{ "type": "Domain", "indicator": "x.map", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/x.map", "alexa": "http://www.alexa.com/siteinfo/x.map", "indicator": "x.map", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2811756346, "indicator": "x.map", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "69cf21c05e91f60db7f6ed64", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:12.197000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cf21c0e67b23d631499583", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:12.886000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cf21c1d1238f23716a11f6", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:13.985000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657093ebb4721854f28870a1", "name": "http://www.appasamy.com/", "description": "", "modified": "2023-12-06T15:31:54.924000", "created": "2023-12-06T15:31:54.924000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 110, "domain": 99, "URL": 584, "FileHash-SHA256": 195, "FileHash-MD5": 17, "FileHash-SHA1": 13 }, "indicator_count": 1018, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e254b734f1efd8bd0ad", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "", "modified": "2023-12-06T15:07:17.380000", "created": "2023-12-06T15:07:17.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1645, "URL": 8598, "domain": 1004, "hostname": 2066, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "636da8bf97228c80948e1569", "name": "http://www.appasamy.com/", "description": "", "modified": "2022-12-11T01:02:56.441000", "created": "2022-11-11T01:43:27.750000", "tags": [ "option", "okdate", "centos", "gmtetag", "windows nt", "null", "islands", "size", "copy md5", "copy sha1", "span", "date", "click", "bounce", "error", "meta", "galaxy", "this", "strings", "contact", "body", "alliance", "hybrid", "general", "hosts", "indonesia", "mexico", "panama", "paraguay", "lucia", "slovak", "ukraine", "uruguay", "form", "april", "tiny", "super", "supra", "iframe", "albania", "armenia", "belarus", "burkina", "chad", "christmas", "cuba", "czech", "hotkey", "android", "class", "core" ], "references": [ "malicious Threat Score: 100/100AV Detection: Marked as cleanLabeled as: Phishing site Link Twitter E-Mail http://www.appasamy.com/ This report is generated from a file or URL submitted to this webservice on November 10th 2022 16:26:16 (UTC) and action script Default browser analysis Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1 Report generated by Falcon Sandbox v9.4.2 \u00a9 Hybrid Analysis Overview Downloads External Reports Re-analyze Hash Not Seen Before Req" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 195, "URL": 584, "hostname": 110, "domain": 99, "FileHash-MD5": 17, "FileHash-SHA1": 13 }, "indicator_count": 1018, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1268 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bae3907b3833e45735b6b2", "name": "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yyhByYeMTAc.O/m=gapi_iframes", "description": "", "modified": "2022-06-28T11:26:26.927000", "created": "2022-06-28T11:18:40.632000", "tags": [ "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yyh" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 40, "URL": 881, "hostname": 353, "domain": 85, "URI": 1 }, "indicator_count": 1360, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1434 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280921bfbaf2aace62511f1", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "Alibaba", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T05:39:39.040000", "tags": [ "typeerror", "object", "typeof t", "symbol", "typeof e", "typeof self", "webpackrequire", "typeof n", "json", "math", "body", "copyright", "apoorv saxena", "typeof", "typeof define", "detect ie", "typeof document", "substring", "\u963f\u91cc\u5df4\u5df4\uff0c1688\uff0c\u5fae\u5546\uff0c\u5fae\u5e97\uff0c\u8d27\u6e90\uff0c\u5973\u88c5\u6279\u53d1\uff0c\u7537\u88c5\uff0cb2b\uff0c\u6279\u53d1\uff0c\u91c7\u8d2d", "typeof symbol", "promise", "error", "date", "createclass", "array", "this", "typeof lib", "null", "mozilla", "regexp", "typeof require", "xmlhttprequest", "license", "xdomainrequest", "aplusscore", "s1e4", "cfunction", "html5", "span", "button", "android", "jupdate", "void", "webview", "kraken", "nundefined", "xfunction", "zfunction", "chrome", "xuexi", "nullj", "area", "mtopwvplugin", "activexobject", "post", "options", "function", "head", "delete", "false", "trace", "patch", "unknown", "alipay", "ff6a00", "opacity100", "opacity0", "f2f3f7", "e6e7eb", "f7f8fa", "helvetica neue", "helvetica", "tahoma", "arial", "\u963f\u91cc\u5df4\u5df4\uff0c\u91c7\u8d2d\u6279\u53d1\uff0c1688\uff0c\u884c\u4e1a\u95e8\u6237\uff0c\u7f51\u4e0a\u8d38\u6613\uff0cb2b\uff0c\u7535\u5b50\u5546\u52a1\uff0c\u5185\u8d38\uff0c\u5916\u8d38\uff0c\u6279\u53d1\uff0c\u884c\u4e1a\u8d44\u8baf\uff0c\u7f51\u4e0a\u8d38\u6613\uff0c\u7f51\u4e0a\u4ea4\u6613\uff0c\u4ea4\u6613\u5e02\u573a\uff0c\u5728", "1688", "1000", "yunos", "lazada", "http response", "gmt contenttype", "vary" ], "references": [ "xfe-URL-1688.com-stix2-2.1-export.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "http://polyfill.alicdn.com/", "xfe-URL-Alijk.com-stix2-2.1-export.json", "http://i.alicdn.com/", "http://is.alicdn.com/", "http://1688.com/", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8598, "hostname": 2066, "domain": 1004, "FileHash-SHA256": 1645, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62533b237cd21dc7f697b28f", "name": "Spam url", "description": "If you're going to use this link to create a new section of the document, try t;s=a.getElementsByTagName(\"a\") on its first page, if you want to.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T20:16:35.003000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "date", "function", "param", "length", "month", "string", "array", "object", "paramname", "typeof e", "regexp", "typeof n", "null", "typeof t", "width", "error", "typeof r", "pseudo", "class", "this", "accept" ], "references": [ "xfe-URL-zwkummixdtxwilxc.com-stix2-2.1-export.json", "http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js", "http://zwkummixdtxwilxc.com/scripts/common.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "http://zwkummixdtxwilxc.com/freespace/iget/sp/smp-scripts.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 332, "URL": 845, "domain": 106, "FileHash-SHA256": 18 }, "indicator_count": 1301, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62506e1f615fe69349e8381c", "name": "Chinese coffee . Not a teapot", "description": "The full text:function(e,t), as well as the full description of the text, has been added to the end of this article:x.support.com..t.