diff --git "a/threat_data/latest_threat_analysis.json" "b/threat_data/latest_threat_analysis.json" new file mode 100644--- /dev/null +++ "b/threat_data/latest_threat_analysis.json" @@ -0,0 +1,5504 @@ +{ + "indicator": { + "value": "5d41402abc4b2a76b9719d911017c592", + "indicator_type": "hash", + "confidence": 0.0, + "first_seen": null, + "last_seen": null, + "sources": [] + }, + "last_updated": "2025-10-24T00:13:20.638324", + "raw_data": [ + { + "source": "AlienVault OTX", + "malicious": true, + "pulse_count": 33, + "pulses": [ + { + "id": "65e7b62b8b3e9dffa8942439", + "name": "InQuest - 05-03-2024", + "description": "", + "modified": "2024-04-05T00:01:18.374000", + "created": "2024-03-06T00:17:47.770000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 38, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 8, + "FileHash-MD5": 83, + "URL": 793, + "hostname": 122, + "domain": 75, + "FileHash-SHA256": 244 + }, + "indicator_count": 1325, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1426, + "modified_text": "567 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65e5141cc27e1d6dd15450dd", + "name": "InQuest - 03-03-2024", + "description": "", + "modified": "2024-04-03T00:00:41.385000", + "created": "2024-03-04T00:21:48.740000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 11, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 38, + "FileHash-MD5": 113, + "URL": 453, + "hostname": 92, + "domain": 86, + "FileHash-SHA256": 303 + }, + "indicator_count": 1085, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1425, + "modified_text": "569 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65e3c2baa6afd26c4eb31ede", + "name": "InQuest - 02-03-2024", + "description": "", + "modified": "2024-04-02T00:02:07.533000", + "created": "2024-03-03T00:22:18.953000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 14, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 8, + "FileHash-MD5": 76, + "URL": 886, + "hostname": 129, + "domain": 96, + "FileHash-SHA256": 243 + }, + "indicator_count": 1438, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1426, + "modified_text": "570 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65e2719c1dc6aea056d0a025", + "name": "InQuest - 01-03-2024", + "description": "", + "modified": "2024-04-01T00:00:42.552000", + "created": "2024-03-02T00:23:56.467000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 16, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 16, + "FileHash-MD5": 78, + "URL": 489, + "hostname": 102, + "domain": 82, + "FileHash-SHA256": 453 + }, + "indicator_count": 1220, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1427, + "modified_text": "571 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65e11fc5417f01c74aac5e26", + "name": "InQuest - 29-02-2024", + "description": "", + "modified": "2024-03-31T00:02:39.987000", + "created": "2024-03-01T00:22:29.945000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 19, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 38, + "FileHash-MD5": 115, + "URL": 461, + "hostname": 94, + "domain": 90, + "FileHash-SHA256": 295 + }, + "indicator_count": 1093, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1425, + "modified_text": "572 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65dfce59f15a735d5012c665", + "name": "InQuest - 28-02-2024", + "description": "", + "modified": "2024-03-30T00:00:17.016000", + "created": "2024-02-29T00:22:48.996000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 15, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA1": 38, + "FileHash-MD5": 119, + "URL": 451, + "hostname": 96, + "domain": 88, + "FileHash-SHA256": 304 + }, + "indicator_count": 1096, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1426, + "modified_text": "573 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "6570983ab0c9761d653cad53", + "name": "InQuest - 07-03-2023", + "description": "", + "modified": "2023-12-06T15:50:18.674000", + "created": "2023-12-06T15:50:18.674000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 3, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 296, + "domain": 1005, + "URL": 1638, + "FileHash-MD5": 19, + "FileHash-SHA256": 238, + "FileHash-SHA1": 13 + }, + "indicator_count": 3209, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708ee4e69d8c30c04154d0", + "name": "develapp.me - weglot.com", + "description": "", + "modified": "2023-12-06T15:10:28.836000", + "created": "2023-12-06T15:10:28.836000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 75, + "domain": 265, + "hostname": 482, + "URL": 731, + "FileHash-MD5": 4, + "FileHash-SHA1": 1, + "email": 1 + }, + "indicator_count": 1559, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708dfa19bd18aae60d6d2d", + "name": "Jivosite - jivochat \u2014 it\u2019s in the App Store", + "description": "", + "modified": "2023-12-06T15:06:33.629000", + "created": "2023-12-06T15:06:33.629000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "CVE": 1, + "FileHash-SHA256": 110, + "hostname": 874, + "URL": 1663, + "domain": 239, + "FileHash-MD5": 1, + "FileHash-SHA1": 1 + }, + "indicator_count": 2889, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708cac217e290594a79ecb", + "name": "188.166.154.118", + "description": "", + "modified": "2023-12-06T15:01:00.949000", + "created": "2023-12-06T15:01:00.949000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 162, + "hostname": 494, + "domain": 375, + "URL": 1404, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708ca99b684204a04e0b36", + "name": "188.166.154.118", + "description": "", + "modified": "2023-12-06T15:00:57.293000", + "created": "2023-12-06T15:00:57.293000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 162, + "hostname": 494, + "domain": 375, + "URL": 1404, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708ca60be7cea12070cd6e", + "name": "188.166.154.118", + "description": "", + "modified": "2023-12-06T15:00:54.743000", + "created": "2023-12-06T15:00:54.743000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 162, + "hostname": 494, + "domain": 375, + "URL": 1404, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708c8f50527fb73205bfca", + "name": "Dreamhost.com - Drift Widget", + "description": "", + "modified": "2023-12-06T15:00:31.809000", + "created": "2023-12-06T15:00:31.809000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 174, + "domain": 464, + "URL": 1119, + "hostname": 156, + "FileHash-MD5": 2, + "FileHash-SHA1": 1 + }, + "indicator_count": 1916, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708c1c5e2cc4dfe8d0ed97", + "name": "CPANEL-TUCOWS \u2014malware hosting", + "description": "", + "modified": "2023-12-06T14:58:36.254000", + "created": "2023-12-06T14:58:36.254000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 815, + "hostname": 3487, + "domain": 1182, + "URL": 10194, + "FileHash-MD5": 3, + "FileHash-SHA1": 1 + }, + "indicator_count": 15682, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708c01dca4e6c505e4fca0", + "name": "Hostgator - whitelisted", + "description": "", + "modified": "2023-12-06T14:58:09.135000", + "created": "2023-12-06T14:58:09.135000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 692, + "hostname": 1339, + "domain": 1260, + "URL": 4622, + "FileHash-MD5": 3, + "FileHash-SHA1": 1 + }, + "indicator_count": 7917, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "65708b6e599404c47f2aba15", + "name": "Malware", + "description": "", + "modified": "2023-12-06T14:55:42.864000", + "created": "2023-12-06T14:55:42.864000", + "tags": [], + "references": [], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 2, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "StreamMiningEx", + "id": "262917", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 268, + "domain": 202, + "FileHash-SHA256": 154, + "URL": 845, + "FileHash-MD5": 6, + "FileHash-SHA1": 1 + }, + "indicator_count": 1476, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 101, + "modified_text": "687 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "6409afcab217cb6b3998e03f", + "name": "Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities - Check Point Research", + "description": "A report by Check Point Research looks at a long-running Chinese cyber-espionage campaign targeting government entities in Southeast Asia in the early 20th Century, and identifies a new family of malware.", + "modified": "2023-04-08T10:07:20.530000", + "created": "2023-03-09T10:07:06.434000", + "tags": [ + "soul", + "insikt", + "redfoxtrot", + "victorydll", + "sharp panda", + "c server", + "southeast", + "soul framework", + "soulsearcher", + "soul backdoor", + "downloader", + "c communication", + "byte", + "dword", + "null", + "indonesia", + "config", + "zero", + "service", + "win32" + ], + "references": [ + "https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/" + ], + "public": 1, + "adversary": "Soul", + "targeted_countries": [ + "Thailand", + "Indonesia", + "Viet Nam" + ], + "malware_families": [ + { + "id": "Sharp Panda", + "display_name": "Sharp Panda", + "target": null + }, + { + "id": "VictoryDll", + "display_name": "VictoryDll", + "target": null + }, + { + "id": "Soul", + "display_name": "Soul", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1055", + "name": "Process Injection", + "display_name": "T1055 - Process Injection" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1070", + "name": "Indicator Removal on Host", + "display_name": "T1070 - Indicator Removal on Host" + }, + { + "id": "T1033", + "name": "System Owner/User Discovery", + "display_name": "T1033 - System Owner/User Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery", + "display_name": "T1082 - System Information Discovery" + }, + { + "id": "T1106", + "name": "Native API", + "display_name": "T1106 - Native API" + }, + { + "id": "T1104", + "name": "Multi-Stage Channels", + "display_name": "T1104 - Multi-Stage Channels" + }, + { + "id": "T1566", + "name": "Phishing", + "display_name": "T1566 - Phishing" + } + ], + "industries": [ + "Healthcare", + "Defense", + "Government" + ], + "TLP": "white", + "cloned_from": null, + "export_count": 6, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "jeffchandy", + "id": "215558", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_215558/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-MD5": 15, + "FileHash-SHA1": 14, + "FileHash-SHA256": 23, + "URL": 1, + "hostname": 1 + }, + "indicator_count": 54, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 56, + "modified_text": "929 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "6407d4ace1f5b8e869e81883", + "name": "InQuest - 07-03-2023", + "description": "", + "modified": "2023-04-07T00:02:49.630000", + "created": "2023-03-08T00:19:56.069000", + "tags": [], + "references": [ + "https://labs.inquest.net/iocdb" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "green", + "cloned_from": null, + "export_count": 6, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "api", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunterAutoFeed", + "id": "182496", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 296, + "URL": 1638, + "domain": 1005, + "FileHash-SHA256": 238, + "FileHash-MD5": 19, + "FileHash-SHA1": 13 + }, + "indicator_count": 3209, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 1425, + "modified_text": "931 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "64072872f32eb3e6bc75199d", + "name": "Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities - Check Point Research", + "description": "A report by Check Point Research on Chinese cyber-espionage attacks targeting government entities in Southeast Asia shows that a new family of malware has been developed and used by an APT group with Chinese origins.", + "modified": "2023-04-06T12:04:03.364000", + "created": "2023-03-07T12:05:06.611000", + "tags": [ + "soul", + "insikt", + "redfoxtrot", + "victorydll", + "sharp panda", + "c server", + "southeast", + "soul framework", + "soulsearcher", + "soul backdoor", + "downloader", + "c communication", + "byte", + "dword", + "null", + "indonesia", + "config", + "zero", + "service", + "win32" + ], + "references": [ + "https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/" + ], + "public": 1, + "adversary": "Soul", + "targeted_countries": [ + "Thailand", + "Indonesia", + "Viet Nam" + ], + "malware_families": [ + { + "id": "Sharp Panda", + "display_name": "Sharp Panda", + "target": null + }, + { + "id": "VictoryDll", + "display_name": "VictoryDll", + "target": null + }, + { + "id": "Soul", + "display_name": "Soul", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1055", + "name": "Process Injection", + "display_name": "T1055 - Process Injection" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1070", + "name": "Indicator Removal on Host", + "display_name": "T1070 - Indicator Removal on Host" + }, + { + "id": "T1033", + "name": "System Owner/User Discovery", + "display_name": "T1033 - System Owner/User Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery", + "display_name": "T1082 - System Information Discovery" + }, + { + "id": "T1106", + "name": "Native API", + "display_name": "T1106 - Native API" + }, + { + "id": "T1104", + "name": "Multi-Stage Channels", + "display_name": "T1104 - Multi-Stage Channels" + }, + { + "id": "T1566", + "name": "Phishing", + "display_name": "T1566 - Phishing" + } + ], + "industries": [ + "Healthcare", + "Defense", + "Government" + ], + "TLP": "white", + "cloned_from": null, + "export_count": 10, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "CyberHunter_NL", + "id": "171283", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-MD5": 15, + "FileHash-SHA1": 14, + "FileHash-SHA256": 23, + "URL": 1, + "hostname": 1 + }, + "indicator_count": 54, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 781, + "modified_text": "931 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "640859e330396abbf6620577", + "name": "PANDAS WITH A SOUL: CHINESE ESPIONAGE ATTACKS AGAINST SOUTHEAST ASIAN GOVERNMENT ENTITIES", + "description": "", + "modified": "2023-04-06T12:04:03.364000", + "created": "2023-03-08T09:48:19.138000", + "tags": [ + "soul", + "insikt", + "redfoxtrot", + "victorydll", + "sharp panda", + "c server", + "southeast", + "soul framework", + "soulsearcher", + "soul backdoor", + "downloader", + "c communication", + "byte", + "dword", + "null", + "indonesia", + "config", + "zero", + "service", + "win32" + ], + "references": [ + "https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/" + ], + "public": 1, + "adversary": "Soul", + "targeted_countries": [ + "Thailand", + "Indonesia", + "Viet Nam" + ], + "malware_families": [ + { + "id": "Sharp Panda", + "display_name": "Sharp Panda", + "target": null + }, + { + "id": "VictoryDll", + "display_name": "VictoryDll", + "target": null + }, + { + "id": "Soul", + "display_name": "Soul", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1055", + "name": "Process Injection", + "display_name": "T1055 - Process Injection" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1070", + "name": "Indicator Removal on Host", + "display_name": "T1070 - Indicator Removal on Host" + }, + { + "id": "T1033", + "name": "System Owner/User Discovery", + "display_name": "T1033 - System Owner/User Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery", + "display_name": "T1082 - System Information Discovery" + }, + { + "id": "T1106", + "name": "Native API", + "display_name": "T1106 - Native API" + }, + { + "id": "T1104", + "name": "Multi-Stage Channels", + "display_name": "T1104 - Multi-Stage Channels" + }, + { + "id": "T1566", + "name": "Phishing", + "display_name": "T1566 - Phishing" + } + ], + "industries": [ + "Healthcare", + "Defense", + "Government" + ], + "TLP": "white", + "cloned_from": "64072872f32eb3e6bc75199d", + "export_count": 7, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "ChaiPatti", + "id": "217274", + "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_217274/resized/80/avatar_3b9c358f36.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-MD5": 15, + "FileHash-SHA1": 14, + "FileHash-SHA256": 23, + "URL": 1, + "hostname": 1 + }, + "indicator_count": 54, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 70, + "modified_text": "931 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "64098a198c825d92cf06fff5", + "name": "Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian ", + "description": "", + "modified": "2023-04-06T12:04:03.364000", + "created": "2023-03-09T07:26:17.008000", + "tags": [ + "soul", + "insikt", + "redfoxtrot", + "victorydll", + "sharp panda", + "c server", + "southeast", + "soul framework", + "soulsearcher", + "soul backdoor", + "downloader", + "c communication", + "byte", + "dword", + "null", + "indonesia", + "config", + "zero", + "service", + "win32" + ], + "references": [ + "https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/" + ], + "public": 1, + "adversary": "Soul", + "targeted_countries": [ + "Thailand", + "Indonesia", + "Viet Nam" + ], + "malware_families": [ + { + "id": "Sharp Panda", + "display_name": "Sharp Panda", + "target": null + }, + { + "id": "VictoryDll", + "display_name": "VictoryDll", + "target": null + }, + { + "id": "Soul", + "display_name": "Soul", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1055", + "name": "Process Injection", + "display_name": "T1055 - Process Injection" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1070", + "name": "Indicator Removal on Host", + "display_name": "T1070 - Indicator Removal on Host" + }, + { + "id": "T1033", + "name": "System Owner/User Discovery", + "display_name": "T1033 - System Owner/User Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery", + "display_name": "T1082 - System Information Discovery" + }, + { + "id": "T1106", + "name": "Native API", + "display_name": "T1106 - Native API" + }, + { + "id": "T1104", + "name": "Multi-Stage Channels", + "display_name": "T1104 - Multi-Stage Channels" + }, + { + "id": "T1566", + "name": "Phishing", + "display_name": "T1566 - Phishing" + } + ], + "industries": [ + "Healthcare", + "Defense", + "Government" + ], + "TLP": "white", + "cloned_from": "64072872f32eb3e6bc75199d", + "export_count": 3, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "tr2222200", + "id": "207905", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-MD5": 15, + "FileHash-SHA1": 14, + "FileHash-SHA256": 23, + "URL": 1, + "hostname": 1 + }, + "indicator_count": 54, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 175, + "modified_text": "931 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "64098a1cb6115e6872b2bd28", + "name": "Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian ", + "description": "", + "modified": "2023-04-06T12:04:03.364000", + "created": "2023-03-09T07:26:20.350000", + "tags": [ + "soul", + "insikt", + "redfoxtrot", + "victorydll", + "sharp panda", + "c server", + "southeast", + "soul framework", + "soulsearcher", + "soul backdoor", + "downloader", + "c communication", + "byte", + "dword", + "null", + "indonesia", + "config", + "zero", + "service", + "win32" + ], + "references": [ + "https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/" + ], + "public": 1, + "adversary": "Soul", + "targeted_countries": [ + "Thailand", + "Indonesia", + "Viet Nam" + ], + "malware_families": [ + { + "id": "Sharp Panda", + "display_name": "Sharp Panda", + "target": null + }, + { + "id": "VictoryDll", + "display_name": "VictoryDll", + "target": null + }, + { + "id": "Soul", + "display_name": "Soul", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1055", + "name": "Process Injection", + "display_name": "T1055 - Process Injection" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1070", + "name": "Indicator Removal on Host", + "display_name": "T1070 - Indicator Removal on Host" + }, + { + "id": "T1033", + "name": "System Owner/User Discovery", + "display_name": "T1033 - System Owner/User Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery", + "display_name": "T1082 - System Information Discovery" + }, + { + "id": "T1106", + "name": "Native API", + "display_name": "T1106 - Native API" + }, + { + "id": "T1104", + "name": "Multi-Stage Channels", + "display_name": "T1104 - Multi-Stage Channels" + }, + { + "id": "T1566", + "name": "Phishing", + "display_name": "T1566 - Phishing" + } + ], + "industries": [ + "Healthcare", + "Defense", + "Government" + ], + "TLP": "white", + "cloned_from": "64072872f32eb3e6bc75199d", + "export_count": 3, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "tr2222200", + "id": "207905", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-MD5": 15, + "FileHash-SHA1": 14, + "FileHash-SHA256": 23, + "URL": 1, + "hostname": 1 + }, + "indicator_count": 54, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 175, + "modified_text": "931 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "627fc3981d80363770b19566", + "name": "Jivosite - jivochat \u2014 it\u2019s in the App Store", + "description": "If you want to know more about your privacy settings, here is the full code of the formEmbedObject, which describes it as \"giggy-gagging\" (gad).", + "modified": "2022-06-13T00:00:32.864000", + "created": "2022-05-14T14:58:32.260000", + "tags": [ + "number", + "string", + "date", + "error", + "copyright", + "function", + "cookieconsent", + "chnew ka", + "gtmpdqg75", + "host", + "path", + "void", + "target", + "boolean", + "slideshow", + "next", + "callback", + "integer", + "null", + "prev", + "local", + "prop", + "stop", + "false", + "leave", + "neue", + "object", + "array", + "typeof e", + "typeerror", + "invalid attempt", + "symbol", + "typeof symbol", + "comment", + "trident", + "emotion", + "close", + "support", + "siqfloat", + "zldpersonalize", + "zsiqchatwindow", + "zldtrigger", + "waiting", + "siqbutton", + "siqpersonalize", + "widgtheme", + "hj", + "hotjar", + "surveys", + "regexp", + "data", + "meta", + "survey", + "scroll", + "keypress", + "live", + "widget", + "window", + "fullscreen", + "generic", + "experiment", + "mutation", + "reduceright", + "aw981945515", + "uint8array", + "fnumber", + "dustmap", + "code", + "phase", + "phasesplit", + "invalid