{ "type": "Domain", "indicator": "this.store", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/this.store", "alexa": "http://www.alexa.com/siteinfo/this.store", "indicator": "this.store", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 995041535, "indicator": "this.store", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 35, "pulses": [ { "id": "6996fb0c1cd94f2b28366e8f", "name": "Beyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets.", "description": "The Contagious Interview campaign, linked to North Korean threat actors, is currently targeting IT professionals in the cryptocurrency, Web3, and AI sectors, with the intent to steal financial information and sensitive data. This threat employs a two-stage attack that starts with a JavaScript payload, confirming successful infection by sending a beacon to the attackers' command-and-control (C2) servers, and retrieving additional scripts. These secondary payloads include a Python-based malware named InvisibleFerret and two JavaScript files: one to create a remote-access backdoor and another to identify and exfiltrate sensitive files from the victim's system.", "modified": "2026-03-21T11:34:25.575000", "created": "2026-02-19T11:59:08.706000", "tags": [ "javascript", "c2 server", "chrome", "invisibleferret", "metamask wallet", "metamask", "javascript file", "json", "hmac", "beavertail", "python", "config", "seed", "path", "local", "service", "code" ], "references": [ "https://sp4rk.medium.com/beyond-the-backdoor-how-contagious-interview-is-surgically-tampering-with-metamask-wallets-0314ae901d85" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "InvisibleFerret", "display_name": "InvisibleFerret", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 15, "domain": 2 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "70 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "351 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761887bac8548ef81857a50", "name": "Prokuratura Okr\u0119gowa w Jeleniej G\u00f3rze - Prokuratura Okr\u0119gowa w Jeleniej G\u00f3rze - Portal Gov.pl", "description": "Wstecz prasowy wedi dweud wrthod wybodaeth iawnydd i'wodraethol i gwadu i us\u0142ug.", "modified": "2025-05-14T20:58:17.341000", "created": "2024-12-17T14:19:39.155000", "tags": [ "jeleniej grze", "jelenia gra", "prokuratury", "prokuratura", "usugi dla", "okrgowa", "przejd", "logowanie", "profil zaufany", "strona", "string", "date", "sufeffxa0", "regexp", "matomo", "please", "blob", "null", "tag manager", "link", "typeerror", "typeof symbol", "error", "typeof t", "copyright", "jorik tangelder", "mit license", "zamknij", "nastpne zdjcie", "trace", "hammer", "crlf", "v2 dokument", "plik dokumentu", "dane", "unicode", "utf8", "z bom", "dziennik zdarze", "ms windows", "vista" ], "references": [ "https://www.gov.pl/web/po-jelenia-gora/", "http://www.gov.pl/web/po-jelenia-gora/", "https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "https://www.gov.pl/scripts/bundle.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 1, "hostname": 179, "domain": 46, "URL": 340, "FileHash-SHA256": 23, "FileHash-MD5": 47, "FileHash-SHA1": 3 }, "indicator_count": 639, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709786808aed5d8ee43d19", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "", "modified": "2023-12-06T15:47:18.949000", "created": "2023-12-06T15:47:18.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "domain": 245, "hostname": 231, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708dff34f37412488dda2a", "name": "Digital Ocean", "description": "", "modified": "2023-12-06T15:06:38.991000", "created": "2023-12-06T15:06:38.991000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 703, "domain": 734, "URL": 5116, "hostname": 1266, "email": 3 }, "indicator_count": 7823, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cbc25cf0a3e497cffb4", "name": "npm.elemcdn.com/alist-web", "description": "", "modified": "2023-12-06T15:01:16.961000", "created": "2023-12-06T15:01:16.961000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 149, "hostname": 174, "URL": 344, "domain": 72, "FileHash-MD5": 55, "FileHash-SHA1": 51 }, "indicator_count": 847, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c13ee010f81d3f9b3af", "name": "Malware hosting - hostrocket.com", "description": "", "modified": "2023-12-06T14:58:27.115000", "created": "2023-12-06T14:58:27.115000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 232, "hostname": 963, "domain": 412, "URL": 2337, "email": 3, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3949, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708bf87a08635a650eeb9b", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:58:00.096000", "created": "2023-12-06T14:58:00.096000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708befc4f4c7e2be4370d9", "name": "ctgserver.net", "description": "", "modified": "2023-12-06T14:57:51.922000", "created": "2023-12-06T14:57:51.922000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1286, "domain": 560, "hostname": 1602, "URL": 7975, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dda295502d82e6e6ef7f", "name": "v4 - Hybrid scan uploaded + all suggested ioc's - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:18:26.733000", "created": "2023-03-31T13:18:26.733000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 222, "domain": 221, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 1885, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1156 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6426dd17695f7673d2dcee65", "name": "v3 Hybrid scan uploaded - vendor.3a0e728a.js another gem in edge on twitter.com/i/flow/login source code", "description": "WebpackChunk_Twitter-responsive_web is built on a single web address, which will allow users to upload images, tweets and videos to be stored in the same place as the hashtag.", "modified": "2023-03-31T13:16:07.144000", "created": "2023-03-31T13:16:07.144000", "tags": [ "trojan", "apt", "ansi", "memoryfile scan", "error", "runtime data", "typeof e", "regexp", "array", "object", "typeof t", "void", "null", "unknown", "path", "facebook", "4096", "suspicious", "meta", "lazy", "entity", "union", "body", "idkey", "scroll", "backspace", "insert", "roboto", "target", "stack", "hybrid", "model", "click", "stream", "strings", "qakbot", "pattern match", "ud801", "ud804", "ud805", "ud806", "ud81a", "ud835", "ud800", "ud802", "sha1", "sha256", "vendor.3a0e728a.js" ], "references": [ "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 43, "domain": 193, "URL": 64, "FileHash-SHA256": 85, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 389, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1156 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ed8628367c1a4f3f8e773a", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:26:00.959000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ed86228ecb2b03d35b046f", "name": "just a load of errors on edge watching twitch", "description": "load of unknown user pics, but that could just be a twitch thing", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T01:25:54.305000", "tags": [ "object", "typeerror", "typeof symbol", "error", "typeof t", "array", "string", "typeof e", "typeof n", "referenceerror", "date", "body", "null", "local", "generator", "class", "typeof tcfapi", "tcfapi", "daten", "image", "typeof comscore", "true", "regexp", "config", "nolbundle", "novmsjs", "nlssdk", "retry request", "nolsdkbundle", "typeof o", "bsdk check", "optout", "basever", "lsid", "qqfunction", "nielsen log", "info", "stop", "logger", "android", "donate", "ukraine relief", "requestbuilder", "slotbuilder", "uint8array", "nthis", "promise", "symbol", "fullscreen", "adload", "false", "facebook", "unknown", "meta", "direct", "this", "close", "locale", "model", "survey", "companion", "scroll", "backspace", "insert", "infinity", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "runtime data", "ansi", "path", "hybrid analysis", "api call", "registry access", "function", "calls", "window", "hybrid", "general", "click", "ransomware", "february", "strings", "suspicious", "irequestslot", "islotbuilder", "amazonerrorcode", "errortype", "adunit", "conflict", "please" ], "references": [ "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "webpack buildin global.js", "SlotBuilder.ts", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "apstag.js", "nlsSDK600.bundle.min.js", "v6s.