", "ip-forwarding.nse", "cvs-brute-repository.nse", "uofaDocTypes.json", "mrinfo.nse", "nat-pmp-info.nse", "ua-error-model.xml", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "rpc-grind.nse", "pop3-capabilities.nse", "record-superseded-email.ftl", "psAuthorizedApprover.get.desc.xml", "thesisDepositArchival.js", "2024-05-25-log.txt", "deleteEphesoftDoc.js", "collegeOfHealthSciencesConfig.json", "http-headers.nse", "p2p-conficker.nse", "invite-email_es.html.ftl", "uofa-base-model.xml", "eSignDownload.get.html.ftl", "thesisDestructionReport.js", "dns-zeustracker.nse", "vnc-brute.nse", "cics-user-enum.nse", "psPerson.get.desc.xml", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88/iocs", "2024-05-18-log.txt", "socks-auth-info.nse", "dns-update.nse", "2024-03-22-log.txt", "2024-01-04-log.txt", "symplexMetadataUpdate.js", "http-vuln-cve2009-3960.nse", "roScript8.js", "http-comments-displayer.nse", "eppc-enum-processes.nse", "socks-brute.nse", "http-jsonp-detection.nse", "2024-02-15-log.txt", "calendar-year-model.xml", "advScriptMonthly.js", "uofa-hrsbs-model.json", "2024-02-01-log.txt", "search-responses.js", "http-feed.nse", "appointmentLandingPage.get.desc.xml", "getapsdbid.get.desc.xml", "roScanningMetadataBackScan.js", "jdwp-inject.nse", "quake3-info.nse", "guidelines-start.get.html.ftl", "uofa-hrs-model.xml", "rfc868-time.nse", "smtp-brute.nse", "https://kf.cdsanheli.com/js/axios.min.js", "telnet-brute.nse", "foDocSetup.json", "uofa-sfs-model.xml", "sfs-wf-email.html.ftl", "createSlateFolioMaterialDropdown.js", "OOA-notify-email-template.ftl", "hostmap-bfk.nse", "capinfo.get.html.ftl", "http-vuln-cve2015-1427.nse", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "cbsrsite-sopTypes.json", "uofaDepartmentName.get.js", "ro-academic-pre-pro-programs.json", "dns-srv-enum.nse", "assignuser.put.js", "impress-remote-discover.nse", "businessConfig.json", "emailbody_textplain_share_it.ftl", "reappointment-generate-process.js", "chs-programYear-list.json", "http-malware-host.nse", "createDepartmentJSON.js", "lawCreateFolder.js", "review-comm01v2.get.html.ftl", "ntp-info.nse", "roScript3.js", "http-vlcstreamer-ls.nse", "HRSBS-SyncCCIDs.js", "publicSiteFileViewer.get.js", "uofaFacultyList.get.desc.xml", "irc-botnet-channels.nse", "hostmap-robtex.nse", "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "setTaskFilter.post.json.ftl", "2024-03-29-log.txt", "isns-info.nse", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "bitcoin-info.nse", "metasploit-msgrpc-brute.nse", "2024-04-13-log.txt", "example test script.js", "facopr-model.xml", "coi-supervisor.get.js", "pllc-site.json", "chs-studentExpired.ftl", "https://app.fanzhi.xyz/dist/css/vip.css", "2024-03-07-log.txt", "couchdb-stats.nse", "oracle-brute-stealth.nse", "uofa-slate-model.json", "wfh-revise.get.desc.xml", "uappol-site.json", "lltd-discovery.nse", "fgsr-credential-list.json", "law-security-list.json", "2024-02-02-log.txt", "advErrorMessageReset.js", "search-match-list.get.js.old", "smb-brute.nse", "qaProcess.js", "pcworx-info.nse", "https://www.googletagmanager.com/gtag/js?id=G-J9PCW0F6JV", "queryTasks.get.desc.xml", "rsa-vuln-roca.nse", "ADV-notify-terms-types.ftl", "sstp-discover.nse", "foCreateFolderRule.js", "roConfig.json", "notify_user_email_ooa_failed.ftl", "readme.html", "routableGroups.get.js", "advUtils.js", "hrsbsCreateFolderRule.js", "deployWebServiceDescriptor.js", "2024-05-11-log.txt", "https://connect.facebook.net/signals/config/3689470801106673?v=2.9.57&r=stable", "capeamergedoc.get.js", "review-supervisorv2.get.js", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "avmstores.get.html.ftl", "review-comm03v2.get.html.ftl", "versant-info.nse", "roslateexists.get.desc.xml", "http://polyfill.alicdn.com/", "advChangeDocumentType_background.js", "ro-search-match.json", "hrs-employmentFinancial.json", "eSignatureStatusHistory.get.desc.xml", "hadoop-secondary-namenode-info.nse", "https://viz.greynoise.io/ip/analysis/2610b635-c05a-4f28-a112-7278de8fdf9b", "oracle-brute.nse", "claimtask.put.desc.xml", "apsApplicationList.get.desc.xml", "2024-01-29-log.txt", "artsCreateFolder.js", "psDeptSingle.get.js", "https://insurancerateusa.com/94297995-69529ad7536f090aa776.js", "search.get.desc.xml", "queryTasks.get.json.ftl", "2024-02-12-log.txt", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "notify_user_email.html.ftl", "2024-02-14-log.txt", "fgsr-exam-list.json", "snmp-netstat.nse", "upnp-info.nse", "2024-03-03-log.txt", "http-bigip-cookie.nse", "scheduleJobTest.js", "targets-sniffer.nse", "http-webdav-scan.nse", "wfh-seniormanager.get.desc.xml", "uofa-education-model.json", "fgsr-thesis-deposit.json", "addTimeStamp.js", "createSlateApplicationsCSV.js", "edit.get.desc.xml", "nativeStudiesCreateFolderRestricted.js", "psAcademicDeptAll.get.json.ftl", "review-supervisorv2.get.desc.xml", "chsAdminStuView.get.js", "ist-site.json", "ms-sql-brute.nse", "apsApplicationList.get.html.ftl", "enggCoopCreateFolderRule.js", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "config.js", "review-comm02.get.html.ftl", "ssl-cert-intaddr.nse", "apptStatusDocUpdate.post.js", "pgsql-brute.nse", "report_rmr_transferReport.html.ftl", "http-vuln-cve2011-3192.nse", "activities-email_nl.ftl", "roScanningMetadata.js", "extension-security-list.json", "fgsrssgLanding.get.html.ftl", "review-cosupervisorv2.get.js", "uofa-law-model.json", "advEndowmentName.get.js", "http-icloud-findmyiphone.nse", "alesFileScanned.js", "cics-info.nse", "afp-serverinfo.nse", "https://unrealservers.net/master.css", "weblogic-t3-info.nse", "roFolderCreateLDAPLookup.js", "ro-acad-group.json", "http-server-header.nse", "completetask.post.json.ftl", "uofa-business-model.xml", "memcached-info.nse", "applyTaskAction.post.js", "http-mcmp.nse", "artsFileScanned.js", "chsCreateFolderRule.js", "alfresco docs.js", "roSlateDocumentExport.js", "roCreateEducationalCSV.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js", "hrsbs-site.json", "review-supervisor.get.js", "citrix-enum-servers.nse", "pop3-ntlm-info.nse", "review-studentTest.get.desc.xml", "notify_user_email_nl.html.ftl", "https://www.yunshipei.com/assets/js/app.min.js", "2024-05-19-log.txt", "new-user-email_nl.html", "broadcast-rip-discover.nse", "taskForm.get.js", "nbd-info.nse", "ssh-auth-methods.nse", "updateVariable.post.js", "uofa-base-model.json", "bittorrent-discovery.nse", "wf-email_es.html.ftl", "http-cisco-anyconnect.nse", "faculty-of-ales-site.json", "voldemort-info.nse", "AFA_Main.post.js", "http-grep.nse", "http-vhosts.nse", "http-errors.nse", "guidelines-start.get.js", "http-axis2-dir-traversal.nse", "ftp-syst.nse", "general_example.ftl", "2024-04-04-log.txt", "chsStudentView.get.html.ftl", "rma-model.json", "consignoWebhook.post.js", "alesFileShareFolder.js", "changeInitiatorAppt.put.js", "netbus-info.nse", "scripts", "uploadfile.post.desc.xml", "smb-print-text.nse", "my_docs.ftl", "bitcoinrpc-info.nse", "http-vuln-cve2015-1635.nse", "http-apache-server-status.nse", "schoolboard.get.desc.xml", "invite-email-add-direct.html_it.ftl", "appointmentSubmit.get.js", "uatraining.xml", "wdb-version.nse", "imap-capabilities.nse", "tasklist.get.html.ftl.jquery", "uofa-common-model.xml", "advScript1.js", "auth-spoof.nse", "PeopleSoft-eTranscript-XML-PDF.js", "http-frontpage-login.nse", "sciCreateFolderPublic.js", "mcafee-epo-agent.nse", "2024-04-05-log.txt", "uaqa-model.xml", "enggCreateFolder.js", "address-info.nse", "smb-vuln-ms10-061.nse", "https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1649597064004&loc=https%3A%2F%2Fwww.zealcu.org", "globalHeader.html.ftl", "ms-sql-info.nse", "https://www.heymman.com/script.js", "http-stored-xss.nse", "OOA-notify-email.js", "materials.get.js", "pinames.json", "alesDocSetup.json", "uaqa-model.json", "cups-info.nse", "reappointment-tracking-process.js", "pjl-ready-message.nse", "invite-email_fr.html.ftl", "skypev2-version.nse", "chs-ag-type.json", "notify_user_email_ja.html.ftl", "roAddAspectAndMoveAFA.js", "activities-email_de.ftl", "broadcast-eigrp-discovery.nse", "https://bat.bing.com/p/action/5602105.js", "dpap-brute.nse", "student-financial-services-doc-list.json", "report_rmr_holdReport.html.ftl", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "http-slowloris-check.nse", "http-userdir-enum.nse", "tamis-model.json", "updateSearchMatchStatus.js", "http-date.nse", "broadcast-wsdd-discover.nse", "2024-05-08-log.txt", "modfiyOrUpdatePropertyfromCSV.js", "scans.get.html.ftl", "uofa-arts-model.json", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js", "2024-05-24-log.txt", "guidelines-supervisor.get.html.ftl", "x11-access.nse", "ip-geolocation-ipinfodb.nse", "rso-financial-reporting-doc-type.json", "telnet-ntlm-info.nse", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs", "report_rmr_destructionReport.html.ftl", "eSignatureStatusHistory.get.html.ftl", "blogsearch.get.html.400.ftl", "review-nextdate.get.html.ftl", "2024-04-01-log.txt", "qscan.nse", "dns-fuzz.nse", "uofa-workflowGeneral.json", "roAddAspectAndMoveTranscript.js", "zetalytics .pdf", "2024-01-11-log.txt", "ftp-bounce.nse", "emailbody_textplain_alfresco_pt_BR.ftl", "oracle-tns-version.nse", "ro-slate-folio-material-school-scope.json", "ro-doctypes.json", "https://app.fanzhi.xyz/dist/vendors/bootstrap/css/bootstrap.min.css", "http-default-accounts.nse", "roDocSetup.json", "citrix-brute-xml.nse", "alfrescoUserGroupRequest.ftl", "2024-02-04-log.txt", "dns-cache-snoop.nse", "emailbody_textplain_share_es.ftl", "2024-06-01-log.txt", "educationCreateAdvisingNotes.js", "appointmentStart.get.desc.xml", "targets-ipv6-multicast-echo.nse", "new-user-email_nl.html.ftl", "engineering-security-list.json", "ipidseq.nse", "uofa-slate-model.xml", "smb-enum-groups.nse", "wsdd-discover.nse", "security-group-model.xml", "artsConfig.json", "artsCreateFolderRule.js", "coveoGetDocList.get.desc.xml", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "ftp-vuln-cve2010-4221.nse", "cics-user-brute.nse", "2024-05-30-log.txt", "mongodb-info.nse", "ro-indigenous-type.json", "ftp-libopie.nse", "enggFileScanned.js", "http-litespeed-sourcecode-download.nse", "blogsearch.get.js", "http://is.alicdn.com/", "eSignatureStatusHistory.get.js", "tls-ticketbleed.nse", "https://insurancerateusa.com/3bea8d40-8926f4790c0b3689a361.js", "2024-01-09-log.txt", "APSWorkflowInfo.put.html.ftl", "smb-os-discovery.nse", "2024-04-26-log.txt", "sciFileADDPFileTypes.js", "roAddBundlingAspect.js", "http-vuln-misfortune-cookie.nse", "broadcast-db2-discover.nse", "http-joomla-brute.nse", "nanofab", "uarmm-supplement-scanning.json", "activities-email_ja.ftl", "addPersonAspect.js", "xmlrpc-methods.nse", "hostmap-crtsh.nse", "alesDaily.js", "fgsrCreateAPSProcessFromCSV.js", "pensionBenefit.html.ftl", "http-vuln-wnr1000-creds.nse", "uappol-type.json", "jdwp-exec.nse", "invite-email-moderated.html.ftl", "missingDocumentList-csv.js", "taskUtils.js", "hrsbsCreateFolder.js", "chs-stuEmailNotification.json", "irc-brute.nse", "extensionFileScanned.js", "uofa-pllc-model.json", "ganglia-info.nse", "https://s.thebrighttag.com/tag?site=9O7NXzt&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&H=-5nu6gjg", "pcmConfig.json", "assocModel.xml", "https://insurancerateusa.com/app-74647f151b541f3098c2.js", "wfh-seniormanager.get.js", "following-email_ja.html.ftl", "uappolCategoryHeirarchy.get.json.ftl", "snmp-win32-users.nse", "arts-doc-list.json", "sip-brute.nse", "invite-email_it.html.ftl", "invite-email-add-direct.html_nl.ftl", "http-aspnet-debug.nse", "command-utils.js", "adv-model.xml", "chsEmailOnUpdateComment.js", "http-svn-info.nse", "FVCA-data-import.js", "review-cosupervisorv2.get.html.ftl", "https://kf.cdsanheli.com/js/online.3de8ba00.js", "educationDocSetup.json", "ssl-known-key.nse", "nbns-interfaces.nse", "guidelines-supervisor.get.desc.xml", "advMoveToFoldersScheduled.js", "roMoveCompleted.js", "lawConfig.json", "2024-01-13-log.txt", "nativeStudiesCreateFolder.js", "2024-03-05-log.txt", "addTimeStampRandomFileName.