{ "type": "URL", "indicator": "https://api.amplitude.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.amplitude.com/", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #236", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain amplitude.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain amplitude.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2808379906, "indicator": "https://api.amplitude.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69d38c3c31ed79d5da57c209", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.822000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d38c3c712738e344743ed2", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.065000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69efc3a63f5aa5107bb41dbf", "name": "[clone-Jeffrey Reimer DPT Tsara Brashears Court Records | ]by scoreblue", "description": "", "modified": "2026-04-27T23:20:58.970000", "created": "2026-04-27T20:14:30.720000", "tags": [ "reimer-jeffrey-v-brashears-tsara", "2017cv030026 suppressed", "case 2017cv030026 suppressed", "docket", "legal case", "legal", "litigation", "court cases", "state court docket", "robert r", "lung", "county", "case", "money", "ben l", "leutwyler iii", "reimer", "brashears", "douglas county", "tips", "district", "date", "judge", "shane", "bank", "contact", "service", "brashears accepts", "jeffrey scott", "reimer dpt", "reimer paid", "sa victim", "settlement", "reimer-jeffrey-paid-tsara-brahears-settlement", "reimer-jeffrey-claim-dismissed", "brashears-tsara-claims-upheld", "reverse dns", "general full", "protocol h2", "security tls", "resource", "united", "hash", "name value", "security", "main", "facebook", "brashears-tsara-v-reimer-jeffrey", "so false", "as134548 dxtl", "kwan o", "hong kong", "passive dns", "scan endpoints", "all scoreblue", "ipv4", "export graph", "historical ssl", "referrer", "gameprofitshack", "webstudio", "smartdata", "alloymedia", "industries", "theakkas", "korplug", "default", "module load", "t1129", "show", "search", "regbinary", "malware beacon", "upatre", "suspicious", "trojan", "copy", "dock", "downloader", "loader", "write", "malware", "av detections", "ids detections", "yara detections", "alerts", "related pulses", "dashboard", "browse scan", "endpoints all", "showing", "p2p zeus", "september", "popper", "cookies", "x function", "hsp boolean", "oribili boolean", "hstcran", "hsusertoken", "domainpath name", "ns nxdomain", "parked", "tsara won", "brashears prevails", "reimer dismissal", "dangerous data collection", "get device", "parked uri" ], "references": [ "Scam Aggregators: https://trellis.law/case/8035/2017cv030026-suppressed/reimer-jeffrey-v-brashears-tsara [parked here: ctjsz.com]", "http://www.qq664.com/seximanhua/22128.html [looks legit to me]", "sex2e.com | http://qq664.com/seximanhua/22128.html [trellis.law]", "https://prnbae.com/191693/at-37-ellie-discovers-the-unique-sensations-of-double-vaginal-sex/ [trellis.law]", "http://www.philippinesredcat.com/girls-for-sex-in-manila/ [trellis.law]", "http://us.1.powerfront.com/thehealthylivingshow/scripts/redir.asp?link=https://www.sexbestgals.info/cougar-porn/ [trellis.law]", "https://help.competitionsuite.com/article/76-using-the-judge-app-tablets", "https://www.paidhmars.com/", "https://urlscan.io/result/e4ed8a1d-1b23-46cd-a237-a2ad4e974fc3/content/", "False: This case was filed in Douglas County Superior Courts with Jeffrey K Holmes presiding. | Who is he?", "False: Never served. Had several PI's and background checks", "Jeffrey Scott Reimer DPT was allegedly arrested 02/14/2022 | Very unreliable self proclaimed PI's (multiple)", "Brian Sabey begged victim to accept tiny settlement. Contingency, 'Brashears may use settlement to find hacker.'", "Judge Shay Whittaker dismissed Reimers 'malicious' prosecution claom", "Reimers case V Brashears in 2017 after Denver Police Major Crimes located Reimer", "Brashears documented on corr record she wanted to proceed with case", "Brian Sabey Speaking for Jeffrey Scott Reimer DPT refused further court proceedings", "Brian Sabey offered Brashears a settlement. Begged her to accept it.", "Case: Defamation of character based on truthful reviews left on HealthGrades.", "A series of reviews detailing Jeffrey Reimer DPT egregious behavior proved not left by Brashears except 2 with comments -4", "Brashears Review: 'He would benefit from more training' [Very considerate considering the complimentary spinal cord injuries 'plural']", "Health Grades erased 20+ positive reviews that originated from Reimers email address.", "Most of not all positive Jeffrey Reimer DPT reviews are false. Reimer wasn't practicing when 'amazing' trat,ent alleged", "Brian Sabey. Esq filed motion to dismiss after judge dismissed Reimers meritlesscase", "Brian Sabey would be most foolish after it was determined Brashears was 100% disabled. This was cause by Jeffrey Scott Reimer DPT", "Brashears would gladly go to court as stated in court documents to then judge who wished to be briefed by Brashears. Thwarted by Sabey.", "Brian Sabey wanted to