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "beacon.js", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "SlotBuilder", "display_name": "SlotBuilder", "target": null }, { "id": "RequestBuilder", "display_name": "RequestBuilder", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1353, "hostname": 363, "domain": 201, "FileHash-SHA256": 203, "FileHash-MD5": 9, "FileHash-SHA1": 3 }, "indicator_count": 2132, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63f619404ba8714b7e063140", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609", "modified": "2023-02-22T13:31:44.806000", "created": "2023-02-22T13:31:44.806000", "tags": [ "memoryfile scan", "null", "runtime data", "void", "unknown", "android", "magento", "desktop", "dark", "scroll", "addressbar", "trigger", "template", "fast", "burn", "homepage", "class", "critical", "iframe", "lick", "open", "trace", "sapphire", "screen", "small", "close", "click", "ransomware", "strings", "malicious", "contains", "xnnew weakmap", "fnnew weakmap", "auto_open_controller.js", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609" ], "references": [ "https://hybrid-analysis.com/sample/12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609/63f3dde5af1db0386635b153", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "hostname": 231, "domain": 245, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1193 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1212 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62e69610305a20de80232e50", "name": ";http://tdarr.io/ - yet more net.sh", "description": "", "modified": "2022-08-30T00:01:48.297000", "created": "2022-07-31T14:47:44.291000", "tags": [ "trojan", "apt", "runtime data", "decrypted ssl", "typeerror", "typeof symbol", "null", "accept", "unknown", "roboto", "generator", "matrix", "internal", "blank", "trident", "discord", "facebook", "twitch", "backend", "twitter", "suser", "android", "meta", "skew", "parade", "click", "malicious", "mozilla", "suspicious", "network traffic", "net.sh" ], "references": [ "https://hybrid-analysis.com/sample/3782c093f4a54060ab6a269e2cc5a0334352f4c210500d370f185b6799f0007a/62e280899822900706678798", "tdarr.io", "net.sh neural netw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 786, "hostname": 498, "FileHash-SHA256": 122, "domain": 139, "FileHash-MD5": 43, "FileHash-SHA1": 36 }, "indicator_count": 1624, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1370 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62ea8bf5508d5839c2e68b66", "name": "This what you dont see your browser doing in the background", "description": "", "modified": "2022-08-03T14:53:41.744000", "created": "2022-08-03T14:53:41.744000", "tags": [ "regexp", "array", "attr", "class", "css1compat", "null", "string", "error", "function", "invalid json", "text", "date", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "classspan", "span", "typecheckbox", "gradienttype0", "typeradio", "classicon", "typesearch", "typesubmit", "href", "typebutton", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/static/js/bootmin-2013092601.js" ], "references": [ "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://www.virustotal.com/en/file/undefined/analysis/", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "bootstrap.min.css", "ga.js", "bootmin-2013092601 2.js", "bootmin-2013092601.js", "jquery.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 193, "hostname": 384, "domain": 146, "URL": 972 }, "indicator_count": 1695, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1396 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e790d414886e18b33c262", "name": "either emotet or a part of it", "description": "var a.tldDomains, AWIN.Tracking.com, has a new name for its basket, but how do you find it in your browser?.. and what does this mean?", "modified": "2022-06-24T00:01:00.706000", "created": "2022-05-25T18:44:29.280000", "tags": [ "tfunction", "cnullvvoid", "wnullgvoid", "bnullhvoid", "gnullcvoid", "guidewrapper", "blog", "lfunction", "hotjar", "iab2", "code", "number", "party", "n strictly", "life spann", "azuren n", "cookie tracking", "tablen n", "n cookies", "cookie", "null", "date", "error", "ffffff", "typeof t", "uint16array", "regexp", "uint8array", "array", "uint32array", "helvetica", "void", "execution", "body", "roboto", "prop", "object", "param", "cookies", "getcookie", "name", "typeof", "uri component", "obj2", "typeof e", "webkit", "component", "typeof y", "typeof symbol", "suspense", "context", "forwardref", "unknown", "4096", "function", "typeof n", "typeof window", "uuidv4", "ajsanonymousid", "suffix", "bill", "viewed", "pavel krayzel", "psd2", "bt prorata", "amex", "squad", "march", "new visitors", "promise", "nthis", "eventprocessor", "typeof define", "info", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "contact", "download", "install", "window", "value", "customevent", "image", "samesitelax", "invalid pixel", "snap", "afaf09", "sfunction", "cfunction", "post", "appcuesdeps", "typeerror", "hki3", "ogr1", "typeof self", "full selector", "heatmaps", "sans", "version", "releaseid", "appcues", "dashboard2", "dashboard3", "technology", "selector", "click", "next", "import", "generic", "started", "dismissed", "completed", "contextual help", "symbol", "appcuesfunction", "widget", "iframe", "pnull", "html", "style", "ctnull", "fanull", "license", "ynull", "config", "meta", "accept", "contabo gmbh", "typeof hj", "https", "learn", "surveyv2", "surveyisolated", "safari", "firefox", "chrome", "remove", "edge", "correct", "section", "segoe ui", "emoji", "opera", "path", "span", "this", "typeof document", "small", "blank", "pass", "core", "footer", "close", "form", "main", "direct", "reduceright", "string", "f420", "gyfpnzbgtf3", "copyright", "json", "sesprops", "href", "input", "class", "logger", "target", "push", "awalt", "awinawin", "explorer", "awatp", "ccampid", "impid", "tag1" ], "references": [ "https://www.dwin1.com/13976.js", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://contabo.com/client/client.a529db28.js", "https://contabo.com/client/client-30e55c50.css", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://www.clarity.ms/tag/uet/5739677", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "https://fast.appcues.com/79878.js", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://sc-static.net/scevent.min.js", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hotjar.com/ensureSegmentId.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "https://www.hotjar.com/persistUtmParams.