{ "type": "Domain", "indicator": "script.id", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/script.id", "alexa": "http://www.alexa.com/siteinfo/script.id", "indicator": "script.id", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3148451587, "indicator": "script.id", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f98add7b4dcbda49e80b93", "name": "S\u0105d Rejonowy w Jeleniej G\u00f3rze", "description": "Eksploatacja: Java/CVE-2012-0507\nhttp://jelenia-gora.so.gov.pl/layout/font/container\nhttp://jelenia-gora.so.gov.pl/layout/font/layout/css\nhttp://jelenia-gora.so.gov.pl/layout/font/layout/images\nomini\u0119cie ochrony antywirusowej-zip (17761)\nKFOmCnqEu92Fr1Mu4mxK.woff2\nroboto-v30-latin-regular.b009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal-15d9f6.woff2\nKFOmCnqEu92Fr1Mu4mxK.f2894edcf7d09d36.woff2\nroboto-v30-latin-regular.f2894edc.woff2\nroboto-latin-400-normal-b009a7.woff2\nroboto-latin-400-normal-f6734f81.woff2\nb009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal.b009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal-mTIRXP6Y.woff2\nroboto-latin-400-normal.15d9f621.woff2\n_1AFDDEC815C19B7D52040B1EC7D423B\nKfomcnqeu92fr1mu4mxk.woff2", "modified": "2025-05-03T21:24:27.268000", "created": "2024-09-29T17:14:05.611000", "tags": [ "vhash", "authentihash", "imphash", "ssdeep", "ie 910", "safari", "chrome", "joomla", "marker", "helvetica neue", "arial", "helvetica", "console", "monaco", "open geospatial", "consortium", "feature access", "agf text", "standard", "simple", "part", "computer markup", "isoiec", "geometric", "format", "win32 exe", "dicrt", "win32 dll", "usb drive", "dana", "zip backup", "android", "exceltools", "zip spynote", "black edition", "dostawa", "jeleniej grze", "informacje", "jednostka", "rejonowy", "aktualnoci", "najczciej", "sd rejonowy", "przejd", "struktura", "brak", "sha256", "typ pliku", "json", "plik", "iii dbt", "windows", "sqlite", "cza typ", "152 x", "utf8", "dziennik", "sha1", "telfhash tnull", "ixaction", "script", "ixchatlauncher", "compatibility", "pejzasz", "jzyk znacznikw", "whasz", "html internet", "magia dokument", "html", "unicode", "z bardzo", "crlf triid", "chrome cache", "entry", "cache entry" ], "references": [ "https://uldk.gugik.gov.pl/?request=GetParcelById&id=141201_1.0001.1867/2", "http://www.jelenia-gora.sr.gov.pl/ lHFK3zLwRFYNAVVF.txt output.156419265.txt", "http://jelenia-gora.sr.gov.pl/", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "http://orzeczenia.jelenia-gora.so.gov.pl/content.pdffile/$002fneurocourt$002fpublished$002f15$002f500500$002f0000503$002fC$002f2013$002f001339$002f155005000000503_I_C_001339_2013_Uz_2014-01-28_001-publ.xml", "http://orzeczenia.jelenia-gora.so.gov.pl/content/$N/155005000000503_I_C_001819_2012_Uz_2015-04-30_001" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Server Wojcieszyce", "display_name": "Server Wojcieszyce", "target": null } ], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1563, "hostname": 395, "IPv4": 12, "FileHash-MD5": 603, "FileHash-SHA1": 601, "FileHash-SHA256": 2615, "domain": 164, "CVE": 22 }, "indicator_count": 5975, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709120ed2b0db3696f67ac", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2023-12-06T15:20:00.123000", "created": "2023-12-06T15:20:00.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-SHA256": 1579, "hostname": 625, "domain": 298, "URL": 1124, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cac217e290594a79ecb", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:01:00.949000", "created": "2023-12-06T15:01:00.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ca99b684204a04e0b36", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:00:57.293000", "created": "2023-12-06T15:00:57.293000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ca60be7cea12070cd6e", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:00:54.743000", "created": "2023-12-06T15:00:54.743000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62efae65aff064cd7700bd70", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2022-09-06T00:02:32.372000", "created": "2022-08-07T12:21:57.669000", "tags": [ "apt", "data", "decrypted ssl", "windows