{ "type": "Domain", "indicator": "helprace.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/helprace.com", "alexa": "http://www.alexa.com/siteinfo/helprace.com", "indicator": "helprace.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3837577681, "indicator": "helprace.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68bbf3e40e3ce8a74aa89545", "name": "HCPF \u2022 The intricate relationships between the FIN7 group and members of the Conti gang", "description": "", "modified": "2025-10-06T08:03:23.285000", "created": "2025-09-06T08:42:12.787000", "tags": [ "present feb", "united", "a domains", "present dec", "passive dns", "moved", "script domains", "script urls", "search", "title", "date", "http traffic", "http get", "match info", "downloads", "info", "https http", "mitre att", "control ta0011", "protocol t1071", "protocol t1095", "get http", "dns resolutions", "number", "azure rsa", "tls issuing", "cus subject", "stwa lredmond", "corporation cus", "algorithm", "cnamazon rsa", "m03 oamazon", "thumbprint", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "ascii text", "ogoogle trust", "cngts ca", "execution", "next", "dock", "write", "capture", "persistence", "malware", "roboto", "android", "known exploited", "google", "salesloft drift", "sap s4hana", "cve202542957", "cisa", "sitecore", "linux", "france", "meta", "rokrat", "lizar", "project nemesis", "carbanak", "cobalt strike", "domino", "yara detections", "contacted", "av detections", "ids detections", "alerts", "analysis date", "file score", "malicious ids", "detections tls", "indicator role", "title added", "active related", "entries", "role title", "added active", "filehashmd5", "ipv4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Lizar", "display_name": "Lizar", "target": null }, { "id": "Project Nemesis", "display_name": "Project Nemesis", "target": null }, { "id": "Carbanak", "display_name": "Carbanak", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Domino", "display_name": "Domino", "target": null }, { "id": "RokRAT", "display_name": "RokRAT", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Hospitality", "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 539, "FileHash-SHA1": 389, "FileHash-SHA256": 3386, "domain": 862, "hostname": 1155, "URL": 4091, "CVE": 3, "SSLCertFingerprint": 5 }, "indicator_count": 10430, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6727f53722cc20d8e6b2a5ea", "name": "AS29802 hivelocity inc.", "description": "", "modified": "2024-12-03T22:04:01.537000", "created": "2024-11-03T22:12:06.722000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 745, "domain": 314, "hostname": 305 }, "indicator_count": 1364, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "543 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c68bc8b8745068608cc50d", "name": "Metasploit | Ransomware | PinterestPots - Pin.it", "description": "", "modified": "2024-03-10T20:03:45.513000", "created": "2024-02-09T20:32:08.358000", "tags": [ "whois record", "contacted", "tsara brashears", "ssl certificate", "apple ios", "unlocker", "historical ssl", "referrer", "highly targeted", "critical risk", "hacktool", "malicious", "cobalt strike", "metasploit", "installer", "malware", "awful", "android", "banker", "keylogger", "jeffrey reimer", "emreimer", "emily reimer goldstien", "eva lisa", "eva lisa reimer", "status code", "http response", "ieedge date", "maxage86400", "path", "httponly xcdn", "connection", "vary useragent", "targeting brashears", "communicating", "whois whois", "collections", "password", "adult content", "core", "metro", "apple", "copy", "suspicious", "vj99", "threat", "slfrd1", "paste", "iocs", "analyze", "hostnames", "urls http", "jid1221717543", "slc1", "a domains", "united", "search", "date", "as15169 google", "passive dns", "urls", "record value", "name servers", "status", "encrypt", "win32", "next", "msie", "scan endpoints", "all octoseek", "ipv4", "pulse submit", "url analysis", "body", "domain", "unknown", "china unknown", "pulse pulses", "files", "ip address", "servers", "domain