{ "type": "URL", "indicator": "https://5213.android.com.orange.owtv.adsenseformobileapps.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://5213.android.com.orange.owtv.adsenseformobileapps.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3764864671, "indicator": "https://5213.android.com.orange.owtv.adsenseformobileapps.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 18, "pulses": [ { "id": "6529c91a4f8f0c898f48088c", "name": "quick look at vk.com", "description": "", "modified": "2025-06-26T22:23:19.431000", "created": "2023-10-13T22:47:54.295000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 1981, "domain": 506, "hostname": 1258, "URL": 3080 }, "indicator_count": 6861, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "656aac25a8a2caaddf0d3b88", "name": "https://myaccount.uscis.gov/", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-12-02T04:01:41.427000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655652f6ddcbf952a599cded", "export_count": 93, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c52bf98f256b6a01da6", "name": "https://myaccount.uscis.gov/", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-18T00:58:58.944000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 101, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655686e2c072557f03e9cba2", "name": "https://myaccount.uscis.gov/ [pulse created by Octoseek]", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T21:17:22.087000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655657ca2e402d4f98283de9", "name": "https://myaccount.uscis.gov/ ", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:56:26.312000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65565477da453c46f05a6ac4", "name": "BTW VirusTotal - \" interesting files written to disk during execution'", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:42:15.123000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 101, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655650c9b2be6cc930c92cf3", "name": "https://myaccount.uscis.gov/", "description": "HOW!?!? My device was remotely logged into this account somehow.\nThis is egregious. Silence Threats. I have no connection to this but was contacted by a while ago. I don't know how or why a part of the government would attack a person with a TBI and C1 - S1 Spinal cord injury allegedly caused by Colorado physical therapist and protect him. Why is victim, tracked and unsafe, receiving death threats, monitored, denied medical care, stalked EVERYWHERE. \nEven felons aren't monitored for life. STOP.\nWill this get us killed. Do the right thing.\nGod bless America, purge the government.\nThe truth should set you fee not get you harmed.", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:26:33", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655652f6ddcbf952a599cded", "name": "https://myaccount.uscis.gov/", "description": "After Mark Montano Md reported alleged acts by Jeffrey Scott Reimer after receiving 'multiple' reports of him aggressively pursuing Brashears, she was contacted, told she violated the Patriot Act by Big O Tires?!! Received letters from the above and harassed for years. Colorado Workers compensation is so corrupt this may be my last post. She was immediately framed , blamed, porn smeared and stalked. Denied medical care , when received died on surgery table, revised and disabled. Even the mafia would tackle only the associates bringing undue negative attention to their own organization.", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:35:50.285000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a8ec0568abca6f44e16f", "name": "quick look at vk.com", "description": "", "modified": "2023-12-06T17:01:32.275000", "created": "2023-12-06T17:01:32.275000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1981, "domain": 506, "hostname": 1262, "URL": 3080, "FileHash-MD5": 18, "FileHash-SHA1": 18 }, "indicator_count": 6865, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a81314a587dca8a7e075", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "", "modified": "2023-12-06T16:57:55.292000", "created": "2023-12-06T16:57:55.292000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1407, "hostname": 557, "domain": 226, "FileHash-MD5": 860, "FileHash-SHA1": 488, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a80d15fdb40571638038", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "", "modified": "2023-12-06T16:57:49.914000", "created": "2023-12-06T16:57:49.914000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1407, "hostname": 