{ "type": "Domain", "indicator": "ul.menu", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ul.menu", "alexa": "http://www.alexa.com/siteinfo/ul.menu", "indicator": "ul.menu", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3153337656, "indicator": "ul.menu", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627ee9ff7d36c1432328ebe7", "name": "\u041b\u0438\u043d\u0438\u044f \u043f\u043e\u043c\u043e\u0449\u0438 \u00ab\u0414\u0435\u0442\u0438 \u043e\u043d\u043b\u0430\u0439\u043d\u00bb \u2014 \u0424\u043e\u043d\u0434 \u0420\u0430\u0437\u0432\u0438\u0442\u0438\u044f \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 FID.SU", "description": "Foundation for Internet development \u2013 Soviet Union", "modified": "2022-06-12T00:06:23.557000", "created": "2022-05-13T23:30:07.788000", "tags": [ "cecece", "e9031d", "domen su", "font awesome", "license", "bootstrap", "sil open", "font license", "less", "sass", "mit license", "cc by", "dave gandy", "contact", "twitter", "class", "regexp", "null", "array", "pseudo", "child", "x20trnf", "name", "attr", "cfunction", "error", "block", "last", "parent", "blogger", "diary", "digg", "evernote", "facebook", "google plus", "juick", "linkedin", "liveinternet", "livejournal", "youtube", "function", "width", "date", "accept", "gc", "65535", "boolean", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "ecommerce", "ext link", "form", "impact", "light" ], "references": [ "http://www.fid.su/projects/detionline", "http://mc.yandex.ru/metrika/watch.js", "xfe-IP-172.247.55.179-stix2-2.1-export.json", "xfe-URL-cnservers.com-stix2-2.1-export.json", "xfe-URL-Ceranetworks.com-stix2-2.1-export 2.json", "http://www.youtube.com/embed/Bo_238D72rw?rel=0", "http://yandex.st/share/share.js", "http://www.fid.su/js/toggleTree.js", "http://www.fid.su/js/show.js", "http://www.fid.su/js/jquery-1.8.2.min.js", "http://cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.css", "http://www.fid.su/css/index.css" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia" ], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1817, "hostname": 705, "domain": 381, "FileHash-SHA256": 201, "email": 2 }, "indicator_count": 3106, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62751d6e20ce7971fe122760", "name": "layerhost.com", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T13:06:54.626000", "tags": [ "typeerror", "function", "string", "urlsearchparams", "array", "object", "typeof t", "incorrect", "boolean", "iterator", "target", "error", "typeof o", "date", "typeof symbol", "window", "promise", "iere", "typeof ne", "null", "body", "this", "regexp", "please", "blob", "matomo", "post", "javascript", "link", "license", "info", "campaigns", "storagetest", "typeof json", "sufeffxa0", "typeof c", "document", "invalid attempt", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again", "attrs", "cparseint", "dparseint", "bparseint", "9999px", "fparseint", "eparseint", "bnull", "gparseint", "iparseint", "blank", "trident", "fixedpos", "fixedheader", "click", "rotate", "dataslider", "eventtarget", "basicstructure", "moztransition", "gthis", "preventdefault", "bthis", "regexcss", "xthis", "true", "filterizr api", "filterizr", "value", "ease", "steps", "idle", "classcallcheck", "reveal", "init", "drilldown", "dropdown", "dropdownmenu", "orbit", "slider", "burn", "sticky", "keyboard", "eventkey", "apple cmd", "mapping", "mouse", "input", "cache", "button", "checkbox", "shift", "typeof b", "pseudo", "child", "class", "attr", "void", "secure", "result" ], "references": [ "xfe-IP-134.73.11.118-stix2-2.1-export.json", "xfe-URL-Powr.io-stix2-2.1-export 2.json", "xfe-URL-Layerhost.com-stix2-2.1-export.json", "xfe-URL-https___www.gandi.net-stix2-2.1-export.json", "https://www.powr.io/powr.js?platform=html", "https://www.layerhost.com/assets/js/vendor/jquery.min.js", "https://www.layerhost.com/assets/js/vendor/what-input.js", "https://www.layerhost.com/assets/js/vendor/foundation.min.js", "https://www.layerhost.com/assets/js/jquery.filterizr.min.js", "https://www.layerhost.com/assets/js/yui.js", "https://www.layerhost.com/assets/js/app.js", "https://www.layerhost.com/assets/js/slider.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://tag.aticdn.net/616708/smarttag.js", "https://analytics.gandi.net/piwik.js", "https://www.gandi.net/static/js/modern.27ee934b0dc5.js", "https://www.gandi.net/static/js/legacy.7cc648e3ff7a.