{ "type": "Domain", "indicator": "charge64.de", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/charge64.de", "alexa": "http://www.alexa.com/siteinfo/charge64.de", "indicator": "charge64.de", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4145649523, "indicator": "charge64.de", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "690e47a694d9bc5c12d83bc0", "name": "LimeRAT | Dark Room Dennis | SpyGlassPrism HealthCare", "description": "Invasive, dark , illegal. Malicious. Will sift through malware Spyware systems. Perpetual remote connections. Employed by Tam Legals Christopher P. Ahmann (Colorado government) to spy on, tamper with , annoy, terrorize, out of financial awards. \n\n spyglass-w_1_.png\n\nSize\n362B (362 bytes)\nMD5\n3c0e6546a44bd9a0f2768df07db5c1c9 Copy MD5 to clipboard\nSHA1\neddf26d1da4a140f2f963b8564c4e99cd6f1a677 Copy SHA1 to clipboard\nSHA256\n83eec393865a35363695d6f2416792d0117f551bb3e41d13b141d70e6b35e02c Copy SHA256 to clipboard", "modified": "2025-12-07T18:01:48.980000", "created": "2025-11-07T19:25:26.827000", "tags": [ "germany asn", "as24940 hetzner", "status connect", "associated", "present nov", "germany", "moved", "present oct", "accept", "germany unknown", "web trebuchet", "ms lucida", "grande lucida", "sans unicode", "lucida sans", "tahoma", "passive dns", "title", "error", "gmbh ccp", "germany germany", "asn as197540", "response ip", "address google", "safe browsing", "present jun", "present may", "present mar", "present jan", "urls", "aaaa", "gmt content", "type", "tags", "tag groups", "countries", "add country", "malware att", "ck it1140", "information", "cisco", "umbrella rank", "automatic", "webgl", "please", "november", "typeof function", "topropertykey", "masonry object", "prism function", "cookies", "source level", "reverse dns", "protocol h2", "security tls", "asn24940", "online gmbh", "general full", "url https", "falkenstein", "community forum", "it url", "youtube videos", "twitch kanal", "discord channel", "spenden", "shop url", "google", "hetzneras", "http", "april", "de summary", "ehingen", "march", "google safe", "browsing", "learn", "issues tab", "value", "masonry", "domainpath name", "cgjerrieegagfw", "label", "input", "suchen nach", "suche", "form", "hash", "name value", "main", "flag", "contacted hosts", "ip address", "process details", "windir", "openurl c", "prefetch2", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "defense evasion", "spawns", "found", "a domains", "ascio", "china unknown", "record value", "apache", "encrypt", "dns resolutions", "domains top", "level", "unique tlds", "related pulses", "related tags", "certificate", "hostname add", "url analysis", "files", "domain", "files ip", "address", "asn as24940", "less", "raspberry pi", "ubiquiti", "remote", "hostname", "pulse submit", "status", "entries", "x xss", "sameorigin x", "unicode text", "utf8 text", "click", "strings", "mitre att", "ck matrix", "pattern match", "ascii text", "href", "show process", "network traffic", "general", "hybrid", "local", "path", "monitored target", "spyglass", "spyware.", "pegasus systems", "prism", "colorado leg", "christopher p.ahmann", "ahmann", "christopher", "P", "tam legal", "treece", "alfrey", "muscat", "criminal", "jeffrey reimer", "theft", "remote connect", "schroeder dennis" ], "references": [ "Domain Name: schroederdennis.de | Status: connect", "remote.tecbuddy.de | remote.schneider-hv.de | remotedesktop.thedipling", "root-dns.netcup", "device-*******-*****-****-****-*********.remotewd.com", "ai-sandboxes.com", "Why Is this always a problem? Just curious. - http://wyblog.us/blog/rants/strikers-get-unemployment-benefits", "$ is funneled back to government, (quasi) , bonused \u2018doctors\u2019 State \u2018experts\u2019 who\u2026", "\u2026lie about the severity of injuries and do crap like this.", "This money belongs to people who paid insurance to cover on job injuries that happen in the job.", "Premise liability covers premises, employees and premises visitors. Weaponizing is not covered.", "Those attacked are