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T17:17:19.670000", "tags": [ "f9fafb", "f1f1f1", "contact", "livechat", "javascript", "typeof e", "livechatwidget", "error", "ticket form", "boolean", "prechat survey", "postchat survey", "typeerror", "typeof n", "chat", "void", "blank", "window", "win32", "iframe", "popid", "type", "lalala", "object", "icon", "xclayer", "itype", "id function", "date", "event", "isettimeout", "jsettimeout", "hsetinterval", "http", "copyright", "hnull", "inull", "jnull", "rfunction", "sfunction", "regexp", "function", "null", "typeof t", "width", "typeof r", "pseudo", "class", "this", "accept" ], "references": [ "https://cvtrdqp.com/js/jquery.min.js", "https://cvtrdqp.com/js/jquery.SuperSlide.2.1.js", "xfe-URL-cvtrdqp.com-stix2-2.1-export.json", "https://cvtrdqp.com/js/login.js?a=3", "https://cvtrdqp.com/js/xcConfirm.js", "https://cdn.livechatinc.com/tracking.js", "https://secure.livechatinc.com/customer/action/open_chat?license_id=12157005&group=0&embedded=1&widget_version=3&unique_groups=0", "https://cvtrdqp.com/style/index.css", "https://cvtrdqp.com/style/cgwl_online.css", "https://direct.lc.chat/12157005/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 413, "URL": 1090, "FileHash-SHA256": 70, "domain": 182, "FileHash-MD5": 1 }, "indicator_count": 1756, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625088e80292028d4e82311c", "name": "Botnet-malware -lgmhgjm.com", "description": "The full list of names and names of people who have taken part in the 2016 Olympics and Paralympics in Rio de Janeiro, Brazil, as part of the Rio Games, and as well as the 2017 Olympics in Brazil.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T19:11:36.165000", "tags": [ "function", "param", "object", "return", "webpackrequire", "constructor", "clipboard", "typeof", "symbol", "typeerror", "error", "click", "null", "copy", "factory", "super", "date", "target", "mustflag", "html", "applewebkit", "ipad", "mqqbrowser", "base", "trident", "presto", "gecko", "khtml", "ios android", "android", "array", "2f2f2i2i0f", "eh0g", "exptable", "logtable", "typeof h", "typeof e", "regexp", "typeof n", "typeof t", "width", "typeof r", "pseudo", "class", "this", "accept", "false", "https", "zeno rocha", "typeof define", "select", "input", "textarea", "0x455d", "0x34260b", "0x4ce9d1", "avge", "tung", "3ctz", "n33m", "0x514351", "hn4d", "0x70c2f4", "push", "shift", "baidu", "instanceof", "adjust", "body", "nulli", "windowi", "typeof jquery", "tthis", "mspointerdown", "child", "sfunction", "microsoft yahei", "arial", "x20trnf", "version", "swiper", "most", "copyright", "mit license", "october", "win32", "meta", "parsefloat", "androidgi", "iphonegi", "\u77ed\u89c6\u9891", "\u641e\u7b11\u89c6\u9891", "\u89c6\u9891\u5206\u4eab", "\u514d\u8d39\u89c6\u9891", "\u5728\u7ebf\u89c6\u9891", "\u9884\u544a\u7247", "wifi", "saol", "fc2ppv12518005", "oretd633riana01", "hodv sex", "orec37502", "06inn01", "siro2661ol2401", "garea742kou01", "175cm9av", "attr", "typeof symbol", "root", "length", "indexof", "x0ax20x20x20x20", "location", "math", "0x10", "0x18", "history", "config", "slice", "cookie", "open", "onload", "adunit", "refresh", "style", "position", "creativetplid", "show", "tcmod", "tcheight", "height", "yahei", "truetype", "f8f8f8", "typeof module", "reserved", "18hdxxxx\u4e2d\u56fd", "\u5973\u4e3b\u7a7f\u8d8a\u88ab\u8089\u6765\u8089\u53bbnp", "\u7537\u753718\u7981\u6c61\u8089\u56fe\u65e0\u7801", "\u65e0\u7801\u4e9a\u6d32\u6210a\u4eba\u7247\u5728\u7ebf\u89c2\u770b", "ore572s04", "ore572s03", "ore572s02", "ore572s01", "fc2ppv117430501", "cmi1513707", "cmi1513706", "cmi1513705", "cmi1513704", "cmi1513703", "\u514d\u8d39\u89c6\u9891\u7231\u7231\u592a\u723d\u4e86\u7f51\u7ad9_\u8001\u8272\u9b3c\u5728\u7ebf\u7cbe\u54c1\u89c6\u9891\u5728\u7ebf\u89c2\u770b_\u767d\u6d01\u4e00\u591c\u88ab\u723d\u4e86\u4e03\u6b21_\u5fd8\u4e86\u6234\u80f8\u7f69\u88ab\u540c\u5b66\u6478\u4e86\u4e00\u8282\u8bfe", "viewport" ], "references": [ "xfe-URL-lgmhgjm.com-stix2-2.0-export.json", "http://www.lgmhgjm.com/common.js", "http://www.lgmhgjm.com/tj.js", "http://www.sp385.com/", "http://avtv10.com", "http://9766.tv", "https://xc.6xc.tv/?channelCode=xiaosu03_8", "https://app.okoockec.xyz:8443/apps/v2/index1/0c1d6cd4e9634a3d?m=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZzByUjNpMUczaEt0Sk5sZmVNSE44NEhjVDlDOVFTM2xEcm5pM1dIWG9UM1FBSklpR1phN01teTZOcjFxVVJIWVlhZnJPQkE9IiwiZXhwIjoxNjQ5NDQ0NDcyfQ.utSNnRI7C9FuWMUxhY4cufCJBIuHUk5vdk8Dj6WnXYs", "https://xc.6xc.tv/js/jquery-3.6.0.min.js", "https://xc.6xc.tv/css/index.css", "https://xctg07.cc/?channelCode=xiaosu03_8", "https://ad.abilm.info/bid?url=http%3A%2F%2Fkniveb.info%2F&frm=0&ref=http%3A%2F%2Fwww.sp385.com%2F&ic=1&pl=0&ml=0&sid=105:80:104:111:110:101:58:50:53:48:50:50:51:49:53:54:58:51:58:51:57:48:46:56:52:52&ps=20030107&lgs=0&zo=240&ws=390x844&gdm=0&iw=1&cpn=0&fid=5d80d32079e9fdb035e4886c32c6612e&hl=2&ihn=0&md=1&ns=undefined&np=undefined&pj=0&top=650&left=0&id=47&rid=ec5a07ef8f3e3f2c25ba75c7da106dcc&dcc=&dcl=&gvd=Apple%20Inc.&grr=Apple%20GPU&ct=unknown&diit=&dit=&cmn=", "http://sdk.51.la/js-sdk-pro.min.js", "http://sdk.51.la/event/js-sdk-event.min.js?u=JYWHYgTN1B6iZ5P2", "http://kniveb.info/template/9c/ads/gonggao.js", "http://kniveb.info/", "https://koban360.com/ky/?shareName=1736.com", "https://koban360.com/ky/js/flexible.js", "https://koban360.com/ky/js/swiper.min.js", "https://koban360.com/ky/js/jquery.min.js", "https://koban360.com/ky/css/m.css?vs=1.7", "https://libs.baidu.com/jquery/2.0.0/jquery.min.js", "https://xbt.0lunwen.com/3/js/flexible.js", "https://xbt.0lunwen.com/boinstall.js", "https://miaouuuc.com/?channelCode=852890&aid=852890", "https://miaouuuc.com/template/static/js/clipborad.min.js", "https://am96.vip/", "https://unpkg.com/jquery-1.10.2@1.10.2/jquery-1.10.2.min.js", "https://unpkg.com/jquery.qrcode@1.0.3/jquery.qrcode.min.js", "https://www.gootft.com/js/app.base.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://www.gootft.com/js/poplayer.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://unpkg.com/clipboard@2.0.8/dist/clipboard.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 482, "URL": 1383, "FileHash-SHA256": 104, "domain": 199, "FileHash-MD5": 2, "FileHash-SHA1": 1 }, "indicator_count": 2171, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "624f768bb257582b153f1da4", "name": "Botnet \u2014 38.63.160.2", "description": "The full text:function(e,t), as well as the full description of the text, has been added to the end of this article:x.support.com..t.", "modified": "2022-05-07T00:03:18.570000", "created": "2022-04-07T23:40:59.781000", "tags": [ "https", "array", "typeof e", "regexp", "function", "typeof n", "null", "typeof t", "width", "error", "typeof r", "pseudo", "date", "class", "this", "accept", "image" ], "references": [ "https://zz.bdstatic.com/linksubmit/push.js", "https://cdn.bootcss.com/jquery/1.10.2/jquery.min.js", "https://www.010test.com/js/360.js", "https://www.010test.com/js/baidu.js", "https://www.010test.com/js/jquery.3.5.3.min.m.js", "xfe-IP-38.63.160.2-stix2-2.0-export.json" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 315, "URL": 811, "FileHash-SHA256": 60, "domain": 86, "FileHash-MD5": 2 }, "indicator_count": 1274, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1486 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "http://9766.tv", "https://cvtrdqp.com/js/xcConfirm.js", "http://sdk.51.la/js-sdk-pro.min.js", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://ad.abilm.info/bid?url=http%3A%2F%2Fkniveb.info%2F&frm=0&ref=http%3A%2F%2Fwww.sp385.com%2F&ic=1&pl=0&ml=0&sid=105:80:104:111:110:101:58:50:53:48:50:50:51:49:53:54:58:51:58:51:57:48:46:56:52:52&ps=20030107&lgs=0&zo=240&ws=390x844&gdm=0&iw=1&cpn=0&fid=5d80d32079e9fdb035e4886c32c6612e&hl=2&ihn=0&md=1&ns=undefined&np=undefined&pj=0&top=650&left=0&id=47&rid=ec5a07ef8f3e3f2c25ba75c7da106dcc&dcc=&dcl=&gvd=Apple%20Inc.