557, "domain": 226, "FileHash-MD5": 860, "FileHash-SHA1": 488, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a7c9f6bf793f823e6398", "name": "Qakbot attacks. As strong as before?", "description": "", "modified": "2023-12-06T16:56:41.266000", "created": "2023-12-06T16:56:41.266000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "hostname": 1177, "FileHash-SHA256": 2150, "domain": 620, "URL": 3016, "FileHash-MD5": 519, "FileHash-SHA1": 292 }, "indicator_count": 7775, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6536fe7706b7eeaa7ab5c271", "name": "CVE-2005-0068", "description": "A summary of the major vulnerabilities in the ICMP software, published by the Australian government on 1 January 2008.. the first such vulnerability to be identified in this year's Security Research Review (SSR).", "modified": "2023-11-28T06:04:19.908000", "created": "2023-10-23T23:15:03.507000", "tags": [ "icmp", "icmp error", "split", "files", "exploits", "targeted", "cve overview", "source quench", "path mtu", "cve20040791" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ellenmmm", "id": "233693", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 7, "URL": 1768, "hostname": 1200, "FileHash-SHA256": 6469, "domain": 2139, "email": 25, "FileHash-MD5": 1296, "FileHash-SHA1": 1287, "JA3": 2 }, "indicator_count": 14193, "is_author": false, "is_subscribing": null, "subscriber_count": 88, "modified_text": "874 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1dd94c3c9a46abe24f02", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "", "modified": "2023-11-06T03:00:36.709000", "created": "2023-10-30T03:07:05.227000", "tags": [ "noname057", "song culture", "brashears music", "culture", "tsara lynn", "falcon sandbox", "brashears song", "nights", "kedence", "service", "sandbox", "cool", "music", "secure", "httponly", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "united", "flag", "contacted", "emotet", "NSIS", "trellian", "apple", "apk", "os", "ios", "android", "google", "Google search", "dns", "query", "poisoning", "hacking", "injection", "login", "logon", "phishing", "scanning_host", "VM", "file query", "detect", "windir", "api call", "api", "\"%WINDIR%\\System32\\vm3dum_loader.dll\" source API Call", "\"iexplore.exe\" trying to touch file", "attack", "target", "jeffrey", "reimer", "details \"iexplore.exe\" trying to touch file \"%WINDIR%\\System32\\v", "suricata", "alert", "cyber threat", "dpt", "porn", "pixelrz", "dead", "hifi", "track", "jeffrey reimer dpt", "redirect", "pattern match", "tbmisch", "contentlength", "mcfunction", "ck id", "t1071", "mitre att", "ck matrix", "drops", "content reputation", "malware", "malvertizing", "misc attack", "mitre", "file access", "files marked clean", "evasive", "cisco umbrella", "safe site", "site", "windows nt", "file", "network related", "https webserver", "getpost", "get search", "geckohost", "jpeg image", "jfif", "png image", "gif image", "binary file", "t1105", "show technique", "click", "blacklist", "generic malware", "DNS Requests", "persistence", "gmt0600", "programfiles", "filename", "indexed", "network", "hosts process", "openurl c", "prefetch2 name", "ssl certificate", "whois record", "threat roundup", "execution", "march", "july", "communicating", "october", "september", "referrer", "june", "april", "august", "copy", "goldfinder", "sibot", "hacktool", "february", "skynet", "malicious", "download", "malware", "relic", "monitoring", "installer", "project", "core", "lumma stealer", "metro", "Anonymizer", "virut", "scanning ip's", "Cobalt Strike", "keybase", "spam", "anonymisation services", "malicious host", "Botnet Command and Control", "Phishing - Mr.Looquer", "covid19 scam", "social engineering", "Jumpseller phishing", "phishing: Amazon.com", "unauthorized scanning of hosts", "phishing huntington bank", "malicious url", "malicious server", "Threats200220200050", "ntp open resolver", "blackshades", "infostealer", "rat", "infinity", "msil", "adware", "adload", "gamarue", "pua", "keyloggers", "browser malware", "resolutions", "whois whois", "historical ssl", "subdomains", "whois siblings", "bradesco", "paypal phishing", "bad traffic", "Yandex", "hidden users" ], "references": [ "https://www.hybrid-analysis.com/sample/", "https://www.google.com/search?q=tsara+brashears&tbm=isch&chips=q:tsara+brashears", "Research and Data