the severely injured, survivors of dead workers, victims of providers.", "These people aren\u2019t in the dark. They are clear of the need to pay benefits.", "There are absolute losers in the dole illegally benefiting from the suffering others.", "https://hybrid-analysis.com/sample/00f5292bbe68d9edc68f9a22a750eafb58e4f8474e15a48e3cc217fbbd0cdef9/690e24bb39c801e6d80a824e", "\u2022 http://demo.ideaboxthemes.com/prism", "https://photoprism.thedipling.dns64.de/ \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "photoprism.thedipling.dns64.de \u2022 https://schroederdennis.de/wp-content/plugins/highlighting-code-block/assets/js/prism.js?ver=2.0.1", "\"OC47TWOY.txt\" has type \"ASCII text\"- [targetUID: N/A] \"spyglass-w_1_.png\" has type \"Unknown\"- [targetUID: N/A]", "\"spyglass-w_1_.png\" has type \"Unknown\" and extension \"png\" \"clock-g_1_.png\" has type \"Unknown\" and extension \"png\"", "Domain healthcareshapers.com \u2022 https://www.healthcareshapers.com/", "www.ventoxhealthcare.in \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "https://cullenbehavioralhealth.theraplatform.com/ \u2022 amghealthnetwork.com", "3ddruck-celle.de", "wwwwww.publicpublicwww.portal.apple-apple-number3.ipv64.net", "sonarr.app.pineapplegod.co.nz", "http://svc.ghlink.com/svc/Authenticate/Applications", "https://sap.dswd.gov.ph.index.ph \u2022 login.prod.siecm.gov.mg \u2022 nre-362.dev.nre.gss.gov.uk", "sdp-dev-ingest.ci.lineageandprovenance.gss.gov.uk", "http://www.xonitec.com/pornosu/yuotubesex.html", "rowanandbenporn.ssssssssssssshadow.home64.de", "https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6165363645315831&output=html&adk=1812271804&adf=3025194257&lmt=1713778114&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fschroederdennis.de%2Fubiquiti%2Fubiquiti-unifi-u6-plus-vs-u6-lite-vergleich-access-point-wifi%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCx", "https://urlscan.io/result/019a5fbd-e7c6-743a-b9a7-a20e8b2943cd/", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Packed.Rrat-9798963-0", "display_name": "Win.Packed.Rrat-9798963-0", "target": null }, { "id": "Win.Dropper.LimeRAT-9776087-0", "display_name": "Win.Dropper.LimeRAT-9776087-0", "target": null }, { "id": "Malware Packed", "display_name": "Malware Packed", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Healthcare", "Legal", "Government", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1258, "hostname": 2018, "URL": 3033, "FileHash-SHA256": 651, "email": 4, "FileHash-MD5": 62, "FileHash-SHA1": 69, "SSLCertFingerprint": 5 }, "indicator_count": 7100, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "176 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "690a2c38de1708af54217faa", "name": "Access Token used to steal security credentials & hack and ride DND of targeted individuals", "description": "- https://shift.gearboxsoftware.com/link\n- Found embedded in targets phone.\n\nAccess Token used to steal security credentials & hack and ride DND of targeted individuals device. \nTAM Legal \u2022 Tulach \u2022 Hall Render \u2022 Quasi Government | Some type of Foundry user account found. \n\nStop illegally \n stalking, harassment, attempts, hacking, death threats. . Because the Colorado government allowing entities like this to operate without any type of rules, oversight or boundaries \nMILLION$ were wasted in your own fraud, waste in abuse scheme. AT&T , CrowdStrike , United Healthcare , UC Healthcare, Intermountain Health, T-Mobile, Amazon East, the Colorado Government itself, Medicare and Medicaid. For what? You have zero talent so you take it from those who do. You have nothing coming to you so you steal it from those who do. Is this somehow legal? \n#contacted #all_hosts backdoor #ransomware #cve #usa #american_terrorists #workers_compenstation_abuse #silencing #targeting #hitmen #illegal #malvertizing #aws_dns", "modified": "2025-12-04T15:01:02.531000", "created": "2025-11-04T16:39:20.035000", "tags": [ "present aug", "moved", "encrypt", "present jul", "passive dns", "ipv4 add", "reverse