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "hostname": 456, "URL": 1730, "FileHash-SHA256": 342, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1437 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628077c330f33dfd254e5a8b", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-15T03:47:15.835000", "tags": [ "bomboraconsent", "gdpr", "ccpa", "date", "nthis", "array", "typeof e", "typeerror", "class", "image", "typeof symbol", "afsh", "copyright", "rights reserved", "comscore", "typeof o", "uspapi", "null", "s271733878", "secure hash", "algorithm", "sha1", "a1732584193", "1518500249", "imgurl", "oiqfpsjs", "script", "iframe", "oiqaddpagecat", "inte", "oiqdotag", "track", "regexp", "pseudo", "child", "typeof b", "error", "sufeffxa0", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75", "wpbruiserclient", "browserinfo", "mozinnerscreenx", "xmlhttprequest", "activexobject", "bf7e56f2f3", "zpbcat", "zcluidkrs", "promise", "boolean", "verification", "object", "reflect", "typeof proxy", "demo", "shareaholic", "sfunction", "bearer", "patch", "accept", "function", "symbol", "weakmap", "dataview", "typeof module", "cfunction", "event", "afunction", "efunction", "mfunction", "binnerheightc", "number", "string", "trackevent", "click", "uint8array", "gtmng3vqql", "classes", "path", "code", "typeof r", "function code", "typeof n", "angular", "angularjs", "ember", "meteor", "zepto", "jquery", "vd", "utmb", "firefox", "shockwave flash", "utma", "utmz", "ieproto", "typeof", "widgetrootqa", "driftconductor", "addcookiedomain", "hubspot", "typeof t", "quora pixel", "4294967295", "uint32array", "viewcontent", "infinity", "register domain names", "domain registration", "business web hosting services", "web hosting provider", "business email accounts", "web site hosting", "domain name registration", "ecommerce hosting services", "buy domains", "bulk domain search", "domain name search", "domain hosting", "registrations", "websites", "whois", "registrar", "registry", "domainpeople", "domain name", "registration", "year discount", "web hosting", "us whois", "us contact", "lookup alerts", "support login", "call" ], "references": [ "https://domainpeople.com", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://js.hubspot.com/analytics/1652585100000/210895.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://js-agent.newrelic.com/nr-1216.min.js", "https://js-na1.hs-scripts.com/210895.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "https://px.owneriq.net/stas/s/sholic.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "https://sb.scorecardresearch.com/beacon.js", "https://cdn.tynt.com/afsh.js", "xfe-URL-ml314.com-stix2-2.1-export.json", "xfe-URL-bombora.com-stix2-2.1-export.json", "xfe-URL-Owneriq.net-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "BomboraConsent", "display_name": "BomboraConsent", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 4185, "URL": 12454, "FileHash-SHA256": 1329, "CVE": 2, "domain": 2068, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627fe16ae54614d3d59de881", "name": "Digital Ocean", "description": "\u2026", "modified": "2022-06-13T00:00:32.864000", "created": "2022-05-14T17:05:46.360000", "tags": [ "min", "qe", "photostatus", "hero stripe", "object", "boolean", "license", "urlsearchparams", "typeof t", "events", "pattrick hper", "bsd3clause", "typeerror", "react", "date", "error", "this", "flex", "open", "facebook", "close", "february", "april", "june", "august", "dead", "frozen", "blank", "null", "mutation", "roboto", "4096", "unknown", "clock", "period", "footer", "android", "service", "invisible", "sphinx", "checkbox", "click", "typeof e", "referenceerror", "typeof symbol", "router", "function", "intl", "push", "body", "meta", "string", "url path", "url object", "full", "url api", "nativeurl", "searchparams", "copyright", "closure library", "includes code", "regexp", "html", "plugindetect", "jeff mott", "quicktime", "flash shockwave", "vlc adobereader", "span", "or conditions", "post", "array", "apache license", "version", "this code", "is provided", "on an", "ud83d", "ud83e", "u2695u2696u2708", "udc66udc67", "udc68udc69", "ud83c", "dfunction", "typeof u", "u2640u2642", "9000", "typeof r", "weakmap", "asyncfunction", "proxy", "customevent", "uint8array", "09af", "ver0", "tag0", "extdata0", "ua ch", "window", "documentcookie", "typeof self", "blob", "promise", "reduceright", "number", "l420", "gnp82xmkw0p", "json", "void", "public", "github", "meetup", "swarm", "jump", "sign", "releases", "packages", "contributors", "topics", "star", "contact", "code", "stars" ], "references": [ "xfe-URL-Meetup.com_pro_digitalocean_-stix2-2.1-export.json", "https://github.com/meetup/swarm-ui", "https://www.googletagmanager.com/gtag/js?id=G-NP82XMKW0P&l=dataLayer&cx=c", "https://www.meetup.com/proxydirectory/tags/239562121304/tag.js", "https://www.meetup.com/pro_static/en-US/0.f2cf4c3f.js", "https://dna8twue3dlxq.cloudfront.net/js/profitwell.js", "https://cdn.sift.com/s.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/922061185/?random=1652546907471&cv=9&fst=1652546907471&num=1&label=BaPJCIf2_WYQgZPWtwM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg5b0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.meetup.com%2FDigitalOceanMoscow%2F&ref=https%3A%2F%2Fwww.meetup.com%2Fpro%2Fdigitalocean%2F&tiba=DigitalOcean%20Moscow%20(Moscow%2C%20Russia)%20%7C%20Meetup&hn=www.googleadser", "https://cdn.polyfill.io/v2/polyfill.min.js?features=default-3.6,fetch,Intl,Intl.~locale.en-US,Array.prototype.find,Array.prototype.includes,Object.values&flags=gated", "https://www.meetup.com/mu_static/react.ddd38c26.js", "https://www.meetup.com/mu_static/en-US/app.0ff22766.js", "xfe-URL-Sift.com-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MIN", "display_name": "MIN", "target": null }, { "id": "PhotoStatus", "display_name": "PhotoStatus", "target": null }, { "id": "Qe", "display_name": "Qe", "target": null }, { "id": "Hero Stripe", "display_name": "Hero Stripe", "target": null }, { "id": "DocumentCookie", "display_name": "DocumentCookie", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1266, "URL": 5116, "domain": 734, "FileHash-SHA256": 703, "CVE": 1, "email": 3 }, "indicator_count": 7823, "is_author": false, "is_subscribing": null, "subscriber_count": 72, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62693e95b3034a9615710d4a", "name": "npm.elemcdn.com/alist-web", "description": "", "modified": "2022-05-27T00:00:15.468000", "created": "2022-04-27T13:01:08.976000", "tags": [ "null", "error", "weakmap", "peedtee", "snull", "void", "facebook", "trident", "apt", "decrypted ssl", "february" ], "references": [ "https://hybrid-analysis.com/sample/f4057c7a34cf3fb738a727e78063328788dc7b00989a097929b60399d48f2220", "https://hybrid-analysis.com/sample/37a24095d92c7891cf825aa7d01a01ed2b3d48ecc32a7d09806e41be04b3afa4/62691ac164fa7610811a9984", "https://npm.elemecdn.com/alist-web@2.3.0/dist/assets/vendor.e93814c3.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 344, "hostname": 174, "domain": 72, "FileHash-SHA256": 149, "CVE": 2, "FileHash-MD5": 55, "FileHash-SHA1": 51 }, "indicator_count": 847, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "628e33df0169fe33f79b766b", "name": "Seems to be coming from space . Space malware? \u4e91\u9002\u914d(AllMobilize Inc.) --\u4f01\u4e1a\u6d4f\u89c8\u5668\u53ca\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546 | \u4e91\u9002\u914d", "description": "AllMobilize, Amaze, and all its partners - all of them with the same name - are now available to use on Facebook, Twitter, Instagram and other social media platforms, including Facebook.", "modified": "2022-05-25T13:49:19.876000", "created": "2022-05-25T13:49:19.876000", "tags": [ "ebeef5", "dcdfe6", "e64552", "helvetica", "ffffff", "pingfang sc", "helveticaneue", "arial", "microsoft yahei", "45deg", "post", "sqdl", "sqhz", "eptyzj", "zjxcys", "doform", "modernizr", "typeradio", "tagnames", "boolean", "date", "array", "error", "typeof t", "dtft", "amaze ui", "function", "regexp", "d1dd2", "mstransitionend", "team", "android", "february", "april", "june", "august", "void", "null", "type", "elem", "index", "handle", "sizzle", "check", "target", "hooks", "prop", "copy", "class", "mark", "internal", "stack", "false", "code", "accept", "seed", "first", "body", "jquery", "pass", "bind", "core", "local", "verify", "done", "find", "inject", "possible", "hold", "trigger", "camel", "bubble", "window", "middle", "capture", "iframe", "fall", "stop", "panic", "back", "speed", "grab", "install", "open", "invalid request", "button", "input", "cpu os", "span", "label", "this", "trident", "pykey", "eventparams", "object", "event", "infinity", "pykeye", "string", "typeof", "typeof e", "typeof r", "typeof s", "typeof