name", "showing", "as54113", "as16625 akamai", "as20940", "aaaa", "cname", "as396982 google", "as14061", "script domains", "hostname", "japan unknown", "gmt content", "gmt etag", "pragma", "accept", "location japan", "asn as131965", "less", "pulses", "related tags", "meta", "asn as13335", "443 ma2592000", "certificate", "germany unknown", "script urls", "link", "code", "moved", "russia unknown", "as51659 llc", "as12616 filanc", "welcome", "uhttps", "urls https", "ccb455304", "ccb455307", "vj93", "uyebaauqaaaaaac", "malvertizing", "tagging", "prefetch8", "script", "prefetch1", "command decode", "segoe ui", "suricata ipv4", "emoji", "mitre att", "suricata udpv4", "roboto", "courier", "february", "hybrid", "general", "model", "comspec", "click", "strings" ], "references": [ "https://gr.pinterest.com/emreimer/", "Wife of Brashears SAter \u2022 Alias \u2022 Couple plays victim \u2022 Karens. HIPPA violations. Admittedly involved cyberstalking on Brashears. Legally agreed to stop.", "message.htm.com \u2022 CVE-2023-4966 \u2022 ransomed.vc", "http://neurosky.jp", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://45.159.189.105/bot/regex", "http://alohatube.xyz/search/tsara-brashears", "facebooksunglassshop.com [titled' Tsara Brashears GCcmwm.T ?]", "alohatube.xyz [keylogger aimed at Tsara Brashears]", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.pornhub.com/video/search?search=tsara+brashears", "http://alohatube.xyz/search/tsara-brashears/", "https://alohatube.xyz/search/tsara-brashears", "https://alohatube.xyz/search/tsara-brashears+(Formerly+Botnetwork+malvertizing+campaign+targeting+Tsara+Brashears+crime+victim.+Now+", "https://www.sweetheartvideo.com/tsara-brashears/", "manvimishraa5417@gmail.com [Video of Tsara Brashears circulation]", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language:", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language", "https://www.sweetheartvideo.com/tsara-brashears", "https://www.hybrid-analysis.com/sample/92b00ee3aca1f3057ad8402229c27bfdd6fc934908ef641b36379bf47093df0b/65c63a1fbc9c5333d20354ca", "https://www.hybrid-analysis.com/file-inline/65c63a1fbc9c5333d20354ca/screenshot/screen_6.png", "https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing \u2022 mitre S0154]", "CnC IP's: 104.124.58.137 \u2022 45.159.189.105 | Exploit source: 1.179.151.145 | scanning host: 208.115.103.34", "http://www.proxydocker.com/ja/proxy/43.229.135.125:8080", "https://twitter.com/PORNO_SEXYBABES | cloud.zemana.com - porn cloud", "https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/", "www.pornhub.com", "http://www.pinterest.com/ideas/songwriting/945635263947/", "https://www.neurosky.jp/wp-content/plugins/responsive-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=2.1.0", "webdisk.thehomemakers.nl", "http://connectivitycheck.gstatic.com/generate_204 [RAT]", "http://discover.hubpages.com/literature/Most-Beautiful-Quotes-on-Love-and-Heartbreak [RAT| Tagging target in adult content fraud sites]", "https://gujarati.ent24x7.comb [RAT]", "http://clipper.guru/bot/online?guid=PC\\Administrator&key=ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb", "https://tulach.cc/socrative/internal.js", "http://email.birdeye.org/c/eJxkUcFuozAU_JrHsTLPYODAIYQmSqXNqmm3q-4FGfNIrAUbGTtV-_UrklRatT5ZnvGbeTNVmLWhed6HsSVXxiLNsyLniUhFyoqolp6eyPgSE4Ysjw407boSMerKWKV90kdUxhnLuMiyhEenUiZ9LjAuij6PMWdMSpnFJPKkLVQrUhHpEtl1GEuSgvG7DIss6XsZCy7jooghYa12Hb3TnXXHaChP3k8z8BXgBnDziSk7Am4mp5U2xwXim-DHZrbBKQJeT852QfmGRqkHQLGAI3U6jMDr_x-VNZ6MB15vf1SAotUd8PpLEJ9cOU5SHw3w2ppBG2omRzMZRc1CaY0cF-21NTO5s_TaGsDqidxZK5oBq62zYQKsdkYBimmQipqL3vq0e9i3-VoOf-J09_dgq-m-enupQnUEFNp0YfbuHXgNKD70dL04Omt6a5QNF_-H-5fd_e9m_fPX_hlQyPOxuTGc9EtKvF69bJvD6", "https://gujarati.ent24x7.com | https://otx.alienvault.com/indicator/url/https://gujarati.ent24x7.com", "162.159.208.8" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Trojan:VBS/MetasploitVBSCmdStager", "display_name": "Trojan:VBS/MetasploitVBSCmdStager", "target": "/malware/Trojan:VBS/MetasploitVBSCmdStager" }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Technology", "Telecommunications", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3412, "FileHash-MD5": 