dns", "united states", "present may", "ip address", "gmt content", "ipv4", "all ipv4", "america", "united", "present oct", "name servers", "redacted for", "emails", "for privacy", "unknown ns", "unknown aaaa", "dynamicloader", "focus region", "unicode text", "utf16", "ms windows", "bokeh onlycanon", "zeiss jena", "mcsonnar", "high", "win64", "stream", "write", "smartassembly", "trailer", "next", "search", "medium", "as15169", "write c", "reads", "team", "malware", "local", "yara detections", "delphi", "strings", "dcom", "form", "trojandropper", "mtb nov", "backdoor", "otx telemetry", "trojan", "type", "data upload", "extraction", "ol rop", "hash avast", "avg clamav", "msdefender nov", "win32upatre nov", "win32berbew nov", "dynamic", "pe section", "error", "close", "status", "urls", "expiration date", "hostname", "url analysis", "yara rule", "show", "binary file", "wine emulator", "mtb oct", "files", "denmark asn", "as32934", "candyopen", "possible", "smoke loader", "trojanspy", "filehash", "pulses otx", "related tags", "file type", "no analysis", "available", "api key", "screenshots", "present nov", "aaaa", "mtb may", "mexico", "hostname add", "registrar", "domain add", "location united", "email add", "none related", "domains", "email domain", "service", "domain", "america flag", "body", "title", "aws dns", "next associated", "risepro", "guard", "v full", "reports v", "t1059 shared", "modules", "t1129 system", "t1569", "help v", "t1179 boot", "logon autost", "encoding", "packing f0001", "hidden files", "e1203 windows", "file attributes", "registry value", "catalog tree", "analysis ob0001", "evasion b0003", "virtual machine", "ip traffic", "memory pattern", "pattern urls", "tls sni", "get https", "post https", "named pipe", "delete c", "radar", "defender", "format", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "mitre att", "ck techniques", "evasion att", "country", "contacted hosts", "process details", "flag", "globalc", "intel", "win32", "worm", "path", "explorer", "script", "href", "external", "html content", "tulach", "hallrender", "tam legal", "brian sabey", "christopher ahmann", "apple", "msie", "chrome", "ascio", "creation date", "date", "germany unknown", "germany asn", "files ip", "address", "asn as24940", "less", "script urls", "a domains", "prox", "dennis schrder", "meta", "apache", "99u25f.exe", "entries", "as24940 hetzner", "dns resolutions", "status code", "body length", "kb body", "software/ hardware", "external-resources", "password-input", "overview", "colorado" ], "references": [ "https://shift.gearboxsoftware.com/link", "https://tulach.cc/", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ \u2022 alohatube.xyz \u2022 1001pornvideos.com", "x402.porn \u2022 http://alohatube.xyz/search/tsara-brashears \u2022 \thttps://ufovpn.io/blog/is-eporner-safe", "https://www.turbo.net/run/videolan/vlc", "http://www.forensickb.com/2013/03/file-entropy-explained.html", "https://www.xlabs.com.br/blog/cve-2013-3304-dell-equallogic-directory-traversal/ \u2022 http://cve.phidias.com/", "Overview \"Keeping money\" by the Colorado workers' compensation system can refer to", "legal deductions, legitimate reasons for payment delays or denial, or potential issues that require legal", "counsel. The system does not \"keep\" money without a valid reason.Lies. they\u2019ve Ben in trouble before ." ], "public": 1, "adversary": "Colorado Quasi Government | Workerk Compensation", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Trojan.Generic-9878032-0", "display_name": "Win.Trojan.Generic-9878032-0", "target": null }, { "id": "Win.Trojan.Starter-171", "display_name": "Win.Trojan.Starter-171", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null }, { "id": "Backdoor:Win32/Berbew.AA!MTB", "display_name": "Backdoor:Win32/Berbew.AA!MTB", "target": "/malware/Backdoor:Win32/Berbew.AA!MTB" }, { "id": "Trojan:MSIL/AgentTesla.DW!MTB", "display_name": "Trojan:MSIL/AgentTesla.DW!MTB", "target": "/malware/Trojan:MSIL/AgentTesla.DW!MTB" }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Trojandropper:Win32/VB.IL", "display_name": "Trojandropper:Win32/VB.IL", "target": "/malware/Trojandropper:Win32/VB.IL" }, { "id": "Nemucod", "display_name": "Nemucod", "target": null }, { "id": "Berbew", "display_name": "Berbew", "target": null }, { "id": "PWS:Win32/Zbot.MS!MTB", "display_name": "PWS:Win32/Zbot.MS!MTB", "target": "/malware/PWS:Win32/Zbot.MS!MTB" }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null }, { "id": "Upatre", "display_name": "Upatre", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Win.Exploit.Rozena-10038302-0", "display_name": "Win.Exploit.Rozena-10038302-0", "target": null }, { "id": "Zombie", "display_name": "Zombie", "target": null }, { "id": "Trojan:Win32/Zombie", "display_name": "Trojan:Win32/Zombie", "target": "/malware/Trojan:Win32/Zombie" }, { "id": "Muldrop", "display_name": "Muldrop", "target": null }, { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Dorv", "display_name": "Dorv", "target": null }, { "id": "Win.Malware.Pits-10035540-0", "display_name": "Win.Malware.Pits-10035540-0", "target": null }, { "id": "Win.Ransomware.Msilzilla-10014498-0", "display_name": "Win.Ransomware.Msilzilla-10014498-0", "target": null }, { "id": "CVE-2023-4966", "display_name": "CVE-2023-4966", "target": null }, { "id": "Exploit:Linux/CVE-2017-17215", "display_name": "Exploit:Linux/CVE-2017-17215", "target": "/malware/Exploit:Linux/CVE-2017-17215" }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "CVE-2022-26134", "display_name": "CVE-2022-26134", "target": null } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6051, "hostname": 2627, "FileHash-MD5": 401, "FileHash-SHA1": 257, "email": 11, "domain": 1838, "FileHash-SHA256": 1742, "CVE": 4, "SSLCertFingerprint": 3 }, "indicator_count": 12934, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Domain Name: schroederdennis.de | Status: connect", "\u2022 http://demo.ideaboxthemes.com/prism", "Premise liability covers premises, employees and premises visitors. Weaponizing is not covered.", "Those attacked are the severely injured, survivors of dead workers, victims of providers.", "https://hybrid-analysis.com/sample/00f5292bbe68d9edc68f9a22a750eafb58e4f8474e15a48e3cc217fbbd0cdef9/690e24bb39c801e6d80a824e", "https://shift.gearboxsoftware.com/link", "remote.tecbuddy.de | remote.schneider-hv.de | remotedesktop.thedipling", "rowanandbenporn.ssssssssssssshadow.home64.de", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ \u2022 alohatube.xyz \u2022 1001pornvideos.com", "root-dns.netcup", "This money belongs to people who paid insurance to cover on job injuries that happen in the job.", "legal deductions, legitimate reasons for payment delays or denial, or potential issues that require legal", "Why Is this always a problem? Just curious. - http://wyblog.us/blog/rants/strikers-get-unemployment-benefits", "https://tulach.cc/", "www.ventoxhealthcare.in \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6165363645315831&output=html&adk=1812271804&adf=3025194257&lmt=1713778114&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fschroederdennis.de%2Fubiquiti%2Fubiquiti-unifi-u6-plus-vs-u6-lite-vergleich-access-point-wifi%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCx", "http://svc.ghlink.com/svc/Authenticate/Applications", "x402.porn \u2022 http://alohatube.xyz/search/tsara-brashears \u2022 \thttps://ufovpn.io/blog/is-eporner-safe", "https://www.xlabs.com.br/blog/cve-2013-3304-dell-equallogic-directory-traversal/ \u2022 http://cve.phidias.com/", "https://sap.dswd.gov.ph.index.ph \u2022 login.prod.siecm.gov.mg \u2022 nre-362.dev.nre.gss.gov.uk", "3ddruck-celle.de", "https://photoprism.thedipling.dns64.de/ \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "http://www.xonitec.com/pornosu/yuotubesex.html", "ai-sandboxes.com", "\"spyglass-w_1_.png\" has type \"Unknown\" and extension \"png\" \"clock-g_1_.png\" has type \"Unknown\" and extension \"png\"", "wwwwww.publicpublicwww.portal.apple-apple-number3.ipv64.net", "device-*******-*****-****-****-*********.remotewd.com", "$ is funneled