console", "contenttype", "number", "\u4e91\u9002\u914d\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\uff0c\u4f01\u4e1a\u79fb\u52a8\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4e91\u9002\u914d\u8de8\u5c4f", "\u4e91\u9002\u914d\u7f51\u7ad9\u9002\u914d", "\u4e91\u9002\u914d\u8de8\u5c4f\u4e91", "\u4e91\u9002\u914d\u8de8\u5c4f\u5e94\u7528", "\u4f01\u4e1aoa\u79fb\u52a8\u5316\u3001\u4f01\u4e1a\u79fb\u52a8\u95e8\u6237\u3001\u79fb\u52a8\u5e94\u7528\u7ba1\u7406\u3001\u79fb\u52a8\u5e94\u7528\u5e73\u53f0", "xcloud", "amaze", "sdp enterplorer", "siebel domino", "siebel", "domino", "allmobilize", "apipc", "ui amaze" ], "references": [ "https://www.yunshipei.com/", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "https://fm.ipinyou.com/j/a.js", "https://www.yunshipei.com/assets/js/jquery.js", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 652, "URL": 1482, "domain": 242, "FileHash-SHA256": 142, "FileHash-MD5": 3 }, "indicator_count": 2521, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1466 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6263b3b617c33c9a7644a9c6", "name": "psychz.net - malware", "description": "function:function t(t)var e.handleObj, a new type of JavaScript, for all types of window.. and data-api, in the form of \"transition end\".", "modified": "2022-05-23T00:00:56.946000", "created": "2022-04-23T08:07:18.262000", "tags": [ "error", "typeof e", "object", "typeof", "array", "typeof n", "typeof t", "boolean", "typeof r", "uff5c", "null", "date", "meta", "this", "scroll", "backspace", "insert", "unknown", "4096", "void", "copyright", "closure library", "reduceright", "vd", "number", "string", "regexp", "pageview", "uint8array", "gtm5pbn7g", "host", "path", "code", "typeerror", "version", "clickdataapi", "hidden", "show", "bootstrap", "click", "dataspy", "body", "mouseleave" ], "references": [ "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 120, "URL": 681, "domain": 192, "FileHash-SHA256": 188 }, "indicator_count": 1181, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6260d13ab57ec96e24359914", "name": "Malware - reliablesite.net", "description": "VUE-DEVTOOLs_GLOBAL_Hook__, a description of what it will look like when it comes to testing software, is based on the type of Object.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-21T03:36:26.313000", "tags": [ "date", "swiper", "value", "trigger", "gbps", "typeof define", "typeof module", "roboto", "helvetica neue", "arial", "small", "error", "show", "typeof e", "version", "hidden", "bootstrap", "click", "javascript", "clickdataapi", "collapse", "typeerror", "typeof", "regexp", "tether error", "typeof rnullr", "anull", "typeof b", "pseudo", "child", "array", "sufeffxa0", "class", "attr", "null", "void", "65536", "typeof f", "vd", "function", "activexobject", "number", "utmb", "firefox", "shockwave flash", "utma", "utmz", "iframe", "online", "livechat", "refreshurl", "title", "imageurl", "cssclass", "chat", "object", "string", "typeof t", "incorrect", "xfunction", "target", "typeof p", "typeof btoa", "vnode", "boolean", "typeof symbol" ], "references": [ "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://code.jquery.com/jquery-1.12.0.min.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2233, "hostname": 827, "domain": 565, "FileHash-SHA256": 238 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f86049cb1c945f7701075", "name": "Hetzner - malware hosting", "description": "function ar(aw,av,au,at) is a new type of tracking, which uses the same code as the Matomo tracking tool and its built-up functionality to track where a tracker is located.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T04:03:16.817000", "tags": [ "param", "locale", "return", "stripped", "regexp", "html", "lang", "lightweight", "dual", "javascript i18n", "entity", "body", "meta", "typeradio", "ttav", "width", "ttaelt", "shadowwidth", "tagtotip", "html element", "shadow", "closebtncolors", "fadein", "null", "sticky", "close", "false", "path", "config", "span", "iframe", "kill", "inside", "first", "typetext", "typepassword", "input", "typeof define", "typeof module", "html tags", "px20trnf", "dom element", "date", "this", "typeof e", "function", "left", "bottom", "nullt", "right", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "typeof t", "class", "attr", "pseudo", "child", "js foundation", "error", "captcha", "access site", "click", "strong", "ddos", "hetzner online", "gmbh element", "lztextlink", "script", "lzrscr", "scrb64d", "livezilladata", "ovlcwm", "activedocument", "lzsds", "lzsde", "lzsdeg", "cant load", "gv1023", "typecheckbox", "5deg", "20deg", "45deg", "2000px00", "2000px0", "10px00", "60px0", "mintime", "await", "number", "typeof n", "typeof symbol", "cookieconsent", "showcookiemodal", "cookie banner", "agree", "agreed", "expiresthu", "anchorregex", "typeerror", "swiper", "hammer", "bnm", "software", "azaz", "form", "void", "zert", "accept", "android", "trace", "import", "string", "please", "blob", "matomo", "post", "javascript", "link", "license" ], "references": [ "xfe-IP-136.243.64.87-stix2-2.1-export.json", "https://matomo.hetzner.com/matomo.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://accounts.hetzner.com/login", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ActiveDocument", "display_name": "ActiveDocument", "target": null }, { "id": "OVLCWM", "display_name": "OVLCWM", "target": null }, { "id": "Hammer", "display_name": "Hammer", "target": null }, { "id": "BNM", "display_name": "BNM", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2308, "hostname": 949, "FileHash-SHA256": 125, "domain": 372, "FileHash-SHA1": 3, "FileHash-MD5": 256 }, "indicator_count": 4013, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f492a0581b2eb202e47c9", "name": "Malware hosting - hostrocket.com", "description": "ChunkLoadError, a new type of error, failed to load a chunk of JavaScript, according to the web browser operator, E.noconflict.com, as well as the website itself.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T23:43:38.539000", "tags": [ "jxuiwidget", "null", "function", "jxuihtmldiv", "date", "jxuilabel", "zendesk chat", "regexp", "api update", "jxuihtmla", "window", "chat", "void", "error", "loader", "back", "click", "close", "agent", "hello", "form", "banned", "cookie", "small", "legacy", "direct", "colorbox core", "style", "user style", "colorbox", "html", "6deg", "e5e5e5", "dbdbdb", "d2d2d2", "eaedef", "michael farrell", "home", "helvetica", "ssd shared", "page", "formnum", "hidden", "current", "hostrocket", "dotblock", "fast", "href", "price slider", "tooltip", "dotblock popup", "callback", "rect", "cycle plugin", "number", "auto", "shuffle", "manual", "roll", "speed", "stop", "false", "first", "look", "copyright", "gpl version", "http", "document", "ui effects", "width", "left", "bottom", "this", "atom", "html id", "price", "timer", "value", "processor", "example", "storage", "string", "class", "thecookie", "create", "thevalue", "param", "type", "pluginscookie", "author", "jquery", "u00a0", "option", "body", "optgroup", "multiple", "selectboxhover", "selectbox", "label", "control", "slideshow", "jack moore", "mit license", "overlay", "wrapper", "content", "loadedcontent", "loadingoverlay", "next", "iframe", "array", "attr", "tools", "ui library", "no copyrights", "or licenses", "like", "media", "john resig", "dual", "gtmkw8b5l", "classes", "host", "path", "element", "trackpageview", "typeerror", "typeof symbol", "typeof e", "typeof t", "referenceerror", "promise", "script", "boolean", "typeof n" ], "references": [ "xfe-URL-hostrocket.com-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtm.js?id=GTM-KW8B5L", "https://www.hostrocket.com/js/jquery-1.6.1.min.js", "https://www.hostrocket.com/js/jquery.tools.min.js", "https://www.hostrocket.com/js/jquery.colorbox-min.js", "https://www.hostrocket.com/js/jquery.selectBox.min.js", "https://www.hostrocket.com/js/jquery.cookie.js", "https://www.hostrocket.com/js/jquery.price_slider.js", "https://www.hostrocket.com/js/jquery-ui-1.8.13.custom.min.js", "https://www.hostrocket.com/js/jquery.cycle.all.js", "https://www.hostrocket.com/js/jquery.behavior.js", "https://www.hostrocket.com/contact-files/contact-form.js", "https://www.hostrocket.com/css/style.css", "https://www.hostrocket.com/css/colorbox.css", "https://www.hostrocket.com/css/style-nophone.css", "https://v2.zopim.com/bin/v/widget_v2.329.