&grr=Apple%20GPU&ct=unknown&diit=&dit=&cmn=", "xfe-URL-lgmhgjm.com-stix2-2.0-export.json", "http://www.sp385.com/", "http://polyfill.alicdn.com/", "http://kniveb.info/", "https://am96.vip/", "https://cvtrdqp.com/js/login.js?a=3", "https://miaouuuc.com/template/static/js/clipborad.min.js", "https://xc.6xc.tv/?channelCode=xiaosu03_8", "http://zwkummixdtxwilxc.com/freespace/iget/sp/smp-scripts.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "https://direct.lc.chat/12157005/", "https://cvtrdqp.com/style/cgwl_online.css", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%", "https://miaouuuc.com/?channelCode=852890&aid=852890", "https://zz.bdstatic.com/linksubmit/push.js", "https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css", "https://koban360.com/ky/js/flexible.js", "http://1688.com/", "xfe-URL-cvtrdqp.com-stix2-2.1-export.json", "https://www.gootft.com/js/app.base.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "https://cvtrdqp.com/js/jquery.min.js", "xfe-URL-1688.com-stix2-2.1-export.json", "https://cvtrdqp.com/js/jquery.SuperSlide.2.1.js", "https://cvtrdqp.com/style/index.css", "https://unpkg.com/jquery-1.10.2@1.10.2/jquery-1.10.2.min.js", "http://zwkummixdtxwilxc.com/scripts/common.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "http://www.lgmhgjm.com/tj.js", "https://xbt.0lunwen.com/3/js/flexible.js", "https://www.010test.com/js/jquery.3.5.3.min.m.js", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "https://www.gootft.com/js/poplayer.js;jsessionid=20F7490B81FBD25B0DE24EE1076D230D", "http://is.alicdn.com/", "http://i.alicdn.com/", "https://cdn.livechatinc.com/tracking.js", "https://cdn.bootcss.com/jquery/1.10.2/jquery.min.js", "http://sdk.51.la/event/js-sdk-event.min.js?u=JYWHYgTN1B6iZ5P2", "https://koban360.com/ky/css/m.css?vs=1.7", "https://koban360.com/ky/js/swiper.min.js", "xfe-URL-zwkummixdtxwilxc.com-stix2-2.1-export.json", "https://koban360.com/ky/?shareName=1736.com", "https://www.010test.com/js/360.js", "https://unpkg.com/clipboard@2.0.8/dist/clipboard.js", "xfe-IP-38.63.160.2-stix2-2.0-export.json", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://libs.baidu.com/jquery/2.0.0/jquery.min.js", "https://xctg07.cc/?channelCode=xiaosu03_8", "malicious Threat Score: 100/100AV Detection: Marked as cleanLabeled as: Phishing site Link Twitter E-Mail http://www.appasamy.com/ This report is generated from a file or URL submitted to this webservice on November 10th 2022 16:26:16 (UTC) and action script Default browser analysis Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1 Report generated by Falcon Sandbox v9.4.2 \u00a9 Hybrid Analysis Overview Downloads External Reports Re-analyze Hash Not Seen Before Req", "xfe-URL-Alijk.com-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "https://xc.6xc.tv/js/jquery-3.6.0.min.js", "http://kniveb.info/template/9c/ads/gonggao.js", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://xbt.0lunwen.com/boinstall.js", "https://www.010test.com/js/baidu.js", "https://unpkg.com/jquery.qrcode@1.0.3/jquery.qrcode.min.