back to government, (quasi) , bonused \u2018doctors\u2019 State \u2018experts\u2019 who\u2026", "These people aren\u2019t in the dark. They are clear of the need to pay benefits.", "There are absolute losers in the dole illegally benefiting from the suffering others.", "\"OC47TWOY.txt\" has type \"ASCII text\"- [targetUID: N/A] \"spyglass-w_1_.png\" has type \"Unknown\"- [targetUID: N/A]", "sdp-dev-ingest.ci.lineageandprovenance.gss.gov.uk", "counsel. The system does not \"keep\" money without a valid reason.Lies. they\u2019ve Ben in trouble before .", "https://www.turbo.net/run/videolan/vlc", "https://urlscan.io/result/019a5fbd-e7c6-743a-b9a7-a20e8b2943cd/", "photoprism.thedipling.dns64.de \u2022 https://schroederdennis.de/wp-content/plugins/highlighting-code-block/assets/js/prism.js?ver=2.0.1", "https://cullenbehavioralhealth.theraplatform.com/ \u2022 amghealthnetwork.com", "http://www.forensickb.com/2013/03/file-entropy-explained.html", "Overview \"Keeping money\" by the Colorado workers' compensation system can refer to", "\u2026lie about the severity of injuries and do crap like this.", "sonarr.app.pineapplegod.co.nz", "Domain healthcareshapers.com \u2022 https://www.healthcareshapers.com/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Colorado Quasi Government | Workerk Compensation" ], "malware_families": [ "Backdoor:win32/berbew.aa!mtb", "Pws:win32/zbot.ms!mtb", "Alf:heraklezeval:trojan:msil/gravityrat!rfn", "Ransom:win32/cve-2017-0147", "Win.packed.rrat-9798963-0", "Gravityrat", "Dorv", "Malware packed", "Win.malware.pits-10035540-0", "Upatre", "Win.exploit.rozena-10038302-0", "Win.dropper.limerat-9776087-0", "Win.trojan.generic-9878032-0", "Trojandropper:win32/vb.il", "Berbew", "Trojan:msil/agenttesla.dw!mtb", "Zombie", "Exploit:linux/cve-2017-17215", "Trojan:win32/zombie", "Trojanspy", "Cve-2022-26134", "Win.ransomware.msilzilla-10014498-0", "Win.trojan.starter-171", "Cve-2023-4966", "Win.trojan.barys-10005825-0", "Nemucod", "Muldrop", "Worm:win32/mofksys.rnd!mtb" ], "industries": [ "Legal", "Healthcare", "Government", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "690e47a694d9bc5c12d83bc0", "name": "LimeRAT | Dark Room Dennis | SpyGlassPrism HealthCare", "description": "Invasive, dark , illegal. Malicious. Will sift through malware Spyware systems. Perpetual remote connections. Employed by Tam Legals Christopher P. Ahmann (Colorado government) to spy on, tamper with , annoy, terrorize, out of financial awards. \n\n spyglass-w_1_.png\n\nSize\n362B (362 bytes)\nMD5\n3c0e6546a44bd9a0f2768df07db5c1c9 Copy MD5 to clipboard\nSHA1\neddf26d1da4a140f2f963b8564c4e99cd6f1a677 Copy SHA1 to clipboard\nSHA256\n83eec393865a35363695d6f2416792d0117f551bb3e41d13b141d70e6b35e02c Copy SHA256 to clipboard", "modified": "2025-12-07T18:01:48.980000", "created": "2025-11-07T19:25:26.827000", "tags": [ "germany asn", "as24940 hetzner", "status connect", "associated", "present nov", "germany", "moved", "present oct", "accept", "germany unknown", "web trebuchet", "ms lucida", "grande lucida", "sans unicode", "lucida sans", "tahoma", "passive dns", "title", "error", "gmbh ccp", "germany germany", "asn as197540", "response ip", "address google", "safe browsing", "present jun", "present may", "present mar", "present jan", "urls", "aaaa", "gmt content", "type", "tags", "tag groups", "countries", "add country", "malware att", "ck it1140", "information", "cisco", "umbrella rank", "automatic", "webgl", "please", "november", "typeof function", "topropertykey", "masonry object", "prism function", "cookies", "source level", "reverse dns", "protocol h2", "security tls", "asn24940", "online gmbh", "general full", "url https", "falkenstein", "community forum", "it url", "youtube videos", "twitch kanal", "discord channel", "spenden", "shop url", "google", "hetzneras", "http", "april", "de summary", "ehingen", "march", "google safe", "browsing", "learn", "issues tab", "value", "masonry", "domainpath name", "cgjerrieegagfw", "label", "input", "suchen nach", "suche", "form", "hash", "name