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 963, "email": 3, "domain": 412, "URL": 2338, "FileHash-SHA256": 232, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3950, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625effa1c4edcef37385c4eb", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:53.960000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625eff927c93e3e5cd50e191", "name": "ctgserver.net", "description": "var d=b.dir,e=c&&\"parentNode\"===d,f=x, f=w, b.b, and d(b) for the first time.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T18:29:38.810000", "tags": [ "0x1d3c", "function", "json", "date", "0x3abb84", "0x400e43", "0x4e2be0", "0x27ecdf", "this", "0x217f25", "webview", "array", "typeof e", "regexp", "null", "object", "string", "post", "typeof r", "error", "android", "void", "math", "k3wc3w", "o4wo4w", "b0z1", "a4r1", "b2bbbb", "o5r1", "image", "typeof s", "typeof console", "contenttype", "number", "60number", "new date", "close", "sector", "typeof symbol", "crispclient", "crisp im", "typeof b", "width", "pseudo", "child", "sufeffxa0", "class", "accept" ], "references": [ "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://client.crisp.chat/l.js", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "http://push.zhanzhang.baidu.com/push.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "http://static.geetest.com/static/js/geetest.6.0.9.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "xfe-URL-Zhuzi.me-stix2-2.1-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 7975, "FileHash-SHA256": 1286, "hostname": 1602, "domain": 560, "FileHash-MD5": 85, "FileHash-SHA1": 1 }, "indicator_count": 11509, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de05d2c58343224615255", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:47:57.704000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de06b6d7b6fb1caada56a", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:11.932000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624de0699b9516c5c53a4c60", "name": "\u542b\u7f9e\u8349\u7814\u7a76\u6240|Fi11.com", "description": "var a,b,c,d, f.substr(d),a=f, a.href, and a number of other elements:a.b.search.com.", "modified": "2022-05-06T18:05:54.002000", "created": "2022-04-06T18:48:09.891000", "tags": [ "date", "cnzzdata", "czuuid", "umdistinctid", "toast", "android", "androidig", "linuxig", "iphoneipodiosig", "ipadig", "windows", "alert", "image", "object", "boolean", "error", "typeof t", "number", "67108863", "string", "typeerror", "array", "promise", "null", "this", "unknown", "write", "iframe", "window", "backspace", "body", "verify", "fullscreen", "copyright", "closure library", "pfunction", "contenttype", "zfunction", "bfunction", "mvoid", "ofunction" ], "references": [ "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://h5.hxcpp100.com/?id=22929", "https://www.google-analytics.com/analytics.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "http://push.zhanzhang.baidu.com/push.js", "https://js.users.51.la/21185805.js", "https://www.hxcpp100.com/js/linkChange.js", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 981, "hostname": 279, "domain": 202, "FileHash-SHA256": 73, "CVE": 1 }, "indicator_count": 1536, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://imgs.qgddmy.com/static_h5/js/manifest.2ae2e69a05c33dfc65f8.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobile_nb.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://stats.ipinyou.com/presadv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&cb=py.cb", "extended_layouts.26.css", "https://www.hostrocket.com/css/style-nophone.css", "https://www.virustotal.com/static/css/bootstrap.min.css?20150630", "https://cdn.heapanalytics.com/js/heap-3501642718.js", "template.26.css", "https://js-na1.hs-scripts.com/210895.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "jcemediabox.css", "https://matomo.hetzner.com/matomo.js", "http://api.geetest.com/gettype.php?gt=70bfe290f45725d99fae0063c5188b8f&callback=geetest_1650391760798", "P34D56F9D-5684-4C83-8EE1-5EA7DE9CF45D.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://www.hostrocket.com/js/jquery.selectBox.min.js", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/wz_tooltip.js", "https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "slider.js.pobrane", "https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.brechlerinsurance.com%2F&cl=en-US&id_sync=19da2f0f-8191-4a73-b27d-e95f97e9a686&minify=1&pvs=1&site=d016349f31f268b5ce94fa8e70f6eddd", "djmobilemenu.css", "bootmin-2013092601 2.js", "https://www.hotjar.com/_next/static/chunks/pages/_app-be5fbad980fd377922f7.js", "xfe-URL-Sift.com-stix2-2.1-export.json", "https://npm.elemecdn.com/alist-web@2.3.0/dist/assets/vendor.e93814c3.js", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "search.js.pobrane", "https://imgs.qgddmy.com/static_h5/js/vendor.4071e145e4ea91fa5ab1.js", "https://www.yunshipei.com/assets/js/jquery.js", "v6s.js", "https://dsms0mj1bbhn4.cloudfront.net/assets/pages-afd7ed46648f01def74df6e4c245da53bde609b863bf63ff94a87154f2f82de0.js", "jcemediabox.js.pobrane", "https://www.meetup.com/proxydirectory/tags/239562121304/tag.js", "https://bat.bing.com/bat.js", "https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js", "https://p.qiao.baidu.com/cps3/site/poll?cb=jsonp_bridge_1650392095190_21922384256393768&l=1&sign=&v=165039175860477407&s=12877102&e=26958486&isAFF=1&filterAdvertisement=1&dev=1&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%223bfef1eb-bde9-4fbf-ba96-abad738f1775%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165039175860477407%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&_time=1650392095190", "https://cdn.taboola.com/libtrc/unip/1331749/tfa.js", "https://i.simpli.fi/dpx.js?cid=66112&m=0&sifi_tuid=37830&referrer=http%3A%2F%2Fwww.brechlerinsurance.com%2F", "caption.js.pobrane", "https://v2.zopim.com/bin/v/widget_v2.329.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://livesupport.hetzner.de/server.php?rqst=track&output=jcrpt&group=Produktberatung&hg=Pw__&hcgs=MQ__&htgs=MQ__&ovltwo=MQ__&ovlv=djI_&ovlc=MQ__&esc=IzU4NTg1YQ__&epc=I0JFMTUyRA__&ovlts=MA__&ovlmr=MTAw&ovlmb=MjY_&hfk=MQ__&ovloo=MQ__&hots=MQ__&hott=MQ__&nse=0.615520170244701", "jquery.countTo.js.pobrane", "https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js", "djimageslider.css", "http://www.ctgserver.net/zhuzi-statistic.js?path=http%3a%2f%2fwww.ctgserver.net%2f&siteid=68944&referer=", "https://use.fortawesome.com/03018d9d.js", "https://www.hostrocket.com/js/jquery.colorbox-min.js", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://s9.cnzz.com/z_stat.php?id=1280743953&web_id=1280743953", "embed.js.pobrane", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=", "onion.js.pobrane", "f5Y41t9wqY4.html", "animations.css", "cast_sender.js.pobrane", "overlay.js.pobrane", "beacon.js", "https://cdn.polyfill.io/v2/polyfill.min.js?features=default-3.6,fetch,Intl,Intl.~locale.en-US,Array.prototype.find,Array.prototype.includes,Object.values&flags=gated", "https://stats.ipinyou.com/adv?a=SR..sxcg_4d0DhagaJWCLj_ZdX&u=https%3A%2F%2Fwww.yunshipei.com%2F&rd=1653485491040&v=2&e=sr%3D390x844%26sc%3D32-bit%26je%3Dfalse%26lg%3Den-us%26vb%3D1%26did%3D%26dt%3D%26ps%3D390x3885%26vp%3D390x664%26ec%3DUTF-8%26vbt%3D1822%26sp%3D0%26ur%3D%26st%3D%26ev%3Dvg", "xfe-URL-http___psychz.net_-stix2-2.1-export.json", "xfe-URL-Meetup.com_pro_digitalocean_-stix2-2.1-export.json", "http://v1-ab.cdn-static.cn/editor/js/jquery.min.js", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://contabo.com/client/client.a529db28.js", "https://www.psychz.net/assets/js/bootstrap.min.