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "EventTarget", "display_name": "EventTarget", "target": null }, { "id": "Filterizr API", "display_name": "Filterizr API", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 350, "URL": 2035, "hostname": 718, "FileHash-SHA256": 355, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3461, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62609c764fab13bbe96613f8", "name": "Pegasus - pegtech.com", "description": "New RegExp:function(a,b), a new type, has its own built-up property, as well as an ability to store information in place when it is not already available.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T23:51:18.734000", "tags": [ "fontface", "woff", "sans", "woff2", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "datasecret", "chrome", "opredge", "isoperaedge", "opera", "browsername", "gecko", "iphone", "body", "srchttp", "strhashchange", "software", "sectionindex", "srchttps", "etslidertimer", "copyright", "typeof define", "etslidesnumber", "columns", "date", "error", "cowboy", "function", "placeheld", "customevent", "click", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "null", "form", "fast", "false", "path", "next", "video lightbox", "plugin", "expand", "previous", "setposition", "isset", "srcyoutube", "srcvimeo", "image", "lightbox clone", "stephane caron", "typeof therel", "regexp", "play", "close", "pseudo", "child", "typeof b", "array", "sufeffxa0", "class", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75" ], "references": [ "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 856, "domain": 190, "hostname": 364, "FileHash-SHA256": 216 }, "indicator_count": 1626, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://use.fortawesome.com/03018d9d.js", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css", "http://www.youtube.com/embed/Bo_238D72rw?rel=0", "http://www.fid.su/projects/detionline", "xfe-IP-134.73.11.118-stix2-2.1-export.json", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://j.clarity.ms/s/0.6.34/clarity.js", "http://www.fid.su/css/index.css", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20", "https://www.youtube.com/iframe_api", "https://munchkin.marketo.net/161/munchkin.js", "https://tag.aticdn.net/616708/smarttag.js", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "xfe-URL-Layerhost.com-stix2-2.1-export.json", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://www.powr.io/powr.js?platform=html", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://app-lon04.marketo.com/index.php/form/XDFrame", "xfe-URL-Ceranetworks.com-stix2-2.1-export 2.json", "https://www.layerhost.com/assets/js/slider.js", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "http://yandex.st/share/share.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "xfe-URL-Powr.io-stix2-2.1-export 2.json", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://bat.bing.com/bat.js", "https://www.layerhost.com/assets/js/vendor/foundation.min.js", "xfe-IP-172.247.55.179-stix2-2.1-export.json", "https://www.gandi.net/static/js/legacy.7cc648e3ff7a.js", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "xfe-URL-https___www.gandi.net-stix2-2.1-export.json", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "http://www.fid.su/js/toggleTree.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "https://munchkin.marketo.net/munchkin.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://bat.bing.com/p/action/5602105.js", "http://cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.css", "https://www.layerhost.com/assets/js/yui.js", "xfe-URL-cnservers.com-stix2-2.1-export.json", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://www.layerhost.com/assets/js/app.js", "http://mc.yandex.ru/metrika/watch.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.gandi.net/static/js/modern.27ee934b0dc5.js", "https://www.layerhost.com/assets/js/vendor/what-input.js", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://analytics.gandi.net/piwik.js", "https://www.googleadservices.com/pagead/conversion_async.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://www.layerhost.com/assets/js/vendor/jquery.min.js", "http://www.fid.su/js/jquery-1.8.2.min.js", "https://www.layerhost.com/assets/js/jquery.filterizr.min.