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "backup and log.js", "http-sap-netweaver-leak.nse", "sip-enum-users.nse", "review-comm01v2.get.desc.xml", "https://www.jelenia-gora.sr.gov.pl/spacer", "2024-05-09-log.txt", "uofa-pllc-model.xml", "http://sedoparking.com/frmpark/ihagoogle.com/sedopark/park.js", "chs-document-status.json", "sfsDocSetup.json", "mysql-users.nse", "pllcDocSetup.json", "simpleupload.post.desc.xml", "ubiquiti-discovery.nse", "xfe-URL-insurancerateusa.com-stix2-2.1-export.json", "omron-info.nse", "siteFileViewer.get.js", "ua-audit-generic-model.xml", "http-xssed.nse", "gtaGraProcessToCSV.js", "review-student-revisionv2.get.html.ftl", "roEtranscriptPDFConverter.js", "uappolCategoryHeirarchy.get.js", "westCanDocumentMove.js", "http-robots.txt.nse", "uofa-set-model.xml", "https://en.fofa.info/result?qbase64=ZWRtb250b25wb2xpY2UuY2E%3D", "uofa-fo-model.xml", "rpcap-info.nse", "smb-vuln-webexec.nse", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "creds-summary.nse", "appointment-report.js", "xfe-URL-Alijk.com-stix2-2.1-export.json", "metasploit-info.nse", "ms-sql-dump-hashes.nse", "hrsbsConfig.json", "dropboxCommonAspects.json", "http-domino-enum-passwords.nse", "LaunchWorkflowUtils.js", "system-overview.html", "emailbody_textplain_share_ja.ftl", "ro-org-desc.json", "hbase-master-info.nse", "cbsrsite-site.json", "mmouse-exec.nse", "routableGroups.get.desc.xml", "assignuser.put.desc.xml", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "invite-email-add-direct.html_fr.ftl", "2024-01-15-log.txt", "vmware-version.nse", "updatevariables.post.json.ftl.notused", "schoolboard.get.html.ftl", "2024-01-16-log.txt", "guidelines-student.get.html.ftl", "smtp-commands.nse", "readme_fr.html", "https://ransom-isac.org/blog/cross-chain-txdatahiding-crypto-heist/", "advEndowmentName.get.json.ftl", "2024-03-08-log.txt", "getSlateId.get.js", "http-vuln-cve2014-2126.nse", "uofa-arts-model.xml", "rmOOABackgroundInformationFiling.js", "backorifice-info.nse", "https://pxlgnpgecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=11", "xmlUtil.js", "2024-04-28-log.txt", "student-records-site.json", "2024-05-31-log.txt", "broadcast-pim-discovery.nse", "support-documentation-site.json", "invite-email_nl.html.ftl", "ncp-enum-users.nse", "2024-03-21-log.txt", "iax2-brute.nse", "uptime-agent-info.nse", "scans.get.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NF2ZT3", "chsAgreementsDocSetup.json", "2024-01-23-log.txt", "https://www.youtube.com/iframe_api", "http-phpself-xss.nse", "mmouse-brute.nse", "https://www.psi.de/typo3temp/scriptmerger/uncompressed/head-bd4b8119586687574cf8f8529359d678.merged.css", "emailbody_textplain_alfresco_fr.ftl", "startDepartmentAdhocApprovalWorkflow.js", "eraReportGeneration.js", "eTranscriptConfig.json", "uofapersonidrest.get.js", "faculty-of-native-studies-site.json", "gtaGraProcessToCSV-2AM.js", "nfs-showmount.nse", "ssh-run.nse", "xfe-URL-ihagoogle.com-stix2-2.1-export.json", "broadcast-novell-locate.nse", "advext-model.json", "following-email.html_it.ftl", "uarm-rma-filing-model.xml", "native-studies-security-list.json", "2024-01-18-log.txt", "broadcast-dhcp-discover.nse", "JSON.js", "advReconcilliation.js", "uofa-hrs-model.json", "command-processor.js", "wfh-manager.get.desc.xml", "broadcast-avahi-dos.nse", "getJson.get.js", "move-fgsr-folder.js", "tim-sops", "nessus-xmlrpc-brute.nse", "apptStatusDocUpdate.post.desc.xml", "enggCoopBulkUpload.js", "hrsbsDocumentLinking.get.desc.xml", "every16MinPastHour.js", "https://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js", "acsToApsUserUpdate.js", "claimtask.put.js", "deletingCompletingWorkflow.js", "new-user-email.html.ftl", "apptStepOneStarter.post.desc.xml", "http-devframework.nse", "advsearch.json", "2024-03-20-log.txt", "2024-05-16-log.txt", "review-comm02.get.js", "roScript5.js", "lu-enum.nse", "2024-02-19-log.txt", "2024-01-25-log.txt", "qaRelease.js", "http-form-fuzzer.nse", "db2-das-info.nse", "https://app-lon04.marketo.com/index.php/form/XDFrame", "new-user-email_es.html.ftl", "2024-03-16-log.txt", "advScript2.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "wf-email.html_es.ftl", "cassandra-brute.nse", "https://app.fanzhi.xyz/dist/js/jquery.cookie.js", "ip-geolocation-maxmind.nse", "broadcast-jenkins-discover.nse", "xmpp-brute.nse", "ADVChangeAuthor.js", "http-vuln-cve2010-0738.nse", "https://j.clarity.ms/s/0.6.34/clarity.js", "apsApplicationList.get.js", "2024-04-23-log.txt", "append copyright.js", "2024-04-21-log.txt", "http-unsafe-output-escaping.nse", "following-email.html_de.ftl", "2024-04-29-log.txt", "notify_user_email.ftl", "freelancer-info.nse", "citrix-enum-apps.nse", "2024-05-05-log.txt", "informix-tables.nse", "amqp-info.nse", "avmbrowse.get.html.ftl", "ssl-enum-ciphers.nse", "assignuser.put.json.ftl", "vmauthd-brute.nse", "ipmi-brute.nse", "college-of-health-sciences-site.json", "ajp-methods.nse", "review-comm03v2.get.js", "ADVendFundReportFiling.js", "roMoveCompletedSearchMatch.js", "apptStepOneStarter.post.json.ftl", "review-startv2.get.html.ftl", "guidelines-student.get.desc.xml", "2024-03-28-log.txt", "uofa-extension-model.json", "ms-sql-query.nse", "symplexMoveToFolder.js", "https://www.jelenia-gora.so.gov.pl/", "extension-doc-list.json", "chsAdminStuView.get.desc.xml", "nativeStudiesCreateFolderRule.js", "following-email_fr.html.ftl", "2024-04-06-log.txt", "2024-05-21-log.txt", "https://insurancerateusa.com/webpack-runtime-f014a3267add02a94afb.js", "ssh2-enum-algos.nse", "paperFileUtil.get.desc.xml", "uofapersonid.get.desc.xml", "http-vuln-cve2013-0156.nse", "calendar-year-model.json", "http-robtex-shared-ns.nse", "smb-vuln-ms08-067.nse", "ms-sql-xp-cmdshell.nse", "http-vuln-cve2014-8877.nse", "coveoGetDocList.get.json.ftl", "https://www.yunshipei.com/assets/js/amazeui.min.js", "tn3270-screen.nse", "clamav-exec.nse", "targets-ipv6-multicast-mld.nse", "iec-identify.nse", "publicSiteFileViewer.get.html.ftl", "uofa-aps-model.json", "2024-02-13-log.txt", "smb-flood.nse", "invite_user_email.ftl", "2024-01-10-log.txt", "uamytasks.config.get.js", "afp-showmount.nse", "cap-file-load.post.json.ftl", "education-doc-list.json", "searchPageConfig.json", "https://app.fanzhi.xyz/dist/vendors/core-js/core.js", "every30MinStartingAt26MinPastHour.js", "psAcademicDeptAll.get.desc.xml", "uappolDocSetup.json", "sciBulkShareFolder.js", "deluge-rpc-brute.nse", "2024-03-23-log.txt", "review-cosupervisor.get.js", "search-match-list.get.html.ftl", "2024-02-08-log.txt", "uofa-pc-model.xml", "2024-05-12-log.txt", "openvas-otp-brute.nse", "ip-geolocation-map-google.nse", "http-passwd.nse", "student-transcripts-site.json", "mysql-databases.nse", "broadcast-xdmcp-discover.nse", "rdp-enum-encryption.nse", "uappolCreateFolderRule.js", "security-group-user.js", "roCopyEphesoftMetadataXML.js", "every52MinPastHour.js", "http-enum.nse", "oracle-sid-brute.nse", "advSimplexMapping.json", "dynamicSecurityMarksModel", "chs-agreements-site.json", "start-pooled-review-workflow.js", "appointmentStartTest.get.js", "review-comm02v2.get.desc.xml", "chs-degProgram-list.json", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "wfh-manager.get.js", "CAPSendMonthlyReportEmail.js", "rpcap-brute.nse", "chs-program-list.json", "jdwp-info.nse", "emailbody_textplain_alfresco.ftl", "science-doc-list.json", "activities-email.ftl", "https://pixel-geo.prfct.co/tagjs?a_id=131352&source=js_tag", "review-comm03.get.js", "http-mobileversion-checker.nse", "everyDay4H30MinAM.js", "smb-security-mode.nse", "categorysearch.get.html.ftl", "sciConfig.json", "cronJob.post.json.ftl", "nping-brute.nse", "coi-employee.get.html.ftl", "invite-email.html.ftl", "educationConfig.json", "coupa.get.desc.xml", "cronJob.post.desc.xml", "every22MinPastHour.js", "2024-02-27-log.txt", "PaperFileconfig.json", "review-student-revision.get.desc.xml", "sfsCreateFolder.js", "getSlateId.get.json.ftl", "broadcast-listener.nse", "http-security-headers.nse", "https://threatprophet.com/posts/2026-02-25-japanese-royal/", "cics-enum.nse", "educationCreateFolder.js", "studentupload.get.html.ftl", "rmScriptThrowError.js", "http-method-tamper.nse", "2024-01-08-log.txt", "uawfh-model.json", "2024-06-04-log.txt", "tls-nextprotoneg.nse", "http-phpmyadmin-dir-traversal.nse", "2024-01-19-log.txt", "uploadfile.post.js", "setTaskFilter.post.desc.xml", "FVCA.json", "dns-ip6-arpa-scan.nse", "http-vuln-cve2017-5638.nse", "alesBulkShareFolder.js", "rmSearchmatchNomatchFiling.js", "luceneUtil.js", "bjnp-discover.nse", "epsb.get.js", "emailbody_textplain_alfresco_nb.ftl", "uarmm-supplement-scanning.xml", "copy-signed-offer-letter.js", "ftp-vsftpd-backdoor.nse", "ldap-search.nse", "review-comm01.get.js", "emailbody_textplain_alfresco_it.ftl", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "guidelines-start.get.desc.xml", "guidelines-student-revision.get.html.ftl", "nrpe-enum.nse", "taskForm.get.json.ftl", "reverse-index.nse", "gopher-ls.nse", "GenerateSponsornamesAndPinames.js", "customCSS_FGSR.css", "siteMembersReport.js", "everyDay2H35MinAM.js", "review-startv2.get.desc.xml", "invite-email.ftl", "2024-04-30-log.txt", "ajp-headers.nse", "ipmi-cipher-zero.nse", "hrsDaily.js", "review-comm03.get.desc.xml", "AFA_MainFileOnly.post.json.ftl", "ADVDonationCalendarToFiscal.js", "appointmentLandingPage.get.js", "convertTranscript.js", "sciFileScanned.js", "informix-brute.nse", "hrsbs-file-structure.json", "dns-zone-transfer.nse", "vulners.nse", "folder.get.desc.xml", "whois-domain.nse", "cap-site.json", "mysql-query.nse", "chs-commentUpdate.ftl", "doc_info.ftl", "cups-queue-info.nse", "2024-02-26-log.txt", "hrs-bulkId.json", "http-vuln-cve2017-8917.nse", "fgsrCopyMetadata.json", "businessBulkShareFolder.js", "dns-blacklist.nse", "teamspeak2-version.nse", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "cbsr-study.json", "appointment-report-schedule.js", "finger.nse", "smb2-time.nse", "businessCreateAdvisingNotes.js", "save.post.json.ftl", "facopr-model.json", "ro-authenticity.json", "roslateapplist.get.html.ftl", "reappointment-tracking-schedule.js", "emailbody-alfresco-textplain.ftl", "telnet-encryption.nse", "apptStepOneSave.post.desc.xml", "mysql-enum.nse", "2024-03-02-log.txt", "uofa-chs-model.json", "uawfh-model.xml", "ovs-agent-version.nse", "uofaDepartmentList.get.html.ftl", "uofapersonid.get.html.ftl", "openlookup-info.nse", "apsSitesConfig.json", "https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/", "save.post.js", "PaperFileUtils.js", "pllc-doc-list.json", "processIdProps.get.json.ftl", "rso-forms-form-type.json", "targets-ipv6-multicast-slaac.nse", "invite-email-add-direct.html.ftl", "smb-mbenum.nse", "http-form-brute.nse", "review-studentv2.get.html.ftl", "2024-02-24-log.txt", "http-affiliate-id.nse", "emailbody_textplain_share_pt_BR.ftl", "dns-service-discovery.nse", "localizable.ftl", "targets-asn.nse", "adv-correspondence-type.json", "2023-12-31-log.txt", "2024-03-13-log.txt", "fgsrCreateFolder.js", "startTwoStepWorkflow.js", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "smb-ls.nse", "facopr-supportinDocField.json", "sciCreateFolder.js", "getTaskFilter.get.js", "bulkload-testing-site.json", "folder.get.js", "tasklist.get.js", "scheduleRunEvery2AM.js", "2024-06-02-log.txt", "smb-vuln-ms10-054.nse", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/388043112/?random=1649597062436&cv=9&fst=1649597062436&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa3u0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%3A%2520Zeal%2520Credit%2520", "review-comm02v2.get.html.ftl", "claimtask.put.json.ftl", "rso-site.json", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css", "uappol-upload-rule.js", "broadcast-ms-sql-discover.nse", "ua-dummy.xml", "fgsr-official-list.json", "ADVEphesoftMove.js", "hadoop-datanode-info.nse", "advScanning.js", "fgsr-model.json", "webFormDialog.html.ftl", "businessCreateFolder.js", "https://www.virustotal.com/gui/collection/63819e07111e9665ba8602777d782527c54f3fad71ef36f977405a004484787c/iocs", "broadcast-upnp-info.nse", "https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfjFjMaAAAAACpmnf2RfTg2U2m4Cdnku25XccJW&co=aHR0cHM6Ly93d3cuemVhbGN1Lm9yZzo0NDM.