value", "main", "flag", "contacted hosts", "ip address", "process details", "windir", "openurl c", "prefetch2", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "defense evasion", "spawns", "found", "a domains", "ascio", "china unknown", "record value", "apache", "encrypt", "dns resolutions", "domains top", "level", "unique tlds", "related pulses", "related tags", "certificate", "hostname add", "url analysis", "files", "domain", "files ip", "address", "asn as24940", "less", "raspberry pi", "ubiquiti", "remote", "hostname", "pulse submit", "status", "entries", "x xss", "sameorigin x", "unicode text", "utf8 text", "click", "strings", "mitre att", "ck matrix", "pattern match", "ascii text", "href", "show process", "network traffic", "general", "hybrid", "local", "path", "monitored target", "spyglass", "spyware.", "pegasus systems", "prism", "colorado leg", "christopher p.ahmann", "ahmann", "christopher", "P", "tam legal", "treece", "alfrey", "muscat", "criminal", "jeffrey reimer", "theft", "remote connect", "schroeder dennis" ], "references": [ "Domain Name: schroederdennis.de | Status: connect", "remote.tecbuddy.de | remote.schneider-hv.de | remotedesktop.thedipling", "root-dns.netcup", "device-*******-*****-****-****-*********.remotewd.com", "ai-sandboxes.com", "Why Is this always a problem? Just curious. - http://wyblog.us/blog/rants/strikers-get-unemployment-benefits", "$ is funneled back to government, (quasi) , bonused \u2018doctors\u2019 State \u2018experts\u2019 who\u2026", "\u2026lie about the severity of injuries and do crap like this.", "This money belongs to people who paid insurance to cover on job injuries that happen in the job.", "Premise liability covers premises, employees and premises visitors. Weaponizing is not covered.", "Those attacked are the severely injured, survivors of dead workers, victims of providers.", "These people aren\u2019t in the dark. They are clear of the need to pay benefits.", "There are absolute losers in the dole illegally benefiting from the suffering others.", "https://hybrid-analysis.com/sample/00f5292bbe68d9edc68f9a22a750eafb58e4f8474e15a48e3cc217fbbd0cdef9/690e24bb39c801e6d80a824e", "\u2022 http://demo.ideaboxthemes.com/prism", "https://photoprism.thedipling.dns64.de/ \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "photoprism.thedipling.dns64.de \u2022 https://schroederdennis.de/wp-content/plugins/highlighting-code-block/assets/js/prism.js?ver=2.0.1", "\"OC47TWOY.txt\" has type \"ASCII text\"- [targetUID: N/A] \"spyglass-w_1_.png\" has type \"Unknown\"- [targetUID: N/A]", "\"spyglass-w_1_.png\" has type \"Unknown\" and extension \"png\" \"clock-g_1_.png\" has type \"Unknown\" and extension \"png\"", "Domain healthcareshapers.com \u2022 https://www.healthcareshapers.com/", "www.ventoxhealthcare.in \u2022 synertec-audit-cloud.healthchecks.prismcloud.uk", "https://cullenbehavioralhealth.theraplatform.com/ \u2022 amghealthnetwork.com", "3ddruck-celle.de", "wwwwww.publicpublicwww.portal.apple-apple-number3.ipv64.net", "sonarr.app.pineapplegod.co.nz", "http://svc.ghlink.com/svc/Authenticate/Applications", "https://sap.dswd.gov.ph.index.ph \u2022 login.prod.siecm.gov.mg \u2022 nre-362.dev.nre.gss.gov.uk", "sdp-dev-ingest.ci.lineageandprovenance.gss.gov.uk", "http://www.xonitec.com/pornosu/yuotubesex.html", "rowanandbenporn.ssssssssssssshadow.home64.de", "https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-6165363645315831&output=html&adk=1812271804&adf=3025194257&lmt=1713778114&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fschroederdennis.de%2Fubiquiti%2Fubiquiti-unifi-u6-plus-vs-u6-lite-vergleich-access-point-wifi%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNjAiLG51bGwsMCx", "https://urlscan.io/result/019a5fbd-e7c6-743a-b9a7-a20e8b2943cd/", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Packed.Rrat-9798963-0", "display_name": "Win.Packed.Rrat-9798963-0", "target": null }, { "id": "Win.Dropper.LimeRAT-9776087-0", "display_name": "Win.Dropper.LimeRAT-9776087-0", "target": null }, { "id": "Malware Packed", "display_name": "Malware