194, "FileHash-SHA1": 159, "FileHash-SHA256": 2223, "domain": 2117, "hostname": 1763, "CVE": 2, "email": 5 }, "indicator_count": 9875, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "811 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Wife of Brashears SAter \u2022 Alias \u2022 Couple plays victim \u2022 Karens. HIPPA violations. Admittedly involved cyberstalking on Brashears. Legally agreed to stop.", "http://email.birdeye.org/c/eJxkUcFuozAU_JrHsTLPYODAIYQmSqXNqmm3q-4FGfNIrAUbGTtV-_UrklRatT5ZnvGbeTNVmLWhed6HsSVXxiLNsyLniUhFyoqolp6eyPgSE4Ysjw407boSMerKWKV90kdUxhnLuMiyhEenUiZ9LjAuij6PMWdMSpnFJPKkLVQrUhHpEtl1GEuSgvG7DIss6XsZCy7jooghYa12Hb3TnXXHaChP3k8z8BXgBnDziSk7Am4mp5U2xwXim-DHZrbBKQJeT852QfmGRqkHQLGAI3U6jMDr_x-VNZ6MB15vf1SAotUd8PpLEJ9cOU5SHw3w2ppBG2omRzMZRc1CaY0cF-21NTO5s_TaGsDqidxZK5oBq62zYQKsdkYBimmQipqL3vq0e9i3-VoOf-J09_dgq-m-enupQnUEFNp0YfbuHXgNKD70dL04Omt6a5QNF_-H-5fd_e9m_fPX_hlQyPOxuTGc9EtKvF69bJvD6", "http://45.159.189.105/bot/regex", "alohatube.xyz [keylogger aimed at Tsara Brashears]", "https://twitter.com/PORNO_SEXYBABES | cloud.zemana.com - porn cloud", "webdisk.thehomemakers.nl", "http://neurosky.jp", "https://www.neurosky.jp/wp-content/plugins/responsive-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=2.1.0", "http://discover.hubpages.com/literature/Most-Beautiful-Quotes-on-Love-and-Heartbreak [RAT| Tagging target in adult content fraud sites]", "162.159.208.8", "https://www.hybrid-analysis.com/file-inline/65c63a1fbc9c5333d20354ca/screenshot/screen_6.png", "https://gr.pinterest.com/emreimer/", "http://alohatube.xyz/search/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "message.htm.com \u2022 CVE-2023-4966 \u2022 ransomed.vc", "https://alohatube.xyz/search/tsara-brashears", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language:", "https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/", "https://www.sweetheartvideo.com/tsara-brashears/", "http://www.proxydocker.com/ja/proxy/43.229.135.125:8080", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.hybrid-analysis.com/sample/92b00ee3aca1f3057ad8402229c27bfdd6fc934908ef641b36379bf47093df0b/65c63a1fbc9c5333d20354ca", "https://gujarati.ent24x7.com | https://otx.alienvault.com/indicator/url/https://gujarati.ent24x7.com", "www.pornhub.com", "http://connectivitycheck.gstatic.com/generate_204 [RAT]", "https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing \u2022 mitre S0154]", "http://clipper.guru/bot/online?guid=PC\\Administrator&key=ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language", "https://alohatube.xyz/search/tsara-brashears+(Formerly+Botnetwork+malvertizing+campaign+targeting+Tsara+Brashears+crime+victim.+Now+", "https://www.pornhub.com/video/search?search=tsara+brashears", "facebooksunglassshop.com [titled' Tsara Brashears GCcmwm.T ?]", "CnC IP's: 104.124.58.137 \u2022 45.159.189.105 | Exploit source: 1.179.151.145 | scanning host: 208.115.103.34", "https://gujarati.ent24x7.comb [RAT]", "https://tulach.cc/socrative/internal.js", "http://www.pinterest.com/ideas/songwriting/945635263947/", "manvimishraa5417@gmail.com [Video of Tsara Brashears circulation]", "https://www.sweetheartvideo.com/tsara-brashears", "http://alohatube.xyz/search/tsara-brashears" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Cobalt strike", "Trojan:vbs/metasploitvbscmdstager", "Carbanak", "Project nemesis", "Hacktool", "Rokrat", "Lizar", "Domino" ], "industries": [ "Hospitality", "Telecommunications", "Media", "Financial", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68bbf3e40e3ce8a74aa89545", "name": "HCPF \u2022 The intricate relationships between the FIN7 group and members of the Conti gang", "description": "", "modified": "2025-10-06T08:03:23.285000", "created": "2025-09-06T08:42:12.787000", "tags": [ "present feb", "united", "a domains", "present dec", "passive dns", "moved", "script domains", "script urls", "search", "title", "date", "http