code", + "namebackurl", + "backurl", + "isnan", + "member id", + "integration", + "refererurl", + "typeof b", + "pseudo", + "child", + "sufeffxa0", + "class", + "attr", + "gtmnj8zjvs", + "button", + "click", + "zldt", + "znotifytracking", + "xmlhttprequest", + "zsiqlsdb", + "azaz09", + "queueingchats" + ], + "references": [ + "xfe-URL-Jivosite.com-stix2-2.1-export.json", + "xfe-IP-141.8.195.43-stix2-2.1-export.json", + "xfe-URL-Sprinthost.net-stix2-2.1-export.json", + "xfe-URL-Sprinthost.com-stix2-2.1-export.json", + "xfe-URL-onlinenic.com-stix2-2.1-export.json", + "https://salesiq.zoho.com/widget", + "https://www.googletagmanager.com/gtm.js?id=GTM-NJ8ZJVS", + "https://dr9ruy61rbeb4.cloudfront.net/public/default/js/jquery.1.12.4.min.js", + "https://dr9ruy61rbeb4.cloudfront.net/public/default/js/henfon.js", + "https://dr9ruy61rbeb4.cloudfront.net/public/default/js/login.js", + "https://www.googletagmanager.com/gtag/js?id=AW-981945515", + "https://script.hotjar.com/modules.842d4c8f486a0abe4e43.js", + "https://js.zohocdn.com/salesiq/js/floatbutton9_0842f44b8ddd3f3849043768247b4538_.js", + "https://script.hotjar.com/preact-incoming-feedback.5dfa9419517f52a1fde8.js", + "https://dr9ruy61rbeb4.cloudfront.net/public/default/js/jquery.flexslider-min.js", + "https://vars.hotjar.com/box-21ccaa45726c0f3c8c458f7a87eb2298.html", + "https://www.googletagmanager.com/gtm.js?id=GTM-PDQG75" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "Neue", + "display_name": "Neue", + "target": null + }, + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 8, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 874, + "URL": 1663, + "domain": 239, + "FileHash-SHA256": 110, + "CVE": 1, + "FileHash-MD5": 1, + "FileHash-SHA1": 1 + }, + "indicator_count": 2889, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1229 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "626d5deabac11a947774de99", + "name": "http://gczlau.com/c3af94f661", + "description": "Live link sent via sms", + "modified": "2022-05-29T00:01:17.829000", + "created": "2022-04-30T16:03:54.153000", + "tags": [ + "move", + "typetext", + "typeemail", + "typetel", + "eace", + "eacb", + "aaed", + "eachb", + "yaay", + "event", + "cacb", + "cacf", + "typeof t", + "text", + "function", + "load snowplow", + "checks", + "gets", + "getmainpageub", + "page", + "clkg", + "creates custom", + "use visitor", + "track form", + "form", + "support", + "typeof", + "text display", + "typeof q", + "typeof d", + "post", + "anura", + "display support", + "sympathizing", + "quaker", + "webview", + "trident", + "android", + "date", + "snowplow", + "array", + "anthon pang", + "typeof e", + "version", + "author", + "alex dean", + "simon andersson", + "fred blundun", + "enter their", + "phone number", + "strong", + "backstory", + "privacy", + "policy", + "partner lookup", + "partnerlookup", + "diego", + "new york", + "contact", + "segoe ui", + "emoji", + "href", + "roboto", + "helvetica neue", + "arial", + "apple color", + "symbol", + "typecheckbox", + "typeradio", + "twitter", + "typeerror", + "clickdataapi", + "hidden", + "typeof n", + "bootstrap", + "regexp", + "error", + "mouseleave", + "click", + "dataspy", + "body", + "pseudo", + "child", + "sufeffxa0", + "class", + "attr", + "null", + "this", + "guide my", + "yes no", + "male female", + "romance", + "analyzing", + "get started", + "enter", + "your partner", + "number" + ], + "references": [ + "https://guidemyrelationship.com/?aff_id=2509&offer_id=6300&aff_sub=1726&aff_sub2=102a78845625980c3bb3f54bd8acd3&aff_sub3=", + "https://guidemyrelationship.com/assets/js/jquery-3.3.1.min.js", + "https://guidemyrelationship.com/assets/js/bootstrap.min.js", + "https://guidemyrelationship.com/assets/js/main.js", + "https://guidemyrelationship.com/assets/css/bootstrap.min.css", + "https://www.thepartnerlookup.com/?affid=1726&txid=1028d018569e59e3856f7416969ab0&offer_id=2509", + "https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js", + "https://www.thepartnerlookup.com/main.bundle-fed11df.z.js", + "https://builder-assets.unbounce.com/published-css/main-7b78720.z.css" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [], + "attack_ids": [], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 7, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "URL": 1000, + "hostname": 333, + "FileHash-SHA256": 106, + "domain": 170, + "FileHash-MD5": 1, + "FileHash-SHA1": 1 + }, + "indicator_count": 1611, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1244 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "62680e32b8ee0032f3ab4c38", + "name": "188.166.154.118", + "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", + "modified": "2022-05-26T00:02:33.465000", + "created": "2022-04-26T15:22:26.556000", + "tags": [ + "error", + "cancel", + "confirm", + "function", + "regexp", + "width", + "click", + "date", + "typeof b", + "height", + "null", + "this", + "scroll", + "body", + "class", + "target", + "service", + "accept", + "twitter", + "batal", + "reload", + "hj", + "copyright", + "closure library", + "object", + "hotjar", + "email", + "typeof symbol", + "typeof e", + "telefon", + "array", + "survey", + "meta", + "cookie", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "send", + "minified", + "original file", + "catched", + "typeof y", + "typeof blob", + "blob", + "xmlhttprequest", + "tracking file", + "mktz", + "varname", + "typeradio", + "getnow", + "visitor", + "explorer", + "android", + "unknown", + "x3e3", + "gfunction", + "jfunction", + "yfunction", + "typeof r", + "f3e3", + "string", + "typeof t", + "function code", + "angular", + "angularjs", + "ember", + "meteor", + "zepto", + "jquery", + "reduceright", + "trackevent", + "page", + "number", + "digitalocean", + "linode", + "home cta", + "vultr", + "home page", + "demo", + "path", + "magento", + "derek", + "void", + "code", + "typeof l", + "json", + "8760", + "image", + "adveid", + "typeof c", + "customevent", + "09af", + "ver0", + "tag0", + "extdata0", + "ua ch", + "invalid", + "addtocart", + "signup", + "addtowishlist", + "lead", + "custom", + "typeof require", + "sha256", + "viewcontent", + "search", + "functional", + "member", + "hnew regexp", + "qfunction", + "adview", + "addbillinginfo", + "addtolist", + "contact", + "download", + "install", + "typeerror", + "quora pixel", + "dwelltime", + "gnu general", + "public license", + "sufeffxa0", + "infinity", + "gettitle", + "promise", + "hidden", + "oref", + "activexobject", + "begin doc", + "false", + "cookiesfunction", + "saconv", + "pnull", + "html", + "style", + "ctnull", + "post", + "uint32array", + "fanull", + "license", + "ynull", + "config", + "iframe", + "webkittransform", + "main", + "maincontent", + "placeroot", + "generator", + "next", + "info" + ], + "references": [ + "xfe-URL-Cloudways.com-stix2-2.1-export.json", + "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", + "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", + "https://tags.srv.stackadapt.com/events.js", + "https://a.quora.com/qevents.js", + "https://snap.licdn.com/li.lms-analytics/insight.min.js", + "https://www.redditstatic.com/ads/pixel.js", + "https://bat.bing.com/bat.js", + "https://s.adroll.com/j/roundtrip.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", + "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", + "https://js-agent.newrelic.com/nr-spa-1215.min.js", + "https://serve.albacross.com/track.js", + "https://cdn.omniconvert.com/js/a91f81f.js", + "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", + "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", + "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", + "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1027", + "name": "Obfuscated Files or Information", + "display_name": "T1027 - Obfuscated Files or Information" + }, + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1546", + "name": "Event Triggered Execution", + "display_name": "T1546 - Event Triggered Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 6, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 494, + "URL": 1404, + "domain": 375, + "FileHash-SHA256": 162, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 68, + "modified_text": "1247 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "62680e37bad2501c255b86e3", + "name": "188.166.154.118", + "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", + "modified": "2022-05-26T00:02:33.465000", + "created": "2022-04-26T15:22:31.759000", + "tags": [ + "error", + "cancel", + "confirm", + "function", + "regexp", + "width", + "click", + "date", + "typeof b", + "height", + "null", + "this", + "scroll", + "body", + "class", + "target", + "service", + "accept", + "twitter", + "batal", + "reload", + "hj", + "copyright", + "closure library", + "object", + "hotjar", + "email", + "typeof symbol", + "typeof e", + "telefon", + "array", + "survey", + "meta", + "cookie", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "send", + "minified", + "original file", + "catched", + "typeof y", + "typeof blob", + "blob", + "xmlhttprequest", + "tracking file", + "mktz", + "varname", + "typeradio", + "getnow", + "visitor", + "explorer", + "android", + "unknown", + "x3e3", + "gfunction", + "jfunction", + "yfunction", + "typeof r", + "f3e3", + "string", + "typeof t", + "function code", + "angular", + "angularjs", + "ember", + "meteor", + "zepto", + "jquery", + "reduceright", + "trackevent", + "page", + "number", + "digitalocean", + "linode", + "home cta", + "vultr", + "home page", + "demo", + "path", + "magento", + "derek", + "void", + "code", + "typeof l", + "json", + "8760", + "image", + "adveid", + "typeof c", + "customevent", + "09af", + "ver0", + "tag0", + "extdata0", + "ua ch", + "invalid", + "addtocart", + "signup", + "addtowishlist", + "lead", + "custom", + "typeof require", + "sha256", + "viewcontent", + "search", + "functional", + "member", + "hnew regexp", + "qfunction", + "adview", + "addbillinginfo", + "addtolist", + "contact", + "download", + "install", + "typeerror", + "quora pixel", + "dwelltime", + "gnu general", + "public license", + "sufeffxa0", + "infinity", + "gettitle", + "promise", + "hidden", + "oref", + "activexobject", + "begin doc", + "false", + "cookiesfunction", + "saconv", + "pnull", + "html", + "style", + "ctnull", + "post", + "uint32array", + "fanull", + "license", + "ynull", + "config", + "iframe", + "webkittransform", + "main", + "maincontent", + "placeroot", + "generator", + "next", + "info" + ], + "references": [ + "xfe-URL-Cloudways.com-stix2-2.1-export.json", + "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", + "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", + "https://tags.srv.stackadapt.com/events.js", + "https://a.quora.com/qevents.js", + "https://snap.licdn.com/li.lms-analytics/insight.min.js", + "https://www.redditstatic.com/ads/pixel.js", + "https://bat.bing.com/bat.js", + "https://s.adroll.com/j/roundtrip.