← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cyber Bully Attackers | Revenge Attacks | Remote attackers | Malware Packed |
WHITE Q.Vashti 2026-03-21 Modified: 2026-04-20
14134
IOCs
HIGH VOLUME
Several government entities, attorneys have sought porn revenge including physical violence, attempted crimes, malicious prosecution case , harassment when a female patient of man formerly known as Jeffrey Scott Reimer of Chester Springs, PA, violently, critically injured patient in a sexually charged assault [URL http://foundry2-lbl.dvr.dn2.n-helix.com https://foundry2-lbl.dvr.dn2.n-helix.com foundry2-lbl.dvr.dn2.n-helix.com https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ http://datafoundry.com http://foundry2sdbl.dvr.dn2.n-helix.com https://209-99-40-223.fwd.datafoundry.com datafoundry.com
sc datadata uploadplease subinclude dataextractionfailedsc pulseidron anvextr pleaseinclude reviewexclude suggesstop showtyp domainunitedvirtoolname serverscrypemailswin32ip addresswormtrojanlearnsuspiciousinformativeck idname tacticscommandadversariesspawnsssl certificateinitial accesslink initialprefetch8mitre attck matrixflagwindows ntwin64acceptencryptformhybridbypassgeneralpathiframeclickstringsanchor httpsanchorliberalsabeyliberal friendsmetahtml internethtml documentunicode textutf8 textinfo initialaccess ta0001compromiset1189 networkcommunicationget httpartifacts vfull reportsv gethelp dnsresolutionsip trafficextr dataenter scextra datareferenbrothpassive dnsurlshttphostnamefiles domainfiles relatedrelated tagsnone googlesafe browsinginquest labslucas achacode integritychecks creationotx logoall hostnamefilesdomainprotectdatetitleexchangese httppresent janpresent febpresent decbackdoorcertificateall domainalibaba cloudhichinaporkbun llccloudflarenamecheap incnamecheapdomainsdynadot llcasciodenmarkurl httpsfilehashsha256url httpdopple aisnitiocsotx descriptioninformationreport spamdelete servicepoemhuntermaliciousporn revengebrian sabeysall reportspam deleterl httphttpsexpiration httpspam brianswippertype indicatorrole titleadded activerelated pulsesfilehashmd5filehashsha1sha256scanlearn moreindicators showtbmvidsourcelnmszx1724209326040xxx videosxxxvideohdadversarypackingpalantir.comdiscoveryvictim won casedoin itpalantirian abuseapplesabey data centersinsurancequasi governmentthe brother sabeyreimerlaw enforcementvessel statesabey pornhall evanschristopher ahmanndefamationgoogle
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Porn Revenge Tons of Malware
Indicators of Compromise (1 / 14134 total)
All URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 email hostname CVE SSLCertFingerprint
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2018-8453 2026-03-21
References (54)
↗ The Brothers Sabey – Conservatives with Liberal Friends • https://thebrotherssabey.com/ ↗ http://watchhers.net/index.php ↗ http://212.33.237.86/images/1/report.php ↗ https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian ↗ https://webmail.police.govmm.org/owa/ ↗ https://pks.wroclaw.sa.gov.pl:1443/ • portal.bialystok.sa.gov.pl ↗ https://tulach.cc/ phishing • 45.32.112.220 scanning_host • 45.76.79.215 ↗ Mark Brian Sabey ↗ Melvin Sabey ↗ Christopher P ‘Buzz’ Ahmann ↗ Ronda Cordova ↗ Unknown Persons impersonating Private Investigators (plural) ↗ Quasi Government Case ↗ Victim silenced. Struck by Car Driven by male police let walk ↗ Denver Police let this attempted murder walk. Cited him as a ghost driver ↗ Make driver stuck victim with large vehicle after PT unknowingly reported original assault Jeffrey Reiner to Dora ↗ Sexual and Physical Assaulter - Jeffrey Scott Reimer ↗ Reimer was a PT. Unknown whereabouts , name or job description ↗ Denver Police Department Major Crimes closed investigation ↗ Investigation closed when Brian Sabey initiated a malicious prosecution case against Victim ↗ I bring up the personal nature of the crime because a delete service has been used ↗ More than 1000 IoC’s including pulses have been ILLEGALLY removed ↗ All IoC’s originate from sources named. There are some unknown attackers ↗ This is a serious crime. I’m