traffic", "http get", "match info", "downloads", "info", "https http", "mitre att", "control ta0011", "protocol t1071", "protocol t1095", "get http", "dns resolutions", "number", "azure rsa", "tls issuing", "cus subject", "stwa lredmond", "corporation cus", "algorithm", "cnamazon rsa", "m03 oamazon", "thumbprint", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "ascii text", "ogoogle trust", "cngts ca", "execution", "next", "dock", "write", "capture", "persistence", "malware", "roboto", "android", "known exploited", "google", "salesloft drift", "sap s4hana", "cve202542957", "cisa", "sitecore", "linux", "france", "meta", "rokrat", "lizar", "project nemesis", "carbanak", "cobalt strike", "domino", "yara detections", "contacted", "av detections", "ids detections", "alerts", "analysis date", "file score", "malicious ids", "detections tls", "indicator role", "title added", "active related", "entries", "role title", "added active", "filehashmd5", "ipv4" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Lizar", "display_name": "Lizar", "target": null }, { "id": "Project Nemesis", "display_name": "Project Nemesis", "target": null }, { "id": "Carbanak", "display_name": "Carbanak", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Domino", "display_name": "Domino", "target": null }, { "id": "RokRAT", "display_name": "RokRAT", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [ "Hospitality", "Financial" ], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 539, "FileHash-SHA1": 389, "FileHash-SHA256": 3386, "domain": 862, "hostname": 1155, "URL": 4091, "CVE": 3, "SSLCertFingerprint": 5 }, "indicator_count": 10430, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "237 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6727f53722cc20d8e6b2a5ea", "name": "AS29802 hivelocity inc.", "description": "", "modified": "2024-12-03T22:04:01.537000", "created": "2024-11-03T22:12:06.722000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 745, "domain": 314, "hostname": 305 }, "indicator_count": 1364, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "543 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c68bc8b8745068608cc50d", "name": "Metasploit | Ransomware | PinterestPots - Pin.it", "description": "", "modified": "2024-03-10T20:03:45.513000", "created": "2024-02-09T20:32:08.358000", "tags": [ "whois record", "contacted", "tsara brashears", "ssl certificate", "apple ios", "unlocker", "historical ssl", "referrer", "highly targeted", "critical risk", "hacktool", "malicious", "cobalt strike", "metasploit", "installer", "malware", "awful", "android", "banker", "keylogger", "jeffrey reimer", "emreimer", "emily reimer goldstien", "eva lisa", "eva lisa reimer", "status code", "http response", "ieedge date", "maxage86400", "path", "httponly xcdn", "connection", "vary useragent", "targeting brashears", "communicating", "whois whois", "collections", "password", "adult content", "core", "metro", "apple", "copy", "suspicious", "vj99", "threat", "slfrd1", "paste", "iocs", "analyze", "hostnames", "urls http", "jid1221717543", "slc1", "a domains", "united", "search", "date", "as15169 google", "passive dns", "urls", "record value", "name servers", "status", "encrypt", "win32", "next", "msie", "scan endpoints", "all octoseek", "ipv4", "pulse submit", "url analysis", "body", "domain", "unknown", "china unknown", "pulse pulses", "files", "ip address", "servers", "domain name", "showing", "as54113", "as16625 akamai", "as20940", "aaaa", "cname", "as396982 google", "as14061", "script domains", "hostname", "japan unknown", "gmt content", "gmt etag", "pragma", "accept", "location japan", "asn as131965", "less", "pulses", "related tags", "meta", "asn as13335", "443 ma2592000", "certificate", "germany unknown", "script urls", "link", "code", "moved", "russia unknown", "as51659 llc", "as12616 filanc", "welcome", "uhttps", "urls https", "ccb455304", "ccb455307", "vj93", "uyebaauqaaaaaac", "malvertizing", "tagging", "prefetch8", "script", "prefetch1", "command decode", "segoe ui", "suricata