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", + "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", + "https://js-agent.newrelic.com/nr-spa-1215.min.js", + "https://serve.albacross.com/track.js", + "https://cdn.omniconvert.com/js/a91f81f.js", + "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", + "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", + "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", + "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1027", + "name": "Obfuscated Files or Information", + "display_name": "T1027 - Obfuscated Files or Information" + }, + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1546", + "name": "Event Triggered Execution", + "display_name": "T1546 - Event Triggered Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 8, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 494, + "URL": 1404, + "domain": 375, + "FileHash-SHA256": 162, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1247 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "62680e38dad4e4b62851b8e8", + "name": "188.166.154.118", + "description": "function E(e,t,n), a new type of function, has its own set of functions, which can be used to start or end a specific function for any user or event.", + "modified": "2022-05-26T00:02:33.465000", + "created": "2022-04-26T15:22:32.241000", + "tags": [ + "error", + "cancel", + "confirm", + "function", + "regexp", + "width", + "click", + "date", + "typeof b", + "height", + "null", + "this", + "scroll", + "body", + "class", + "target", + "service", + "accept", + "twitter", + "batal", + "reload", + "hj", + "copyright", + "closure library", + "object", + "hotjar", + "email", + "typeof symbol", + "typeof e", + "telefon", + "array", + "survey", + "meta", + "cookie", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "send", + "minified", + "original file", + "catched", + "typeof y", + "typeof blob", + "blob", + "xmlhttprequest", + "tracking file", + "mktz", + "varname", + "typeradio", + "getnow", + "visitor", + "explorer", + "android", + "unknown", + "x3e3", + "gfunction", + "jfunction", + "yfunction", + "typeof r", + "f3e3", + "string", + "typeof t", + "function code", + "angular", + "angularjs", + "ember", + "meteor", + "zepto", + "jquery", + "reduceright", + "trackevent", + "page", + "number", + "digitalocean", + "linode", + "home cta", + "vultr", + "home page", + "demo", + "path", + "magento", + "derek", + "void", + "code", + "typeof l", + "json", + "8760", + "image", + "adveid", + "typeof c", + "customevent", + "09af", + "ver0", + "tag0", + "extdata0", + "ua ch", + "invalid", + "addtocart", + "signup", + "addtowishlist", + "lead", + "custom", + "typeof require", + "sha256", + "viewcontent", + "search", + "functional", + "member", + "hnew regexp", + "qfunction", + "adview", + "addbillinginfo", + "addtolist", + "contact", + "download", + "install", + "typeerror", + "quora pixel", + "dwelltime", + "gnu general", + "public license", + "sufeffxa0", + "infinity", + "gettitle", + "promise", + "hidden", + "oref", + "activexobject", + "begin doc", + "false", + "cookiesfunction", + "saconv", + "pnull", + "html", + "style", + "ctnull", + "post", + "uint32array", + "fanull", + "license", + "ynull", + "config", + "iframe", + "webkittransform", + "main", + "maincontent", + "placeroot", + "generator", + "next", + "info" + ], + "references": [ + "xfe-URL-Cloudways.com-stix2-2.1-export.json", + "https://s.adroll.com/onsite_personalization/production/0.1/static/js/main.39c29e42.js", + "https://www.clarity.ms/eus2/s/0.6.34/clarity.js", + "https://tags.srv.stackadapt.com/events.js", + "https://a.quora.com/qevents.js", + "https://snap.licdn.com/li.lms-analytics/insight.min.js", + "https://www.redditstatic.com/ads/pixel.js", + "https://bat.bing.com/bat.js", + "https://s.adroll.com/j/roundtrip.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-NWBZTT", + "https://bam-cell.nr-data.net/1/f825f6c9b9?a=1271427646&v=1215.1253ab8&to=NVNUNkBQDxADV0RQXgwZYxBbHggNBlFIF0EKRg%3D%3D&rst=3260&ck=1&ref=https://www.cloudways.com/en/&ap=335&be=1077&fe=2760&dc=1572&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1650985479670,%22n%22:0,%22f%22:498,%22dn%22:499,%22dne%22:551,%22c%22:552,%22s%22:748,%22ce%22:841,%22rq%22:841,%22rp%22:1047,%22rpe%22:1047,%22dl%22:1066,%22di%22:1561,%22ds%22:1573,%22de%22:1599,%22dc%22:2759,%22l%22:2760,%22le%22:2765%7D,%22navigation%22:", + "https://js-agent.newrelic.com/nr-spa-1215.min.js", + "https://serve.albacross.com/track.js", + "https://cdn.omniconvert.com/js/a91f81f.js", + "https://tracking.g2crowd.com/attribution_tracking/conversions/3769.js?p=https://www.cloudways.com/en/&e=", + "https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/948053426/?random=1650985487354&cv=9&fst=1650985487354&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4p0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cloudways.com%2Fen%2F&tiba=Cloudways%3A%20Managed%20Cloud%20Hosting%20Platform%20Simplified%20-%20Cloudways&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://s.adroll.com/j/exp/UZQYN577R5CHXAGR45AYXQ/index.js", + "https://s.adroll.com/j/pre/UZQYN577R5CHXAGR45AYXQ/3YIA4GQCONCAVH77AJMDGR/fpconsent.js", + "https://www.cloudways.com/wp-content/cache/breeze-minification/js/breeze_44ba8066e751ddb3b497212de30fa3f9.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1027", + "name": "Obfuscated Files or Information", + "display_name": "T1027 - Obfuscated Files or Information" + }, + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1546", + "name": "Event Triggered Execution", + "display_name": "T1546 - Event Triggered Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 7, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 494, + "URL": 1404, + "domain": 375, + "FileHash-SHA256": 162, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2440, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1247 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "628d7dd1aeef31a652eadab3", + "name": "develapp.me - weglot.com", + "description": "function R(a,b,c,d,e,f) is a new type of JavaScript, which allows the browser to control its browser without a set of buttons or controls..", + "modified": "2022-05-25T00:52:33.987000", + "created": "2022-05-25T00:52:33.987000", + "tags": [ + "configrender", + "commandremove", + "targetdom", + "webpackrequire", + "mixitup", + "webpackexports", + "typeerror", + "nn function", + "false", + "error", + "typeof o", + "function", + "click", + "span", + "prop", + "sticky", + "body", + "enterprise", + "null", + "jquery", + "next", + "scroll", + "win32", + "win64", + "example", + "startr", + "endr", + "copyright", + "federico zivolo", + "distributed", + "mit license", + "html", + "statict", + "flip", + "bootstrap", + "typeof", + "javascript", + "hidden", + "show", + "focusin", + "focusout", + "mouseleave", + "font awesome", + "free", + "license", + "cc by", + "sil ofl", + "code", + "typeof window", + "typeof document", + "msie", + "trident", + "date", + "color", + "swiper", + "waypoint", + "chart", + "typeof pdata", + "pdatawrapper", + "close", + "cnew date", + "regexp", + "pseudo", + "child", + "sufeffxa0", + "class", + "attr", + "js foundation", + "typeof module", + "object", + "hj", + "typeof require", + "modulenotfound", + "typeof symbol", + "hotjar", + "typeof e", + "data", + "array", + "surveys", + "meta", + "survey", + "keypress", + "widget", + "window", + "footer", + "fullscreen", + "generic", + "experiment", + "live", + "mutation", + "number", + "string", + "xsnull", + "g6q8lh84qh0", + "script", + "fragment", + "replace", + "nonce", + "please do", + "not copy", + "and paste", + "this code", + "cgrecaptchacfg", + "ngrecaptcha", + "recaptchaapi", + "render", + "vrai", + "revenir", + "rgpd", + "axeptio", + "gdpr", + "black", + "green", + "canvas", + "super", + "spacer", + "target", + "reduceright", + "xu", + "pageview", + "trackevent", + "uetpush", + "pageload", + "viewcontent", + "path", + "derek", + "void", + "offer", + "instanceof", + "xmlhttprequest", + "cookie", + "generator", + "accept", + "select", + "strong", + "uint8array", + "math", + "svoid", + "this", + "iframe", + "verify", + "android", + "stop", + "form", + "f420", + "deviceandgeo", + "googlesignals", + "json", + "typeof hj", + "https", + "learn", + "surveyv2", + "surveyisolated", + "heatmapviewer", + "beacon", + "publicurl", + "beaconenv", + "beaconid", + "beaconversion", + "isdocker", + "isscout", + "deployurl", + "scattr", + "help scout", + "promise", + "typeof n", + "request", + "kontakt", + "landstrae", + "d85521", + "mehr", + "jahre erfahrung", + "gratis beratung", + "kontaktiere", + "mit mehr", + "kunden die", + "ergebnisse", + "typesubmit", + "button", + "woff2", + "fontface", + "display", + "u0259", + "u1e001eff", + "u2020", + "u20a020ab", + "u20ad20cf", + "u2113", + "u2c602c7f", + "montserrat", + "typesearch", + "a4ssliche", + "90deg", + "lato", + "typecheckbox", + "typeradio", + "typenumber", + "truetype", + "weglot", + "self", + "typeof t", + "franais", + "acronym", + "small", + "unknown", + "webflow", + "typeof self", + "chrome", + "small batch", + "apache license", + "version", + "unless", + "as is", + "basis", + "without", + "warranties or", + "apache" + ], + "references": [ + "https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=5f087b2cc04e635c7a4b7e35", + "https://assets.website-files.com/5f087b2cc04e635c7a4b7e35/js/develapp.b94842ca8.js", + "https://cdn.weglot.com/weglot.min.js", + "https://assets.website-files.com/5f087b2cc04e635c7a4b7e35/css/develapp.36c3d32f6.min.css", + "https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7CLato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic%7CKarla:regular,italic,700,700italic%7CPlayfair+Display:regular,500,600,700,800,900,italic,500italic,600italic,700italic,800italic,900italic", + "https://cdn.weglot.com/weglot.min.css?v=4", + "https://www.develapp.me/kontakt#formular", + "https://beacon-v2.helpscout.net/static/js/vendor.90fe6783.js", + "https://beacon-v2.helpscout.net/static/js/main.4a4d1187.js", + "https://beacon-v2.helpscout.net/", + "https://static.hotjar.com/c/hotjar-2950866.js?sv=7", + "https://www.googletagmanager.com/gtag/js?id=G-6Q8LH84QH0&l=dataLayer&cx=c", + "https://www.gstatic.com/recaptcha/releases/1_E1Jb45wiBZrQd45oGZ-2cU/recaptcha__en.js", + "https://loader.wisepops.com/get-loader.js?v=1&site=ybdeB8PyA7", + "https://cdn.firstpromoter.com/fprom.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-NTC6C23", + "https://static.axept.io/sdk.js", + "https://www.google.com/recaptcha/api.js?render=6LdxYT4dAAAAAFyqSRoLKTBh7Q9kh0D0StIaGfzK", + "https://www.googleoptimize.com/optimize.js?id=OPT-PJMGV95", + "https://script.hotjar.com/modules.7a321ecb93fde9f07226.js", + "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", + "https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js", + "https://weglot.com/wp-content/plugins/addon-elements-for-elementor-page-builder/assets/js/eae.min.js", + "https://weglot.