nt", "okdate", "gmtetag", "iframe", "null", "cookie", "next", "twitter", "push", "code", "logic", "format", "apache", "jquery", "loader", "target", "canvas", "footer", "mark", "ruby", "facebook", "alexa", "screen", "infinity", "prop", "freeze", "dummy", "august", "local", "mozilla", "CVE-2017-11882", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "CVE-2021-22941", "CVE-2020-11023", "CVE-2020-11022", "CVE-2017-11882" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 625, "URL": 1124, "domain": 298, "FileHash-SHA256": 1579, "CVE": 4, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e32b8ee0032f3ab4c38", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:26.556000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e37bad2501c255b86e3", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:31.759000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e38dad4e4b62851b8e8", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:32.241000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://serve.albacross.com/track.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js", "CVE-2021-22941", "http://orzeczenia.jelenia-gora.so.gov.pl/content/$N/155005000000503_I_C_001819_2012_Uz_2015-04-30_001", "https://bat.bing.com/bat.js", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "CVE-2020-11022", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "CVE-2017-11882", "https://a.quora.com/qevents.js", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "CVE-2020-11023", "https://cdn.omniconvert.com/js/a91f81f.js", "https://uldk.gugik.gov.pl/?request=GetParcelById&id=141201_1.0001.1867/2", "http://jelenia-gora.sr.gov.pl/", "xfe-URL-Cloudways.com-stix2-2.1-export.json", "http://www.jelenia-gora.sr.gov.pl/ lHFK3zLwRFYNAVVF.txt output.156419265.txt", "https://www.jelenia-gora.so.gov.pl/", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.jelenia-gora.sr.gov.pl/spacer", "http://www.jelenia-gora.so.gov.pl/", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "https://www.redditstatic.com/ads/pixel.js", "https://s.adroll.com/j/roundtrip.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "http://orzeczenia.jelenia-gora.so.gov.pl/content.pdffile/$002fneurocourt$002fpublished$002f15$002f500500$002f0000503$002fC$002f2013$002f001339$002f155005000000503_I_C_001339_2013_Uz_2014-01-28_001-publ.xml" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "", "Server wojcieszyce", "Reduceright", "Hj", "Serwer" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "66246ff49ed29ea9bb2bf122", "name": "S\u0105d Rejonowy w Jeleniej Gorze POLAND", "description": "Przechowywania lub dost\u0119pu do plik\u00f3w cookies w Twojej przegl\u0105darce\nhttps://www.virustotal.com/gui/domain/jelenia-gora.sr.gov.pl/relations", "modified": "2025-05-14T21:18:36.989000", "created": "2024-04-21T01:46:28.554000", "tags": [ "jeleniej grze", "aktualnoci", "informacje", "jednostka", "rejonowy", "konkurs", "najczciej", "sd rejonowy", "przejd", "czytaj", "click", "sdzia jarosaw", "wydziau", "sdzia grzegorz", "katarzyna", "rudnicka dane", "kontaktowe sd", "jelenia gra", "mickiewicza", "zawarto", "html", "nazwa meta", "robotw", "telefon", "brak", "skala", "ua zgodna", "head body", "zasb", "cname", "kod odpowiedzi", "kodowanie treci", "wygasa", "gmt serwer", "pragma", "kontrola pamici", "podrcznej", "data", "gmt kontrola", "dostpuzezwl na", "czytaj wicej", "sd okrgowy", "jednostki", "okrgowy", "ogoszenia", "sha256", "vhash", "ssdeep", "https odcisk", "palca jarma", "https dane", "v3 numer", "odcisk palca", "tworzy katalog", "tworzy pliki", "typ pliku", "json", "ascii", "windows", "sqlite", "foxpro fpt", "links typ", "mapa", "152 x", "sqlite w", "sha1", "sha512", "file size", "b file", "testing", "komornik sdowy", "sdzie rejonowym", "tomasz rodacki", "obwieszczenie", "komornicze", "tumacza migam", "tumacz czynny", "zamknite", "wiadczenia", "schedule", "error", "javascript", "bakers hall", "ixaction", "script", "ixchatlauncher", "compatibility", "com dla", "t1055 pewno", "unikanie obrony", "t1036 maskarada", "t1082 pewno", "informacje o", "nazwa pliku", "dokument pdf", "rozmiar pliku", "zapowied", "type", "iii dbt", "utf8", "dziennik" ], "references": [ "S?d Rejonowy w Jeleniej G\u00f3rze.htm", "II Wydzia? Karny - S?d Rejonowy w Jeleniej G\u00f3rze 1.htm", "http://www.jelenia-gora.so.gov.pl/", "https://www.jelenia-gora.so.gov.pl/", "http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze", "https://tlumacz.migam.org/sad_rejonowy_jelenia_gora", "https://www.jelenia-gora.sr.gov.pl/spacer", "https://waf.intelix.pl/957476/Chat/Script/Compatibility" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null }, { "id": "serwer", "display_name": "serwer", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 71, "domain": 7651, "hostname": 7680, "IPv4": 331, "FileHash-SHA256": 16168, "URL": 10399, "FileHash-MD5": 3639, "FileHash-SHA1": 3468, "CIDR": 4, "CVE": 89, "YARA": 521, "SSLCertFingerprint": 25, "JA3": 1, "IPv6": 5813 }, "indicator_count": 55860, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "339 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f98add7b4dcbda49e80b93", "name": "S\u0105d Rejonowy w Jeleniej G\u00f3rze", "description": "Eksploatacja: Java/CVE-2012-0507\nhttp://jelenia-gora.so.gov.pl/layout/font/container\nhttp://jelenia-gora.so.gov.pl/layout/font/layout/css\nhttp://jelenia-gora.so.gov.pl/layout/font/layout/images\nomini\u0119cie ochrony antywirusowej-zip (17761)\nKFOmCnqEu92Fr1Mu4mxK.woff2\nroboto-v30-latin-regular.b009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal-15d9f6.woff2\nKFOmCnqEu92Fr1Mu4mxK.f2894edcf7d09d36.woff2\nroboto-v30-latin-regular.f2894edc.woff2\nroboto-latin-400-normal-b009a7.woff2\nroboto-latin-400-normal-f6734f81.woff2\nb009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal.b009a76ad6afe4ebd301.woff2\nroboto-latin-400-normal-mTIRXP6Y.woff2\nroboto-latin-400-normal.15d9f621.woff2\n_1AFDDEC815C19B7D52040B1EC7D423B\nKfomcnqeu92fr1mu4mxk.woff2", "modified": "2025-05-03T21:24:27.268000", "created": "2024-09-29T17:14:05.611000", "tags": [ "vhash", "authentihash", "imphash", "ssdeep", "ie 910", "safari", "chrome", "joomla", "marker", "helvetica neue", "arial", "helvetica", "console", "monaco", "open geospatial", "consortium", "feature access", "agf text", "standard", "simple", "part", "computer markup", "isoiec", "geometric", "format", "win32 exe", "dicrt", "win32 dll", "usb drive", "dana", "zip backup", "android", "exceltools", "zip spynote", "black edition", "dostawa", "jeleniej grze", "informacje", "jednostka", "rejonowy", "aktualnoci", "najczciej", "sd rejonowy", "przejd", "struktura", "brak", "sha256", "typ pliku", "json", "plik", "iii dbt", "windows", "sqlite", "cza typ", "152 x", "utf8", "dziennik", "sha1", "telfhash tnull", "ixaction", "script", "ixchatlauncher", "compatibility", "pejzasz", "jzyk znacznikw", "whasz", "html internet", "magia dokument", "html", "unicode", "z bardzo", "crlf triid", "chrome cache", "entry", "cache entry" ], "references": [ "https://uldk.gugik.gov.pl/?request=GetParcelById&id=141201_1.0001.1867/2", "http://www.jelenia-gora.sr.gov.pl/ lHFK3zLwRFYNAVVF.txt output.156419265.txt", "http://jelenia-gora.sr.gov.pl/", "https://waf.intelix.pl/957476/Chat/Script/Compatibility", "http://orzeczenia.jelenia-gora.so.gov.pl/content.pdffile/$002fneurocourt$002fpublished$002f15$002f500500$002f0000503$002fC$002f2013$002f001339$002f155005000000503_I_C_001339_2013_Uz_2014-01-28_001-publ.xml", "http://orzeczenia.jelenia-gora.so.gov.pl/content/$N/155005000000503_I_C_001819_2012_Uz_2015-04-30_001" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Server Wojcieszyce", "display_name": "Server Wojcieszyce", "target": null } ], "attack_ids": [ { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1563, "hostname": 395, "IPv4": 12, "FileHash-MD5": 603, "FileHash-SHA1": 601, "FileHash-SHA256": 2615, "domain": 164, "CVE": 22 }, "indicator_count": 5975, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "350 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709120ed2b0db3696f67ac", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2023-12-06T15:20:00.123000", "created": "2023-12-06T15:20:00.123000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-SHA256": 1579, "hostname": 625, "domain": 298, "URL": 1124, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cac217e290594a79ecb", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:01:00.949000", "created": "2023-12-06T15:01:00.