ipv4", "emoji", "mitre att", "suricata udpv4", "roboto", "courier", "february", "hybrid", "general", "model", "comspec", "click", "strings" ], "references": [ "https://gr.pinterest.com/emreimer/", "Wife of Brashears SAter \u2022 Alias \u2022 Couple plays victim \u2022 Karens. HIPPA violations. Admittedly involved cyberstalking on Brashears. Legally agreed to stop.", "message.htm.com \u2022 CVE-2023-4966 \u2022 ransomed.vc", "http://neurosky.jp", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "http://45.159.189.105/bot/regex", "http://alohatube.xyz/search/tsara-brashears", "facebooksunglassshop.com [titled' Tsara Brashears GCcmwm.T ?]", "alohatube.xyz [keylogger aimed at Tsara Brashears]", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.pornhub.com/video/search?search=tsara+brashears", "http://alohatube.xyz/search/tsara-brashears/", "https://alohatube.xyz/search/tsara-brashears", "https://alohatube.xyz/search/tsara-brashears+(Formerly+Botnetwork+malvertizing+campaign+targeting+Tsara+Brashears+crime+victim.+Now+", "https://www.sweetheartvideo.com/tsara-brashears/", "manvimishraa5417@gmail.com [Video of Tsara Brashears circulation]", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language:", "https://www.sweetheartvideo.com/tsara-brashearsAccept-Language", "https://www.sweetheartvideo.com/tsara-brashears", "https://www.hybrid-analysis.com/sample/92b00ee3aca1f3057ad8402229c27bfdd6fc934908ef641b36379bf47093df0b/65c63a1fbc9c5333d20354ca", "https://www.hybrid-analysis.com/file-inline/65c63a1fbc9c5333d20354ca/screenshot/screen_6.png", "https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing \u2022 mitre S0154]", "CnC IP's: 104.124.58.137 \u2022 45.159.189.105 | Exploit source: 1.179.151.145 | scanning host: 208.115.103.34", "http://www.proxydocker.com/ja/proxy/43.229.135.125:8080", "https://twitter.com/PORNO_SEXYBABES | cloud.zemana.com - porn cloud", "https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/", "www.pornhub.com", "http://www.pinterest.com/ideas/songwriting/945635263947/", "https://www.neurosky.jp/wp-content/plugins/responsive-lightbox/assets/fancybox/jquery.fancybox.min.js?ver=2.1.0", "webdisk.thehomemakers.nl", "http://connectivitycheck.gstatic.com/generate_204 [RAT]", "http://discover.hubpages.com/literature/Most-Beautiful-Quotes-on-Love-and-Heartbreak [RAT| Tagging target in adult content fraud sites]", "https://gujarati.ent24x7.comb [RAT]", "http://clipper.guru/bot/online?guid=PC\\Administrator&key=ace492e9661223449782fcc8096dc6ef6289032d08d03a7b0a92179622c35bdb", "https://tulach.cc/socrative/internal.js", "http://email.birdeye.org/c/eJxkUcFuozAU_JrHsTLPYODAIYQmSqXNqmm3q-4FGfNIrAUbGTtV-_UrklRatT5ZnvGbeTNVmLWhed6HsSVXxiLNsyLniUhFyoqolp6eyPgSE4Ysjw407boSMerKWKV90kdUxhnLuMiyhEenUiZ9LjAuij6PMWdMSpnFJPKkLVQrUhHpEtl1GEuSgvG7DIss6XsZCy7jooghYa12Hb3TnXXHaChP3k8z8BXgBnDziSk7Am4mp5U2xwXim-DHZrbBKQJeT852QfmGRqkHQLGAI3U6jMDr_x-VNZ6MB15vf1SAotUd8PpLEJ9cOU5SHw3w2ppBG2omRzMZRc1CaY0cF-21NTO5s_TaGsDqidxZK5oBq62zYQKsdkYBimmQipqL3vq0e9i3-VoOf-J09_dgq-m-enupQnUEFNp0YfbuHXgNKD70dL04Omt6a5QNF_-H-5fd_e9m_fPX_hlQyPOxuTGc9EtKvF69bJvD6", "https://gujarati.ent24x7.com | https://otx.alienvault.com/indicator/url/https://gujarati.ent24x7.com", "162.159.208.8" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Japan" ], "malware_families": [ { "id": "Trojan:VBS/MetasploitVBSCmdStager", "display_name": "Trojan:VBS/MetasploitVBSCmdStager", "target": "/malware/Trojan:VBS/MetasploitVBSCmdStager" }, { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [ "Technology", "Telecommunications", "Media" ], "TLP": "white", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3412, "FileHash-MD5": 194, "FileHash-SHA1": 159, "FileHash-SHA256": 2223, "domain": 2117, "hostname": 1763, "CVE": 2, "email": 5 }, "indicator_count": 9875, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "811 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "helprace.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "helprace.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780246783.4377365 }