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "http://www.lgmhgjm.com/common.js", "http://avtv10.com", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js", "https://app.okoockec.xyz:8443/apps/v2/index1/0c1d6cd4e9634a3d?m=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiZzByUjNpMUczaEt0Sk5sZmVNSE44NEhjVDlDOVFTM2xEcm5pM1dIWG9UM1FBSklpR1phN01teTZOcjFxVVJIWVlhZnJPQkE9IiwiZXhwIjoxNjQ5NDQ0NDcyfQ.utSNnRI7C9FuWMUxhY4cufCJBIuHUk5vdk8Dj6WnXYs", "http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://xc.6xc.tv/css/index.css", "https://secure.livechatinc.com/customer/action/open_chat?license_id=12157005&group=0&embedded=1&widget_version=3&unique_groups=0", "https://koban360.com/ky/js/jquery.min.js", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "69cf21c05e91f60db7f6ed64", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:12.197000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cf21c0e67b23d631499583", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:12.886000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cf21c1d1238f23716a11f6", "name": "VirusTotal report\n for LEDPMKLECHMKJNGJILBFPOGIEHJBEMKJ_3_0_2_0.crx", "description": "A full report on the results of an analysis of a Google Chrome extension, found in the system's memory, has been published online by the University of Glasgow, Scotland, and the National Security Agency (NSA).", "modified": "2026-05-03T02:18:13.483000", "created": "2026-04-03T02:11:13.985000", "tags": [ "file type", "svg scalable", "vector graphics", "crlf line", "ascii text", "performs dns", "png image", "rgba", "extra info", "sigma", "persistence", "malicious", "next", "fcfcfc", "a57bfc", "c5c6fc", "path", "cname", "dns tcp", "udp http", "smtp irc", "icmp name", "response", "nxdomain" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182332&Signature=Xp72bxydgpZ9NgLXV8g1uDJHZ8EUYhy4nqoLGz%2Bh0xoVg3BTq8x0TTFd2Yzzf7nTrREGSvgsL%2BAze%2F%2BynLQFKemQRaJjJvaK1zMdH6y2DhvPyI8gnZcOYdSJTRqEySyE8oR2qveCl85EFiqZ6h%2Fi1k7BfnQ5JBcSRwfyWVmvjaw11sN8hGrAoARJGgs8G1TeXg7evq1TANq0AsmNRp22VNwxTV0ybOoO%2FsRRerzCvQxY2Wdk%2BeKYE1qL", "https://vtbehaviour.commondatastorage.googleapis.com/000191c1c0d6d324e39789005b1f9851b00a7d709dee3b4d180e9fa0bcfd326f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775182346&Signature=XW5qXy9c7zeqGji%2BJtDga4Y7nDZRclI%2FAvwBQCD%2BqVIXyDtTRgNW7n1FjQXwabAMcf5mAt79yx%2FR3w4itjJfZzUgpU7%2B%2BZXq59iQUl88rhWA7NMvGeGKO4bkcHoQPmrJxXtKnzqJrIxqUwygkbti6kHQ3drQZP8FMYevJ6fUbuR6TkIq2jOioIMcjUVg8uC9%2F6LmmBRINXgcd%2FNhS946HKXdlZq7awFoOV7VR%2Fkfiur%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 42, "URL": 30, "FileHash-MD5": 39, "FileHash-SHA1": 39, "domain": 34, "hostname": 71 }, "indicator_count": 255, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657093ebb4721854f28870a1", "name": "http://www.appasamy.com/", "description": "", "modified": "2023-12-06T15:31:54.924000", "created": "2023-12-06T15:31:54.924000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 110, "domain": 99, "URL": 584, "FileHash-SHA256": 195, "FileHash-MD5": 17, "FileHash-SHA1": 13 }, "indicator_count": 1018, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e254b734f1efd8bd0ad", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "", "modified": "2023-12-06T15:07:17.380000", "created": "2023-12-06T15:07:17.