appear to win. Sandy demanded Brashears remove every patients negative review about Jeffrey Reimer DPT", "Brian Sabey had cashiers check delivered to Brashears in person.", "Victim is willing to have her attorney post entire court proceedings online , on YouTube and more", "There is NO other physical therapist with as many reviews as Jeffrey Reimer DPT, even non offenders. Reimers clientele is largely non-english speaking.", "Reimer often criticized non English speakers, large women and short Hispanic men according to witness.", "He also spoke frequently about Brashears infamously 'real' large bosom and figure. He decided to touch, grab, grope, assault,injure, beg for more", "Jeffrey Scott Reimer PT , DPT. assaulters defense: 'I had to be of the top/front of Brashears, She consented!'", "False: Brashears didn't expect this coming. Jeffrey Reimer DPT suddenly jumped on top of Brashears and tried to start a family. He didn't ask.", "Unless tampered with, court records will show Brashears dropped as a patient to be told she'd face legal consequences if she did.", "Survivor was told an investigation would begin, she'd be safe among other careless things her MD advised", "Brashears would LOVE for the true court proceedings to be read. She feels they were hacked away. DougCo was unable to 'print' records 'glitch'", "Did I mention she prevailed, won, got a check? Tsara Lynn Brashears survivor; won her counter claim. Weak Reimer claim burned like a dying moth.", "Trellis: 3.223.115.185 In cloud provider range: provider=AWS\t IPv4 34.240.160.162 In cloud provider range: provider=AWS", "Trellis: http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT | https://search.app.goo.gl/?ofl", "Trellis: www.youtube.com/watch?v=GyuMozsVyYs \t\u00bb Survivors video references assault. Does not name or depict Reimers likeness.", "Trellis: Hostname blockpage.bt.com | hdredirect-lb7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com | itunes.apple.com | search.app.goo.gl | www.youtube.com", "Trellis: https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635", "IDS Detections: Downloader (P2P Zeus dropper UA) Common Upatre Header Structure 2 Upatre Retrieving encoded payload (Common Header Struct)", "IDS Detections: Suspicious User-Agent containing Loader Observed TLS Handshake Failure", "Trellis: High Priority Alerts: network_icmp modifies_proxy_wpad packer_polymorphic", "Trellis:TrojanDownloader:Win32/Upatre.A | Yara Detections Upack_all_versions", "Trellis: secure04-appleid.com | http://secure04-appleid.com | cpcalendars.secure04-appleid.com" ], "public": 1, "adversary": "Parking Crew", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:Win32/Zbot.SIBG3!MTB", "display_name": "Trojan:Win32/Zbot.SIBG3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBG3!MTB" }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "P2P ZeuS - S0016", "display_name": "P2P ZeuS - S0016", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Research", "Telecommunications", "Technology", "Civilians" ], "TLP": "green", "cloned_from": "66d490668683aec2631cfa20", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 269, "FileHash-SHA1": 266, "FileHash-SHA256": 981, "domain": 480, "hostname": 684, "email": 1, "URL": 2102 }, "indicator_count": 4783, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "34 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d490668683aec2631cfa20", "name": "Jeffrey Reimer DPT Tsara Brashears Court Records | Trellis.Law", "description": "Phishing expedition: Malicious bait. Threat actor/s attempting to hack whoever can see and clicks on link. The URl is parked, is malicious, attempts infiltrate device.", "modified": "2024-11-05T00:02:43.336000", "created": "2024-09-01T16:03:50.411000", "tags": [ "reimer-jeffrey-v-brashears-tsara", "2017cv030026 suppressed", "case 2017cv030026 suppressed", "docket", "legal case", "legal", "litigation", "court cases", "state court docket", "robert r", "lung", "county", "case", "money", "ben l", "leutwyler iii", "reimer", "brashears", "douglas county", "tips", "district", "date", "judge", "shane", "bank", "contact", "service", "brashears accepts", "jeffrey scott", "reimer dpt", "reimer paid", "sa victim", "settlement", "reimer-jeffrey-paid-tsara-brahears-settlement", "reimer-jeffrey-claim-dismissed", "brashears-tsara-claims-upheld", "reverse dns", "general full", "protocol h2", "security tls", "resource", "united", "hash", "name value", "security", "main", "facebook", "brashears-tsara-v-reimer-jeffrey", "so false", "as134548 dxtl", "kwan o", "hong kong", "passive dns", "scan endpoints", "all scoreblue", "ipv4", "export graph", "historical ssl", "referrer", "gameprofitshack", "webstudio", "smartdata", "alloymedia", "industries", "theakkas", "korplug", "default", "module load", "t1129", "show", "search", "regbinary", "malware beacon", "upatre", "suspicious", "trojan", "copy", "dock", "downloader", "loader", "write", "malware", "av detections", "ids detections", "yara detections", "alerts", "related pulses", "dashboard", "browse scan", "endpoints