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js", + "https://weglot.com/wp-content/plugins/addon-elements-for-elementor-page-builder/assets/js/animated-main.min.js", + "https://stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js", + "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [ + "Tunisia" + ], + "malware_families": [ + { + "id": "ConfigRender", + "display_name": "ConfigRender", + "target": null + }, + { + "id": "TargetDom", + "display_name": "TargetDom", + "target": null + }, + { + "id": "CommandRemove", + "display_name": "CommandRemove", + "target": null + }, + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "xU", + "display_name": "xU", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1546", + "name": "Event Triggered Execution", + "display_name": "T1546 - Event Triggered Execution" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 10, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 482, + "URL": 731, + "FileHash-SHA256": 75, + "domain": 265, + "FileHash-MD5": 4, + "FileHash-SHA1": 1, + "email": 1 + }, + "indicator_count": 1559, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 66, + "modified_text": "1248 days ago ", + "is_modified": false, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "62676c65b80720b582b46037", + "name": "Dreamhost.com - Drift Widget", + "description": "function.1, a new version of JavaScript, has been added to the end of the year to make it easier for users to keep up with the latest developments in the search for a specific date.", + "modified": "2022-05-25T00:04:03.622000", + "created": "2022-04-26T03:52:05.599000", + "tags": [ + "template7class", + "regexp", + "root", + "context", + "match", + "body", + "template7", + "error", + "prop", + "function", + "date", + "null", + "slice", + "void", + "factory", + "window", + "find", + "simple", + "false", + "hj", + "object", + "hotjar", + "email", + "typeof symbol", + "typeof e", + "telefon", + "array", + "survey", + "meta", + "cookie", + "scroll", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "click", + "pluginname", + "hidden", + "nttt", + "fieldset", + "class", + "form", + "fast", + "jquery", + "format", + "february", + "april", + "june", + "august", + "nova", + "paris", + "tokyo", + "easy", + "speed", + "back", + "target", + "copy", + "kill", + "this", + "infinity", + "accept", + "locale", + "custom build", + "https", + "boolean", + "new boolean", + "typeof", + "typeerror", + "bootstrap", + "typeof t", + "javascript", + "show", + "drift widget", + "segoe ui", + "emoji", + "type", + "copyright", + "browse", + "roboto", + "helvetica neue", + "arial", + "noto", + "apple color", + "twitter", + "typeof require", + "modulenotfound", + "font awesome", + "typeof define", + "script", + "new date", + "number", + "trackevent", + "string", + "watched", + "search", + "clicked", + "path", + "starter", + "download", + "derek", + "code", + "esnull", + "gtmphvk7ln", + "closure library", + "xdfunction", + "reduceright", + "vd", + "g1f7wlmm0k2", + "r420", + "uint8array", + "typeof d", + "ieproto", + "typeof n", + "widgetrootqa", + "driftconductor" + ], + "references": [ + "xfe-URL-Dreamhost.com-stix2-2.1-export.json", + "https://js.driftt.com/include/1650944100000/2y43hyefanc8.js", + "https://www.google-analytics.com/plugins/ua/linkid.js", + "https://www.googletagmanager.com/gtag/js?id=G-1F7WLMM0K2&l=dataLayer&cx=c", + "https://www.google-analytics.com/gtm/optimize.js?id=GTM-PHVK7LN", + "https://www.googletagmanager.com/gtm.js?id=GTM-TLN654", + "https://kit.fontawesome.com/7d998cc9b7.js", + "https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js", + "https://www.dreamhost.com/assets/bootstrap-aa47564acfdf18ce859b8e1fd130d889920ae66415b3db4de8505d42a0477b09.css", + "https://js.driftt.com/core?embedId=2y43hyefanc8®ion=US&forceShow=false&skipCampaigns=false&sessionId=5a8c1b8d-2626-4a43-a7a6-76e9416f2f52&sessionStarted=1650943819.009&campaignRefreshToken=a2d9846a-8932-4e3c-a8d5-878681a555e0&hideController=false&pageLoadStartTime=1650943817154&mode=CHAT&driftEnableLog=false", + "https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1650943817154", + "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", + "https://www.dreamhost.com/assets/scripts/bootstrap-7670fc8587f9fd0608d2af67f392281a9a4fbf4cb4252952ecb8d34f6ee286b3.js", + "https://www.dreamhost.com/assets/scripts/webp-support-1dd791309dc3fa5b166a0a326e49345fe5acb5acbc1831f4c7be87efce1abf51.js", + "https://www.dreamhost.com/assets/site-75a1aba399db4de4e4093997b8fc8ff8ec5e65b5f4258c9a658a5cacacbf6e0d.js", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://cdn.abrankings.com/js/client.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "Vd", + "display_name": "Vd", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 7, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "FileHash-SHA256": 174, + "URL": 1119, + "domain": 464, + "hostname": 156, + "FileHash-MD5": 2, + "FileHash-SHA1": 1 + }, + "indicator_count": 1916, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 66, + "modified_text": "1248 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "626078c9aeb1f4837a1bfc7e", + "name": "Malware hosting - allwest.com", + "description": "\u00c2\u00a31.5m, \u00e2\u201a\u00ac2.4m \u00c3\u20ac\u00a6, is the source of a new version of the JavaScript code, which is being developed by the Apache web browser.", + "modified": "2022-05-20T00:01:19.453000", + "created": "2022-04-20T21:19:05.670000", + "tags": [ + "guji", + "regexp", + "cfunction", + "event", + "afunction", + "efunction", + "function", + "xfunction", + "jnull", + "yefunction", + "customevent", + "typeof n", + "typeof wpcf7", + "nonce", + "script", + "please do", + "not copy", + "and paste", + "this code", + "cgrecaptchacfg", + "ngrecaptcha", + "recaptchaapi", + "render", + "filter", + "typenumber", + "totalvalue", + "linear", + "secs", + "index", + "nameregion", + "typevalue", + "rangeto", + "customuserspeed", + "code", + "typeof define", + "date", + "click", + "smoothscroll", + "number", + "property", + "fancybox", + "null", + "false", + "scroll", + "stop", + "speed", + "body", + "error", + "this", + "typeerror", + "symbol", + "generator", + "typeof e", + "copyright", + "closure library", + "reduceright", + "string", + "aw981889198", + "uint8array", + "quota", + "aafunction", + "void", + "hj", + "object", + "hotjar", + "email", + "typeof symbol", + "telefon", + "array", + "survey", + "meta", + "cookie", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "qe", + "fnumber", + "xhfunction", + "yhfunction", + "awconversionid", + "g0cbkgbkb3j", + "xdfunction", + "adfunction", + "cdfunction", + "ddfunction", + "typeof hj", + "surveyv2", + "surveyisolated", + "heatmapviewer", + "notification", + "sentry", + "ua411335272", + "gfvhxsm5zyl", + "xmlhttprequest", + "domparser", + "typeof module", + "html tags", + "ox20trnf", + "dom element", + "typeof t", + "class", + "attr", + "pseudo", + "child", + "udc66udc67", + "ud83d", + "ufe0f", + "ud83e", + "udc68udc69", + "udfcbudfcc", + "u2640u2642", + "source", + "image", + "ud83dudc6cud83c", + "bsnull", + "gtmmwm9r93", + "typeof", + "facebook pixel", + "pixel code", + "iterator", + "constantvalue", + "globalvariable", + "facebook", + "service", + "phonenumber", + "boolean", + "select", + "strong", + "input", + "iframe", + "android", + "verify", + "span", + "enterprise", + "form", + "reload", + "adwords", + "linkedin", + "hs pixel", + "loader", + "addcookiedomain", + "hubspot", + "vui", + "anda", + "tente", + "outubro", + "trackingclient", + "srpanj", + "rabu", + "vasaris", + "helvetica neue", + "helvetica", + "arial", + "accept", + "n nn", + "policy", + "done", + "800px", + "40px", + "i18n", + "blockedemail", + "typeof i18n", + "captcha", + "please", + "april", + "august", + "close", + "february", + "june", + "klik", + "download", + "next", + "blank", + "este", + "rserver", + "mais", + "r300", + "typeof d", + "path", + "caca", + "pfunction", + "contenttype", + "zfunction", + "bfunction", + "mvoid", + "ofunction", + "array int8array", + "caregexp", + "legacy" + ], + "references": [ + "xfe-URL-allwest.com-stix2-2.1-export.json", + "https://www.googleadservices.com/pagead/conversion_async.js", + "https://www.google-analytics.com/analytics.js", + "https://www.googletagmanager.com/gtag/js?id=G-FVHXSM5ZYL&l=dataLayer&cx=c", + "https://www.googletagmanager.com/gtag/js?id=G-0CBKGBKB3J&l=dataLayer&cx=c", + "https://js.hsleadflows.net/leadflows.js", + "https://js.hs-banner.com/9251231.js", + "https://js.hs-analytics.net/analytics/1650488100000/9251231.js", + "https://js.hsadspixel.net/fb.js", + "https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js", + "https://connect.facebook.net/signals/config/661596171311072?v=2.9.57&r=stable", + "https://connect.facebook.net/signals/plugins/identity.js?v=2.9.57", + "https://connect.facebook.net/en_US/fbevents.js", + "https://www.googleoptimize.com/optimize.js?id=GTM-MWM9R93", + "https://www.allwest.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3", + "https://www.allwest.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0", + "https://www.allwest.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", + "https://www.allwest.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.0", + "https://www.googletagmanager.com/gtag/js?id=UA-41133527-3", + "https://static.hotjar.com/c/hotjar-2836981.js?sv=5", + "https://www.googletagmanager.com/gtag/js?id=UA-41133527-2", + "https://www.googletagmanager.com/gtag/js?id=AW-CONVERSION_ID", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340057&cv=9&fst=1650488340057&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://www.googletagmanager.com/gtag/js?id=AW-981889198", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981889198/?random=1650488340630&cv=9&fst=1650488340630&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4i1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.allwest.com%2F&tiba=All%20West%20Communications%20-%20telecommunication%20company&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://www.allwest.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9", + "https://www.allwest.com/wp-content/uploads/hummingbird-assets/c4be4d65e707f6328e3a72e79cfdfcb7.js", + "https://www.allwest.com/wp-content/themes/allwestcommunications/js/jquery.main.js?ver=5.9.3", + "https://www.allwest.com/wp-content/themes/allwestcommunications/js/custom.js?ver=5.9.3", + "https://www.google.com/recaptcha/api.js?render=6Ld8S6EUAAAAAExG_6DO_Jj4DLY35ybebbA8R_eA&ver=3.0", + "https://www.allwest.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6", + "https://www.allwest.