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "http://www.fid.su/js/show.js", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Filterizr api", "Acum", "Vd", "Gc", "Wipes", "Eventtarget", "Kiitos", "Buttons};kb(convertedmessage);break;case\"/sys\":var", "Reduceright", "Ajax", "Takk" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627ee9ff7d36c1432328ebe7", "name": "\u041b\u0438\u043d\u0438\u044f \u043f\u043e\u043c\u043e\u0449\u0438 \u00ab\u0414\u0435\u0442\u0438 \u043e\u043d\u043b\u0430\u0439\u043d\u00bb \u2014 \u0424\u043e\u043d\u0434 \u0420\u0430\u0437\u0432\u0438\u0442\u0438\u044f \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 FID.SU", "description": "Foundation for Internet development \u2013 Soviet Union", "modified": "2022-06-12T00:06:23.557000", "created": "2022-05-13T23:30:07.788000", "tags": [ "cecece", "e9031d", "domen su", "font awesome", "license", "bootstrap", "sil open", "font license", "less", "sass", "mit license", "cc by", "dave gandy", "contact", "twitter", "class", "regexp", "null", "array", "pseudo", "child", "x20trnf", "name", "attr", "cfunction", "error", "block", "last", "parent", "blogger", "diary", "digg", "evernote", "facebook", "google plus", "juick", "linkedin", "liveinternet", "livejournal", "youtube", "function", "width", "date", "accept", "gc", "65535", "boolean", "counter", "typeof c", "segoe ui", "typeerror", "lucida", "ecommerce", "ext link", "form", "impact", "light" ], "references": [ "http://www.fid.su/projects/detionline", "http://mc.yandex.ru/metrika/watch.js", "xfe-IP-172.247.55.179-stix2-2.1-export.json", "xfe-URL-cnservers.com-stix2-2.1-export.json", "xfe-URL-Ceranetworks.com-stix2-2.1-export 2.json", "http://www.youtube.com/embed/Bo_238D72rw?rel=0", "http://yandex.st/share/share.js", "http://www.fid.su/js/toggleTree.js", "http://www.fid.su/js/show.js", "http://www.fid.su/js/jquery-1.8.2.min.js", "http://cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.css", "http://www.fid.su/css/index.css" ], "public": 1, "adversary": "", "targeted_countries": [ "New Caledonia" ], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1817, "hostname": 705, "domain": 381, "FileHash-SHA256": 201, "email": 2 }, "indicator_count": 3106, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62751d6e20ce7971fe122760", "name": "layerhost.com", "description": "function ra(a,b,c,d,e,f, a new type of node, which can only be defined by its own type, is the same as its current type.", "modified": "2022-06-05T00:03:45.266000", "created": "2022-05-06T13:06:54.626000", "tags": [ "typeerror", "function", "string", "urlsearchparams", "array", "object", "typeof t", "incorrect", "boolean", "iterator", "target", "error", "typeof o", "date", "typeof symbol", "window", "promise", "iere", "typeof ne", "null", "body", "this", "regexp", "please", "blob", "matomo", "post", "javascript", "link", "license", "info", "campaigns", "storagetest", "typeof json", "sufeffxa0", "typeof c", "document", "invalid attempt", "chat", "search", "language", "feel", "file", "call", "strongstart", "address", "again", "attrs", "cparseint", "dparseint", "bparseint", "9999px", "fparseint", "eparseint", "bnull", "gparseint", "iparseint", "blank", "trident", "fixedpos", "fixedheader", "click", "rotate", "dataslider", "eventtarget", "basicstructure", "moztransition", "gthis", "preventdefault", "bthis", "regexcss", "xthis", "true", "filterizr api", "filterizr", "value", "ease", "steps", "idle", "classcallcheck", "reveal", "init", "drilldown", "dropdown", "dropdownmenu", "orbit", "slider", "burn", "sticky", "keyboard", "eventkey", "apple cmd", "mapping", "mouse", "input", "cache", "button", "checkbox", "shift", "typeof b", "pseudo", "child", "class", "attr", "void", "secure", "result" ], "references": [ "xfe-IP-134.73.11.118-stix2-2.1-export.json", "xfe-URL-Powr.io-stix2-2.1-export 2.json", "xfe-URL-Layerhost.com-stix2-2.1-export.json", "xfe-URL-https___www.gandi.net-stix2-2.1-export.json", "https://www.powr.io/powr.js?platform=html", "https://www.layerhost.com/assets/js/vendor/jquery.min.js", "https://www.layerhost.com/assets/js/vendor/what-input.js", "https://www.layerhost.com/assets/js/vendor/foundation.min.js", "https://www.layerhost.com/assets/js/jquery.filterizr.min.js", "https://www.layerhost.com/assets/js/yui.js", "https://www.layerhost.com/assets/js/app.js", "https://www.layerhost.com/assets/js/slider.