&hl=en&v=Y-cOIEkAqcfDdup_qnnmkxIC&theme=light&size=normal&cb=j4msjl4zxy97", "review-nextdate.get.desc.xml", "new-user-email_it.html.ftl", "auth-owners.nse", "snmp-info.nse", "copy-fgsr-to-graduate-students-records.js", "nessus-brute.nse", "http-auth.nse", "mysql-brute.nse", "a.pub.network:timcast-com:pubfig.min.js.webloc", "uofa-augustana-model.xml", "uofa-engg-coop-model.xml", "2024-02-06-log.txt", "https://s.thebrighttag.com/tag?site=9O7NXzt&H=-5nu6gjg&referrer=https%3A%2F%2Fwww.zealcu.org%2Fhome-loans%2F%3Fmsclkid%3D3ef1349815a11e52b0b256cacc0bc952%26utm_source%3Dbing%26utm_medium%3Dcpc%26utm_campaign%3DSearch%253A%2520Zeal%2520Credit%2520Union%2520-%2520Mortgages%26utm_term%3Dhouse%2520mortgage%26utm_content%3DMortgage%2520General&docReferrer=http%3A%2F%2Finstantfwding.com%2F&mode=v2&cf=7500150%2C7500152&btpdb.9O7NXzt.dGZjLjc1MDAxNTE=UkVRVUVTVFMuMA&btpdb.9O7NXzt.dGZjLjc1MTUyNDU=U0VTU0lPTg&btpdb.9O7N", "businessFileShareFolder.js", "updatevariables.post.desc.xml.notused", "capinfo.get.desc.xml", "https://www.virustotal.com/graph/embed/g8b17f086c8ca45188352d1d054fa3f8948f81bddd2114ea7b99864e585604e72?theme=dark", "businessFileScanned.js", "hrsbs-review-cycle.json", "path-mtu.nse", "faculty-of-extension-site.json", "advCreateFolderScheduled.js", "http-methods.nse", "roAddSearchMatchAspect.js", "hadoop-namenode-info.nse", "search-match-result.get.html.ftl", "https://fengweics.com/", "review-student.get.js", "broadcast-netbios-master-browser.nse", "review-comm03v2.get.desc.xml", "review-comm01.get.desc.xml", "everyDay2H05MinAM.js", "avmbrowse.get.js", "thesisDepositConfig.json", "coi-start.get.desc.xml", "rusers.nse", "puppet-naivesigning.nse", "ms-sql-tables.nse", "rsync-list-modules.nse", "https://app.fanzhi.xyz/dist/js/jquery.min.js", "smtp-vuln-cve2010-4344.nse", "ro-related-record-types.json", "uofapersonid.get.js", "activities-email_it.ftl", "taskForm.get.desc.xml", "https://www.virustotal.com/graph/embed/g05f1796a358b458d95751d31d1d529aa378f8ffadf0b4305b7fa0bd1c64fe228?theme=dark", "security-group-model.json", "advBatchProcessing.js", "omp2-brute.nse", "advScriptWeekly.js", "every20MinStartingAt15MinPastHour.js", "firewalk.nse", "fgsr-case-file-report.js", "updateVariable.post.desc.xml", "http-trace.nse", "fgsrDocRestructure.js", "APSWorkflowStatus.put.html.ftl", "http-vuln-cve2013-7091.nse", "gtaGraStatus.post.json.ftl", "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "command-search.js", "ajp-auth.nse", "manual-tracking-script.js", "https://www.yunshipei.com/assets/js/jquery.js", "RONotification.js", "smb-enum-users.nse", "wfh-seniormanager.get.html.ftl", "rsoprojectdetails.get.html.ftl", "advEntityName.get.html.ftl", "advEntityName.get.desc.xml", "irc-info.nse", "review-comm02.get.desc.xml", "http-chrono.nse", "informix-query.nse", "knx-gateway-discover.nse", "https://page.1688.com/shtml/static/wrongpage.html", "every47MinPastHourBetween4PM12PM.js", "processIdProps.get.desc.xml", "smb-enum-processes.nse", "ales-security-list.json", "redis-info.nse", "irc-sasl-brute.nse", "openwebnet-discovery.nse", "createReportRecursiveGroupsAndUsersInASite.js", "generalSchedule.js", "2024-01-28-log.txt", "engineering-doc-list.json", "smb-vuln-cve2009-3103.nse", "materials.get.json.ftl", "triggerapsprocess.post.json.ftl", "uAlbertaWorkflowGeneral.json", "transcript-model.xml", "http-title.nse", "broadcast-networker-discover.nse", "targets-ipv6-map4to6.nse", "ephesoft-educational.json", "chs-upload.get.js", "smtp-open-relay.nse", "2024-04-16-log.txt", "http-vuln-cve2014-3704.nse", "broadcast-wake-on-lan.nse", "rso-accounts-receivable-accounts-payable-doc-type.json", "augCreateFolder.js", "psAudit-model.xml", "search-match-dob-add.js", "changeInitiatorAppt.put.desc.xml", "appointmentStart.get.js", "NodeInfo.get.desc.xml", "uofa-chs-agreements-model.xml", "rsoDocSetup.json", "smb-vuln-ms07-029.nse", "ipv6-node-info.nse", "every57MinPastHour.js", "uofa-cap-model.json", "scheduleRunEvery20Minutes.js", "uploadfile.post.json.ftl", "http-trane-info.nse", "http-traceroute.nse", "fcrdns.nse", "uofa-engg-model.json", "util.js", "smb2-capabilities.nse", "tftp-enum.nse", "advScript3.js", "old-AlfrescoToolkit.conf", "kofaxMetadataMergeMissing.js", "rpcinfo.nse", "uofa-chs-agreements-model.json", "every38MinPastHourBetween4PM12PM.js", "apptStepOneSave.post.js", "NodeInfoByCapId.get.desc.xml", "applyTaskAction.post.desc.xml", "nje-node-brute.nse", "review-studentv2.get.desc.xml", "2024-01-05-log.txt", "riak-http-info.nse", "fgsrCreateAPSProcessFromFolder.js", "hrsbs-action-reasons.json", "asn-query.nse", "chsEnv.js", "https://pv.sohu.com/cityjson?ie=utf-8", "wf-email_fr.html.ftl", "savetask.post.json.ftl", "CapApsConfig.json", "capConfig.js", "smb-vuln-cve-2017-7494.nse", "augustana-site.json", "smb-double-pulsar-backdoor.nse", "2024-04-02-log.txt", "roslateapplist.get.json.ftl", "socks-open-proxy.nse", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "wf-email_it.html.ftl", "emailbody_textplain_share_nb.ftl", "2024-05-06-log.txt", "invite-email.html_nl.ftl", "notify_user_email_de.html.ftl", "2024-06-05-log.txt", "materials.get.desc.xml", "advMoveToFolder.js", "vtam-enum.nse", "https://munchkin.marketo.net/161/munchkin.js", "http-barracuda-dir-traversal.nse", "env.js", "fgsr-thesis-deposit.xml", "canada-provinces-list.json", "fgsr-model.xml", "review-supervisor.get.desc.xml", "2024-04-27-log.txt", "guidelines-student.get.js", "ro-model.xml", "fgsr-awards.json", "sslv2-drown.nse", "roSearchMatchQuery.js", "AFAconfig.json", "uappolConfig.json", "lawDocSetup.json", "hbase-region-info.nse", "ms-sql-empty-password.nse", "http://ylnedriuopegrle33689.org/mobile/static/css/app.726f146ac9040074723077dbffe13bf7.css", "http-cors.nse", "psDeptAll.get.json.ftl", "collegeOfHealthSciencesDocSetup.json", "everyDay12H30MinAM.js", "targets-xml.nse", "office-of-advancement-site.json", "http-proxy-brute.nse", "https://www.yunshipei.com/", "2024-03-14-log.txt", "advChangeDocumentName.js", "graduate-student-records-site.json", "extensionCreateFolder.js", "http-open-redirect.nse", "search-match-result.get.js", "uappol-metadata-query.get.desc.xml", "uofa-augustana-model.json", "hrs-pension.json", "pllc-security-list.json", "uarmTempModel.xml", "psUtil.js", "ro-search-match.xml", "gtaGraStatus.post.js", "ajp-brute.nse", "uofa-extension-model.xml", "queryTasks.get.js", "student-financial-services-site.json", "uofa-aps-model.xml", "drda-brute.nse", "emailbody_textplain_share_zh_CN.ftl", "uappol-functions.js", "education-security-list.json", "chs-faculty-list.json", "roBatchScript.js", "shodan-api.nse", "smtp-enum-users.nse", "consignOInitiatorOfferLetterChange.js", "2024-03-24-log.txt", "apptStepOneStarter.post.js", "review-startv2.get.js", "NodeInfoByCapId.get.js", "smtp-ntlm-info.nse", "FGSR-Forms-Config.js", "2024-02-25-log.txt", "roEtranscriptReport.js", "2024-01-20-log.txt", "uofaDepartmentName.get.desc.xml", "2024-04-19-log.txt", "tls-alpn.nse", "2024-05-27-log.txt", "dicom-ping.nse", "folderCreateUtilAA.js", "FandO-Organizations.json", "targets-ipv6-wordlist.nse", "http://ylnedriuopegrle33689.org/mobile/static/js/app.9074e5240bf3d0f7b264.js", "symplexUtils.js", "2024-04-25-log.txt", "archiveDocument.js", "advScript4.js", "roScript6.js", "http-fileupload-exploiter.nse", "chs-provinces-list.json", "wf-email_ja.html.ftl", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "following-email.html.ftl", "roDailyQA.js", "psDeptSingle.get.desc.xml", "smb-enum-shares.nse", "reminder-email-util.js", "capinfo.get.html.ftl.backup", "https://integration.silvercloudinc.com/js/silvercloudjs/silvercloud.js", "2024-01-12-log.txt", "fgsrMigrationScript-withTerminationLogic.js", "2024-04-15-log.txt", "ldap-brute.nse", "broadcast-pppoe-discover.nse", "vnc-info.nse", "components.zip - 2b91fcf852a5f1f57be71a269d82497b37c9f544ebd8f32aaa240e4cde0ffeea" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [ "Finance" ] }, "other": { "adversary": [ "TA413 proposed (06.08.24), Callisto, APT38, APT 28/29 - too much time too many problems" ], "malware_families": [ "", "Backdoor:win32/poison.e", "Trojan:win32/danabot.g", "Vd", "Bufferwriter", "Kiitos", "Serwer", "Reduceright", "Ajax", "Acum", "Buttons};kb(convertedmessage);break;case\"/sys\":var", "Win.virus.polyransom-5704625-0", "Bufferreader", "Win32:cryptor", "Telper:cert:softwarebundler:win32/bunpredelt", "Selectedindex", "Takk", "Alf:pua:block:iobit.r!mtb" ], "industries": [ "Telecommunications", "Finance", "Education", "Healthcare", "Government", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 44, "pulses": [ { "id": "681a2fbdb6a3c2b834cac40d", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "This report analyzes common techniques, tactics, and procedures (TTPs) used by several investment scam actors who lure victims with fake platforms, including crypto exchanges. Key TTPs include registering large numbers of domains algorithmically, embedding similar web forms to collect user data, hiding activity through traffic distribution systems, leveraging fake news with celebrity endorsements, and sharing website structures indicative of using kits. The report focuses on two notable actors, Reckless Rabbit and Ruthless Rabbit, detailing their distinct characteristics and DNS exploitation methods. It highlights the importance of DNS in building and maintaining scam infrastructure, emphasizing the use of registered domain generation algorithms (RDGAs) and traffic distribution systems (TDSs) to strengthen resilience and evade detection.", "modified": "2025-05-06T19:59:57.873000", "created": "2025-05-06T15:50:21.436000", "tags": [ "dns exploitation", "cryptocurrency", "social engineering", "investment scams", "registered domain generation algorithms" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1606.002", "name": "SAML Tokens", "display_name": "T1606.002 - SAML Tokens" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1598.003", "name": "Spearphishing Link", "display_name": "T1598.003 - Spearphishing Link" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1585.002", "name": "Email Accounts", "display_name": "T1585.002 - Email Accounts" }, { "id": "T1592.004", "name": "Client Configurations", "display_name": "T1592.004 - Client Configurations" }, { "id": "T1588.001", "name": "Malware", "display_name": "T1588.001 - Malware" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 36, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 377668, "modified_text": "348 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68114334e4803d326e4dd5fd", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams", "description": "This intelligence report analyzes common techniques, tactics, and procedures (TTPs) used by threat actors in investment scams, particularly focusing on the abuse of DNS mechanisms. The actors often use registered domain generation algorithms (RDGAs) to create large numbers of domains, embed similar web forms to collect user data, hide activity through traffic distribution systems (TDS), and leverage fake news with celebrity endorsements. The report details two specific actors, Reckless Rabbit and Ruthless Rabbit, examining their distinct RDGA patterns and campaign strategies. It highlights the importance of DNS in detecting and blocking these scams at scale, as actors exploit DNS to build and maintain their infrastructure.", "modified": "2025-04-29T21:39:55.739000", "created": "2025-04-29T21:23:00.586000", "tags": [ "cloaking", "facebook ads", "dns abuse", "web forms", "tds", "rdga", "investment scams" ], "references": [ "https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "Poland", "Romania", "Russian Federation" ], "malware_families": [], "attack_ids": [ { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1606", "name": "Forge Web Credentials", "display_name": "T1606 - Forge Web Credentials" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "domain": 83, "hostname": 3 }, "indicator_count": 89, "is_author": false, "is_subscribing": null, "subscriber_count": 377667, "modified_text": "355 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a4c7b73265bc0bd0a7dc0d", "name": "Japanese-Royal: Environment Harvesting and JavaScript RAT Delivered via Fake Developer Interview | ThreatProphet", "description": "A threat actor operating a fake recruiter persona on LinkedIn targeted blockchain developers with a CTO-level role at a fabricated Japanese e-commerce company (\"Commerce Media Inc.\"). After establishing credibility via a Google Docs project brief, the actor shared a malicious GitHub repository (Japanese-Royal) as a technical interview assessment.\nThe repository contains a multi-stage JavaScript implant with four independent execution triggers: VS Code folder open (tasks.json runOn:folderOpen), npm install (prepare hook), npm start, and npm run dev. On execution, Stage 1 exfiltrates the victim's complete process.env to an actor-controlled Vercel endpoint before delivering a beacon payload. The Stage 1 endpoint applies selective gating, returning a benign decoy response to low-value requests.