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5", + "https://js.hs-scripts.com/9251231.js" + ], + "public": 1, + "adversary": "", + "targeted_countries": [ + "Tunisia" + ], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "Qe", + "display_name": "Qe", + "target": null + }, + { + "id": "Vui", + "display_name": "Vui", + "target": null + }, + { + "id": "Outubro", + "display_name": "Outubro", + "target": null + }, + { + "id": "Tente", + "display_name": "Tente", + "target": null + }, + { + "id": "Anda", + "display_name": "Anda", + "target": null + }, + { + "id": "Vasaris", + "display_name": "Vasaris", + "target": null + }, + { + "id": "Rabu", + "display_name": "Rabu", + "target": null + }, + { + "id": "Srpanj", + "display_name": "Srpanj", + "target": null + }, + { + "id": "TrackingClient", + "display_name": "TrackingClient", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1027", + "name": "Obfuscated Files or Information", + "display_name": "T1027 - Obfuscated Files or Information" + }, + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 3, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 821, + "URL": 1568, + "domain": 251, + "FileHash-SHA256": 70, + "FileHash-MD5": 4, + "FileHash-SHA1": 1 + }, + "indicator_count": 2715, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1253 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "625f112112bb456382bee7c9", + "name": "Hostgator - whitelisted", + "description": "Firing Rule, IRF.util.com, is set to go live on the internet after it was triggered by a new rule, but if it is not already in place, it will not load.", + "modified": "2022-05-19T00:00:49.028000", + "created": "2022-04-19T19:44:33.964000", + "tags": [ + "webkitkeyframes", + "helvetica neue", + "helvetica", + "arial", + "45deg", + "100vw", + "typetext", + "copyright", + "closure library", + "affiliatepage", + "tospage", + "banner", + "iab2", + "acceptall", + "rejectall", + "genven", + "expecting iab", + "iab tcf", + "oldcctid", + "newdomainid", + "unknown", + "checkbox", + "date", + "component", + "apptree", + "hnull", + "fcee", + "typeof t", + "typeerror", + "qss7", + "error", + "promise", + "hfunction", + "typeof e", + "rfc3986", + "string", + "array", + "rfc1738", + "object", + "sr1t", + "typeof symbol", + "animation", + "null", + "rnull", + "forwardref", + "typeof n", + "nullt", + "cxlc", + "dptw", + "dtha", + "gdzw", + "gurp", + "w0b4", + "kjy9", + "uigm", + "ve6h", + "event", + "currency", + "currencysymbol", + "ucvw", + "ofunction", + "ocsf", + "xfunction", + "urlsearchparams", + "open", + "symbol", + "nfunction", + "lfunction", + "ufunction", + "typeof window", + "typeof self", + "hj", + "09af", + "regexp", + "irmstevent", + "bad expr", + "hotjar", + "email", + "telefon", + "survey", + "meta", + "cookie", + "keypress", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "n color", + "number", + "customevent", + "n strictly", + "hostn host", + "button", + "cookie tracking", + "close", + "campaign", + "decision", + "action", + "page", + "controller", + "must", + "visitor", + "groupstart", + "info", + "obsolete", + "false", + "reduceright", + "portland", + "trackevent", + "query", + "u003cu003e", + "trackpageview", + "code", + "path", + "click", + "derek", + "void", + "gsxr89skrrs", + "r300", + "uint8array", + "typeof d", + "caca", + "typeof", + "facebook pixel", + "pixel code", + "iterator", + "constantvalue", + "globalvariable", + "facebook", + "boolean", + "function", + "service", + "phonenumber", + "ver0", + "tag0", + "extdata0", + "ua ch", + "invalid", + "which", + "thank", + "hostgator", + "poll", + "primary intent", + "iwe didn", + "f39c11", + "team", + "script", + "array int8array", + "caregexp", + "legacy", + "irfcd", + "error setting", + "irgbd", + "outer", + "dynamic tag", + "variable", + "rule", + "expr", + "inline script" + ], + "references": [ + "xfe-URL-hostgator.com-stix2-2.1-export.json", + "https://a.impactradius-tag.com/foundation-tags-SD382-d393-452e-9c15-ac1e4a6fc6fb1.js", + "https://d3cxv97fi8q177.cloudfront.net/foundation-A122588-852f-4501-9972-9515a4f53da31.js", + "https://www.googleadservices.com/pagead/conversion_async.js", + "https://static.hotjar.com/c/hotjar-23213.js?sv=7", + "https://bat.bing.com/bat.js", + "https://connect.facebook.net/signals/config/393095817498804?v=2.9.57&r=stable", + "https://connect.facebook.net/en_US/fbevents.js", + "https://www.googletagmanager.com/gtag/js?id=G-SXR89SKRRS&l=dataLayer&cx=c", + "https://www.googletagmanager.com/gtm.js?id=GTM-PPNLL2", + "https://cdn3.optimizely.com/js/geo4.js", + "https://cdn.optimizely.com/js/13477600374.js", + "https://bat.bing.com/p/action/5797759.js", + "https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://a.impactradius-tag.com/mediasource-A122588-852f-4501-9972-9515a4f53da31.js", + "https://www.hostgator.com/_next/static/runtime/polyfills-31f3ad766330c3157d95.js", + "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/_app.js", + "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/pages/index.js", + "https://www.hostgator.com/_next/static/runtime/webpack-83bd83ab777f80a6c75c.js", + "https://www.hostgator.com/_next/static/chunks/framework.4fc08a4a599cac03ddf5.js", + "https://www.hostgator.com/_next/static/chunks/60aafdb66a57b57b76936ce193fee053374e679c.cdd375bd63e4f4a5a41b.js", + "https://www.hostgator.com/_next/static/runtime/main-a00d7acfcccd82e343f6.js", + "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_ssgManifest.js", + "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js", + "https://www.hostgator.com/_next/static/5a0OWA7iirtDqpl2xeXE4/_buildManifest.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071979603/?random=1650396033510&cv=9&fst=1650396033510&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.hostgator.com%2F&tiba=Web%20Hosting%20-%202022%27s%20Best%20Website%20Hosting%20%7C%20HostGator&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", + "https://www.hostgator.com/_next/static/css/1746e01e071caaad90f08af905f64c7649b9fd98_CSS.27b3968e.chunk.css", + "https://6241250.fls.doubleclick.net/activityi;src=6241250;type=remar0;cat=hg-al0;ord=1;num=152669004837;gtm=2wg4i1;auiddc=30830049.1650396032;u1=prospect;u2=%2F;u5=noConsent-none;~oref=https%3A%2F%2Fwww.hostgator.com%2F", + "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html" + ], + "public": 1, + "adversary": "", + "targeted_countries": [ + "Tunisia" + ], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1189", + "name": "Drive-by Compromise", + "display_name": "T1189 - Drive-by Compromise" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 7, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 1339, + "URL": 4622, + "domain": 1260, + "FileHash-SHA256": 692, + "FileHash-MD5": 3, + "FileHash-SHA1": 1 + }, + "indicator_count": 7917, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 69, + "modified_text": "1254 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "625f6d2300f3002b1d0f8a68", + "name": "CPANEL-TUCOWS \u2014malware hosting", + "description": "FBEvents-PostalCodeType, a new type of phone number type, has been added to the list of \"signals\" that can be controlled by a specialised operator.", + "modified": "2022-05-19T00:00:49.028000", + "created": "2022-04-20T02:17:07.272000", + "tags": [ + "tucows", + "vimeo", + "enter otp", + "foruserlogin", + "username", + "email address", + "phone number", + "click", + "null", + "otpviamail", + "otpviasms", + "error", + "regexp", + "edge", + "elem", + "function", + "handle", + "return", + "expando", + "match", + "selector", + "android", + "false", + "date", + "target", + "class", + "mark", + "copy", + "capture", + "seed", + "pass", + "enough", + "code", + "never", + "core", + "local", + "verify", + "fall", + "accept", + "done", + "find", + "internal", + "inject", + "possible", + "prop", + "trigger", + "qe", + "number", + "string", + "copyright", + "uint8array", + "xhfunction", + "yhfunction", + "gtmwrdf3cb", + "host", + "path", + "gaugescookie", + "gaugesuniqueday", + "gaugesgauges", + "slice", + "image", + "gaugestracker", + "gaugesunique", + "script", + "closure library", + "typeerror", + "symbol", + "array int8array", + "caregexp", + "legacy", + "extra", + "bootstrap", + "medium", + "large", + "segoe ui", + "roboto", + "oxygensans", + "ubuntu", + "cantarell", + "helvetica neue", + "dataalignleft", + "figcaption", + "video", + "ff6c2c", + "styles", + "badges", + "small", + "woff2", + "fontface", + "sans", + "u1c801c88", + "u20b4", + "u2de02dff", + "ua640a69f", + "ufe2efe2f", + "u04b004b1", + "u2116", + "arial", + "helvetica", + "montserrat", + "productnav", + "secondarynav", + "typecheckbox", + "menlo", + "monaco", + "consolas", + "twitter", + "font awesome", + "license", + "brands", + "duotone", + "msie", + "russia", + "paypal", + "enduser license", + "agreement", + "europe", + "typeof t", + "typeof e", + "typeof", + "version", + "attr", + "pseudo", + "object", + "array", + "invalid attempt", + "typeof symbol", + "survey", + "trident", + "form", + "fullscreen", + "property", + "311218982", + "textjavascript", + "piscriptnum", + "hj", + "hotjar", + "email", + "telefon", + "meta", + "cookie", + "keypress", + "live", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "udc66udc67", + "ud83d", + "ufe0f", + "ud83e", + "udc68udc69", + "udfcbudfcc", + "u2640u2642", + "source", + "ud83dudc6cud83c", + "cookiebot", + "iabv2", + "jsonversion", + "cookie script", + "methodstrict", + "ticket", + "id attribute", + "cookiebot setup", + "cookieconsent", + "project", + "reduceright", + "trackevent", + "pageview", + "gtmwb4lhq4", + "void", + "pfunction", + "contenttype", + "zfunction", + "bfunction", + "mvoid", + "ofunction", + "thank", + "f39c11", + "quick question", + "difficult", + "easy", + "poll", + "typeof window", + "invalid uuid", + "functional", + "member", + "hnew regexp", + "qfunction", + "adview", + "addbillinginfo", + "addtocart", + "addtolist", + "contact", + "download", + "install", + "signup", + "addtowishlist", + "lead", + "custom", + "typeof require", + "sha256", + "viewcontent", + "search", + "iterator", + "boolean", + "service", + "phonenumber", + "facebook", + "javascript", + "1cend" + ], + "references": [ + "xfe-URL-Cpanel.com-stix2-2.1-export.json", + "https://pi.pardot.com/pd.js", + "https://connect.facebook.net/signals/config/285857426541675?v=2.9.57&r=stable", + "https://www.redditstatic.com/ads/pixel.js", + "https://snap.licdn.com/li.lms-analytics/insight.min.js", + "https://static.ads-twitter.com/uwt.js", + "https://www.googleadservices.com/pagead/conversion_async.js", + "https://static.hotjar.com/c/hotjar-1683409.js?sv=7", + "https://www.google-analytics.com/analytics.js", + "https://consent.cookiebot.com/da52fc49-8e48-42b7-9ad3-c219404f6f92/cc.js?renew=false&referer=cpanel.net&dnt=false", + "https://consentcdn.cookiebot.com/consentconfig/da52fc49-8e48-42b7-9ad3-c219404f6f92/cpanel.net/configuration.