Packed", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Healthcare", "Legal", "Government", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1258, "hostname": 2018, "URL": 3033, "FileHash-SHA256": 651, "email": 4, "FileHash-MD5": 62, "FileHash-SHA1": 69, "SSLCertFingerprint": 5 }, "indicator_count": 7100, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "176 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "690a2c38de1708af54217faa", "name": "Access Token used to steal security credentials & hack and ride DND of targeted individuals", "description": "- https://shift.gearboxsoftware.com/link\n- Found embedded in targets phone.\n\nAccess Token used to steal security credentials & hack and ride DND of targeted individuals device. \nTAM Legal \u2022 Tulach \u2022 Hall Render \u2022 Quasi Government | Some type of Foundry user account found. \n\nStop illegally \n stalking, harassment, attempts, hacking, death threats. . Because the Colorado government allowing entities like this to operate without any type of rules, oversight or boundaries \nMILLION$ were wasted in your own fraud, waste in abuse scheme. AT&T , CrowdStrike , United Healthcare , UC Healthcare, Intermountain Health, T-Mobile, Amazon East, the Colorado Government itself, Medicare and Medicaid. For what? You have zero talent so you take it from those who do. You have nothing coming to you so you steal it from those who do. Is this somehow legal? \n#contacted #all_hosts backdoor #ransomware #cve #usa #american_terrorists #workers_compenstation_abuse #silencing #targeting #hitmen #illegal #malvertizing #aws_dns", "modified": "2025-12-04T15:01:02.531000", "created": "2025-11-04T16:39:20.035000", "tags": [ "present aug", "moved", "encrypt", "present jul", "passive dns", "ipv4 add", "reverse dns", "united states", "present may", "ip address", "gmt content", "ipv4", "all ipv4", "america", "united", "present oct", "name servers", "redacted for", "emails", "for privacy", "unknown ns", "unknown aaaa", "dynamicloader", "focus region", "unicode text", "utf16", "ms windows", "bokeh onlycanon", "zeiss jena", "mcsonnar", "high", "win64", "stream", "write", "smartassembly", "trailer", "next", "search", "medium", "as15169", "write c", "reads", "team", "malware", "local", "yara detections", "delphi", "strings", "dcom", "form", "trojandropper", "mtb nov", "backdoor", "otx telemetry", "trojan", "type", "data upload", "extraction", "ol rop", "hash avast", "avg clamav", "msdefender nov", "win32upatre nov", "win32berbew nov", "dynamic", "pe section", "error", "close", "status", "urls", "expiration date", "hostname", "url analysis", "yara rule", "show", "binary file", "wine emulator", "mtb oct", "files", "denmark asn", "as32934", "candyopen", "possible", "smoke loader", "trojanspy", "filehash", "pulses otx", "related tags", "file type", "no analysis", "available", "api key", "screenshots", "present nov", "aaaa", "mtb may", "mexico", "hostname add", "registrar", "domain add", "location united", "email add", "none related", "domains", "email domain", "service", "domain", "america flag", "body", "title", "aws dns", "next associated", "risepro", "guard", "v full", "reports v", "t1059 shared", "modules", "t1129 system", "t1569", "help v", "t1179 boot", "logon autost", "encoding", "packing f0001", "hidden files", "e1203 windows", "file attributes", "registry value", "catalog tree", "analysis ob0001", "evasion b0003", "virtual machine", "ip traffic", "memory pattern", "pattern urls", "tls sni", "get https", "post https", "named pipe", "delete c", "radar", "defender", "format", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "spawns", "mitre att", "ck techniques", "evasion att", "country", "contacted hosts", "process details", "flag", "globalc", "intel", "win32", "worm", "path", "explorer", "script", "href", "external", "html content", "tulach", "hallrender", "tam legal", "brian sabey", "christopher ahmann", "apple", "msie", "chrome", "ascio", "creation date", "date", "germany unknown", "germany asn", "files ip", "address", "asn