analysis", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "http://pixelrz.com/lists/keywords/tsara-brashears", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "DNS Server - Public-dns.info", "Autonomous System", "AS13414 Twitter Inc", "AS32934 Facebook Inc", "AS15133 MCI Communications Services Inc d b a Verizon Business", "AS13335 - Cloudflare, Inc. - United States", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "wTools", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expirati", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-r https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tshttp://pixelrz.com/lists/ke" ], "public": 1, "adversary": "[Miscellaneous, Unnamed]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Gen:Trojan.Heur", "display_name": "Gen:Trojan.Heur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "GoldFinder - S0597", "display_name": "GoldFinder - S0597", "target": null }, { "id": "BlackShades Crypter", "display_name": "BlackShades Crypter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "TA0006", "name": "Credential Access", "display_name": "TA0006 - Credential Access" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": "6520e93e8cf8f83a2ccfd46b", "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 860, "FileHash-SHA1": 488, "FileHash-SHA256": 1407, "domain": 226, "hostname": 557, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6520e93e8cf8f83a2ccfd46b", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "Botnet Command and Control \nCobalt Strike\nMisc Attack\nHidden users\nTargets: network, url, music publishing company, artists, owner, associates, advertising, visibility, reputations, digital profile.\nCountry origination: United States", "modified": "2023-11-06T03:00:36.709000", "created": "2023-10-07T05:14:38.342000", "tags": [ "noname057", "song culture", "brashears music", "culture", "tsara lynn", "falcon sandbox", "brashears song", "nights", "kedence", "service", "sandbox", "cool", "music", "secure", "httponly", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "united", "flag", "contacted", "emotet", "NSIS", "trellian", "apple", "apk", "os", "ios", "android", "google", "Google search", "dns", "query", "poisoning", "hacking", "injection", "login", "logon", "phishing", "scanning_host", "VM", "file query", "detect", "windir", "api call", "api", "\"%WINDIR%\\System32\\vm3dum_loader.dll\" source API Call", "\"iexplore.exe\" trying to touch file", "attack", "target", "jeffrey", "reimer", "details \"iexplore.exe\" trying to touch file \"%WINDIR%\\System32\\v", "suricata", "alert", "cyber threat", "dpt", "porn", "pixelrz", "dead", "hifi", "track", "jeffrey reimer dpt", "redirect", "pattern match", "tbmisch", "contentlength", "mcfunction", "ck id", "t1071", "mitre att", "ck matrix", "drops", "content reputation", "malware", "malvertizing", "misc attack", "mitre", "file access", "files marked clean", "evasive", "cisco umbrella", "safe site", "site", "windows nt", "file", "network related", "https webserver", "getpost", "get search", "geckohost", "jpeg image", "jfif", "png image", "gif image", "binary file", "t1105", "show technique", "click", "blacklist", "generic malware", "DNS Requests", "persistence", "gmt0600", "programfiles", "filename", "indexed", "network", "hosts process", "openurl c", "prefetch2 name", "ssl certificate", "whois record", "threat roundup", "execution", "march", "july", "communicating", "october", "september", "referrer", "june", "april", "august", "copy", "goldfinder", "sibot", "hacktool", "february", "skynet", "malicious", "download", "malware", "relic", "monitoring", "installer", "project", "core", "lumma stealer", "metro", "Anonymizer", "virut", "scanning ip's", "Cobalt Strike", "keybase", "spam", "anonymisation services", "malicious host", "Botnet Command and Control", "Phishing - Mr.Looquer", "covid19 scam", "social engineering", "Jumpseller phishing", "phishing: Amazon.com", "unauthorized scanning of hosts", "phishing huntington bank", "malicious url", "malicious server", "Threats200220200050", "ntp open resolver", "blackshades", "infostealer", "rat", "infinity", "msil", "adware", "adload", "gamarue", "pua", "keyloggers", "browser malware", "resolutions", "whois whois", "historical ssl", "subdomains", "whois siblings", "bradesco", "paypal phishing", "bad traffic", "Yandex", "hidden users" ], "references": [ "https://www.hybrid-analysis.com/sample/", "https://www.google.com/search?q=tsara+brashears&tbm=isch&chips=q:tsara+brashears", "Research