\nStage 2 beacons to 174.138.188.80:3000 every 5 seconds with host fingerprint data, awaiting arbitrary JavaScript tasking via new Function('require', payload)(require).", "modified": "2026-03-31T22:38:14.498000", "created": "2026-03-01T23:11:47.738000", "tags": [ "linkedin-lure", "vscode", "javascript", "contagious-interview", "rat", "node-js", "environment-harvesting", "vercel", "stage", "vs code", "japaneseroyal", "lazarus group", "google docs", "tp2026001", "betfin", "git author", "linkedin", "commerce media", "royal", "cluster", "invisibleferret" ], "references": [ "https://threatprophet.com/posts/2026-02-25-japanese-royal/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ThreatProphet", "id": "384731", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_384731/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 17, "URL": 3, "domain": 2, "email": 1 }, "indicator_count": 23, "is_author": false, "is_subscribing": null, "subscriber_count": 16, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6996f8e93657831e2335e456", "name": "Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams | Infoblox", "description": "Infoblox provides a comprehensive guide to the company's products, services and solutions for customers, companies, and other industry sectors, as well as offering a range of other products and services to customers.", "modified": "2026-02-19T11:50:01.821000", "created": "2026-02-19T11:50:01.821000", "tags": [ "strong", "april", "february", "figure", "november", "january", "december", "september", "august", "july", "june", "facebook", "cloud", "service", "protect", "malspam", "malware", "contact", "tools", "speed", "leverage", "polish", "meta", "form", "defense" ], "references": [ "https://www.infoblox.com/blog/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Russian Federation", "Poland", "Romania", "Kazakhstan" ], "malware_families": [], "attack_ids": [ { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 28, "domain": 97, "hostname": 5 }, "indicator_count": 133, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "59 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f45023af873e8d6ac165b9", "name": "UAlberta Alfresco Databreach -> EPS Crimestoppers Alberta RCMP HR Files", "description": "University of Alberta DataBreach(es) -> Alfresco HR Files (included in this Pulse) - Reported. \nCompromise of Edmonton Police Services (EPS), Alberta RCMP (AB RCMP), CrimeStoppers Alberta - All organizations notified, and provided with identified problems (e.g. criminals), offered solutions (e.g. to address compromised infrastructure). Data 'on hand' and publicly available (e.g. in this pulse). Criminal activity ramping up for 2026. Reported by multiple parties no luck, no response.", "modified": "2026-01-03T01:55:41.491000", "created": "2025-10-19T02:42:43.079000", "tags": [ "entity", "EPS", "Alfresco", "UAlberta", "EdmontonPolice" ], "references": [ "https://www.virustotal.com/graph/embed/g8b17f086c8ca45188352d1d054fa3f8948f81bddd2114ea7b99864e585604e72?theme=dark", "https://en.fofa.info/result?qbase64=ZWRtb250b25wb2xpY2UuY2E%3D", "", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88", "https://www.virustotal.com/gui/collection/7774b0b7593e64e019df4e783911800bb322ec28a0f9eb3792fe6f75755f3b88/iocs" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 743, "FileHash-MD5": 75, "FileHash-SHA1": 60, "FileHash-SHA256": 1364, "domain": 688, "hostname": 763 }, "indicator_count": 3693, "is_author": false, "is_subscribing": null, "subscriber_count": 129, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65eea19a23474b8c7dca351f", "name": "All Items - find from the UA archive disk", "description": "Again have zero idea 'what these are' - just uploading from the 'archives' as I sort through things", "modified": "2025-12-24T08:28:47.628000", "created": "2024-03-11T06:15:54.351000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/09af9ef0b7b23d2dc73d83858106ae4fc97a352dbb521ac04493a0e79095ac69/iocs", "https://www.virustotal.com/gui/collection/79c25168b2f93d9730a56b8d2b834cbfb2752b63b21b9dd51109416fbaa676d8/iocs", "https://www.virustotal.com/graph/embed/g8726609a12794ebeb59edd531961a233068149bcdf994b428f20141be6111551?theme=dark", "https://www.virustotal.com/graph/embed/g365a82115f934e31a69118715695c91c231f66cda9084c9389e56afb985a243e?theme=dark", "", "https://www.virustotal.com/gui/collection/6a8d582df4fe5a29885dad4074236bc9e4ed445aaf0cc00702d45963fb0459bb/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1165, "hostname": 866, "URL": 657, "FileHash-SHA256": 26, "email": 337, "FileHash-MD5": 12, "FileHash-SHA1": 8, "CIDR": 1 }, "indicator_count": 3072, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "117 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691095202c2ba6d0e5d8a639", "name": "Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process", "description": "The article details a sophisticated cyber attack campaign linked to North Korea, characterized by its innovative Cross-Chain TxDataHiding techniques used for establishing a resilient command and control (C2) infrastructure across various blockchains, including TRON, Aptos, and Binance Smart Chain (BSC). This campaign demonstrates advanced obfuscation methods allowing malicious payloads to be hidden within blockchain data, categorized into smart contract storage, transaction data, and cross-chain techniques.\n\nCross-chain TxDataHiding employs multiple blockchains to minimize risks associated with takedown efforts. In the described methodology, addresses on different chains act as pointers to malicious payloads stored on BSC. For instance, malware first queries TRON or Aptos, extracts transaction hashes, then uses those to retrieve and decrypt encrypted payloads on BSC.", "modified": "2025-12-09T13:04:38.533000", "created": "2025-11-09T13:20:32.375000", "tags": [ "ransomware", "threat intelligence", "cybersecurity", "isac", "security community", "ransomware defense", "txdatahiding", "ethereum", "bsc transaction", "tron", "aptos", "apis", "tronaptos", "utf8", "obfuscation", "payload", "telegram", "malware", "trojan", "execution", "lazarus", "virustotal", "defender", "iocs", "spawns", "further persistence", "remote access", "second", "first", "timestamp", "devicename", "remoteip", "folderpath", "timestamp desc", "remoteurl", "actiontype", "remoteport", "filename", "filemodified", "hunt", "union", "supply chain" ], "references": [ "https://ransom-isac.org/blog/cross-chain-txdatahiding-crypto-heist/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1059.006", "name": "Python", "display_name": "T1059.006 - Python" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1090.003", "name": "Multi-hop Proxy", "display_name": "T1090.003 - Multi-hop Proxy" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2, "URL": 5, "YARA": 2, "domain": 4, "hostname": 3 }, "indicator_count": 16, "is_author": false, "is_subscribing": null, "subscriber_count": 171, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6665315e25f9dd42a99e4f2f", "name": "UAlberta Alfresco Management Software Abuse -> Admin/Backdoor Edmonton Police Services", "description": "Just pulled down what was in my employee profile (I don't work there).\nDiscovered after being directed to some management system (unknown at the time).\nPulled down and scanned: 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075", "modified": "2025-10-10T19:03:58.376000", "created": "2024-06-09T04:36:46.536000", "tags": [ "note", "home", "lucene paths", "json descriptor", "lucene path", "company home", "actividades", "pageuser", "sie knnen", "sie auf", "link klicken", "recente", "u kunt", "attivit", "possibile", "activits", "vous", "report", "web link", "cvs report", "link", "chs placement", "chs student", "placement", "team", "google form", "university", "alberta", "automation", "please", "following", "followers", "ihnen", "mitarbeitern", "mitarbeiter", "hello", "foreign visitor", "fvca", "human resource", "fvca assessment", "incomplete", "regards", "klik", "wachtwoord", "mijn profiel", "klik op", "hoogachtend", "alfresco", "bonjour", "cliquez sur", "nous", "pour ce", "mon profil", "changer", "invito", "caro", "fare", "password", "il mio", "cambia password", "per rifiutare", "cordiali saluti", "my profile", "change password", "konto", "sie erstellt", "passwort", "wir legen", "ihnen nahe", "passwort bei", "anmeldung zu", "ndern", "gehen sie", "mmm yyyy", "nome utente", "nombre", "contrasea", "para hacerlo", "mi perfil", "atentamente", "account", "alfresco share", "hola", "haga", "los datos", "y seleccione", "si desea", "click", "einladung von", "hallo", "sie eingeladen", "site", "klicken sie", "konto fr", "alfresco client", "kofax index", "inhaltselement", "zur site", "gren alfresco", "pledged gift", "office", "advancement", "datetime", "university vpn", "date", "shared", "support", "auxiliary", "process", "priority", "medium high", "pay action", "sincerely", "uofa ecm", "link um", "aufgaben stehen", "verfgung", "prioritt", "niedrig mittel", "hoch", "klicken", "aufgabe zu", "il seguente", "disponibile", "priorit", "bassa media", "alta", "clicca", "clicca su", "la tche", "tre rcupre", "basse moyenne", "leve", "cliquez", "cordialement", "prioriteit", "laag gemiddeld", "hoog", "la siguiente", "prioridad", "media alta", "saludos", "kb content", "links content", "content url", "download url", "webdav url", "ttulo", "descripcin", "ninguno", "ninguna", "creador", "creado", "modificador", "modificado", "tamao", "webdav", "titre", "aucun", "aucune", "modificateur", "modifi", "taille", "ko liens", "du contenu", "dossier du", "url webdav", "titolo", "nessuno", "nessuna", "creato", "modificato", "dimensioni", "kb link", "al contenuto", "cartella", "ingen", "beskrivelse", "tittel", "opprettet", "modifikator", "modifisert", "strrelse", "lenker for", "innhold mappe", "descrio", "nome", "nenhum", "nenhuma", "criador", "criado", "tamanho", "geen", "beschrijving", "titel", "maker", "gemaakt", "gewijzigd", "grootte", "contenturl", "downloadurl", "beschreibung", "url zum", "keiner", "keine", "ersteller", "erstellt", "bearbeiter", "gendert", "kb links", "download", "navigatebrowse", "pagesite", "readme file", "yesno", "user name", "main", "function", "log debug", "record", "sample rm", "import", "njson", "forms", "sites", "documenttype", "commonfolder", "error", "value", "jsonfile", "service", "false", "moving", "prop", "null", "bearer", "uappol", "uappol function", "contentid", "param", "id var", "call", "post request", "json", "config", "coveo", "uappol metadata", "content id", "and not", "loads", "update", "uploader", "inbox", "rnrn", "create", "contenteml", "inbox folder", "number", "normal", "textpart", "backup", "createchildren", "backupname", "childlist", "name", "content", "array", "write", "childname2", "childname3", "childname4", "reviewgroup", "groupsite", "starting", "started", "delete email", "command", "found", "create content", "resources", "unknown command", "globals", "var title", "rnrncopyright", "copyright", "csvtoarray", "regexp", "jsonstr", "daily", "review", "az09", "format", "hrsfilescanner", "hrs document", "fromscanner", "not type", "matches1", "employee id", "third", "tempfilename", "ldap", "version", "this", "file share", "folder", "trimlr", "namearr", "personid", "document name", "ales file", "scanned", "shared drive", "last", "document type", "document", "advising notes", "debug", "debugstr", "schedule", "descriptorpath", "web service", "inbound rule", "web services", "collaborator", "groupeveryone", "check", "index", "taskassignee", "taskenddate", "filename", "localisotime", "startdatetime", "timeperiod", "uofa edrms", "author", "descommonnode", "nomatch", "iddocumenttype", "siteid", "span", "path", "term", "core", "cap report", "template", "object", "cap mail", "dev testing", "application", "aps status", "cap generate", "monthly report", "extension", "alfresco locale", "september", "pm mdt", "school", "didx", "json response", "cap final", "rebcapiddict", "finalcapiddict", "aps process", "trigger", "chsdocument", "message", "func", "msgstr", "emailobj", "emailtemplate", "emailsubject", "sitepath", "chs docs", "studentfiles", "faculty", "true", "chssiteid", "type", "aspect", "chsdocs", "nodeidx", "find", "expired", "chs school", "defunc", "facultykey", "program", "spasite", "ldapperson", "parent name", "securitytype", "formsengg", "limit", "enggfilescanner", "stuccid", "csv file", "studdept", "supccid", "supdept", "cosupccid", "relocation", "fgsr", "records site", "fgsr doc", "department", "start fgsr", "department doc", "completion of", "oral hlth", "form", "application for", "report of", "admission", "master", "music", "unknown", "comp", "class", "leave", "supervisor", "currentline", "return", "studentid", "superccid", "revdate", "code", "apstaskproperty", "converttocsv", "aps guideline", "aps task", "newdata", "hyperlink", "certificate", "first", "info", "procid", "filecontentstr", "query sort", "create header", "person id", "subject title", "node", "studentccid", "yyyymmdd", "lookupjson", "propidx", "input date", "iso format", "folder level", "query", "duedate", "test java", "dailyschedule", "upload", "ro adm", "workflow", "offset", "adm workflow", "data length", "startindex", "json object", "aps group", "acs site", "user", "getgroupid", "am mst", "acsaps group", "user sync", "january", "start january", "february", "start february", "december", "start december", "march", "start march", "am mdt", "consumer march", "aps student", "april", "start april", "june", "start june", "pm mst", "ro backscan", "edrmsteam", "group", "group december", "aps ro", "copy file", "aps api", "maxfile", "creator", "rand", "hrsbs", "july", "august", "hrsbssyncccids", "zhrroleuserresp", "edrms", "ccids", "prefix", "createdirectory", "directory", "actionreason", "safefilename", "employeeclass", "carry", "csv data", "host", "bachelor", "college level", "mike", "propname", "maxitems", "currjson", "fvca status", "important", "prod", "manual