{ "type": "Domain", "indicator": "comgoogle.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/comgoogle.com", "alexa": "http://www.alexa.com/siteinfo/comgoogle.com", "indicator": "comgoogle.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3753555881, "indicator": "comgoogle.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6652a74714df10e0e5b775fe", "name": "brainydns", "description": "", "modified": "2024-05-26T03:06:47.254000", "created": "2024-05-26T03:06:47.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 262 }, "indicator_count": 262, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "693 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Online Analysis observation of issue", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Data Analysis", "Virus & Attack Analysis", "Hybrid-Anaysis.com", "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Trojan.blocker/delfiles", "Win32.outbreak", "Ai:packer.a54e0a4f1d", "Trojware.win32.ransom.blocker.cdf@4tkf0k", "Suppobox", "Malware.fakefolder/icon!1.6aa9 (classic)", "Backdoor:php/artemis", "Trojan.installcore.fe", "Trojan.packed.25266", "Trojan.win32.generic!sb.0", "Malware.ai.332823813", "Trojan.autoit.wirus", "Skynet", "Trojan.genericrxep", "Autokms.hacktool.patcher.dds", "Malware.qvm06.gen", "Bscope.trojanransom.blocker", "W32.aidetectvm.malware", "Win32/virus.adware.42b", "Virut", "Decovid19", "W32.common.00000000", "Trojan.autoit/agufpxbi", "Trojan.xanfpezes/fugrafa", "Kraken cryptor ransomware" ], "industries": [ "Abuse", "Reputation devastation", "Media", "Technology", "Hacking" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6652a74714df10e0e5b775fe", "name": "brainydns", "description": "", "modified": "2024-05-26T03:06:47.254000", "created": "2024-05-26T03:06:47.254000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 262 }, "indicator_count": 262, "is_author": false, "is_subscribing": null, "subscriber_count": 177, "modified_text": "693 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "comgoogle.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "comgoogle.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776618315.2007537 }