as24940", "less", "script urls", "a domains", "prox", "dennis schrder", "meta", "apache", "99u25f.exe", "entries", "as24940 hetzner", "dns resolutions", "status code", "body length", "kb body", "software/ hardware", "external-resources", "password-input", "overview", "colorado" ], "references": [ "https://shift.gearboxsoftware.com/link", "https://tulach.cc/", "https://www.anyxxxtube.net/search-porn/tsara-brashears/ \u2022 alohatube.xyz \u2022 1001pornvideos.com", "x402.porn \u2022 http://alohatube.xyz/search/tsara-brashears \u2022 \thttps://ufovpn.io/blog/is-eporner-safe", "https://www.turbo.net/run/videolan/vlc", "http://www.forensickb.com/2013/03/file-entropy-explained.html", "https://www.xlabs.com.br/blog/cve-2013-3304-dell-equallogic-directory-traversal/ \u2022 http://cve.phidias.com/", "Overview \"Keeping money\" by the Colorado workers' compensation system can refer to", "legal deductions, legitimate reasons for payment delays or denial, or potential issues that require legal", "counsel. The system does not \"keep\" money without a valid reason.Lies. they\u2019ve Ben in trouble before ." ], "public": 1, "adversary": "Colorado Quasi Government | Workerk Compensation", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Trojan.Generic-9878032-0", "display_name": "Win.Trojan.Generic-9878032-0", "target": null }, { "id": "Win.Trojan.Starter-171", "display_name": "Win.Trojan.Starter-171", "target": null }, { "id": "GravityRAT", "display_name": "GravityRAT", "target": null }, { "id": "Backdoor:Win32/Berbew.AA!MTB", "display_name": "Backdoor:Win32/Berbew.AA!MTB", "target": "/malware/Backdoor:Win32/Berbew.AA!MTB" }, { "id": "Trojan:MSIL/AgentTesla.DW!MTB", "display_name": "Trojan:MSIL/AgentTesla.DW!MTB", "target": "/malware/Trojan:MSIL/AgentTesla.DW!MTB" }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Gravityrat!rfn", "target": null }, { "id": "Trojandropper:Win32/VB.IL", "display_name": "Trojandropper:Win32/VB.IL", "target": "/malware/Trojandropper:Win32/VB.IL" }, { "id": "Nemucod", "display_name": "Nemucod", "target": null }, { "id": "Berbew", "display_name": "Berbew", "target": null }, { "id": "PWS:Win32/Zbot.MS!MTB", "display_name": "PWS:Win32/Zbot.MS!MTB", "target": "/malware/PWS:Win32/Zbot.MS!MTB" }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null }, { "id": "Upatre", "display_name": "Upatre", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Win.Exploit.Rozena-10038302-0", "display_name": "Win.Exploit.Rozena-10038302-0", "target": null }, { "id": "Zombie", "display_name": "Zombie", "target": null }, { "id": "Trojan:Win32/Zombie", "display_name": "Trojan:Win32/Zombie", "target": "/malware/Trojan:Win32/Zombie" }, { "id": "Muldrop", "display_name": "Muldrop", "target": null }, { "id": "Worm:Win32/Mofksys.RND!MTB", "display_name": "Worm:Win32/Mofksys.RND!MTB", "target": "/malware/Worm:Win32/Mofksys.RND!MTB" }, { "id": "Dorv", "display_name": "Dorv", "target": null }, { "id": "Win.Malware.Pits-10035540-0", "display_name": "Win.Malware.Pits-10035540-0", "target": null }, { "id": "Win.Ransomware.Msilzilla-10014498-0", "display_name": "Win.Ransomware.Msilzilla-10014498-0", "target": null }, { "id": "CVE-2023-4966", "display_name": "CVE-2023-4966", "target": null }, { "id": "Exploit:Linux/CVE-2017-17215", "display_name": "Exploit:Linux/CVE-2017-17215", "target": "/malware/Exploit:Linux/CVE-2017-17215" }, { "id": "Ransom:Win32/CVE-2017-0147", "display_name": "Ransom:Win32/CVE-2017-0147", "target": "/malware/Ransom:Win32/CVE-2017-0147" }, { "id": "CVE-2022-26134", "display_name": "CVE-2022-26134", "target": null } ], "attack_ids": [ { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6051, "hostname": 2627, "FileHash-MD5": 401, "FileHash-SHA1": 257, "email": 11, "domain": 1838, "FileHash-SHA256": 1742, "CVE": 4, "SSLCertFingerprint": 3 }, "indicator_count": 12934, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "charge64.de", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "charge64.de", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780337753.281424 }