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ca99b684204a04e0b36", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:00:57.293000", "created": "2023-12-06T15:00:57.293000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ca60be7cea12070cd6e", "name": "188.166.154.118", "description": "", "modified": "2023-12-06T15:00:54.743000", "created": "2023-12-06T15:00:54.743000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 162, "hostname": 494, "domain": 375, "URL": 1404, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62efae65aff064cd7700bd70", "name": "http://www.protys.fr - Frightening relations really as this is a hybrid clean scan", "description": "", "modified": "2022-09-06T00:02:32.372000", "created": "2022-08-07T12:21:57.669000", "tags": [ "apt", "data", "decrypted ssl", "windows nt", "okdate", "gmtetag", "iframe", "null", "cookie", "next", "twitter", "push", "code", "logic", "format", "apache", "jquery", "loader", "target", "canvas", "footer", "mark", "ruby", "facebook", "alexa", "screen", "infinity", "prop", "freeze", "dummy", "august", "local", "mozilla", "CVE-2017-11882", "CVE-2020-11022", "CVE-2020-11023", "CVE-2021-22941" ], "references": [ "https://hybrid-analysis.com/sample/c8c06a88f18d72420ac017c4b67d1e55170138a9d0f6d6046e7efc7b72ca8de0/62ef762fa396e628fa6ec076", "CVE-2021-22941", "CVE-2020-11023", "CVE-2020-11022", "CVE-2017-11882" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 625, "URL": 1124, "domain": 298, "FileHash-SHA256": 1579, "CVE": 4, "email": 5, "FileHash-MD5": 54, "FileHash-SHA1": 51 }, "indicator_count": 3740, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1321 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e32b8ee0032f3ab4c38", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:26.556000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e37bad2501c255b86e3", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:31.759000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62680e38dad4e4b62851b8e8", "name": "188.166.154.118", "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", "modified": "2022-05-26T00:02:33.465000", "created": "2022-04-26T15:22:32.241000", "tags": [ "error", "cancel", "confirm", "function", "regexp", "width", "click", "date", "typeof b", "height", "null", "this", "scroll", "body", "class", "target", "service", "accept", "twitter", "batal", "reload", "hj", "copyright", "closure library", "object", "hotjar", "email", "typeof symbol", "typeof e", "telefon", "array", "survey", "meta", "cookie", "keypress", "trident", "live", "fullscreen", "generic", "window", "widget", "ciudad", "adore", "experiment", "mutation", "send", "minified", "original file", "catched", "typeof y", "typeof blob", "blob", "xmlhttprequest", "tracking file", "mktz", "varname", "typeradio", "getnow", "visitor", "explorer", "android", "unknown", "x3e3", "gfunction", "jfunction", "yfunction", "typeof r", "f3e3", "string", "typeof t", "function code", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "reduceright", "trackevent", "page", "number", "digitalocean", "linode", "home cta", "vultr", "home page", "demo", "path", "magento", "derek", "void", "code", "typeof l", "json", "8760", "image", "adveid", "typeof c", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "addtocart", "signup", "addtowishlist", "lead", "custom", "typeof require", "sha256", "viewcontent", "search", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtolist", "contact", "download", "install", "typeerror", "quora pixel", "dwelltime", "gnu general", "public license", "sufeffxa0", "infinity", "gettitle", "promise", "hidden", "oref", "activexobject", "begin doc", "false", "cookiesfunction", "saconv", "pnull", "html", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config", "iframe", "webkittransform", "main", "maincontent", "placeroot", "generator", "next", "info" ], "references": [ "xfe-URL-Cloudways.com-stix2-2.1-export.json", "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", "https://tags.srv.stackadapt.com/events.js", "https://a.quora.com/qevents.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.redditstatic.com/ads/pixel.js", "https://bat.bing.com/bat.js", "https://s.adroll.com/j/roundtrip.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", "https://js-agent.newrelic.com/nr-spa-1215.min.js", "https://serve.albacross.com/track.js", "https://cdn.omniconvert.com/js/a91f81f.js", "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "hj", "display_name": "hj", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 494, "URL": 1404, "domain": 375, "FileHash-SHA256": 162, "FileHash-MD5": 4, "FileHash-SHA1": 1 }, "indicator_count": 2440, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1424 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "script.id", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "script.id", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776627902.6850312 }