data", "doctoratephd", "medicine", "nodename", "employeeccid", "managerccid", "employeeid", "workingtitle", "regtempdescr", "findkey", "email", "new document", "doctypelabel", "competitive bid", "bid exception", "pcm competitive", "and aspect", "competitive", "nodes", "bid update", "acommonfolder", "formspcm", "peoplesoft", "no data", "qaselectednode", "qaselected", "qanotselected", "qa folder", "preqa", "qa var", "documentcount", "passcount", "qadocument", "qa selected", "moved", "attempts", "accepted", "rm file", "plan", "rm filing", "min to", "rm system", "batch", "time limit", "rmcfg", "string", "already", "load", "valid", "graddate", "uathdep", "ccid", "title", "abstract", "embargo", "datestr", "searchresult", "alfresco afa", "admissions", "student case", "files", "and type", "institution", "inst", "json config", "institution not", "if file", "logger", "needle", "xmlstr", "staus", "document linkn", "getlogfile", "documentlist", "xml field", "not found", "addaspect", "move aspect", "duplicate file", "makes", "to max", "checks", "workflow name", "workflow link", "emplid", "due daten", "total afa", "not path", "afabundling", "change", "not aspect", "logs", "ephesoft", "document moved", "epehsoft", "xmlsourcenode", "batchsize", "filemappingpdf", "entry", "move file", "getcsvfile", "batchprocess", "logging", "completed", "document link", "groupn", "created date", "stdapl", "person", "workflow desc", "json file", "list", "lastmonth", "daily qa", "default", "qastartdate", "query language", "finished", "afa bundle", "transcriptarr", "lucene query", "qacounter", "rrfgroupname", "uaroemplid", "uaropriority", "uaroduedate", "documentlistarr", "uarmm", "profile", "courseauditform", "status", "jile", "searchmatchmove", "logfoldername", "backscanreview", "smfstr", "rosm", "converter", "shortxml", "failedcsvfolder", "xml file", "qaoperatorindex", "qaoperatorlabel", "script", "suresh", "aws promotion", "file", "tasks", "bundlingprop", "tasktype", "grps2", "uarotasktype", "comments", "test", "ro scripts", "xmlnode", "shortdescr", "xmlcont", "firstname", "orgid", "middlename", "lastname", "middle", "final", "script started", "to now", "received date", "first name", "receiveddatestr", "dateofbirthstr", "getdefination", "2005 aug", "dropbox", "foldercreate", "scan doc", "officiality", "search match", "running script", "materialextid", "studentref", "ceeb", "materialcode", "memo", "jsoncontent", "ro document", "paperfileutils", "afaconfig", "ro workflow", "paperfileconfig", "applicationjson", "formsrso", "targetfile", "property name", "pinames today", "addp", "science addp", "addp move", "ro code", "scifilescanner", "desconfnode", "grabnodeprop", "copy", "consumer", "initiators", "hiring", "consigno", "offer letter", "match", "apsmaster", "match2", "reappointment", "expiry date", "today", "finaldate", "task info", "psperson", "complete basic", "hiring info", "employee", "resultdata", "delegategroup", "delegate group", "verify", "bind", "aps appointment", "trevor report", "sfsussl", "drawdown", "refund", "reporttype", "var document", "shareurl", "newgroup", "parentgrp", "group created", "var logfile", "rule folder", "site running", "report on", "get site", "foldername", "create file", "reportlogslogs", "reportlogs", "ist site", "running report", "count", "tran", "var csvfile", "result length", "processid", "process id", "delimiters", "quoted", "standard", "starting name", "morechildren", "pdf var", "length", "newname", "fiscal", "docnamearr", "filenode", "calendar year", "versionhistory", "new doc", "web deployed", "var startdate", "startdate", "maxcount", "prevmonth", "monthcount", "application id", "delete", "get path", "if node", "search length", "arra y", "if csv", "version history", "graduate", "graduate folder", "children", "graduate file", "searchmatchdob", "career", "appl nbr", "jan04 now", "counter", "thesis", "runyear", "spring", "service log", "everything", "this determine", "thesis deposit", "archival", "problem", "filepath", "md import", "arraytocsv", "found document", "start", "food", "yumna", "start kofax", "kofax", "admin", "subject", "sample email", "execute", "koafx", "apasresponseid", "merge", "recruitment", "transcripts", "review request", "admindate", "requesteddate", "approveddate", "approvereject", "getemailbody", "taskid", "sendemail", "request status", "siteconsumer", "sitemanager", "eval", "acshost", "global env", "config file", "apsprod", "params", "alloc", "checkpath", "newpath", "adding entity", "surnamechar", "adding person", "jsonfunction", "text", "syntaxerror", "arraytoxml", "xml related", "change xml", "xmltoarray", "xmlutil", "common folder", "random2digit", "maxlimit", "jsonarchive", "very", "returns", "sitecontext", "arrcounter", "node id", "items", "array length", "therecord", "award sponsor", "rso project", "res0012345", "iso88591", "util function", "project id", "proposal id", "doc name", "newdocname", "prod url", "199899", "property", "typeprop", "barcode", "accepts", "parent", "xmlfilename", "siteconfigjson", "qabatchgrp", "signeddate", "ephdocumenttype", "json document", "qapercentage", "entity", "broker", "add error", "getexecutetime", "qaoperator", "retain title", "idnumber", "assocname", "metaarr", "fund report", "csvcontent", "input folder", "doc00c200004txg", "xmlfile", "node1", "node2", "540am", "240pm", "metadata", "var folder", "filter", "mappedobj", "09azaz", "conditionval", "foldercondition", "file name", "xmlfileobj", "alfresco prop", "setup error", "formatjson", "id property", "move", "getrandomnumber", "result", "newdoctype", "no title", "clioacs update", "clio", "patch", "system overview", "system", "overview", "purpose", "aims", "objectives", "prerequisites", "total", "expected effort", "domain", "urls", "dept param", "department name", "done", "submit form", "saving", "label", "input", "approvers", "information", "user group", "request", "group request", "users", "single family", "edmonton ab", "coverage", "common law", "step workflow", "care", "dental benefits", "direct", "web scripts", "get http", "documentation", "web script", "http method", "http", "apis", "development", "knowledge", "java", "empty argument", "e1234", "im system", "lookupentity", "configfilename", "namespace", "searchterm", "access", "jsonuser", "alfresco search", "page search", "expires", "signer", "reason", "utf8", "stripcharacter", "pull hiring", "getapsdbid", "save", "processsetidset", "saved", "returndata", "boolean", "start building", "varname", "fill", "time click", "initiated all", "submissions", "all submissions", "process landing", "page", "initiators all", "maps initiated", "post doc", "student term", "start form", "middle name", "email address", "retype", "cell", "phone no", "fellow", "secureorigin", "expand", "thank", "here", "please check", "aps list", "pang", "subset", "display", "args", "task", "username", "save form", "data need", "cdkey", "checkdict", "item", "column", "anchor", "multi", "tasks filter", "search", "trigger aps", "process api", "apsprocess", "authentication", "webscript", "getapsperson", "process info", "initsavestatus", "step0statusfail", "signer1", "signer2", "appointment", "taskjson", "groupapiaccess", "checkapiuser", "fgsrpr", "psaudit", "statusname", "unsuccessful1", "apptreappt", "emplobject", "caps aps", "cap epsb", "applicant", "form submitted", "board review", "form applicant", "school district", "start date", "cap application", "home help", "pdfa format", "larger", "upload file", "please click", "uofacap", "applications", "jstr", "processjson", "invalid url", "associate dean", "edmonton public", "october", "elk island", "reutrn false", "mapdoctypeurl", "doctype", "cap document", "doctypes", "doctypemap", "schools", "public schools", "foip", "edmonton area", "epsb", "capid", "server", "aps user", "groupcapadmin", "assignuser", "cap ea", "successfully", "please wait", "successfully ea", "apsservice", "apsserviceprod", "requireddate", "bibliography", "reb approval", "letter", "cprbls", "ahsrespect", "ahscon", "immformdocs", "picvsc", "whmis", "condissi", "hspnet", "conphoto", "conclin", "college", "health", "submission date", "effective date", "expiration date", "chs admin", "student view", "typekey", "placementdocs", "warning", "jobj", "abraniuk", "wendy", "terry harris", "directorhrsbs", "level", "holiday pay", "part time", "payroll", "salariedreg aux", "cheat", "paramname", "getallurlparams", "hrsbs config", "data dictionary", "field", "responsejson", "workflowid", "workflow id", "context", "event", "statusevent", "uaesign", "success", "permission", "progress report", "postdoctoral", "sorry", "deptjson", "fgsr student", "process status", "select", "currentuser", "reports", "student ccid", "populated", "invalid student", "supervisor ccid", "co supervisor", "due date", "freedom", "report process", "fgsr forms", "list fgsr", "report fgsr", "report sorry", "review process", "fgsr supervisor", "thesis programs", "programs", "please enter", "student id", "submit button", "var taskid", "var currentuser", "review sorry", "raheel", "added", "urlorigin", "need", "raheel var", "elmid", "commentkeyarr", "override", "menu", "colour bar", "mdphd", "absence", "completion", "mbameng", "mbamsc", "meng", "jason", "acs property", "available", "subdoctype", "test person", "test effective", "modelnodepath", "sitename", "metadatamap", "sitefile", "google addon", "gtagra", "gta gra", "zhreformengresp", "id otherwise", "university home", "indicate", "monday", "tuesday", "wednesday", "thursday", "friday", "na note", "services", "please contact", "documentname", "time", "docs", "documentlink", "employee ccid", "conflict", "task assigned", "ist coi", "declaration", "jsonobj3", "parse", "stringify", "grouplist", "json post", "taskfilter", "applies", "assigntogroup", "retrieves", "assignee", "queries", "expects", "uri args", "json containing", "applyfilter", "assignment", "avm folder", "avm store", "store id", "fullpath", "store", "storeid", "avm stores", "search term", "blog query", "category", "api call", "returns json", "cached data", "keylabel", "rest", "ldap query", "resultstr", "jsonoutput", "campusid", "jsonobj", "suresh joshee", "raheel bhojani", "desrochers", "first check", "set message", "materialkey", "acommonfolderid", "hasaccess", "siteconfig", "unprocesseddata", "savemetadata", "getcustomscript", "sitetitle", "error occured", "afa admission", "afas", "change log", "date name", "description", "ebeaton script", "tfrith", "afa main", "runasuser", "afas name", "afa paper", "file test", "utility enter", "does", "student", "bad query", "parameters", "add all", "or condition", "batch ids", "case files", "batchid", "afns", "agricultural", "anaesthes", "life", "environmental", "anaesthesiology", "uappol content", "deanaheed", "programyear", "province", "agreementtype", "safety manual", "mtis", "cree", "blackfoot", "nakota sioux", "iroquois", "dene", "treaties", "first nations", "next", "refresh", "site viewer", "facetkey", "sortparameter", "textjavascript", "public site", "viewer access", "acs cron", "job error", "alfrescos", "unauthorized", "enter", "bear tracks", "main department", "choose", "library", "john", "reviewer", "embargodate", "actiondate", "convocation", "graduation", "nodeid", "thesis status", "match result", "match list", "name dob", "view", "searchcriteria", "main function", "method", "chs upload", "stuln", "filetype", "stuid", "chs agreement", "health sciences", "recreation fomd", "dentistry fomd", "fomd", "therapy fomd", "consent for", "disclosure of", "alberta freedom", "protection", "privacy act", "alberta health", "chs form", "intake", "tasks dashlet", "doccd", "val2", "a my", "view error", "view warning", "keyword search", "refresh list" ], "references": [ "old-AlfrescoToolkit.conf", "AlfrescoToolkit.info", "AlfrescoToolkit.conf", "activities-email_es.ftl", "activities-email_ja.ftl", "activities-email_de.ftl", "activities-email_nl.ftl", "activities-email.ftl", "activities-email_it.ftl", "activities-email_fr.ftl", "CAP-notify-monthly-report.ftl", "chs-commentUpdate.ftl", "chs-studentUploadNotification.ftl", "chs-Invalid.ftl", "chs-studentExpireSoon.ftl", "chs-studentExpired.ftl", "following-email.html_it.ftl", "following-email.html_fr.ftl", "following-email.html_ja.ftl", "following-email.html_nl.ftl", "following-email_de.html.ftl", "following-email_fr.html.ftl", "following-email_ja.html.ftl", "following-email_it.html.ftl", "following-email_nl.html.ftl", "following-email.html.ftl", "following-email.html_de.ftl", "fvca-reminder-email.ftl", "fvca-corrections-email.ftl", "invite-email_nl.html.ftl", "invite-email-add-direct.html.ftl", "invite-email-add-direct.html_fr.ftl", "invite-email_fr.html.ftl", "invite-email_it.html.ftl", "invite-email-add-direct.html_es.ftl", "invite-email-add-direct.html_de.ftl", "invite-email_ja.html.ftl", "invite-email-add-direct.html_nl.ftl", "new-user-email.html.ftl", "new-user-email_de.html.ftl", "invite-email-add-direct.html_ja.ftl", "invite-email-moderated.html.ftl", "new-user-email_fr.html.ftl", "new-user-email_it.html.ftl", "new-user-email_ja.html.ftl", "new-user-email_es.html.ftl", "new-user-email_nl.html.ftl", "invite-email-add-direct.html_it.ftl", "new-user-email_nl.html", "invite-email.html_nl.ftl", "invite-email.ftl", "invite-email_es.html.ftl", "invite-email.html.ftl", "invite-email_de.html.ftl", "invite_user_email.ftl", "kofaxFailedEmailTemplate.ftl", "notify_user_email.ftl", "notify_nl.htm", "notify_user_email_es.html.ftl", "notify_user_email_de.html.ftl", "notify_user_email_ooa_failed.ftl", "notify_user_email.html.ftl", "notify_user_email_it.html.ftl", "notify_user_email_e-transcript_failed.ftl", "notify_user_email_ja.html.ftl", "notify_user_email_fr.html.ftl", "notify_user_email_nl.html.ftl", "OOA-notify-email-template.ftl", "ADV-notify-terms-types.ftl", "appt-final-reminder.ftl", "appt-halfway-reminder.ftl", "sfs-wf-email.html.ftl", "sfs-wf-completed-email.html.ftl", "payActionDecision.html.ftl", "departmentAdhocTask.html.ftl", "wf-email.html_de.ftl", "wf-email.html.ftl", "wf-email_it.html.ftl", "wf-email_fr.html.ftl", "wf-email_nl.html.ftl", "wf-email_ja.html.ftl", "wf-email.html_fr.ftl", "wf-email.html_nl.ftl", "wf-email_es.html.ftl", "wf-email.html_ja.ftl", "wf-email.html_it.ftl", "wf-email_de.html.ftl", "wf-email.html_es.ftl", "emailbody_textplain_alfresco.ftl", "emailbody_textplain_alfresco_es.ftl", "emailbody_textplain_alfresco_fr.ftl", "emailbody_textplain_alfresco_it.ftl", "emailbody_textplain_alfresco_ja.ftl", "emailbody_textplain_alfresco_nb.ftl", "emailbody_textplain_alfresco_pt_BR.ftl", "emailbody_textplain_alfresco_nl.ftl", "emailbody_textplain_alfresco_ru.ftl", "emailbody_textplain_alfresco_zh_CN.ftl", "emailbody_textplain_share.ftl", "emailbody_textplain_share_de.ftl", "emailbody_textplain_share_es.ftl", "emailbody_textplain_share_it.ftl", "emailbody_textplain_share_ja.ftl", "emailbody_textplain_share_nb.ftl", "emailbody_textplain_share_nl.ftl", "emailbody_textplain_share_ru.ftl", "emailbody-alfresco-textplain.ftl", "emailbody-share-textplain.ftl", "emailbody_textplain_alfresco_de.ftl", "emailbody_textplain_share_zh_CN.ftl", "emailbody_textplain_share_fr.ftl", "emailbody_textplain_share_pt_BR.ftl", "uofa-pc-model.xml", "uofa-pllc-model.xml", "uofa-science-model.xml", "uofa-rso-model.xml", "uofa-set-model.xml", "uofa-sfs-model.xml", "uofa-slate-model.xml", "uofa-uappol-model.xml", "advext-model.xml", "assocModel.xml", "adv-model.xml", "cbsr-model.xml", "dynamicSecurityMarksModel", "ephesoft-educational.xml", "facopr-model.xml", "fgsr-model.xml", "faculty-model.xml", "psAudit-model.xml", "FVCA.xml", "roDocProcessing-model.xml", "ro-model.xml", "fgsr-thesis-deposit.xml", "security-group-model.xml", "ua-audit-generic-model.xml", "ua-dummy.xml", "calendar-year-model.xml", "ua-error-model.xml", "uafgsrsup-model.xml", "uaqa-model.xml", "transcript-model.xml", "uAlbertaWorkflowGeneral.xml", "uarmm-supplement-scanning.xml", "uarm-rma-filing-model.xml", "ua-search-model.xml", "ro-search-match.xml", "uatraining.xml", "uofa-ales-model.xml", "uofa-arts-model.xml", "uofa-aps-model.xml", "uofa-base-model.xml", "uawfh-model.xml", "uofa-augustana-model.xml", "uofa-business-model.xml", "uarmTempModel.xml", "uofa-cap-model.xml", "uofa-chs-model.xml", "uofa-chs-agreements-model.xml", "uofa-common-model.xml", "uofa-education-model.xml", "tamis-model.xml", "uofa-engg-coop-model.xml", "uofa-engg-model.xml", "uofa-fo-model.xml", "uofa-extension-model.xml", "uofa-esign-model.xml", "uofa-hrsbs-model.xml", "uofa-law-model.xml", "uofa-caps-model.xml", "uofa-hrs-model.xml", "uofa-native-studies-model.xml", "uofa-pllc-model.json", "uofa-rso-model.json", "uofa-pc-model.json", "uofa-native-studies-model.json", "uofa-slate-model.json", "uofa-uappol-model.json", "uofa-science-model.json", "uofa-workflowGeneral.json", "uofa-sfs-model.json", "adv-model.json", "advext-model.json", "assocModel.json", "calendar-year-model.json", "facopr-model.json", "cbsr-model.json", "ephesoft-educational.json", "faculty-model.json", "faculty-model.xml.json", "rma-model.json", "fgsr-model.json", "FVCA.json", "psAudit-model.json", "ro-aug-model.json", "ro-search-match.json", "tamis-model.json", "security-group-model.json", "fgsr-thesis-deposit.json", "transcript-model.json", "ro-model.json", "ua-audit-generic-model.json", "uafgsrsup-model.json", "uaqa-model.json", "uarmm-supplement-scanning.json", "uAlbertaWorkflowGeneral.json", "ua-error-model.json", "uofa-ales-model.json", "ua-search-model.json", "uarmTempModel.json", "uofa-aps-model.json", "uawfh-model.json", "uofa-arts-model.json", "uofa-cap-model.json", "uofa-chs-agreements-model.json", "uofa-augustana-model.json", "uofa-base-model.json", "uofa-chs-model.json", "uofa-engg-coop-model.json", "uofa-common-model.json", "uofa-engg-model.json", "uofa-extension-model.json", "uofa-hrsbs-model.json", "uofa-fo-model.json", "uofa-education-model.json", "uofa-law-model.json", "uofa-hrs-model.json", "uofa-esign-model.json", "uofa-business-model.json", "faculty-of-science-site.json", "FandO-Organizations.json", "FandO-Programs.json", "fgsr-awards.json", "fgsr-category-list.json", "fgsr-exam-list.json", "fgsr-official-list.json", "fgsr-programOfStudy.json", "fgsr-site.json", "fo-emergency-response-manual.json", "graduate-student-records-site.json", "fo-site.json", "fo-utilities.json", "hrs-benefits.json", "hrsbs-action-reasons.json", "graduate-student-records-v2-site.json", "hrsbs-doc-list.json", "hrsbs-file-structure.json", "hrsbs-owner-details.json", "hrsbs-functionalroles.json", "hrsbs-function-module.json", "hrsbs-review-month.json", "hrsbs-security-class.json", "hrsbs-site.json", "hrs-employeeApprovedDeductions.json", "hrs-bulkId.json", "hrsbs-review-cycle.json", "hrs-employmentFinancial.json", "hrs-personalInformation.json", "hrs-pension.json", "hrs-security-list.json", "hrs-leaves.json", "Institutions.json", "ist-site.json", "hrs-site.json", "my-site-site.json", "law-security-list.json", "native-studies-doc-list.json", "fgsr-credential-list.json", "law-doc-list.json", "native-studies-security-list.json", "office-of-advancement-record-types.json", "office-of-advancement-site.json", "pcm-category.json", "pllc-doc-list.json", "ro-academic-pre-pro-programs.json", "pllc-security-list.json", "ro-acad-group.json", "ro-admitType.json", "ro-applicant-type.json", "ro-campusSolutionsTerm.json", "hrsbs-employee-class.json", "pllc-site.json", "ro-indigenous-type.json", "ro-doctypes.json", "pcm-site.json", "ro-official.json", "ro-org-desc.json", "ro-related-record-types.json", "ro-relationship-to-institution.json", "ro-search-match-status.json", "ro-authenticity.json", "ro-slate-folio-material-non-school-scope.json", "ro-slate-institution-material.json", "ro-slate-folio-material-school-scope.json", "ro-method-receipt.json", "ro-slate-institutions.json", "ro-test-id.json", "rso-accounts-receivable-accounts-payable-doc-type.json", "rso-agreements-doc-category.json", "rso-bulk-scan-doc-type.json", "rso-cfi-purchasing-doc-type.json", "rso-cfi-financials-doc-type.json", "rso-financial-reconciliation-doc-type.json", "rso-financial-reporting-doc-type.json", "rso-financials-doc-type.json", "rso-mask.json", "rso-site.json", "rso-sponsor-names.json", "science-doc-list.json", "science-security-list.json", "school-of-business-site.json", "sfs-ussl-report-status.json", "staff-training-site.json", "student-financial-services-doc-list.json", "student-financial-services-site.json", "student-records-bulk-load-testing-site.json", "student-records-training-site.json", "student-records-site.json", "student-transcripts-site.json", "rso-forms-form-type.json", "support-documentation-site.json", "test-site-site.json", "uappol-category-heirarchy.json", "uappol-type.json", "uappol-site.json", "uoda-faculties.json", "academic-department.json", "adv-correspondence-type.json", "uoda-departments.json", "advsearch.json", "ales-security-list.json", "ales-doc-list.json", "arts-doc-list.json", "arts-security-list.json", "augustana-security-list.json", "augustana-site.json", "augustana-legacy-transcript-doc-list.json", "rso-activation-report-doc-type.json", "business-doc-list.json", "business-security-list.json", "bulkload-testing-site.json", "cap-site.json", "caps-school-board-list.json", "cbsrsite-site.json", "cbsrsite-sopTypes.json", "cbsr-study.json", "cbsr-worksheetType.json", "augustana-doc-list.json", "chs-ag-type.json", "chs-agreements-site.json", "chs-campus-list.json", "chs-degProgram-list.json", "chs-emailNotification.json", "chs-document-status.json", "chs-faculty-list.json", "chs-programYear-list.json", "chs-program-list.json", "canada-provinces-list.json", "demo-site-site.json", "education-doc-list.json", "department.json", "education-security-list.json", "chs-stuEmailNotification.json", "college-of-health-sciences-site.json", "chs-provinces-list.json", "engineering-coop-doc-list.json", "engineering-coop-security-list.json", "engineering-co-op-site.json", "engineering-doc-list.json", "extension-doc-list.json", "extension-security-list.json", "facopr-planTypes.json", "facopr-supportinDocField.json", "faculty-of-ales-site.json", "engineering-security-list.json", "faculty-of-education-site.json", "faculty-of-extension-site.json", "faculty-of-native-studies-site.json", "faculty-of-law-site.json", "faculty-of-arts-site.json", "faculty-of-engineering-site.json", "my_docs_inline.ftl", "my_docs.ftl", "my_spaces.ftl", "recent_docs.ftl", "translatable.ftl", "readme.ftl", "show_audit.ftl", "general_example.ftl", "my_summary.ftl", "doc_info.ftl", "localizable.ftl", "recordsCustomModel.xml", "imapConfig.json", "rm_event_config.json", "rmScriptThrowError.js", "report_rmr_transferReport.html.ftl", "report_rmr_destructionReport.html.ftl", "report_rmr_holdReport.html.ftl", "notify-records-due-for-review-email.ftl", "record-rejected-email.ftl", "record-superseded-email.ftl", "onCreate_supersedes.js", "rma_isClosed.js", "PaperFileconfig.json", "MyTasks-config.json", "AFAconfig.json", "roDocumentTypes.json", "uappol-upload-rule.js", "uappolCreateFolderRule.js", "uappolCreateFolder.js", "uappol-api.js", "uappol-functions.js", "command-utils.js", "backup and log.js", "backup.js", "example test script.js", "test return value.js", "start-pooled-review-workflow.js", "command-processor.js", "command-search.js", "alfresco docs.js", "append copyright.js", "createDepartmentJSON.js", "hrsDaily.js", "hrsFolderCreateSchedule.js", "hrsScanned.js", "hrsCreateFolder.js", "hrsFolderCreateRule.js", "hrsFileShareFolder.js", "alesCreateFolderRestricted.js", "alesCreateFolderSchedule.js", "alesBulkShareFolder.js", "alesFileScanned.js", "alesCreateFolder.js", "alesDaily.js", "alesFileShareFolder.js", "alesCreateFolderConfidential.js", "alesCreateAdvisingNotes.js", "alesFolderCreateSchedule.js", "deployWebServiceDescriptor.js", "taskReportCSV-Appointment-prod.js", "artsFileScanned.js", "artsCreateFolderRule.js", "artsCreateFolder.js", "artsCreateFolderRestricted.js", "augCreateFolderRestricted.js", "augCreateFolder.js", "businessCreateFolderRule.js", "businessCreateFolder.js", "businessCreateFolderSchedule.js", "businessBulkShareFolder.js", "businessFileShareFolder.js", "businessCreateFolderRestricted.js", "businessDaily.js", "businessCreateAdvisingNotes.js", "businessFileScanned.js", "CAPSendMonthlyReportEmail.js", "CAPGenerateMonthlyReport.js", "CapFinalReportSubmit.js", "chsCreateFolderRule.js", "chsEmailOnUpdateComment.js", "chsReport.js", "EmailNotifCHSStudent.js", "SetExpiryDate.js", "chsCreateFolder.js", "chsFacultyReport.js", "chsAgreementCreateFolderRule.js", "chsAgreementCreateFolder.js", "scheduleJobTest.js", "every52MinPastHour.js", "every46MinPastHourBetween4PM12PM.js", "every57MinPastHour.js", "every47MinPastHourBetween4PM12PM.js", "everyDay4H30MinAM.js", "everyDay7H45MinAM.js", "every10MinStartingAt5MinPastHour.js", "every38MinPastHourBetween4PM12PM.js", "every20MinStartingAt15MinPastHour.js", "everyDay2H05MinAM.js", "every2MinStartingAt1MinPastHour.js", "everyDay1H05MinAM.js", "everyDay12H30MinAM.js", "everyDay7H30MinPM.js", "every30MinStartingAt19MinPastHour.js", "every30MinStartingAt11MinPastHour.js", "everyDay2H35MinAM.js", "every30MinStartingAt26MinPastHour.js", "every16MinPastHour.js", "everyDay1H45MinAM.js", "everyDay2H45MinAM.js", "every29MinPastHour.js", "every22MinPastHour.js", "everyDay11H30MinPM.js", "educationCreateFolderRule.js", "educationCreateFolder.js", "educationCreateAdvisingNotes.js", "enggCoopCreateFolderRestricted.js", "enggCoopCreateFolderRule.js", "enggCoopBulkUpload.js", "enggCreateFolderRule.js", "enggCreateFolderRestricted.js", "enggCreateFolder.js", "engineeringCreateAdvisingNotes.js", "enggCoopCreateFolder.js", "enggFileScanned.js", "enggCoopFileScanned.js", "extensionFileScanned.js", "extensionCreateFolder.js", "extensionCreateFolderRule.js", "fgsrCreateGuidelineAPSProcessFromCSV.js", "fgsrDocRestructure.js", "fgsrMigrationScript.js", "fgsrDocRelocation.js", "fgsrCreateFolderFromCSV.js", "guideline-reports.js", "fgsrMigrationScript-withTerminationLogic.js", "modfiyOrUpdatePropertyfromCSV.js", "fgsr-case-file-report.js", "fgsrCreateAPSProcessFromFolder.js", "fgsrCreateFolder.js", "fgsrCopyMetadataToFolderLevel.js", "fgsrCreateAPSProcessFromCSV.js", "foCreateFolder.js", "foCreateFolderRule.js", "Script1.js", "Script2.js", "scheduleRunEvery2-10PM.js", "scheduleRunEvery5PMTo10PM.js", "scheduleRunEvery30Minutes.js", "scheduleRunEvery60Minutes.js", "scheduleRunEveryday3PMto11PM.js", "scheduleRunEveryday12AMto6AM.js", "scheduleRunEvery20Minutes.js", "scheduleRunEvery2AM.js", "acsToApsUserUpdate.js", "2024-01-13-log.txt", "2024-01-15-log.txt", "2024-01-20-log.txt", "2024-01-21-log.txt", "2024-01-22-log.txt", "2024-01-23-log.txt", "2024-02-04-log.txt", "2024-02-05-log.txt", "2024-02-06-log.txt", "2024-02-07-log.txt", "2024-02-08-log.txt", "2024-01-14-log.txt", "2024-01-18-log.txt", "2024-01-11-log.txt", "2024-01-16-log.txt", "2024-01-19-log.txt", "2024-01-26-log.txt", "2024-01-28-log.txt", "2024-01-30-log.txt", "2024-01-12-log.txt", "2024-01-29-log.txt", "2024-01-27-log.txt", "2024-01-31-log.txt", "2024-01-24-log.txt", "2024-02-09-log.txt", "2024-02-02-log.txt", "2024-01-09-log.txt", "2024-02-03-log.txt", "2024-01-05-log.txt", "2024-01-06-log.txt", "2024-01-04-log.txt", "2024-02-01-log.txt", "2024-01-07-log.txt", "2024-01-08-log.txt", "2024-02-10-log.txt", "2024-02-11-log.txt", "2024-02-12-log.txt", "2024-02-13-log.txt", "2023-12-31-log.txt", "2024-02-15-log.txt", "2024-02-16-log.txt", "2024-02-14-log.txt", "2024-02-18-log.txt", "2024-02-20-log.txt", "2024-01-17-log.txt", "2024-02-19-log.txt", "2024-01-10-log.txt", "2024-02-23-log.txt", "2024-02-25-log.txt", "2024-02-21-log.txt", "2024-01-25-log.txt", "2024-02-28-log.txt", "2024-02-22-log.txt", "2024-02-29-log.txt", "2024-03-02-log.txt", "2024-03-03-log.txt", "2024-02-26-log.txt", "2024-03-04-log.txt", "2024-03-06-log.txt", "2024-03-07-log.txt", "2024-03-05-log.txt", "2024-03-08-log.txt", "2024-03-09-log.txt", "2024-03-11-log.txt", "2024-03-10-log.txt", "2024-03-12-log.txt", "2024-03-13-log.txt", "2024-03-14-log.txt", "2024-03-15-log.txt", "2024-03-16-log.txt", "2024-03-17-log.txt", "2024-03-18-log.txt", "2024-03-20-log.txt", "2024-03-21-log.txt", "2024-03-22-log.txt", "2024-03-19-log.txt", "2024-03-23-log.txt", "2024-03-01-log.txt", "2024-03-26-log.txt", "2024-03-25-log.txt", "2024-03-28-log.txt", "2024-03-29-log.txt", "2024-03-27-log.txt", "2024-03-24-log.txt", "2024-03-30-log.txt", "2024-04-02-log.txt", "2024-04-03-log.txt", "2024-03-31-log.txt", "2024-04-05-log.txt", "2024-04-06-log.txt", "2024-04-07-log.txt", "2024-04-08-log.txt", "2024-04-09-log.txt", "2024-04-04-log.txt", "2024-04-11-log.txt", "2024-04-12-log.txt", "2024-04-13-log.txt", "2024-02-17-log.txt", "2024-04-01-log.txt", "2024-04-16-log.txt", "2024-04-15-log.txt", "2024-04-10-log.txt", "2024-04-17-log.txt", "2024-02-24-log.txt", "2024-04-14-log.txt", "2024-04-19-log.txt", "2024-04-21-log.txt", "2024-04-22-log.txt", "2024-04-23-log.txt", "2024-04-24-log.txt", "2024-04-26-log.txt", "2024-04-25-log.txt", "2024-04-29-log.txt", "2024-04-30-log.txt", "2024-05-01-log.txt", "2024-05-02-log.txt", "2024-05-03-log.txt", "2024-05-04-log.txt", "2024-05-05-log.txt", "2024-05-06-log.txt", "2024-04-28-log.txt", "2024-05-07-log.txt", "2024-04-18-log.txt", "2024-05-08-log.txt", "2024-05-09-log.txt", "2024-05-10-log.txt", "2024-05-12-log.txt", "2024-05-14-log.txt", "2024-05-11-log.txt", "2024-05-16-log.txt", "2024-04-27-log.txt", "2024-05-17-log.txt", "2024-05-15-log.txt", "2024-05-18-log.txt", "2024-05-20-log.txt", "2024-05-21-log.txt", "2024-05-19-log.txt", "2024-05-22-log.txt", "2024-05-23-log.txt", "2024-05-25-log.txt", "2024-05-24-log.txt", "2024-05-26-log.txt", "2024-05-27-log.txt", "2024-05-28-log.txt", "2024-05-29-log.txt", "2024-05-30-log.txt", "2024-06-02-log.txt", "2024-05-13-log.txt", "2024-06-01-log.txt", "2024-05-31-log.txt", "2024-04-20-log.txt", "2024-06-03-log.txt", "2024-06-04-log.txt", "2024-06-05-log.txt", "2023-12-30-log.txt", "2023-12-01-log.txt", "2024-02-27-log.txt", "2023-12-29-log.txt", "gtaGraProcessToCSV.js", "gtaGraProcessToCSV-2AM.js", "hrs-benefit-report.js", "westCanDocumentMove.js", "hrsbsReviewCycleReport.js", "hrsbsCreateFolderRule.js", "HRSBS-SyncCCIDs.js", "hrsbsCreateFolder.js", "FVCA-data-import.js", "FVCA-manual-property-update.js", "istPerformanceReviewCreateFolder.js", "lawCreateFolderRestricted.js", "lawFileScanned.js", "lawCreateFolder.js", "lawCreateFolderRule.js", "nativeStudiesCreateFolderRestricted.js", "nsFolderCreateSchedule.js", "nativeStudiesCreateFolder.js", "nativeStudiesCreateFolderRule.js", "ADV-notify-type-mapping.json", "OOA-notify-email.js", "ADV-notify-terms-types.js", "pcm-grab-competitive-noderefs.js", "pcm-update-competitive-noderefs.js", "pcmCreateFolder.js", "psUpdateAlfrescoDepartment.js", "pllcCreateFolder.js", "qaProcess.js", "qaRelease.js", "rmOOABackgroundInformationFiling.js", "rmFilingDoc.js", "rmSearchmatchNomatchFiling.js", "rmFilingConfig.json", "thesisDestructionReport.js", "rmThesis.js", "add_document_type_ro.js", "updateSearchMatchStatus.js", "searchmatchFullDob.js", "createROReconciliationReports.js", "eTranscriptInstList.js", "folder-create-ro.js", "augTranscript.js", "addTimeStamp.js", "missingDocumentList-csv.js", "roAddAspectAndMoveAFA.js", "myTaskDownload.js", "roAddAspectAndMoveTranscript.js", "roAddBundlingAspect.js", "roAddSearchMatchAspect.js", "roCopyEphesoftMetadataXML.js", "roBatchScript.js", "addSearchMatchDocumentType.js", "roCreateEducationalCSV.js", "roCopyOlderScannedDocument.js", "roDocumentListAPLSTD.js", "roCopyOlderScannedDocumentAdHoc.js", "roEtranscriptReport.js", "roDailyQA.js", "roEtranscriptsBundleTest.js", "roFolderCreateLDAPLookup_no_notificatiion.js", "roFolderCreateLDAPLookup.js", "roEtranscriptsBundle.js", "roAddComment.js", "roCopyEphesoftMetadataScanned.js", "roMoveCompleted.js", "roMoveCompletedBackScan.js", "roMoveCompletedSearchMatch.js", "roEtranscriptPDFConverter.js", "roScanningMetadata.js", "roScript1.js", "RORoutingWorkflowUtil.js", "roScript3.js", "roScript2.js", "roScanningMetadataBackScan.js", "roScript7.js", "roScript6.js", "roScript9.js", "roScript1BackScan.js", "roSearchMatchNoMatchReport.js", "roSearchMatchQuery.js", "RONotification.js", "roSlateDocumentExport.js", "roTagAndFileRenderedPDFs.js", "roScript4.js", "roScript5.js", "roScript8.js", "createSlateFolioMaterialDropdown.js", "createSlateApplicationsCSV.js", "LaunchWorkflowUtils.js", "PaperFileUtils.js", "GenerateSponsornamesAndPinames.js", "rsoCreateFolder.js", "sciCreateFolderConfidential.js", "sciCreateFolderPublic.js", "sciCreateFolder.js", "sciCreateFolderRestricted.js", "scienceASDocumentImport.js", "sciFileADDPFileTypes.js", "sciFileShareFolder.js", "sciFileScanned.js", "sciBulkShareFolder.js", "copy-signed-offer-letter.js", "dept-config.js", "reappointment-generate-schedule.js", "reappointment-reminder-schedule.js", "reappointment-generate-process.js", "manual-generate-script.js", "reappointment-reminder-process.js", "reminder-email-util.js", "reappointment-tracking-schedule.js", "reappointment-tracking-process.js", "appointment-report.js", "appointment-report-schedule.js", "manual-tracking-script.js", "sfsCreateFolder.js", "sfsWorkflowStatus.js", "security-group-user.js", "createReportPermissionsFoldersInASite.js", "siteMembersReport.js", "createReportRecursiveGroupsAndUsersInASite.js", "search-responses.js", "advChangeDocumentType.js", "addFolderMetadata.js", "advChangeDocumentType_confidential.js", "consignOInitiatorOfferLetterChange.js", "advChangeDocumentType_background.js", "transcriptResponse.js", "change-fgsr-pdf-file-name-with-date.js", "copy-fgsr-to-graduate-students-records.js", "ADVDonationCalendarToFiscal.js", "document-query.js", "deletingCompletingWorkflow.js", "eTranscriptTemp.js", "eTranscript-bundled-02-jan.js", "eTranscriptVersionModifierFix.js", "fixCheckout.js", "removeDonationGrp.js", "eTranscriptVersioningFix.js", "move-fgsr-folder.js", "search-match-dob-add.js", "thesisDepositArchival.js", "moveThesesForTransfer.js", "eraReportGeneration.js", "kofaxMetadataMerge.js", "kofaxMetadataMergeMissing.js", "generic2min.js", "kofaxSendEmail.js", "PeopleSoft-eTranscript-XML-PDF.js", "startBenefitWorkflow.js", "peoplesoftMetadataMergeMissing.js", "securityWorkflowUtil.js", "startPayActionWorkflow.js", "startDepartmentAdhocApprovalWorkflow.js", "convertTranscript.js", "CreateTranscriptUserMemberships.js", "startTwoStepWorkflow.js", "fix_employee_names.js", "env.js", "folderCreateUtil.js", "folderCreateUtilAA.js", "generalSchedule.js", "JSON.js", "xmlUtil.js", "addPersonAspect.js", "addTimeStampRandomFileName.js", "archiveDocument.js", "luceneUtil.js", "util.js", "archivedItems.js", "getProjectDetails.js", "ADVChangeAuthor.js", "ADVcalendarToFiscal.js", "symplexUtils.js", "advBatchProcessing.js", "advChangeDocumentName.js", "ADVEphesoftMove.js", "advCreateFolderScheduled.js", "advErrorMessageReset.js", "advMetadataUpdate.js", "advMoveToFoldersScheduled.js", "ADVendFundReportFiling.js", "advReconcilliation.js", "ADVmoveRecordsToPreQA.js", "advScanningMetadata.js", "advScript2.js", "advScript3.js", "advScript4.js", "advScript1.js", "advScript5.js", "advScriptDaily.js", "advScriptMonthly.js", "advScriptKofax.js", "ADVSiteContext.js", "advMoveToFolder.js", "deleteEphesoftDoc.js", "advUtils.js", "folderCreateADV.js", "advScriptDaily30minFreq.js", "jsonUtils.js", "advScanning.js", "folderCreateDocumentADV.js", "moveToFolders.js", "symplexMetadataUpdate.js", "OOA_SOT_Name_change.js", "moveToFoldersRetainTitle.js", "advScriptWeekly.js", "symplexMoveToFolder.js", "clioToAcsDocUpdate.js", "ClioUpdateScheduledJob.js", "smartFoldersExample.json", "system-overview.html", "businessDocSetup.json", "uappolDocSetup.json", "businessConfig.json", "augConfig.json", "augDocSetup.json", "lawConfig.json", "uappolConfig.json", "UAlbertaSettings.json", "hrsbsDocSetup.json", "advConfig.json", "hrsbsConfig.json", "hrsConfig.json", "hrsDocSetup.json", "advSimplexMapping.json", "advDocSetup.json", "artsDocSetup.json", "alesConfig.json", "alesDocSetup.json", "archiveFolder.json", "artsConfig.json", "advScanningMapping.json", "collegeOfHealthSciencesConfig.json", "chsAgreementsConfig.json", "dropboxCommonAspects.json", "collegeOfHealthSciencesDocSetup.json", "chsAgreementsDocSetup.json", "educationConfig.json", "extensionConfig.json", "fgsrv2DocSetup.json", "foConfig.json", "foDocSetup.json", "educationDocSetup.json", "lawDocSetup.json", "nativeStudiesDocSetup.json", "pllcConfig.json", "pllcDocSetup.json", "roConfig.json", "fgsrv2Config.json", "rsoConfig.json", "rsoDocSetup.json", "sciConfig.json", "eTranscriptConfig.json", "sciDocSetup.json", "roDocSetup.json", "sfsDocSetup.json", "UAlbertaSettings.conf", "student-recordsConfig.json", "securityWorkflowSetting.json", "thesisDepositConfig.json", "globalHeader.html.ftl", "webFormDialog.html.ftl", "alfrescoUserGroupRequest.ftl", "pensionBenefit.html.ftl", "pinames.json", "sponsornames.json", "searchPageConfig.json", "pcmDocSetup.json", "pcmConfig.json", "qaConfig.json", "apsAppConfig.json", "fgsrCreateApsFromCSV.json", "fgsrCopyMetadata.json", "enggCoopDocSetup.json", "enggDocSetup.json", "enggConfig.json", "enggCoopConfig.json", "CapApsConfig.json", "extensionDocSetup.json", "readme.html", "readme_de.html", "readme_ja.html", "readme_fr.html", "advEndowmentName.get.desc.xml", "advEndowmentName.get.json.ftl", "advEndowmentName.get.js", "advEntityName.get.desc.xml", "advEntityName.get.js", "advEntityName.get.html.ftl", "search.get.desc.xml", "search.get.js", "search.get.html.ftl", "changeInitiatorAppt.put.desc.xml", "eSignatureStatusHistory.get.html.ftl", "changeInitiatorAppt.put.json.ftl", "eSignatureStatusHistory.get.desc.xml", "appointmentSubmit.get.js", "processIdProps.get.desc.xml", "changeInitiatorAppt.put.js", "processIdProps.get.json.ftl", "processIdProps.get.js", "appointmentLandingPage.get.desc.xml", "appointmentLandingPage.get.js", "appointmentLandingPage.get.html.ftl", "appointmentStart.get.desc.xml", "appointmentStart.get.html.ftl", "appointmentStart.get.js", "appointmentStartTest.get.desc.xml", "appointmentStartTest.get.js", "appointmentStartTest.get.html.ftl", "appointmentSubmit.get.desc.xml", "appointmentSubmit.get.html.ftl", "eSignatureStatusHistory.get.js", "apsApplicationList.get.desc.xml", "apsApplicationList.get.html.ftl", "assignuser.put.js", "assignuser.put