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/languages/en.js", "https://embed.tawk.to/_s/v4/app/625d36b405c/js/twk-chunk-2d0d2b7c.js", "https://tag.aticdn.net/616708/smarttag.js", "https://analytics.gandi.net/piwik.js", "https://www.gandi.net/static/js/modern.27ee934b0dc5.js", "https://www.gandi.net/static/js/legacy.7cc648e3ff7a.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "EventTarget", "display_name": "EventTarget", "target": null }, { "id": "Filterizr API", "display_name": "Filterizr API", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 350, "URL": 2035, "hostname": 718, "FileHash-SHA256": 355, "CVE": 1, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3461, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62609c764fab13bbe96613f8", "name": "Pegasus - pegtech.com", "description": "New RegExp:function(a,b), a new type, has its own built-up property, as well as an ability to store information in place when it is not already available.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T23:51:18.734000", "tags": [ "fontface", "woff", "sans", "woff2", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "datasecret", "chrome", "opredge", "isoperaedge", "opera", "browsername", "gecko", "iphone", "body", "srchttp", "strhashchange", "software", "sectionindex", "srchttps", "etslidertimer", "copyright", "typeof define", "etslidesnumber", "columns", "date", "error", "cowboy", "function", "placeheld", "customevent", "click", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "null", "form", "fast", "false", "path", "next", "video lightbox", "plugin", "expand", "previous", "setposition", "isset", "srcyoutube", "srcvimeo", "image", "lightbox clone", "stephane caron", "typeof therel", "regexp", "play", "close", "pseudo", "child", "typeof b", "array", "sufeffxa0", "class", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75" ], "references": [ "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 856, "domain": 190, "hostname": 364, "FileHash-SHA256": 216 }, "indicator_count": 1626, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f3287d722d8d85700b75d", "name": "Leaseweb.com - malware hosting", "description": "function D(t,e,n), as well as window.com, has been frozen by a single function, as part of a series of \"snoopers' checks\"...", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T22:07:03.024000", "tags": [ "11px center", "html", "typetext", "typeurl", "typeemail", "typetel", "typenumber", "typedate", "color", "marketo forms", "cross domain", "null", "click", "forceclose", "lightbox", "slideshow", "controls", "hide", "safari", "image", "mozilla", "explorer", "entity", "linear", "date", "jquery", "iframe", "close", "loops", "class", "stretch", "false", "function", "abbb", "typeerror", "boolean", "body", "object", "array", "regexp", "bind", "error", "void", "hammer", "form", "this", "views slideshow", "zindex1", "ajax", "href", "default", "thumb", "msgesture", "mspointerdown", "next", "stop", "type", "index", "event", "snapabugcbmbtn", "chat", "hidden", "leaf", "open", "dump", "window", "win32", "footer", "front", "drupal", "command", "implement", "copyright", "route", "foundation", "thecookie", "remove", "example", "backport", "grab", "span", "import", "attr", "string", "invalid json", "domparser", "number", "script", "closure library", "symbol", "array int8array", "caregexp", "legacy", "boardman", "fontface", "typeof d", "promise", "parseint", "marketo", "rangeerror", "uint8array", "typeof b", "buffer", "path", "takk", "kiitos", "buttons};kb(convertedmessage);break;case\"/sys\":var", "acum", "ufunction", "ffunction", "gfunction", "mchtd", "cancel", "thank", "enter", "please", "cobrowsing", "accept", "decline", "back", "comment", "grazie", "klik", "super", "dados", "hello", "vd", "reduceright", "trackevent", "lead", "query", "videos", "leaseweb", "trackpageview", "contact", "download", "metal", "code", "functional", "member", "hnew regexp", "qfunction", "adview", "addbillinginfo", "addtocart", "addtolist", "install", "cookiebot", "iabv2", "jsonversion", "cookie script", "methodstrict", "ticket", "id attribute", "cookiebot setup", "cookieconsent", "customevent", "09af", "ver0", "tag0", "extdata0", "ua