certain God WILL pay them. ↗ https://palantirwww.sweetheartvideo.com Mar 21, 2026, 2:06:10 PM 3 domain palantir.io Mar 21, 2026, 2:06:10 PM 34 URL https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ • www.palantir.com ↗ http://palantirwww.sweetheartvideo.com/ (weirdness) ↗ http://foundry2-lbl.dvr.dn2.n-helix.com • https://foundry2-lbl.dvr.dn2.n-helix.com ↗ foundry2-lbl.dvr.dn2.n-helix.com Mar 21, 2026, 2:06:10 PM 29 URL https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ Mar 21, 2026, 2:06:10 PM 8 URL http://datafoundry.com Mar 21, 2026, 2:06:10 PM 9 URL http://foundry2sdbl.dvr.dn2.n-helix.com Mar 21, 2026, 2:06:10 PM 17 URL https://209-99-40-223.fwd.datafoundry.com Mar 21, 2026, 2:06:10 PM 27 domain datafoundry.com Mar 21, 2026, 2:06:10 PM 40 hostname 209-99-40-223.fwd.datafoundry.com Mar 21, 2026, 2:06:1 ↗ foundry2-lbl.dvr.dn2.n-helix.com Mar 21, 2026, 2:06:10 PM 29 URL https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ Mar 21, 2026, 2:06:10 PM 8 URL http://datafoundry.com Mar 21, 2026, 2:06:10 PM 9 URL http://foundry2sdbl.dvr.dn2.n-helix.com Mar 21, 2026, 2:06:10 PM 17 URL https://209-99-40-223.fwd.datafoundry.com Mar 21, 2026, 2:06:10 PM 27 domain datafoundry.com Mar 21, 2026, 2:06:10 PM 40 hostname 209-99-40-223.fwd.datafoundry.com Mar 21, 2026, 2:06:1 ↗ https://rdweb.datafoundry.com/RDWeb/Pages/en-US/login.aspx ↗ https://www.datafoundry.com/data-center-contamination-control/ ↗ https://www.datafoundry.com/data-center-contamination-control/ ↗ https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ ↗ http://foundry2-lbl.dvr.dn2.n-helix.com/ ↗ https://207-207-25-201.fwd.datafoundry.com/ ↗ http://datafoundry.com • http://foundry2sdbl.dvr.dn2.n-helix.com • https://209-99-40-223.fwd.datafoundry.com • datafoundry.com • 209-99-40-223.fwd.datafoundry.com • beabetta.ifoundry.co.uk.s7b2.psmtp.com • foundry2sdbl.dvr.dn2.n-helix.com • fwd.datafoundry.com • 207-207-25-154.fwd.datafoundry.com • 207-207-25-156.fwd.datafoundry.com 207-207-25-160.fwd.datafoundry.com • 207-207-25-163.fwd.datafoundry.com • 207-207-25-164.fwd.datafoundry.com • 207-207-25-165.fwd.datafoundry.com Mar 21, 207-207-25-166.fwd ↗ http://datafoundry.com • https://209-99-40-223.fwd.datafoundry.com datafoundry.com • 209-99-40-223.fwd.datafoundry.com Mar 21, 2026, 2:06:10 PM 13 hostname beabetta.ifoundry.co.uk.s7b2.psmtp.com Mar 21, 2026, 2:06:10 PM 12 hostname foundry2sdbl.dvr.dn2.n-helix.com Mar 21, 2026, 2:06:10 PM 18 hostname fwd.datafoundry.com Mar 21, 2026, 2:06:10 PM 8 hostname 207-207-25-154.fwd.datafoundry.com Mar 21, 2026, 2:06:10 PM 19 hostname 207-207-25-156.fwd.datafoundry.com Mar 21, 2026, 2:06:1 ↗ https://rdweb.datafoundry.com/ ↗ https://www.palantir.io/docs/foundry/ontologies/test-changes-in-ontology/ ↗ http://foundry2sdbl.dvr.dn2.n-helix.com/ ↗ Updated | What’s left after theft ↗ 207-207-25-167.fwd.datafoundry.com • 207-207-25-168.fwd.datafoundry.com • 207-207-25-169.fwd.datafoundry.com ↗ 207-207-25-170.fwd.datafoundry.com • 207-207-25-171.fwd.datafoundry.com • 207-207-25-201.fwd.datafoundry.com ↗ https://www.datafoundry.com/category/news/press-releases/ (Fake Press) abuse ↗ https://www.datafoundry.com/category/news/press-releases/ ↗ 207-207-25-209.fwd.datafoundry.com • 207-207-25-212.fwd.datafoundry.com • 207-207-25-213.fwd.datafoundry.com • 209-99-64-53.fwd.datafoundry.com ↗ 209-99-69-91.fwd.datafoundry.com • dns1.datafoundry.com • dns2.datafoundry.com • rdweb.datafoundry.com ↗ www.go.datafoundry.com • http://207-207-25-209.fwd.datafoundry.com ↗ http://209-99-64-53.fwd.datafoundry.com • http://dns2.datafoundry.com • http://fwd.datafoundry.com ↗ http://pdns1.datafoundry.com/ • http://rdweb.datafoundry.com • http://rdweb.datafoundry.com/ ↗ https://rdweb.datafoundry.com/ • http://www.datafoundry.com • https://207-207-25-163.fwd.datafoundry.com • ↗ https://207-207-25-209.fwd.datafoundry.com • https://209-99-40-224.fwd.datafoundry.com/ ↗ https://209-99-64-53.fwd.datafoundry.com • https://dns1.datafoundry.com • https://dns2.datafoundry.com • https://fwd.datafoundry.com ↗ Some may may find this content is very disturbing and offensive