.json.ftl", "claimtask.put.desc.xml", "claimtask.put.js", "claimtask.put.json.ftl", "completetask.post.desc.xml", "completetask.post.json.ftl", "completetask.post.js", "getapsdbid.get.desc.xml", "getapsdbid.get.json.ftl", "gettasks.get.desc.xml", "gettasks.get.json.ftl", "assignuser.put.desc.xml", "gettasks.get.js", "savetask.post.desc.xml", "savetask.post.js", "savetask.post.json.ftl", "taskForm.get.js", "taskForm.get.desc.xml", "tasklist.get.desc.xml", "apsApplicationList.get.js", "taskForm.get.json.ftl", "tasklist.get.html.ftl.jquery", "tasklist.get.html.ftl", "tasklist.get.js", "triggerapsprocess.post.desc.xml", "triggerapsprocess.post.js", "updatevariables.post.desc.xml.notused", "triggerapsprocess.post.json.ftl", "updatevariables.post.json.ftl.notused", "getapsdbid.get.js", "updatevariables.post.js.notused", "taskUtils.js", "apsGroupsConfig.json", "apsSitesConfig.json", "apptStepZeroStarter.post.desc.xml", "apptStepZeroStarter.post.json.ftl", "apptStepZeroStarter.post.js", "apptStepOneStarter.post.desc.xml", "apptStepOneStarter.post.js", "apptStepOneStarter.post.json.ftl", "apptStepOneSave.post.json.ftl", "apptStepOneSave.post.desc.xml", "apptStepOneSave.post.js", "apptStatusDocUpdate.post.desc.xml", "apptStatusDocUpdate.post.json.ftl", "apptStatusDocUpdate.post.js", "APSWorkflowStatus.get.desc.xml", "APSWorkflowStatus.put.html.ftl", "APSWorkflowStatus.get.html.ftl", "APSWorkflowInfo.put.html.ftl", "APSWorkflowStatus.put.desc.xml", "APSWorkflowInfo.put.desc.xml", "APSWorkflowStatus.get.js", "APSWorkflowStatus.put.js", "APSWorkflowInfo.put.js", "NodeInfo.get.desc.xml", "NodeInfo.get.html.ftl", "capinfo.get.js", "capstart.get.js", "epsb.get.js", "epsb.get.html.ftl", "capstart.get.html.ftl", "epsb.get.desc.xml", "schoolboard.get.html.ftl", "NodeInfo.get.js", "NodeInfoByCapId.get.desc.xml", "updateVariable.post.json.ftl", "updateVariable.post.js", "schoolboard.get.desc.xml", "updateVariable.post.desc.xml", "schoolboard.get.js", "capinfo.get.html.ftl.backup", "cap-file-load.post.json.ftl", "NodeInfoByCapId.get.js", "capinfo.get.html.ftl", "capstart.get.desc.xml", "cap-file-load.post.desc.xml", "capinfo.get.desc.xml", "cap-file-load.post.js", "capeamergedoc.get.js", "capeamergedoc.get.desc.xml", "capeamergedoc.get.html.ftl", "capConfig.js", "chsEnv.js", "chsConfig.js", "chsAdminStuView.get.desc.xml", "chsAdminStuView.get.html.ftl", "chsAdminStuView.get.js", "coupa.get.html.ftl", "coupa.get.desc.xml", "coupa.get.js", "coveoGetDocList.get.desc.xml", "coveoGetDocList.get.json.ftl", "coveoGetDocList.get.js", "getJson.get.desc.xml", "getJson.get.js", "getJson.get.json.ftl", "simpleupload.post.desc.xml", "simpleupload.post.json.ftl", "simpleupload.post.js", "consignoMessage.get.js", "consignoWebhook.post.js", "consignoWebhook.post.json.ftl", "consignoMessage.get.desc.xml", "consignoWebhook.post.desc.xml", "consignoMessage.get.json.ftl", "eSignDownload.get.js", "eSignDownload.get.html.ftl", "eSignDownload.get.desc.xml", "review-supervisorv2.get.desc.xml", "review-supervisorv2.get.js", "review-supervisorv2.get.html.ftl", "fgsrssgLanding.get.js", "review-comm01v2.get.desc.xml", "fgsrssgLanding.get.html.ftl", "review-comm01v2.get.html.ftl", "review-comm02v2.get.desc.xml", "review-comm02v2.get.html.ftl", "fgsrssgLanding.get.desc.xml", "review-studentv2.get.html.ftl", "review-comm03v2.get.html.ftl", "review-comm03v2.get.desc.xml", "review-studentv2.get.desc.xml", "review-cosupervisorv2.get.html.ftl", "review-comm02v2.get.js", "review-startv2.get.desc.xml", "review-studentv2.get.js", "review-cosupervisorv2.get.js", "review-startv2.get.js", "review-student-revisionv2.get.html.ftl", "review-student-revisionv2.get.desc.xml", "review-startv2.get.html.ftl", "review-comm03v2.get.js", "review-cosupervisorv2.get.desc.xml", "review-student-revisionv2.get.js", "review-comm01v2.get.js", "review-comm02.get.desc.xml", "review-comm02.get.html.ftl", "review-comm03.get.desc.xml", "review-comm02.get.js", "review-comm03.get.html.ftl", "review-cosupervisor.get.desc.xml", "review-cosupervisor.get.html.ftl", "review-cosupervisor.get.js", "review-nextdate.get.desc.xml", "review-comm03.get.js", "review-nextdate.get.js", "review-student.get.html.ftl", "review-student.get.js", "review-student-revision.get.desc.xml", "review-student.get.desc.xml", "review-student-revision.get.js", "review-studentTest.get.desc.xml", "review-supervisor.get.desc.xml", "review-studentTest.get.js", "review-supervisor.get.html.ftl", "review-supervisor.get.js", "review-comm01.get.desc.xml", "review-comm01.get.html.ftl", "review-comm01.get.js", "review-student-revision.get.html.ftl", "review-nextdate.get.html.ftl", "review-studentTest.get.html.ftl", "guidelines-supervisor.get.desc.xml", "guidelines-supervisor-revision.get.html.ftl", "guidelines-start.get.desc.xml", "guidelines-start.get.html.ftl", "guidelines-start.get.js", "guidelines-student.get.desc.xml", "guidelines-student.get.html.ftl", "guidelines-student-revision.get.js", "guidelines-student-revision.get.desc.xml", "guidelines-supervisor.get.html.ftl", "guidelines-supervisor-revision.get.desc.xml", "guidelines-student-revision.get.html.ftl", "guidelines-student.get.js", "guidelines-supervisor.get.js", "guidelines-supervisor-revision.get.js", "programExtensionScript.js", "customScript.js", "customCSS_FGSR2.css", "customCSS_FGSR.css", "fgsrEnv.js", "FGSR-Forms-Config.js", "config.js", "googleAddon.get.json.ftl", "googleAddon.get.desc.xml", "googleAddon.get.js", "gtaGraStatus.post.json.ftl", "gtaGraStatus.post.js", "gtaGraStatus.post.desc.xml", "wfh-manager.get.desc.xml", "wfh-form.get.js", "wfh-manager.get.html.ftl", "wfh-form.get.desc.xml", "wfh-revise.get.desc.xml", "wfh-revise.get.html.ftl", "wfh-revise.get.js", "wfh-seniormanager.get.desc.xml", "wfh-manager.get.js", "wfh-seniormanager.get.js", "wfh-seniormanager.get.html.ftl", "wfh-form.get.html.ftl", "hrsbsDocumentLinking.get.desc.xml", "hrsbsDocumentLinking.get.html.ftl", "hrsbsDocumentLinking.get.js", "coi-start.get.desc.xml", "coi-start.get.html.ftl", "coi-revise.get.html.ftl", "coi-employee.get.html.ftl", "coi-employee.get.desc.xml", "coi-revise.get.desc.xml", "coi-start.get.js", "coi-revise.get.js", "coi-supervisor.get.js", "coi-supervisor.get.desc.xml", "coi-employee.get.js", "coi-supervisor.get.html.ftl", "getTaskFilter.get.json.ftl", "queryTasks.get.json.ftl", "routableGroups.get.desc.xml", "routableGroups.get.js", "routableGroups.get.json.ftl", "queryTasks.get.desc.xml", "setTaskFilter.post.js", "setTaskFilter.post.json.ftl", "setTaskFilter.post.desc.xml", "applyTaskAction.post.js", "applyTaskAction.post.json.ftl", "applyTaskAction.post.desc.xml", "getTaskFilter.get.desc.xml", "getTaskFilter.get.js", "queryTasks.get.js", "avmbrowse.get.desc.xml", "avmbrowse.get.html.ftl", "avmbrowse.get.js", "avmstores.get.desc.xml", "avmstores.get.html.ftl", "blogsearch.get.atom.400.ftl", "blogsearch.get.html.400.ftl", "blogsearch.get.desc.xml", "blogsearch.get.js", "categorysearch.get.atom.404.ftl", "blogsearch.get.html.ftl", "categorysearch.get.html.404.ftl", "categorysearch.get.js", "categorysearch.get.html.ftl", "categorysearch.get.desc.xml", "folder.get.desc.xml", "folder.get.html.ftl", "folder.get.js", "psDeptAll.get.js", "psDeptSingle.get.json.ftl", "psDeptSingle.get.js", "psPerson.get.json.ftl", "psUtil.js", "psPerson.get.js", "psAcademicDeptAll.get.desc.xml", "psAcademicDeptAll.get.json.ftl", "psAuthorizedApprover.get.desc.xml", "psDeptAll.get.json.ftl", "psAuthorizedApprover.get.js", "psAuthorizedApprover.get.json.ftl", "psDeptAll.get.desc.xml", "psDeptSingle.get.desc.xml", "psPerson.get.desc.xml", "ceeb.get.desc.xml", "ceeb.get.json.ftl", "getSlateId.get.desc.xml", "getSlateId.get.js", "materials.get.json.ftl", "materials.get.desc.xml", "getSlateId.get.json.ftl", "ceeb.get.js", "materials.get.js", "edit.get.html.ftl", "edit.get.js", "save.post.js", "save.post.json.ftl", "scans.get.desc.xml", "scans.get.js", "uploadfile.post.desc.xml", "uploadfile.post.json.ftl", "edit.get.desc.xml", "uploadfile.post.js", "scans.get.html.ftl", "save.post.desc.xml", "AFA_Main.post.desc.xml", "AFA_MainFileOnly.post.desc.xml", "AFA_MainFileOnly.post.js", "AFA_Main.post.js", "AFA_MainFileOnly.post.json.ftl", "AFA_Main.post.json.ftl", "paperFileUtil.get.desc.xml", "paperFileUtil.get.js", "paperFileUtil.get.html.ftl", "rsoprojectdetails.get.html.ftl", "rsoprojectdetails.get.js", "rsoprojectdetails.get.desc.xml", "roslateapplist.get.html.ftl", "roslateapplist.get.desc.xml", "roslateapplist.get.json.ftl", "roslateexists.get.html.ftl", "roslateexists.get.desc.xml", "roslateapplist.get.js", "roslateexists.get.js", "uofaDepartmentList.get.desc.xml", "uofaDepartmentList.get.js", "uofaDepartmentList.get.html.ftl", "uofaDepartmentName.get.desc.xml", "uofaDepartmentName.get.html.ftl", "uofaFacultyList.get.html.ftl", "uofaFacultyList.get.desc.xml", "uofaDepartmentName.get.js", "uofapersonid.get.desc.xml", "uofapersonidrest.get.html.ftl", "uofapersonidrest.get.desc.xml", "uofapersonid.get.html.ftl", "uofapersonid.get.js", "uofapersonidrest.get.js", "uappolCategoryHeirarchy.get.desc.xml", "uappolCategoryHeirarchy.get.json.ftl", "uappol-metadata-query.get.desc.xml", "uappol-metadata-query.get.js", "uappol-metadata-query.get.json.ftl", "uappolCategoryHeirarchy.get.js", "siteFileViewer.get.desc.xml", "siteFileViewerConfig.js", "siteFileViewer.get.html.ftl", "siteFileViewer.get.js", "publicSiteFileViewer.get.html.ftl", "publicSiteFileViewer.get.desc.xml", "publicSiteFileViewer.get.js", "cronJob.post.desc.xml", "cronJob.post.js", "cronJob.post.json.ftl", "studentupload.get.html.ftl", "generatereport.get.json.ftl", "generatereport.get.desc.xml", "approvethesis.post.js", "generatereport.get.js", "search-match-attach.get.js", "search-match-list.get.html.ftl", "search-match-result.get.html.ftl", "search-match-result.get.js", "search-match-list.get.js.old", "chs-agreements.get.js", "chs-agreements.get.html.ftl", "chs-upload.get.html.ftl", "chs-upload.get.js", "uamytasks.config.get.js", "chsStudentView.get.js", "chsStudentView.get.html.ftl", "foModel.xml", "uofaDocTypes.xml", "uofaDocTypes.json", "foModel.json", "tim-sops", "FandO", "cbsr", "nanofab", "support-documentation", "Alfresco.zip - 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075", "https://www.virustotal.com/graph/embed/g05f1796a358b458d95751d31d1d529aa378f8ffadf0b4305b7fa0bd1c64fe228?theme=dark", "https://www.virustotal.com/gui/collection/63819e07111e9665ba8602777d782527c54f3fad71ef36f977405a004484787c/iocs", "https://viz.greynoise.io/analysis/0cd9177e-8328-4355-a2c0-d05704a64c72", "components.zip - 2b91fcf852a5f1f57be71a269d82497b37c9f544ebd8f32aaa240e4cde0ffeea", "https://www.virustotal.com/graph/embed/g2948a5c332eb4614973872a8243215f6aa1fba79749a48ea92806e9b934db91f?theme=dark", "https://viz.greynoise.io/ip/analysis/2610b635-c05a-4f28-a112-7278de8fdf9b" ], "public": 1, "adversary": "TA413 proposed (06.08.24), Callisto, APT38, APT 28/29 - too much time too many problems", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Healthcare", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 57, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7132, "hostname": 3118, "URL": 4909, "email": 20, "FileHash-SHA256": 2144, "FileHash-MD5": 29, "FileHash-SHA1": 29 }, "indicator_count": 17381, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67a7f06a5d0f22ad92684646", "name": "WebForm.com.gov.pl/CEIDG/ScriptResource.axd", "description": "The following is the full text of the WebForm.com.gov.pl/CEIDG/ScriptResource.axd, following the following:.au, for the first time.", "modified": "2025-05-14T21:27:17.040000", "created": "2025-02-09T00:01:46.054000", "tags": [ "null", "nie mona", "array", "input", "nonmsdombrowser", "object", "html", "component", "body", "horizontal", "date", "calendar", "february", "april", "june", "august", "iframe", "form", "friday", "explorer", "target", "error", "legend", "this", "type", "regexp", "elem", "index", "function", "handle", "check", "safari", "expando", "android", "false", "hooks", "copy", "prop", "class", "mark", "window", "code", "capture", "accept", "seed", "override", "hook", "look", "loop", "install", "pass", "enough", "bind", "core", "local", "verify", "done", "find", "internal", "inject", "possible", "hold", "middle", "guard", "fall", "stop", "panic", "back", "restrict", "speed", "turn", "grab", "getclass", "jquery", "bubble", "anchor", "shift" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1143, "domain": 155, "hostname": 523, "FileHash-SHA256": 151 }, "indicator_count": 1972, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "340 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "response.data", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "response.data", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776674608.9830697 }