ch", "invalid", "iterator", "service", "phonenumber", "facebook", "meta", "ytconfig", "edge", "swhealthlog", "logsdatabasev2", "trident", "android", "infinity", "pnull", "style", "ctnull", "post", "uint32array", "fanull", "license", "ynull", "config" ], "references": [ "https://consent.cookiebot.com/1e27dadb-e278-4c02-aa4f-43f9222c4fbb/cc.js?renew=false&referer=www.leaseweb.com&culture=en&dnt=false", "https://j.clarity.ms/s/0.6.34/clarity.js", "https://www.google-analytics.com/plugins/ua/linkid.js", "https://www.youtube.com/s/player/19eb72e4/www-widgetapi.vflset/www-widgetapi.js", "https://www.youtube.com/iframe_api", "https://connect.facebook.net/signals/config/399164440484826?v=2.9.57&r=stable", "https://bat.bing.com/bat.js", "https://consent.cookiebot.com/uc.js?cbid=1e27dadb-e278-4c02-aa4f-43f9222c4fbb&culture=en", "https://snap.licdn.com/li.lms-analytics/insight.min.js", "https://www.googletagmanager.com/gtm.js?id=GTM-NWPHSS", "https://storage.googleapis.com/snapengage-eu/js/e9219576-8f74-40b5-8b6f-bbad33f6ca57.js", "https://munchkin.marketo.net/161/munchkin.js", "https://app-lon04.marketo.com/js/forms2/js/forms2.min.js", "https://munchkin.marketo.net/munchkin.js", "https://www.leaseweb.com/sites/all/modules/custom/lsw_marketo/js/lsw_marketo_forms.js", "https://use.fortawesome.com/03018d9d.js", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1001847692/?random=1650405011980&cv=9&fst=1650405011980&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/952389962/?random=1650405011982&cv=9&fst=1650405011982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.leaseweb.com%2F&tiba=Leaseweb%20%7C%20Global%20Hosted%20Infrastructure%20(IaaS)%20and%20Cloud%20Solutions&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://eu.snapengage.com/chatjs/ServiceGetConfig?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://eu.snapengage.com/chatjs/servicegetproactivegeodata?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57", "https://bat.bing.com/p/action/5602105.js", "https://eu.snapengage.com/chatjs/servicegetallavailableagents?w=e9219576-8f74-40b5-8b6f-bbad33f6ca57&t=1", "https://www.googleadservices.com/pagead/conversion_async.js", "https://www.leaseweb.com/sites/default/files/js/js_kwxcSFD2Y0_BPtdJClYUy5H8THI_5EycUmIgIGWaGYs.js", "https://www.leaseweb.com/sites/default/files/js/js_wcSNEXVJ4Xjhkf8qhMguEPZJTDTMNmPaJM-YWdAOhQE.js", "https://www.leaseweb.com/sites/default/files/js/js_kI_QwKJlaBz9CzQdENdUBFiEl4aehfjf4_-9taiwcCE.js", "https://www.leaseweb.com/sites/default/files/js/js_zoLA7TweXam0kYiqJrXepqBWmyDoP1sLSlHoZcveFnY.js", "https://www.leaseweb.com/sites/default/files/js/js_6FowaFXT9bT78hf9earPdGcdTmvsFiaBzKgFl9P4fSo.js", "https://www.leaseweb.com/sites/default/files/js/js_6lTJ_m6ahwXas7Efbw8ZYEMSaecrGw8ilNALfvIPNUw.js", "https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxsfu&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=511b6f48-2639-478c-a251-b09fcbae76e7&tw_document_href=https%3A%2F%2Fwww.leaseweb.com%2F&tpx_cb=twttr.conversion.loadPixels", "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE", "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", "https://app-lon04.marketo.com/index.php/form/XDFrame", "https://app-lon04.marketo.com/js/forms2/css/forms2-theme-plain.css", "https://www.leaseweb.com/sites/default/files/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css", "https://www.leaseweb.com/sites/default/files/css/css_7CYF9En6DNp6AojfSKnT8USKR3GvzPwznmTqLTKT9VM.css" ], "public": 1, "adversary": "", "targeted_countries": [ "Tunisia" ], "malware_families": [ { "id": "Ajax", "display_name": "Ajax", "target": null }, { "id": "Kiitos", "display_name": "Kiitos", "target": null }, { "id": "Takk", "display_name": "Takk", "target": null }, { "id": "Acum", "display_name": "Acum", "target": null }, { "id": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "display_name": "buttons};kb(convertedMessage);break;case\"/SYS\":var", "target": null }, { "id": "Vd", "display_name": "Vd", "target": null }, { "id": "ReduceRight", "display_name": "ReduceRight", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 648, "domain": 469, "URL": 2037, "FileHash-SHA256": 705, "email": 7 }, "indicator_count": 3866, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1474 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ul.menu", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ul.menu", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780316671.940714 }