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1645, "URL": 8598, "domain": 1004, "hostname": 2066, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "908 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "636da8bf97228c80948e1569", "name": "http://www.appasamy.com/", "description": "", "modified": "2022-12-11T01:02:56.441000", "created": "2022-11-11T01:43:27.750000", "tags": [ "option", "okdate", "centos", "gmtetag", "windows nt", "null", "islands", "size", "copy md5", "copy sha1", "span", "date", "click", "bounce", "error", "meta", "galaxy", "this", "strings", "contact", "body", "alliance", "hybrid", "general", "hosts", "indonesia", "mexico", "panama", "paraguay", "lucia", "slovak", "ukraine", "uruguay", "form", "april", "tiny", "super", "supra", "iframe", "albania", "armenia", "belarus", "burkina", "chad", "christmas", "cuba", "czech", "hotkey", "android", "class", "core" ], "references": [ "malicious Threat Score: 100/100AV Detection: Marked as cleanLabeled as: Phishing site Link Twitter E-Mail http://www.appasamy.com/ This report is generated from a file or URL submitted to this webservice on November 10th 2022 16:26:16 (UTC) and action script Default browser analysis Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1 Report generated by Falcon Sandbox v9.4.2 \u00a9 Hybrid Analysis Overview Downloads External Reports Re-analyze Hash Not Seen Before Req" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 195, "URL": 584, "hostname": 110, "domain": 99, "FileHash-MD5": 17, "FileHash-SHA1": 13 }, "indicator_count": 1018, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1268 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62bae3907b3833e45735b6b2", "name": "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yyhByYeMTAc.O/m=gapi_iframes", "description": "", "modified": "2022-06-28T11:26:26.927000", "created": "2022-06-28T11:18:40.632000", "tags": [ "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.yyh" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 40, "URL": 881, "hostname": 353, "domain": 85, "URI": 1 }, "indicator_count": 1360, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1434 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280921bfbaf2aace62511f1", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "Alibaba", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T05:39:39.040000", "tags": [ "typeerror", "object", "typeof t", "symbol", "typeof e", "typeof self", "webpackrequire", "typeof n", "json", "math", "body", "copyright", "apoorv saxena", "typeof", "typeof define", "detect ie", "typeof document", "substring", "\u963f\u91cc\u5df4\u5df4\uff0c1688\uff0c\u5fae\u5546\uff0c\u5fae\u5e97\uff0c\u8d27\u6e90\uff0c\u5973\u88c5\u6279\u53d1\uff0c\u7537\u88c5\uff0cb2b\uff0c\u6279\u53d1\uff0c\u91c7\u8d2d", "typeof symbol", "promise", "error", "date", "createclass", "array", "this", "typeof lib", "null", "mozilla", "regexp", "typeof require", "xmlhttprequest", "license", "xdomainrequest", "aplusscore", "s1e4", "cfunction", "html5", "span", "button", "android", "jupdate", "void", "webview", "kraken", "nundefined", "xfunction", "zfunction", "chrome", "xuexi", "nullj", "area", "mtopwvplugin", "activexobject", "post", "options", "function", "head", "delete", "false", "trace", "patch", "unknown", "alipay", "ff6a00", "opacity100", "opacity0", "f2f3f7", "e6e7eb", "f7f8fa", "helvetica neue", "helvetica", "tahoma", "arial", "\u963f\u91cc\u5df4\u5df4\uff0c\u91c7\u8d2d\u6279\u53d1\uff0c1688\uff0c\u884c\u4e1a\u95e8\u6237\uff0c\u7f51\u4e0a\u8d38\u6613\uff0cb2b\uff0c\u7535\u5b50\u5546\u52a1\uff0c\u5185\u8d38\uff0c\u5916\u8d38\uff0c\u6279\u53d1\uff0c\u884c\u4e1a\u8d44\u8baf\uff0c\u7f51\u4e0a\u8d38\u6613\uff0c\u7f51\u4e0a\u4ea4\u6613\uff0c\u4ea4\u6613\u5e02\u573a\uff0c\u5728", "1688", "1000", "yunos", "lazada", "http response", "gmt contenttype", "vary" ], "references": [ "xfe-URL-1688.com-stix2-2.1-export.