and Data analysis", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "http://pixelrz.com/lists/keywords/tsara-brashears", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "DNS Server - Public-dns.info", "Autonomous System", "AS13414 Twitter Inc", "AS32934 Facebook Inc", "AS15133 MCI Communications Services Inc d b a Verizon Business", "AS13335 - Cloudflare, Inc. - United States", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "wTools", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expirati", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-r https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tshttp://pixelrz.com/lists/ke" ], "public": 1, "adversary": "[Miscellaneous, Unnamed]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Gen:Trojan.Heur", "display_name": "Gen:Trojan.Heur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "GoldFinder - S0597", "display_name": "GoldFinder - S0597", "target": null }, { "id": "BlackShades Crypter", "display_name": "BlackShades Crypter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "TA0006", "name": "Credential Access", "display_name": "TA0006 - Credential Access" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 860, "FileHash-SHA1": 488, "FileHash-SHA256": 1407, "domain": 226, "hostname": 557, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6520e6e8396ce5b825a4edb9", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "Botnet Command and Control \nCobalt Strike\nMisc Attack\nHidden users\nTargets: network, communication, devices, url, music publishing company, artists, owner, associates, advertising, visibility, reputations, digital profile.\nCountry origination: United States", "modified": "2023-11-06T03:00:36.709000", "created": "2023-10-07T05:04:40.671000", "tags": [ "noname057", "song culture", "brashears music", "culture", "tsara lynn", "falcon sandbox", "brashears song", "nights", "kedence", "service", "sandbox", "cool", "music", "secure", "httponly", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "sha256", "misc attack", "et tor", "known tor", "relayrouter", "exit", "node traffic", "united", "flag", "contacted", "emotet", "NSIS", "trellian", "apple", "apk", "os", "ios", "android", "google", "Google search", "dns", "query", "poisoning", "hacking", "injection", "login", "logon", "phishing", "scanning_host", "VM", "file query", "detect", "windir", "api call", "api", "\"%WINDIR%\\System32\\vm3dum_loader.dll\" source API Call", "\"iexplore.exe\" trying to touch file", "attack", "target", "jeffrey", "reimer", "details \"iexplore.exe\" trying to touch file \"%WINDIR%\\System32\\v", "suricata", "alert", "cyber threat", "dpt", "porn", "pixelrz", "dead", "hifi", "track", "jeffrey reimer dpt", "redirect", "pattern match", "tbmisch", "contentlength", "mcfunction", "ck id", "t1071", "mitre att", "ck matrix", "drops", "content reputation", "malware", "malvertizing", "misc attack", "mitre", "file access", "files marked clean", "evasive", "cisco umbrella", "safe site", "site", "windows nt", "file", "network related", "https webserver", "getpost", "get search", "geckohost", "jpeg image", "jfif", "png image", "gif image", "binary file", "t1105", "show technique", "click", "blacklist", "generic malware", "DNS Requests", "persistence", "gmt0600", "programfiles", "filename", "indexed", "network", "hosts process", "openurl c", "prefetch2 name", "ssl certificate", "whois record", "threat roundup", "execution", "march", "july", "communicating", "october", "september", "referrer", "june", "april", "august", "copy", "goldfinder", "sibot", "hacktool", "february", "skynet", "malicious", "download", "malware", "relic", "monitoring", "installer", "project", "core", "lumma stealer", "metro", "Anonymizer", "virut", "scanning ip's", "Cobalt Strike", "keybase", "spam", "anonymisation services", "malicious host", "Botnet Command and Control", "Phishing - Mr.Looquer", "covid19 scam", "social engineering", "Jumpseller phishing", "phishing: Amazon.com", "unauthorized scanning of hosts", "phishing huntington bank", "malicious url", "malicious server", "Threats200220200050", "ntp open resolver", "blackshades", "infostealer", "rat", "infinity", "msil", "adware", "adload", "gamarue", "pua", "keyloggers", "browser malware", "resolutions", "whois whois", "historical ssl", "subdomains", "whois siblings", "bradesco", "paypal phishing", "bad traffic", "Yandex", "hidden users" ], "references": [ "https://www.hybrid-analysis.com/sample/", "https://www.google.com/search?q=tsara+brashears&tbm=isch&chips=q:tsara+brashears", "Research and Data analysis", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer No Expiration http://pixelrz.com/lists/keywords/tsara-brashears-dead", "http://pixelrz.com/lists/keywords/tsara-brashears", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "DNS Server - Public-dns.info", "Autonomous System", "AS13414 Twitter Inc", "AS32934 Facebook Inc", "AS15133 MCI Communications Services Inc d b a Verizon Business", "AS13335 - Cloudflare, Inc. - United States", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "https://amp.hifiporn.cc/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expirati", "http://pixelrz.com/lists/keywords/jeffrey-reimer-shot-dead-walgreens/", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expirati" ], "public": 1, "adversary": "[Miscellaneous, Unnamed]", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Generic.Malware", "display_name": "Generic.Malware", "target": null }, { "id": "Gen:Variant.Zusy", "display_name": "Gen:Variant.Zusy", "target": null }, { "id": "Gen:Trojan.Heur", "display_name": "Gen:Trojan.Heur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Emotet - S0367", "display_name": "Emotet - S0367", "target": null }, { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null }, { "id": "GoldFinder - S0597", "display_name": "GoldFinder - S0597", "target": null }, { "id": "BlackShades Crypter", "display_name": "BlackShades Crypter", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "TA0005", "name": "Defense Evasion", "display_name": "TA0005 - Defense Evasion" }, { "id": "TA0006", "name": "Credential Access", "display_name": "TA0006 - Credential Access" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 860, "FileHash-SHA1": 488, "FileHash-SHA256": 1407, "domain": 226, "hostname": 557, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "653f1a715b26eb6e3ff58875", "name": "Qakbot attacks. As strong as before?", "description": "", "modified": "2023-11-04T07:02:32.756000", "created": "2023-10-30T02:52:33.136000", "tags": [ "blacklist https", "rstunf", "tad436770", "united", "anonymizer", "mail spammer", "malicious host", "cyber threat", "heur", "phishing", "malware", "team", "control server", "qakbot", "redline stealer", "malicious", "asyncrat", "cobalt strike", "download", "cisco umbrella", "site", "safe site", "malicious url", "paypal", "team phishing", "detection list", "blacklist", "azorult", "service", "runescape", "facebook", "bank", "alexa", "blacknet rat", "stealer", "noname057", "ip summary", "url summary", "summary", "sample", "samples", "attack", "tsara", "tsara brashears", "boeing", "apple id", "samsung", "telegrafix", "trellian", "dumping", "fiies shared", "browser malware", "cyber criminal", "cyber crime", "brashears", "hybrid", "analysis" ], "references": [], "public": 1, "adversary": "Qakbot", "targeted_countries": [ "United States of America", "Japan", "Argentina" ], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": "651e79f50ce42abe29702324", "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3016, "domain": 620, "hostname": 1177, "FileHash-MD5": 519, "FileHash-SHA1": 292, "FileHash-SHA256": 2150, "CVE": 1 }, "indicator_count": 7775, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "651e79f50ce42abe29702324", "name": "Qakbot attacks. As strong as before?", "description": "command and control\nRedlinestealer\nQakbot\nNoName057\nAzorult\nBlack Rat\nbrowser malware \nBanker\nTheft\nPhishing", "modified": "2023-11-04T07:02:32.756000", "created": "2023-10-05T08:55:16.736000", "tags": [ "blacklist https", "rstunf", "tad436770", "united", "anonymizer", "mail spammer", "malicious host", "cyber threat", "heur", "phishing", "malware", "team", "control server", "qakbot", "redline stealer", "malicious", "asyncrat", "cobalt strike", "download", "cisco umbrella", "site", "safe site", "malicious url", "paypal", "team phishing", "detection list", "blacklist", "azorult", "service", "runescape", "facebook", "bank", "alexa", "blacknet rat", "stealer", "noname057", "ip summary", "url summary", "summary", "sample", "samples", "attack", "tsara", "tsara brashears", "boeing", "apple id", "samsung", "telegrafix", "trellian", "dumping", "fiies shared", "browser malware", "cyber criminal", "cyber crime", "brashears", "hybrid", "analysis" ], "references": [], "public": 1, "adversary": "Qakbot", "targeted_countries": [ "United States of America", "Japan", "Argentina" ], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 30, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3016, "domain": 620, "hostname": 1177, "FileHash-MD5": 519, "FileHash-SHA1": 292, "FileHash-SHA256": 2150, "CVE": 1 }, "indicator_count": 7775, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "898 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "wTools", "http://pixelrz.com/lists/keywords/jeffrey-reimer-shot-dead-walgreens/", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer", "AS15133 MCI Communications Services Inc d b a Verizon Business", "Autonomous System", "AS13414 Twitter Inc", "http://pixelrz.com/lists/keywords/tsara-brashears-assaulted-by-jeffrey-reimer No Expiration http://pixelrz.com/lists/keywords/tsara-brashears-dead", "AS32934 Facebook Inc", "DNS Server - Public-dns.info", "https://amp.hifiporn.cc/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://www.hybrid-analysis.com/sample/", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expirati", "http://pixelrz.com/lists/keywords/tsara-brashears-jeffrey-reimer-porn", "http://pixelrz.com/lists/keywords/tsara-brashears", "AS13335 - Cloudflare, Inc. - United States", "Research and Data analysis", "https://amp.mypornvid.fun/videos/2/SLFGMWoQaCU/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video- No Expiration\t0\t URL https://hifiporn.pw/xxx/1/white-dpt-jeffrey-r https://archive.ph/o/jEaWf/https:/mypornvid.pw/videos/13/8thhcwahoYI/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tsara-brashears-jeffrey-reimer-porn/' No Expiration\t0\t URL http://pixelrz.com/lists/%20keywords/tshttp://pixelrz.com/lists/ke", "https://www.google.com/search?q=tsara+brashears&tbm=isch&chips=q:tsara+brashears" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Qakbot", "[Miscellaneous, Unnamed]" ], "malware_families": [ "Redline", "Generic.malware", "Virut", "Blackshades crypter", "Webtoolbar", "Gen:variant.zusy", "Cobalt strike", "Emotet - s0367", "Gen:trojan.heur", "Lumma", "Lumma stealer", "Trojanspy", "Goldfinder - s0597" ], "industries": [ "Media", "Telecommunications", "Technology" ], "unique_indicators": 57141 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/adsenseformobileapps.com", "whois": "http://whois.domaintools.com/adsenseformobileapps.com", "domain": "adsenseformobileapps.com", "hostname": "5213.android.com.orange.owtv.adsenseformobileapps.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 18, "pulses": [ { "id": "6529c91a4f8f0c898f48088c", "name": "quick look at vk.com", "description": "", "modified": "2025-06-26T22:23:19.431000", "created": "2023-10-13T22:47:54.295000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 1981, "domain": 506, "hostname": 1258, "URL": 3080 }, "indicator_count": 6861, "is_author": false, "is_subscribing": null, "subscriber_count": 180, "modified_text": "297 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "656aac25a8a2caaddf0d3b88", "name": "https://myaccount.uscis.gov/", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-12-02T04:01:41.427000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655652f6ddcbf952a599cded", "export_count": 93, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c52bf98f256b6a01da6", "name": "https://myaccount.uscis.gov/", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-18T00:58:58.944000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 101, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655686e2c072557f03e9cba2", "name": "https://myaccount.uscis.gov/ [pulse created by Octoseek]", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T21:17:22.087000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655657ca2e402d4f98283de9", "name": "https://myaccount.uscis.gov/ ", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:56:26.312000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65565477da453c46f05a6ac4", "name": "BTW VirusTotal - \" interesting files written to disk during execution'", "description": "", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:42:15.123000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "655650c9b2be6cc930c92cf3", "export_count": 101, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655650c9b2be6cc930c92cf3", "name": "https://myaccount.uscis.gov/", "description": "HOW!?!? My device was remotely logged into this account somehow.