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "animate.min.css", "https://www.googletagmanager.com/gtm.js?id=GTM-NG3VQQL", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "jquery.easing.min.js.pobrane", "animate.ext.css", "https://c.cnzz.com/core.php?web_id=1280798474&t=z", "font_switcher.26.css", "https://www.virustotal.com/static/js/base.min-2013121902.js", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "https://hybrid-analysis.com/sample/12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609/63f3dde5af1db0386635b153", "https://fast.appcues.com/generic/main/4.35.3/appcues.main.e826b3c1f5ab15648ac446eafdbb489fd58d7f2d.js", "template_responsive.26.css", "https://www.gov.pl/web/po-jelenia-gora/", "offcanvas.js.pobrane", "https://js.hubspot.com/analytics/1652585100000/210895.js", "www-embed-player.js.pobrane", "layout.min.js.pobrane", "https://www.virustotal.com/static/js/bootmin-2013092601.js", "https://www.googletagmanager.com/gtag/js?id=G-YFPNZBGTF3&l=dataLayer&cx=c", "https://livesupport.hetzner.de/script.php?id=eec8dcd79d6fdf905136b99875c1d599", "https://hybrid-analysis.com/sample/5da0de230eb98e5598b152944d0e7e6b355485484052df6c7f1c747e2c5564c0/63ed708125f47738b45a6520", "https://dna8twue3dlxq.cloudfront.net/js/profitwell.js", "https://accounts.hetzner.com/build/app.dc073715.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1046749228/?random=1650700509087&cv=9&fst=1650700509087&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4k0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.psychz.net%2F&tiba=DDoS%20Protected%20Data%20Centers%20In%20America%2C%20Europe%2C%20Africa%2C%20Asia&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://hybrid-analysis.com/sample/f4057c7a34cf3fb738a727e78063328788dc7b00989a097929b60399d48f2220", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://goutong.baidu.com/site/889/a8439b4fa4b46ae6d1cb7840806b342d/b.js?siteId=12877102", "https://www.meetup.com/mu_static/en-US/app.0ff22766.js", "https://www.hostrocket.com/js/jquery.cookie.js", "https://accounts.hetzner.com/login", "https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz", "https://munchkin.marketo.net/161/munchkin.js", "https://www.yunshipei.com/assets/js/app.min.js", "https://www.hostrocket.com/js/jquery.price_slider.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "xfe-URL-Domainpeople.com-stix2-2.1-export.json", "https://www.meetup.com/mu_static/react.ddd38c26.js", "https://goutong.baidu.com/site/270/98c14a71a44014f7aa9d23449a55ae8f/b.js?siteId=3064033", "xfe-URL-livesupport.hetzner.de-stix2-2.1-export.json", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "bootstrap.min.css", "net.sh neural netw", "https://static.hotjar.com/c/hotjar-2086874.js?sv=6", "apstag.js", "jquery-migrate.min.js.pobrane", "SlotBuilder.ts", "ga.js", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://sp4rk.medium.com/beyond-the-backdoor-how-contagious-interview-is-surgically-tampering-with-metamask-wallets-0314ae901d85", "http://push.zhanzhang.baidu.com/push.js", "remote.js.pobrane", "bootstrap.min.js.pobrane", "https://fm.ipinyou.com/j/a.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "jquery.djmobilemenu.js.pobrane", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery-migrate.js", "http://api.geetest.com/get.php?gt=70bfe290f45725d99fae0063c5188b8f&challenge=36bbdc68ea2e3279d57269471b837a6b&product=popup&width=301px&offline=false&lang=zh-cn&protocol=http://&type=slide&path=/static/js/geetest.6.0.9.js&callback=geetest_1650391756575", "embed.html", "https://sc-static.net/scevent.min.js", "https://www.hotjar.com/_next/static/chunks/framework-6994461647f52f294af9.js", "http://sgoutong.baidu.com/embed/1649840755/asset/embed/mobilelite/main.js", "https://www.hostrocket.com/css/style.css", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.yunshipei.com/assets/js/amazeui.min.js", "https://konsoleh.your-server.de/templates/ui-default/de/styles/login.css.php", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/wp-emoji-release.min.js?ver=479aaeefa13948f8aa1a2479d7a751df", "xfe-URL-https___www.reliablesite.net_-stix2-2.1-export.json", "12a26eb45e5e3bd90c4578f8f07944baf981e6c083145990015ebc7474dee609", "https://munchkin.marketo.net/munchkin.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-vendor.js", "fontswitcher.js.pobrane", "bootstrap_responsive.26.css", "https://www.yunshipei.com/", "jquery.ui.core.min.js.pobrane", "common.js.pobrane", "xfe-URL-Owneriq.net-stix2-2.1-export.json", "ad_status.js.pobrane", "js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "xfe-IP-137.220.241.241-stix2-2.0-export.json", "https://www.virustotal.com/en/file/undefined/analysis/", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css", "jquery.autocomplete.min.js.pobrane", "https://hybrid-analysis.com/sample/9bf30967dfbf84d91ff4a1ca66dcd6c3383e679917e8b7aa4f659ff9f4e848d7/6426cf48655f94b6b303704c", "https://accounts.hetzner.com/build/runtime.188fa053.js", "https://js.users.51.la/21185805.js", "https://www.googletagmanager.com/gtm.js?id=GTM-5PBN7G", "https://accounts.hetzner.com/build/802.3a7546ef.js", "https://cdn.sift.com/s.js", "https://cdn.optimizely.com/datafiles/HgHVKrf9ZD2dsZYVFb9JnD.json/tag.js", "https://www.hostrocket.com/js/jquery-ui-1.8.13.custom.min.js", "https://dsms0mj1bbhn4.cloudfront.net/webpack/default~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~2fbcff42-06fb1418b4e0c0383855.js", "magnific.js.pobrane", "jquery.djmegamenu.js.pobrane", "https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.1.min.js", "bootmin-2013092601.js", "https://hybrid-analysis.com/sample/3782c093f4a54060ab6a269e2cc5a0334352f4c210500d370f185b6799f0007a/62e280899822900706678798", "https://www.youtube.com/iframe_api", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://client.crisp.chat/l.js", "http://static.geetest.com/static/js/geetest.6.0.9.js", "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js", "https://h5.hxcpp100.com/?id=22929", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/922061185/?random=1652546907471&cv=9&fst=1652546907471&num=1&label=BaPJCIf2_WYQgZPWtwM&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=2&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg5b0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.meetup.com%2FDigitalOceanMoscow%2F&ref=https%3A%2F%2Fwww.meetup.com%2Fpro%2Fdigitalocean%2F&tiba=DigitalOcean%20Moscow%20(Moscow%2C%20Russia)%20%7C%20Meetup&hn=www.googleadser", "scripts.js.pobrane", "https://sb.scorecardresearch.com/beacon.js", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "jquery-noconflict.js.pobrane", "https://www.googletagmanager.com/gtag/js?id=G-NP82XMKW0P&l=dataLayer&cx=c", "content.css", "https://cdn.segment.com/next-integrations/integrations/appcues/2.3.0/appcues.dynamic.js.gz", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-main.js", "xfe-URL-Zhuzi.me-stix2-2.1-export.json", "webpack buildin