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "http://polyfill.alicdn.com/", "xfe-URL-Alijk.com-stix2-2.1-export.json", "http://i.alicdn.com/", "http://is.alicdn.com/", "http://1688.com/", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8598, "hostname": 2066, "domain": 1004, "FileHash-SHA256": 1645, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62533b237cd21dc7f697b28f", "name": "Spam url", "description": "If you're going to use this link to create a new section of the document, try t;s=a.getElementsByTagName(\"a\") on its first page, if you want to.", "modified": "2022-05-10T00:02:48.350000", "created": "2022-04-10T20:16:35.003000", "tags": [ "font awesome", "license", "font", "sil ofl", "mit license", "woff2", "woff", "truetype", "fontawesome", "date", "function", "param", "length", "month", "string", "array", "object", "paramname", "typeof e", "regexp", "typeof n", "null", "typeof t", "width", "error", "typeof r", "pseudo", "class", "this", "accept" ], "references": [ "xfe-URL-zwkummixdtxwilxc.com-stix2-2.1-export.json", "http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js", "http://zwkummixdtxwilxc.com/scripts/common.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "http://zwkummixdtxwilxc.com/freespace/iget/sp/smp-scripts.js;jsessionid=49C4ABEEF57E0BB22AFB15BE647DEF57", "https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 332, "URL": 845, "domain": 106, "FileHash-SHA256": 18 }, "indicator_count": 1301, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1483 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62506e1f615fe69349e8381c", "name": "Chinese coffee . Not a teapot", "description": "The full text:function(e,t), as well as the full description of the text, has been added to the end of this article:x.support.com..t.", "modified": "2022-05-08T00:03:14.586000", "created": "2022-04-08T17:17:19.670000", "tags": [ "f9fafb", "f1f1f1", "contact", "livechat", "javascript", "typeof e", "livechatwidget", "error", "ticket form", "boolean", "prechat survey", "postchat survey", "typeerror", "typeof n", "chat", "void", "blank", "window", "win32", "iframe", "popid", "type", "lalala", "object", "icon", "xclayer", "itype", "id function", "date", "event", "isettimeout", "jsettimeout", "hsetinterval", "http", "copyright", "hnull", "inull", "jnull", "rfunction", "sfunction", "regexp", "function", "null", "typeof t", "width", "typeof r", "pseudo", "class", "this", "accept" ], "references": [ "https://cvtrdqp.com/js/jquery.min.js", "https://cvtrdqp.com/js/jquery.SuperSlide.2.1.js", "xfe-URL-cvtrdqp.com-stix2-2.1-export.json", "https://cvtrdqp.com/js/login.js?a=3", "https://cvtrdqp.com/js/xcConfirm.js", "https://cdn.livechatinc.com/tracking.js", "https://secure.livechatinc.com/customer/action/open_chat?license_id=12157005&group=0&embedded=1&widget_version=3&unique_groups=0", "https://cvtrdqp.com/style/index.css", "https://cvtrdqp.com/style/cgwl_online.css", "https://direct.lc.chat/12157005/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 413, "URL": 1090, "FileHash-SHA256": 70, "domain": 182, "FileHash-MD5": 1 }, "indicator_count": 1756, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1485 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "x.map", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "x.map", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780336011.4044924 }