\nThis is egregious. Silence Threats. I have no connection to this but was contacted by a while ago. I don't know how or why a part of the government would attack a person with a TBI and C1 - S1 Spinal cord injury allegedly caused by Colorado physical therapist and protect him. Why is victim, tracked and unsafe, receiving death threats, monitored, denied medical care, stalked EVERYWHERE. \nEven felons aren't monitored for life. STOP.\nWill this get us killed. Do the right thing.\nGod bless America, purge the government.\nThe truth should set you fee not get you harmed.", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:26:33", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "655652f6ddcbf952a599cded", "name": "https://myaccount.uscis.gov/", "description": "After Mark Montano Md reported alleged acts by Jeffrey Scott Reimer after receiving 'multiple' reports of him aggressively pursuing Brashears, she was contacted, told she violated the Patriot Act by Big O Tires?!! Received letters from the above and harassed for years. Colorado Workers compensation is so corrupt this may be my last post. She was immediately framed , blamed, porn smeared and stalked. Denied medical care , when received died on surgery table, revised and disabled. Even the mafia would tackle only the associates bringing undue negative attention to their own organization.", "modified": "2023-12-16T15:00:49.451000", "created": "2023-11-16T17:35:50.285000", "tags": [ "whois record", "ssl certificate", "whois whois", "communicating", "referrer", "ip address", "contacted", "pe resource", "historical ssl", "collections wow", "cobalt", "stealer", "quasar", "remcos", "ursnif", "fabookie", "name verdict", "exit", "node tcp", "traffic", "united", "et tor", "known tor", "relayrouter", "anonymizer", "tor known", "tor relayrouter", "cisco umbrella", "site", "safe site", "heur", "maltiverse", "million", "alexa top", "unsafe", "html", "team", "riskware", "malware", "phishing", "union", "bank", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "artemis", "installcore", "webshell", "exploit", "crack", "webtoolbar", "detection list", "blacklist http", "september", "threat roundup", "execution", "metro", "formbook", "kgs0", "kls0", "blacklist https", "malicious site", "malware site", "phishing site", "download", "malicious", "azorult", "service", "runescape", "facebook", "genkryptik", "fuery", "wacatac", "alexa", "dbatloader", "nanocore rat", "agent tesla", "binder", "dridex", "hawkeye", "small", "netwire", "trojan", "redline stealer", "lumma stealer", "trojanspy", "redline", "lumma", "tsara brashears", "whois", "asn owner", "highly targeted", "relacionada", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "core", "bitrat", "hacktool", "critical", "copy", "installer", "meta", "as15169 google", "aaaa", "a domains", "videosdewebcams", "search", "passive dns", "urls", "record value", "date", "certificate", "scan endpoints", "all octoseek", "pulse pulses", "files" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Germany" ], "malware_families": [ { "id": "WebToolbar", "display_name": "WebToolbar", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "RedLine", "display_name": "RedLine", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 182, "FileHash-SHA256": 6268, "URL": 13989, "domain": 3229, "hostname": 4412, "CVE": 19, "email": 3 }, "indicator_count": 28306, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "856 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a8ec0568abca6f44e16f", "name": "quick look at vk.com", "description": "", "modified": "2023-12-06T17:01:32.275000", "created": "2023-12-06T17:01:32.275000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1981, "domain": 506, "hostname": 1262, "URL": 3080, "FileHash-MD5": 18, "FileHash-SHA1": 18 }, "indicator_count": 6865, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a81314a587dca8a7e075", "name": "Blackshades | Remote attacks | Malicious Google Search | DNS Requests", "description": "", "modified": "2023-12-06T16:57:55.292000", "created": "2023-12-06T16:57:55.292000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1407, "hostname": 557, "domain": 226, "FileHash-MD5": 860, "FileHash-SHA1": 488, "URL": 589 }, "indicator_count": 4127, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://5213.android.com.orange.owtv.adsenseformobileapps.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://5213.android.com.orange.owtv.adsenseformobileapps.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776719902.118632 }