global.js", "https://bat.bing.com/p/action/5602105.js", "jquery.ui.sortable.min.js.pobrane", "jquery.min.js", "https://js.driftt.com/include/1652585100000/mezhk4858hn8.js", "https://js-agent.newrelic.com/nr-1216.min.js", "xfe-URL-matomo.hetzner.com-stix2-2.1-export.json", "https://www.hotjar.com/persistUtmParams.js", "magnific.css", "https://hybrid-analysis.com/sample/b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b/", "https://www.hostrocket.com/js/jquery.cycle.all.js", "https://domainpeople.com", "style.css", "https://cdn.tynt.com/afsh.js", "https://www.hostrocket.com/js/jquery-1.6.1.min.js", "https://sb.scorecardresearch.com/p?c1=2&c2=6745306&ns_type=hidden&ns_st_sv=5.1.3.160420&ns_st_smv=5.1&ns_st_it=r&ns_st_id=1676508021004&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=hb&ns_st_po=1560430&ns_st_cl=0&ns_st_hc=31&ns_st_mp=js_api&ns_st_mv=5.1.3.160420&ns_st_pn=1&ns_st_tp=0&ns_st_ci=47976339133&ns_st_pt=1560430&ns_st_dpt=360423&ns_st_ipt=60010&ns_st_et=1560430&ns_st_det=360423&ns_st_upc=1560430&ns_st_dupc=360423&ns_st_iupc=60010&ns_st_upa=15604", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "stickybar.js.pobrane", "offcanvas.css", "https://aiff.cdn.bcebos.com/sensors%2Fonline%2Fsa-sdk-javascript-1.14.24%2Fsensorsdata.min.js", "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "map.js.pobrane", "http://www.brechlerinsurance.com/wwblcms/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://px.owneriq.net/stas/s/sholic.js", "https:///livesupport.hetzner.de/resource.php?t=js&1=jsglobal.min.js&2=jsbox.min.js&3=jstrack.min.js&v=ahgzixd7&4=jsextern.min.js", "https://sb.scorecardresearch.com/p?ax_uuid=d247c6142f285bb0488533aa7f2d53c5&c1=9&c2=31864766&ns__t=1676508027511&ns_c=UTF-8&cv=3.1&c8=SecurityWeekly%20-%20Twitch&c7=https%3A%2F%2Fwww.twitch.tv%2Fsecurityweekly&c9=", "https://www.hostrocket.com/js/jquery.tools.min.js", "http://www.brechlerinsurance.com/?gdbc-client=3.1.25-1652585170383", "https://github.com/meetup/swarm-ui", "https://static-cdn.jtvnw.net/jtv_user_pictures/6f4129f6-3750-4c02-b7c8-c88a05064129-profile_image-70x70.png", "http://www.zhuzi.me/zhuzi-statistic.js?path=http%3a%2f%2fwww.zhuzi.me%2f&siteid=62221&referer=", "https://dsms0mj1bbhn4.cloudfront.net/webpack/vendors~header~related-content~share-buttons~site-settings~user-settings~yarpp-header~yarpp-sites~ya~7d559390-c92fe44d0731743b2d8e.js", "xfe-URL-konsoleh.your-server.de-stix2-2.1-export.json", "https://www.hostrocket.com/contact-files/contact-form.js", "https://www.hostrocket.com/css/colorbox.css", "https://www.hostrocket.com/js/jquery.behavior.js", "xfe-IP-136.243.64.87-stix2-2.1-export.json", "original dropped file discovery url", "https://contabo.com/client/client-30e55c50.css", "https://www.googletagmanager.com/gtm.js?id=GTM-KW8B5L", "https://accounts.hetzner.com/build/755.5a8586e9.js", "https://www.google-analytics.com/analytics.js", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/jquery.js", "https://hybrid-analysis.com/sample/37a24095d92c7891cf825aa7d01a01ed2b3d48ecc32a7d09806e41be04b3afa4/62691ac164fa7610811a9984", "search_impl.js.pobrane", "https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "nlsSDK600.bundle.min.js", "xfe-URL-bombora.com-stix2-2.1-export.json", "https://sgoutong.baidu.com/embed/1652930761/asset/embed/css/mobile/main.css", "jquery.cookie.js.pobrane", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://h5.hxcpp100.com/js/linkChange.js", "https://www.dwin1.com/13976.js", "https://www.hotjar.com/_next/static/chunks/webpack-ca4d94cab12a165a123f.js", "finder.css", "jquery.min.js.pobrane", "xfe-URL-ml314.com-stix2-2.1-export.json", "https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js", "pagesettings.js.pobrane", "offcanvas.26.css", "https://l.clarity.ms/s/0.6.34/clarity.js", "https://code.jquery.com/jquery-1.12.0.min.js", "xfe-URL-hostrocket.com-stix2-2.1-export 2.json", "util.js.pobrane", "https://www.hxcpp100.com/js/linkChange.js", "https://sofire.bdstatic.com/js/dfxaf.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.hotjar.com/ensureSegmentId.js", "djmegamenu.26.css", "https://dsms0mj1bbhn4.cloudfront.net/ui-header/loader.js", "https://www.meetup.com/pro_static/en-US/0.f2cf4c3f.js", "https://www.hotjar.com/_next/static/chunks/pages/index-b7f010d5161cd8f6ddab.js", "https://unpkg.com/@optimizely/optimizely-sdk@3.5.0/dist/optimizely.browser.umd.min.js", "css", "https://bam.nr-data.net/1/f37cf8a208?a=1772678&v=1216.487a282&to=dlwNQEdeWVgHSxlDV1JWEBtdXlhR&rst=1074&ck=1&ref=https://www.shareaholic.com/&ap=9&be=11&fe=795&dc=37&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1652584962293,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:0,%22dl%22:6,%22di%22:37,%22ds%22:37,%22de%22:45,%22dc%22:636,%22l%22:793,%22le%22:796%7D,%22navigation%22:%7B%22ty%22:2%7D%7D&fcp=123&jsonp=NREUM.setToken", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-vendors.js", "magnific-init.js.pobrane", "https://www.gov.pl/scripts/bundle.js", "bootstrap.26.css", "geometry.js.pobrane", "https://fast.appcues.com/79878.js", "http://www.gov.pl/web/po-jelenia-gora/", "xfe-URL-shareaholic.com-stix2-2.1-export.json", "https://www.clarity.ms/tag/uet/5739677", "https://konsoleh.your-server.de/templates/ui-default/de/javascripts/jquery/ui/jquery-ui.js", "main.js.pobrane", "tdarr.io", "https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Kiitos", "Ovlcwm", "Documentcookie", "Bomboraconsent", "Buttons};kb(convertedmessage);break;case\"/sys\":var", "Takk", "Photostatus", "Hero stripe", "Invisibleferret", "Qe", "Bnm", "Slotbuilder", "Reduceright", "Activedocument", "Min", "Ajax", "Requestbuilder", "Hammer", "Gc", "Vd", "Acum" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 35, "pulses": [ { "id": "6996fb0c1cd94f2b28366e8f", "name": "Beyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets.", "description": "The Contagious Interview campaign, linked to North Korean threat actors, is currently targeting IT professionals in the cryptocurrency, Web3, and AI sectors, with the intent to steal financial information and sensitive data. This threat employs a two-stage attack that starts with a JavaScript payload, confirming successful infection by sending a beacon to the attackers' command-and-control (C2) servers, and retrieving additional scripts. These secondary payloads include a Python-based malware named InvisibleFerret and two JavaScript files: one to create a remote-access backdoor and another to identify and exfiltrate sensitive files from the victim's system.", "modified": "2026-03-21T11:34:25.575000", "created": "2026-02-19T11:59:08.706000", "tags": [ "javascript", "c2 server", "chrome", "invisibleferret", "metamask wallet", "metamask", "javascript file", "json", "hmac", "beavertail", "python", "config", "seed", "path", "local", "service", "code" ], "references": [ "https://sp4rk.medium.com/beyond-the-backdoor-how-contagious-interview-is-surgically-tampering-with-metamask-wallets-0314ae901d85" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "InvisibleFerret", "display_name": "InvisibleFerret", "target": null } ], "attack_ids": [ { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 15, "domain": 2 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "70 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684c65464466dd19b089f325", "name": "Zesp\u00f3\u0142 Profilaktyki i Rehabilitacji w Janowicach Wielkich - YouTube", "description": "If d=void 0===c,w(\"trustedResourceUrl\",d: \"Trusted resourceUrl,\" thend=c.src,d, c.js, then d:", "modified": "2025-06-13T17:56:28.689000", "created": "2025-06-13T17:52:06.399000", "tags": [ "rehabilitacji w", "youtube tv", "dami jelenia", "tv dami", "jelenia gra", "zakupy wycz", "jeli", "nie korzystasz", "filmy", "aby tego", "copyright", "closure library", "argument", "ifunction", "error", "null", "type", "cast", "webchannel", "su2028u2029", "chrome", "xmlhttp", "kkvoid", "remotecontrol", "android", "unknown", "screen", "desktop", "function", "string", "array", "number", "vfunction", "f8192", "n432", "true", "j2048", "this", "window", "void", "date", "pokau017c", "pytfunction", "fe8function", "qgzfunction", "afunction", "hb28", "r150", "promise", "bigint", "post", "edge", "swhealthlog", "symbol", "trident", "infinity", "embed", "webkitkeyframes", "zoomin", "zoominx", "zoomoutx", "zoominy", "zoomouty", "2000px", "90deg", "20px", "30deg", "30px", "10px", "10deg", "3deg", "5deg", "djmegamenu", "use license", "tabindex", "menu", "close", "msie", "beforechange", "imagehassize", "buildcontrols", "magnific popup", "dmitry semenov", "http", "beforeclose", "afterclose", "open", "next", "open source", "bsd license", "george mcginley", "smith", "djimageslider", "subpackage", "webkit", "khtml", "icab", "countto", "callback", "handler", "object", "typeof", "method", "gnugplv2", "website", "set module", "height script", "regexp", "screenheight", "highcontrast2", "highcontrast3", "highcontrast", "wide", "night", "body", "normalbutton", "cookie plugin", "https", "klaus hartl", "mit license", "register", "nodecommonjs", "factory", "jquery", "write", "sticky bar", "stickybar", "count", "offcanvas", "html", "noscroll", "offcanvas