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-WB4LHQ4", + "https://www.bugherd.com/sidebarv2.js?apikey=kmu00qbvuigehexs5chefq", + "https://consent.cookiebot.com/uc.js", + "https://cpanel.net/wp-includes/js/wp-emoji-release.min.js?ver=5.6", + "https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js", + "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/728582492/?random=1650418372747&cv=9&fst=1650418372747&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4", + "https://www.googleadservices.com/pagead/conversion/854235671/?random=1650418372749&cv=9&fst=1650418372749&num=1&value=0&label=PRNxCIWemu8BEJe0qpcD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2wg4i1&sendb=1&ig=1&data=ads_data_redaction%3Dfalse&frm=0&url=https%3A%2F%2Fcpanel.net%2F&tiba=Hosting%20Platform%20of%20Choice&gcs=G111&did=dMWZhNz&edid=dMWZhNz&auid=2050955691.1650418373&capi=2&hn=www.googleadservices.com&btty", + "https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https%3A%2F%2Fcpanel.net%2F&referrer=", + "https://www.1.cpanel.net/analytics?conly=true&visitor_id=311218274&visitor_id_sign=3e1116a56bfd91923fe15cac565b502779c6ec3fe7449557f3940ba04e77079951b9efb044c2275f4211d26742585a9d14544eae&pi_opt_in=&campaign_id=33566&account_id=872471&title=Hosting%20Platform%20of%20Choice&url=https://cpanel.net/&referrer=", + "https://script.hotjar.com/survey-v2.3716506838f2208ab9e2.js", + "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/script.js?ver=5.6", + "https://cpanel.net/wp-content/themes/cPbase/assets/js/dist/cpbase.js?ver=5.6", + "https://cpanel.net/wp-includes/js/wp-embed.min.js?ver=5.6", + "https://pro.fontawesome.com/releases/v5.13.1/css/all.css", + "https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html", + "https://consentcdn.cookiebot.com/sdk/bc-v4.min.html", + "https://cpanel.net/wp-content/themes/cPbase/style.css?ver=5.6", + "https://cpanel.net/wp-includes/css/dist/block-library/style.min.css?ver=5.6", + "https://fonts.googleapis.com/css?family=Open+Sans:100,200,300,400,500,600,700%7CMontserrat:100,200,300,400,500,600,700", + "https://cpanel.net/wp-content/themes/cPbase/assets/css/version96.css", + "https://cpanel.net/wp-content/themes/cPbase/assets/css/roadmap.css", + "xfe-URL-pi.pardot.com-stix2-2.1-export.json", + "xfe-URL-Cpanel.net-stix2-2.1-export.json", + "https://secure.gaug.es/track.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-WRDF3CB", + "https://149371662.v2.pressablecdn.com/wp-includes/js/jquery/jquery.js", + "https://149371662.v2.pressablecdn.com/wp-content/plugins/user-verification/assets/front/js/scripts-otp.js", + "https://player.vimeo.com/video/571271613", + "https://bid.g.doubleclick.net/xbbe/pixel?d=KAE" + ], + "public": 1, + "adversary": "", + "targeted_countries": [ + "Tunisia" + ], + "malware_families": [ + { + "id": "Qe", + "display_name": "Qe", + "target": null + }, + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "ReduceRight", + "display_name": "ReduceRight", + "target": null + } + ], + "attack_ids": [ + { + "id": "T1036", + "name": "Masquerading", + "display_name": "T1036 - Masquerading" + }, + { + "id": "T1056", + "name": "Input Capture", + "display_name": "T1056 - Input Capture" + }, + { + "id": "T1059", + "name": "Command and Scripting Interpreter", + "display_name": "T1059 - Command and Scripting Interpreter" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "display_name": "T1140 - Deobfuscate/Decode Files or Information" + }, + { + "id": "T1218", + "name": "Signed Binary Proxy Execution", + "display_name": "T1218 - Signed Binary Proxy Execution" + }, + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "display_name": "T1547 - Boot or Logon Autostart Execution" + } + ], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 10, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "hostname": 3487, + "URL": 10195, + "domain": 1182, + "FileHash-SHA256": 815, + "FileHash-MD5": 3, + "FileHash-SHA1": 1 + }, + "indicator_count": 15683, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 69, + "modified_text": "1254 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + }, + { + "id": "62526269ae126bddc2a926db", + "name": "Malware", + "description": "", + "modified": "2022-05-10T00:02:48.350000", + "created": "2022-04-10T04:51:53.521000", + "tags": [ + "webkitkeyframes", + "20deg", + "5deg", + "45deg", + "10px00", + "2000px00", + "2000px", + "2000px0", + "30deg", + "60px0", + "input", + "typecheckbox", + "typeof r", + "64e3", + "urlsearchparams", + "ofunction", + "function", + "pfunction", + "bfunction", + "ffunction", + "ifunction", + "load", + "date", + "hj", + "object", + "hotjar", + "email", + "typeof symbol", + "error", + "typeof e", + "telefon", + "regexp", + "surveys", + "survey", + "meta", + "cookie", + "keypress", + "null", + "trident", + "live", + "fullscreen", + "generic", + "window", + "widget", + "ciudad", + "adore", + "experiment", + "mutation", + "typeof hj", + "surveyv2", + "surveyisolated", + "heatmapviewer", + "notification", + "sentry", + "click", + "samesitelax", + "tbet", + "token1", + "token2", + "token3", + "token4", + "token5", + "number", + "html", + "button", + "zip code", + "lh", + "string", + "copyright", + "xgfunction", + "closure library", + "xdfunction", + "ydfunction", + "adfunction", + "cdfunction", + "typeof t", + "class", + "attr", + "pseudo", + "child", + "typeof module", + "gtmmlvpdtj", + "host", + "path", + "image", + "promise", + "error send", + "subscription", + "indexes", + "s2no", + "trackdata", + "push", + "unable", + "registration", + "array", + "typeof enulle", + "chrome", + "view", + "welcome", + "ad blocker", + "safari browser", + "phone", + "send", + "whatsapp", + "datasmart", + "blank", + "amazing body", + "level hardcore", + "bulking", + "cutting", + "no side", + "effects free", + "workout guides", + "every", + "item free", + "click here", + "sans", + "woff2", + "fontface", + "u1c801c88", + "u20b4", + "u2de02dff", + "ua640a69f", + "ufe2efe2f", + "u04b004b1", + "u2116", + "ratio", + "apple iphone", + "apple ipad", + "apple ipod", + "xmlhttprequest", + "post", + "contenttype", + "text", + "symbol", + "typeof", + "macintel" + ], + "references": [ + "http://nvqonvfylkxdjc.com/", + "https://unekds98kksw.com/2022/player_default1/current-device.min.js", + "https://unekds98kksw.com/2022/player_default1/send.js", + "https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800", + "https://youridealbody.xyz/lp6?bemobdata=c%3D752f3aef-dd8a-4507-a8cd-fe0f9b15c4e5..l%3D94aed4ec-30ac-424c-9e71-bf528195b1d7..f%3D928350ba-6450-412a-8ac7-3ee25ff4287e..a%3D2..b%3D1..z%3D0.00031..e%3D536878068779029425..c1%3D2627325..c2%3D2001342..c3%3DUS..c4%3Dios..c5%3Dios15..c6%3Dmobile..c7%3Dverizon-us..c8%3Dsafari..c10%3Den", + "https://cpatools.cc/js/linksmart.js", + "https://adsiblocker.com/index.php?key=sh3en4m6rxvscfptoc65&visitor_id=536878455372222772&cost=0.000501&zoneid=2627325&campaignid=5420841&device=iphone&browser=safari&os=ios&osversion=ios15&country=US&language=en&isp=verizon%20business&source=propellerads", + "https://adsiblocker.com/index.php?lp=1&uclick=sc46oji4", + "https://www.flirt4fuck.com/c/1de75401f8c75130?s1=181_4239973_cfa_mob_US_pop&s2=8639661&s3=2627325", + "https://www.flirt4fuck.com/js/pushjs/1.0.0/utils.js", + "https://www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js", + "https://www.flirt4fuck.com/js/pushjs/1.0.0/subscriber.js", + "https://www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ", + "https://code.jquery.com/jquery-3.6.0.min.js", + "https://www.googletagmanager.com/gtag/js?id=UA-145157900-3", + "https://onenightflirt.com/lps/jumps/2/script.js", + "https://assets.topsrcs.com/js/script_wf.js", + "https://static.hotjar.com/c/hotjar-2908146.js?sv=6", + "https://script.hotjar.com/modules.9beafb9ca96c2f868fe2.js", + "https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194", + "https://onenightflirt.com/lps/jumps/2/style.css", + "https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html", + "https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css", + "xfe-URL-nvqonvfylkxdjc.com-stix2-2.1-export.json" + ], + "public": 1, + "adversary": "", + "targeted_countries": [], + "malware_families": [ + { + "id": "hj", + "display_name": "hj", + "target": null + }, + { + "id": "Lh", + "display_name": "Lh", + "target": null + } + ], + "attack_ids": [], + "industries": [], + "TLP": "white", + "cloned_from": null, + "export_count": 10, + "upvotes_count": 0, + "downvotes_count": 0, + "votes_count": 0, + "locked": false, + "pulse_source": "web", + "validator_count": 0, + "comment_count": 0, + "follower_count": 0, + "vote": 0, + "author": { + "username": "adjadex1@gmail.com", + "id": "187163", + "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", + "is_subscribed": false, + "is_following": false + }, + "indicator_type_counts": { + "domain": 202, + "URL": 846, + "FileHash-SHA256": 154, + "hostname": 268, + "FileHash-MD5": 6, + "FileHash-SHA1": 1 + }, + "indicator_count": 1477, + "is_author": false, + "is_subscribing": null, + "subscriber_count": 67, + "modified_text": "1263 days ago ", + "is_modified": true, + "groups": [], + "in_group": false, + "threat_hunter_scannable": true, + "threat_hunter_has_agents": 1, + "related_indicator_type": "FileHash-MD5", + "related_indicator_is_active": 1 + } + ], + "url": "https://otx.alienvault.com/indicator/file/5d41402abc4b2a76b9719d911017c592" + } + ], + "latest_analysis": { + "indicator": { + "value": "5d41402abc4b2a76b9719d911017c592", + "indicator_type": "hash", + "confidence": 0.0, + "first_seen": null, + "last_seen": null, + "sources": [] + }, + "risk_level": "High", + "risk_score": 0.75, + "threat_types": [ + "typesubmit", + "error send", + "and paste", + "placeroot", + "paris", + "back", + "udc68udc69", + "apptree", + "uetpush", + "local", + "configrender", + "hostgator", + "iwe didn", + "cookiebot", + "ergebnisse", + "august", + "soul", + "type", + "sil ofl", + "webpackexports", + "waypoint", + "function", + "format", + "experiment", + "trigger", + "javascript", + "starter", + "xsnull", + "dataalignleft", + "match", + "typeof e", + "ver0", + "aw981889198", + "help scout", + "copyright", + "waiting", + "aw981945515", + "activexobject", + "ieproto", + "win64", + "scroll", + "axeptio", + "domparser", + "video", + "uint32array", + "hfunction", + "prop", + "zero", + "bfunction", + "anda", + "inline script", + "ctnull", + "facebook pixel", + "invalid attempt", + "aafunction", + "2000px", + "montserrat", + "blockedemail", + "tente", + "simon andersson", + "host", + "registration", + "saconv", + "not copy", + "verify", + "image", + "integration", + "sentry", + "sympathizing", + "klik", + "medium", + "gtmwb4lhq4", + "amazing body", + "ufe2efe2f", + "8760", + "rserver", + "email", + "whatsapp", + "string", + "fnumber", + "button", + "track form", + "object", + "n nn", + "cacb", + "typecheckbox", + "enter otp", + "byte", + "textjavascript", + "input", + "token4", + "https", + "namebackurl", + "typeof define", + "800px", + "bulking", + "victorydll", + "secs", + "code", + "get started", + "webflow", + "fast", + "rejectall", + "typeof n", + "level hardcore", + "typeof