var", "toggle nav", "click jquery", "ajax", "autocomplete", "tomas kirda", "typeof define", "esc27", "tab9", "return13", "left37", "up38", "twitter", "custom version", "joomla", "rolemenu", "boolean", "get adobe", "flash player", "title", "text", "typeof data", "typeof s", "accept", "width", "foundation", "backspace8", "comma188", "delete46", "down40", "end35", "enter13", "escape27", "value", "migrate", "backcompat", "quirks mode", "typeof f", "xtablet768", "document", "ui sortable", "leftright", "gnu general", "public license", "dddddd", "ffffcc", "eeeeee", "verdana", "geneva", "arial", "helvetica", "f0f0f0", "sans", "charset", "utf8", "fontawesome", "typeof b", "pseudo", "child", "sufeffxa0", "class", "attr", "general slider", "slide", "rgba", "navigation", "15deg", "300px", "20deg", "transition", "scale", "baskerville", "main image", "bdbdbd", "f3f3f3", "remove", "fontface", "woff2", "u0131", "u01520153", "u02bb02bc", "u02c6", "u02da", "u02dc", "u0304", "dirrtl", "msviewport", "href", "span", "legend", "halflings", "fieldset", "typeimage", "f2f2f2", "d9edf7", "dff0d8", "f2dede", "thead", "tbody", "tahoma", "00a0", "video", "script", "2500", "xnew ita", "dnew jta", "dataset", "orfunction", "prfunction", "nsafunction", "xsafunction", "vrfunction", "cakes", "ovbfunction", "pvbfunction", "rvbfunction", "qvbfunction", "tvbfunction", "uvbfunction", "vvbclass", "xvbclass", "yvbclass", "svbclass", "lvafunction", "ggfunction", "mvafunction", "ovafunction", "pvafunction", "uvafunction", "tvafunction", "qvafunction", "vvafunction", "nvaclass", "dark", "vector", "yy49", "raster", "roboto", "new tk", "qael", "przechyl", "mars", "mercury", "venus", "pluto", "titan", "weakset", "wfclass", "googlelayer", "uint8array", "weakmap", "5001", "mouseevent", "webassembly", "180180", "9090", "google maps", "javascript api", "internal", "small", "lightrail", "false", "february", "light", "hybrid", "bounce", "drop", "inside", "outside", "marker", "gc" ], "references": [ "embed.html", "ad_status.js.pobrane", "f5Y41t9wqY4.html", "cast_sender.js.pobrane", "remote.js.pobrane", "sw3VTUzeRvWIVwvWSyk6S5gHWPxOOwU1OxerozmN4Hw.js.pobrane", "embed.js.pobrane", "www-embed-player.js.pobrane", "animate.ext.css", "animate.min.css", "jquery.djmegamenu.js.pobrane", "jquery.djmobilemenu.js.pobrane", "magnific.js.pobrane", "jquery.easing.min.js.pobrane", "slider.js.pobrane", "jquery.countTo.js.pobrane", "scripts.js.pobrane", "magnific-init.js.pobrane", "pagesettings.js.pobrane", "jquery.cookie.js.pobrane", "stickybar.js.pobrane", "fontswitcher.js.pobrane", "offcanvas.js.pobrane", "jquery.autocomplete.min.js.pobrane", "bootstrap.min.js.pobrane", "jcemediabox.js.pobrane", "jquery.ui.core.min.js.pobrane", "jquery-migrate.min.js.pobrane", "layout.min.js.pobrane", "jquery.ui.sortable.min.js.pobrane", "caption.js.pobrane", "finder.css", "jquery-noconflict.js.pobrane", "djmegamenu.26.css", "animations.css", "djmobilemenu.css", "jquery.min.js.pobrane", "djimageslider.css", "offcanvas.css", "magnific.css", "font_switcher.26.css", "css", "template_responsive.26.css", "offcanvas.26.css", "bootstrap_responsive.26.css", "extended_layouts.26.css", "style.css", "content.css", "template.26.css", "bootstrap.26.css", "jcemediabox.css", "js", "onion.js.pobrane", "search_impl.js.pobrane", "overlay.js.pobrane", "map.js.pobrane", "util.js.pobrane", "search.js.pobrane", "common.js.pobrane", "geometry.js.pobrane", "main.js.pobrane" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2779, "hostname": 661, "domain": 684, "email": 4, "FileHash-MD5": 1, "FileHash-SHA256": 689 }, "indicator_count": 4818, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "351 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761887bac8548ef81857a50", "name": "Prokuratura Okr\u0119gowa w Jeleniej G\u00f3rze - Prokuratura Okr\u0119gowa w Jeleniej G\u00f3rze - Portal Gov.pl", "description": "Wstecz prasowy wedi dweud wrthod wybodaeth iawnydd i'wodraethol i gwadu i us\u0142ug.", "modified": "2025-05-14T20:58:17.341000", "created": "2024-12-17T14:19:39.155000", "tags": [ "jeleniej grze", "jelenia gra", "prokuratury", "prokuratura", "usugi dla", "okrgowa", "przejd", "logowanie", "profil zaufany", "strona", "string", "date", "sufeffxa0", "regexp", "matomo", "please", "blob", "null", "tag manager", "link", "typeerror", "typeof symbol", "error", "typeof t", "copyright", "jorik tangelder", "mit license", "zamknij", "nastpne zdjcie", "trace", "hammer", "crlf", "v2 dokument", "plik dokumentu", "dane", "unicode", "utf8", "z bom", "dziennik zdarze", "ms windows", "vista" ], "references": [ "https://www.gov.pl/web/po-jelenia-gora/", "http://www.gov.pl/web/po-jelenia-gora/", "https://matomo.www.gov.pl/analytics/js/container_68lYTZ79.js", "https://www.gov.pl/scripts/bundle.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Hammer", "display_name": "Hammer", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 1, "hostname": 179, "domain": 46, "URL": 340, "FileHash-SHA256": 23, "FileHash-MD5": 47, "FileHash-SHA1": 3 }, "indicator_count": 639, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "381 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65709786808aed5d8ee43d19", "name": "auto_open_controller.js - all the things using this .js file ;-(", "description": "", "modified": "2023-12-06T15:47:18.949000", "created": "2023-12-06T15:47:18.949000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 380, "URL": 802, "domain": 245, "hostname": 231, "FileHash-MD5": 5, "FileHash-SHA1": 1 }, "indicator_count": 1664, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708ef0cdb40fa0e7d239ca", "name": "either emotet or a part of it", "description": "", "modified": "2023-12-06T15:10:40.867000", "created": "2023-12-06T15:10:40.867000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 342, "hostname": 456, "domain": 349, "URL": 1730, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2879, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e178755574d9812e4c9", "name": "Followed lead to brechlerinsurance.com", "description": "", "modified": "2023-12-06T15:07:03.528000", "created": "2023-12-06T15:07:03.528000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 1329, "domain": 2068, "hostname": 4185, "URL": 12454, "email": 1, "FileHash-MD5": 3, "FileHash-SHA1": 1 }, "indicator_count": 20043, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708dff34f37412488dda2a", "name": "Digital Ocean", "description": "", "modified": "2023-12-06T15:06:38.991000", "created": "2023-12-06T15:06:38.991000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-SHA256": 703, "domain": 734, "URL": 5116, "hostname": 1266, "email": 3 }, "indicator_count": 7823, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708cbc25cf0a3e497cffb4", "name": "npm.elemcdn.com/alist-web", "description": "", "modified": "2023-12-06T15:01:16.961000", "created": "2023-12-06T15:01:16.961000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA256": 149, "hostname": 174, "URL": 344, "domain": 72, "FileHash-MD5": 55, "FileHash-SHA1": 51 }, "indicator_count": 847, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c45f8a517d76d776231", "name": "Malware - reliablesite.net", "description": "", "modified": "2023-12-06T14:59:17.346000", "created": "2023-12-06T14:59:17.346000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 238, "domain": 565, "hostname": 827, "URL": 2233 }, "indicator_count": 3863, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c13ee010f81d3f9b3af", "name": "Malware hosting - hostrocket.com", "description": "", "modified": "2023-12-06T14:58:27.115000", "created": "2023-12-06T14:58:27.115000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 232, "hostname": 963, "domain": 412, "URL": 2337, "email": 3, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3949, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "this.store", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "this.store", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780226962.264568 }