document", + "contenttype", + "duotone", + "possible", + "trident", + "ud83e", + "slideshow", + "which", + "trackevent", + "gsxr89skrrs", + "href", + "roboto", + "learn", + "project", + "fred blundun", + "ua ch", + "startr", + "trackingclient", + "source", + "urlsearchparams", + "policy", + "property", + "n color", + "cookie tracking", + "dom element", + "unable", + "qss7", + "workout guides", + "capture", + "token5", + "u2de02dff", + "modulenotfound", + "irfcd", + "gdpr", + "null", + "warranties or", + "deployurl", + "iterator", + "oldcctid", + "chart", + "helvetica", + "every", + "typeof blob", + "footer", + "customuserspeed", + "hostn host", + "error", + "typeof q", + "move", + "addbillinginfo", + "pass", + "rgpd", + "use visitor", + "ud83dudc6cud83c", + "ufunction", + "redfoxtrot", + "driftconductor", + "typeerror", + "typeof window", + "must", + "license", + "root", + "script", + "surveyisolated", + "pfunction", + "u2c602c7f", + "90deg", + "privacy", + "agreement", + "cc by", + "factory", + "tracking file", + "support", + "custom", + "context", + "surveys", + "html", + "tucows", + "target", + "math", + "action", + "phonenumber", + "mixitup", + "ember", + "beacon", + "unless", + "kontaktiere", + "ufe0f", + "udfcbudfcc", + "captcha", + "cxlc", + "poll", + "click here", + "page", + "instanceof", + "totalvalue", + "ddfunction", + "quaker", + "win32", + "index", + "infinity", + "qe", + "guji", + "woff2", + "beaconversion", + "welcome", + "locale", + "este", + "download", + "quota", + "swiper", + "ff6c2c", + "u2113", + "post", + "telefon", + "customevent", + "pluginname", + "token2", + "cookieconsent", + "date", + "f420", + "varname", + "june", + "noto", + "iabv2", + "methodstrict", + "fancybox", + "apple ipod", + "cgrecaptchacfg", + "ua411335272", + "username", + "g6q8lh84qh0", + "sufeffxa0", + "tospage", + "cantarell", + "custom build", + "green", + "typeof pdata", + "mouseleave", + "quora pixel", + "c server", + "black", + "pixel code", + "checkbox", + "service", + "simple", + "nn function", + "event", + "obsolete", + "blob", + "dtha", + "font awesome", + "u2116", + "adview", + "android", + "fullscreen", + "live", + "lead", + "gaugescookie", + "example", + "iframe", + "1cend", + "number", + "request", + "emotion", + "generic", + "super", + "drift widget", + "send", + "phone number", + "recaptchaapi", + "thank", + "chnew ka", + "ubuntu", + "new boolean", + "mktz", + "template7class", + "weglot", + "jfunction", + "facebook", + "attr", + "backurl", + "info", + "typeof self", + "bsnull", + "data", + "afunction", + "targetdom", + "mais", + "creates custom", + "array int8array", + "rule", + "class", + "false", + "small batch", + "easy", + "typeof i18n", + "comment", + "monaco", + "kjy9", + "text display", + "partnerlookup", + "10px00", + "please do", + "expecting iab", + "demo", + "accept", + "vasaris", + "addcookiedomain", + "zsiqchatwindow", + "hnew regexp", + "decision", + "fall", + "iab2", + "w0b4", + "hs pixel", + "clickdataapi", + "ad blocker", + "please", + "311218982", + "esnull", + "difficult", + "variable", + "45deg", + "azaz09", + "body", + "typeof y", + "male female", + "gets", + "20deg", + "invalid code", + "template7", + "sans", + "typesearch", + "ud83d", + "nullt", + "kill", + "main", + "internal", + "ua640a69f", + "backstory", + "caregexp", + "vrai", + "team", + "quick question", + "irmstevent", + "nameregion", + "apache", + "adveid", + "text", + "nonce", + "eace", + "click", + "controller", + "return", + "strong", + "styles", + "zsiqlsdb", + "affiliatepage", + "notification", + "outer", + "samesitelax", + "home page", + "ngrecaptcha", + "magento", + "mvoid", + "getnow", + "dwelltime", + "done", + "russia", + "segoe ui", + "msie", + "sharp panda", + "surveyv2", + "campaign", + "functional", + "zfunction", + "yfunction", + "typeradio", + "typeof require", + "r300", + "anura", + "browse", + "webview", + "never", + "gaugestracker", + "viewcontent", + "zip code", + "home cta", + "zldt", + "explorer", + "menlo", + "u0259", + "typeof wpcf7", + "february", + "filter", + "mark", + "load snowplow", + "siqfloat", + "addtowishlist", + "linear", + "i18n", + "enter", + "gaugesunique", + "member id", + "your partner", + "twitter", + "zldpersonalize", + "xmlhttprequest", + "cdfunction", + "chrome", + "09af", + "blank", + "cfunction", + "typeof", + "badges", + "gnu general", + "animation", + "ticket", + "ifunction", + "focusin", + "publicurl", + "typeof o", + "derek", + "typeof t", + "pnull", + "siqpersonalize", + "europe", + "item free", + "hidden", + "cookie script", + "gaugesuniqueday", + "catched", + "copy", + "cutting", + "enterprise", + "awconversionid", + "otpviasms", + "handle", + "googlesignals", + "zepto", + "replace", + "free", + "keypress", + "search", + "rnull", + "foruserlogin", + "forwardref", + "leave", + "gratis beratung", + "rfc3986", + "acceptall", + "typeof hj", + "stop", + "webpackrequire", + "watched", + "ciudad", + "udc66udc67", + "token1", + "analyzing", + "next", + "canvas", + "oref", + "offer", + "vimeo", + "s2no", + "safari browser", + "this code", + "revenir", + "g1f7wlmm0k2", + "widgetrootqa", + "dynamic tag", + "otpviamail", + "truetype", + "partner lookup", + "apple iphone", + "tbet", + "survey", + "u1c801c88", + "load", + "april", + "expando", + "gurp", + "statict", + "64e3", + "nttt", + "query", + "znotifytracking", + "gtmmwm9r93", + "loader", + "slice", + "legacy", + "irgbd", + "effects free", + "macintel", + "isdocker", + "bad expr", + "cookiesfunction", + "dword", + "landstrae", + "soul framework", + "zldtrigger", + "clicked", + "typeemail", + "pseudo", + "5deg", + "widgtheme", + "angularjs", + "secondarynav", + "enduser license", + "hnull", + "style", + "unknown", + "u04b004b1", + "f3e3", + "apple ipad", + "close", + "promise", + "typeof module", + "genven", + "webkittransform", + "refererurl", + "selector", + "sr1t", + "getmainpageub", + "southeast", + "d85521", + "fieldset", + "beaconid", + "seed", + "adfunction", + "xhfunction", + "queueingchats", + "kontakt", + "reload", + "x3e3", + "fanull", + "xdfunction", + "eacb", + "cnew date", + "trackpageview", + "dataspy", + "newdomainid", + "siqbutton", + "efunction", + "reduceright", + "adore", + "jsonversion", + "emoji", + "focusout", + "ucvw", + "yes no", + "mit license", + "phase", + "xfunction", + "portland", + "meteor", + "apple color", + "u003cu003e", + "gettitle", + "inject", + "svoid", + "integer", + "jquery", + "digitalocean", + "beaconenv", + "render", + "heatmapviewer", + "hubspot", + "tag0", + "callback", + "g0cbkgbkb3j", + "nova", + "edge", + "pageload", + "void", + "acronym", + "2000px0", + "gtmmlvpdtj", + "child", + "email address", + "nfunction", + "typeof c", + "speed", + "typevalue", + "display", + "2000px00", + "deviceandgeo", + "r420", + "original file", + "without", + "brands", + "30deg", + "self", + "component", + "fragment", + "open", + "60px0", + "version", + "ocsf", + "consolas", + "ydfunction", + "mutation", + "u20ad20cf", + "yhfunction", + "paypal", + "u20a020ab", + "mit mehr", + "dustmap", + "isnan", + "linode", + "pageview", + "install", + "basis", + "adwords", + "helvetica neue", + "scattr", + "qfunction", + "romance", + "40px", + "show", + "extdata0", + "smoothscroll", + "core", + "mehr", + "display support", + "yefunction", + "lh", + "c communication", + "ve6h", + "error setting", + "function code", + "figcaption", + "visitor", + "color", + "widget", + "cookiebot setup", + "ffunction", + "dptw", + "bootstrap", + "new date", + "currency", + "token3", + "constantvalue", + "extra", + "enough", + "phasesplit", + "new york", + "typeof enulle", + "typeof l", + "checks", + "jahre erfahrung", + "n strictly", + "minified", + "typenumber", + "width", + "arial", + "typeof r", + "large", + "primary intent", + "expr", + "html tags", + "f39c11", + "datasmart", + "meta", + "this", + "batal", + "gtmphvk7ln", + "elem", + "rangeto", + "invalid uuid", + "typeof d", + "json", + "no side", + "downloader", + "window", + "js foundation", + "piscriptnum", + "pdatawrapper", + "100vw", + "jnull", + "uint8array", + "xu", + "push", + "hotjar", + "outubro", + "soul backdoor", + "as is", + "subscription", + "u1e001eff", + "commandremove", + "clkg", + "cacf", + "height", + "distributed", + "insikt", + "gfunction", + "typeof b", + "u2020", + "member", + "u2640u2642", + "vui", + "productnav", + "trackdata", + "find", + "oxygensans", + "ofunction", + "a4ssliche", + "anthon pang", + "lfunction", + "indonesia", + "author", + "alex dean", + "franais", + "ox20trnf", + "currencysymbol", + "typeof symbol", + "view", + "uigm", + "gtmnj8zjvs", + "angular", + "array", + "maincontent", + "groupstart", + "hj", + "aaed", + "isscout", + "rabu", + "closure library", + "flip", + "prev", + "diego", + "vultr", + "endr", + "contact", + "iab tcf", + "gdzw", + "webkitkeyframes", + "form", + "id attribute", + "sha256", + "soulsearcher", + "fcee", + "gtmpdqg75", + "enter their", + "public license", + "kunden die", + "linkedin", + "tokyo", + "eachb", + "spacer", + "select", + "caca", + "banner", + "gtmwrdf3cb", + "indexes", + "cancel", + "generator", + "addtolist", + "symbol", + "phone", + "path", + "neue", + "gfvhxsm5zyl", + "gaugesgauges", + "span", + "vd", + "boolean", + "globalvariable", + "signup", + "sticky", + "cookie", + "regexp", + "xgfunction", + "ratio", + "apache license", + "u20b4", + "yaay", + "srpanj", + "guide my", + "typetext", + "fontface", + "snowplow", + "config", + "addtocart", + "rfc1738", + "federico zivolo", + "lato", + "confirm", + "begin doc", + "invalid", + "small", + "ynull", + "typetel" + ], + "summary": "1. Risk level: High\n\n2. Threat types involved: typesubmit, error send, placeroot, back, local, configrender, hostgator, cookiebot, soul, function, trigger, javascript, starter, facebook pixel, invalid attempt, blockedemail, registration, image, integration, email, button, enter otp, token4, cookie tracking, capture, token5, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy,", + "detailed_analysis": "1. Risk level: High\n\n2. Threat types involved: typesubmit, error send, placeroot, back, local, configrender, hostgator, cookiebot, soul, function, trigger, javascript, starter, facebook pixel, invalid attempt, blockedemail, registration, image, integration, email, button, enter otp, token4, cookie tracking, capture, token5, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy, agreement, cookie tracking, surveyisolated, privacy,", + "recommendations": [ + "Consider blocking this indicator" + ], + "source_links": [ + { + "source": "AlienVault OTX", + "url": "https://otx.alienvault.com/indicator/file/5d41402abc4b2a76b9719d911017c592" + } + ], + "analysis_timestamp": "2025-10-24T00:13:20.638293", + "confidence": 100.0 + }, + "analysis_metadata": { + "indicator_type": "hash", + "indicator_value": "5d41402abc4b2a76b9719d911017c592", + "analysis_timestamp": "2025-10-24T00:13:20.638293", + "risk_level": "High", + "risk_score": 0.75, + "confidence": 100.0 + } +} \ No newline at end of file