all", "showing", "p2p zeus", "september", "popper", "cookies", "x function", "hsp boolean", "oribili boolean", "hstcran", "hsusertoken", "domainpath name", "ns nxdomain", "parked", "tsara won", "brashears prevails", "reimer dismissal", "dangerous data collection", "get device", "parked uri" ], "references": [ "Scam Aggregators: https://trellis.law/case/8035/2017cv030026-suppressed/reimer-jeffrey-v-brashears-tsara [parked here: ctjsz.com]", "http://www.qq664.com/seximanhua/22128.html [looks legit to me]", "sex2e.com | http://qq664.com/seximanhua/22128.html [trellis.law]", "https://prnbae.com/191693/at-37-ellie-discovers-the-unique-sensations-of-double-vaginal-sex/ [trellis.law]", "http://www.philippinesredcat.com/girls-for-sex-in-manila/ [trellis.law]", "http://us.1.powerfront.com/thehealthylivingshow/scripts/redir.asp?link=https://www.sexbestgals.info/cougar-porn/ [trellis.law]", "https://help.competitionsuite.com/article/76-using-the-judge-app-tablets", "https://www.paidhmars.com/", "https://urlscan.io/result/e4ed8a1d-1b23-46cd-a237-a2ad4e974fc3/content/", "False: This case was filed in Douglas County Superior Courts with Jeffrey K Holmes presiding. | Who is he?", "False: Never served. Had several PI's and background checks", "Jeffrey Scott Reimer DPT was allegedly arrested 02/14/2022 | Very unreliable self proclaimed PI's (multiple)", "Brian Sabey begged victim to accept tiny settlement. Contingency, 'Brashears may use settlement to find hacker.'", "Judge Shay Whittaker dismissed Reimers 'malicious' prosecution claom", "Reimers case V Brashears in 2017 after Denver Police Major Crimes located Reimer", "Brashears documented on corr record she wanted to proceed with case", "Brian Sabey Speaking for Jeffrey Scott Reimer DPT refused further court proceedings", "Brian Sabey offered Brashears a settlement. Begged her to accept it.", "Case: Defamation of character based on truthful reviews left on HealthGrades.", "A series of reviews detailing Jeffrey Reimer DPT egregious behavior proved not left by Brashears except 2 with comments -4", "Brashears Review: 'He would benefit from more training' [Very considerate considering the complimentary spinal cord injuries 'plural']", "Health Grades erased 20+ positive reviews that originated from Reimers email address.", "Most of not all positive Jeffrey Reimer DPT reviews are false. Reimer wasn't practicing when 'amazing' trat,ent alleged", "Brian Sabey. Esq filed motion to dismiss after judge dismissed Reimers meritlesscase", "Brian Sabey would be most foolish after it was determined Brashears was 100% disabled. This was cause by Jeffrey Scott Reimer DPT", "Brashears would gladly go to court as stated in court documents to then judge who wished to be briefed by Brashears. Thwarted by Sabey.", "Brian Sabey wanted to appear to win. Sandy demanded Brashears remove every patients negative review about Jeffrey Reimer DPT", "Brian Sabey had cashiers check delivered to Brashears in person.", "Victim is willing to have her attorney post entire court proceedings online , on YouTube and more", "There is NO other physical therapist with as many reviews as Jeffrey Reimer DPT, even non offenders. Reimers clientele is largely non-english speaking.", "Reimer often criticized non English speakers, large women and short Hispanic men according to witness.", "He also spoke frequently about Brashears infamously 'real' large bosom and figure. He decided to touch, grab, grope, assault,injure, beg for more", "Jeffrey Scott Reimer PT , DPT. assaulters defense: 'I had to be of the top/front of Brashears, She consented!'", "False: Brashears didn't expect this coming. Jeffrey Reimer DPT suddenly jumped on top of Brashears and tried to start a family. He didn't ask.", "Unless tampered with, court records will show Brashears dropped as a patient to be told she'd face legal consequences if she did.", "Survivor was told an investigation would begin, she'd be safe among other careless things her MD advised", "Brashears would LOVE for the true court proceedings to be read. She feels they were hacked away. DougCo was unable to 'print' records 'glitch'", "Did I mention she prevailed, won, got a check? Tsara Lynn Brashears survivor; won her counter claim. Weak Reimer claim burned like a dying moth.", "Trellis: 3.223.115.185 In cloud provider range: provider=AWS\t IPv4 34.240.160.162 In cloud provider range: provider=AWS", "Trellis: http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT | https://search.app.goo.gl/?ofl", "Trellis: www.youtube.com/watch?v=GyuMozsVyYs \t\u00bb Survivors video references assault. Does not name or depict Reimers likeness.", "Trellis: Hostname blockpage.bt.com | hdredirect-lb7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com | itunes.apple.com | search.app.goo.gl | www.youtube.com", "Trellis: https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635", "IDS Detections: Downloader (P2P Zeus dropper UA) Common Upatre Header Structure 2 Upatre Retrieving encoded payload (Common Header Struct)", "IDS Detections: Suspicious User-Agent containing Loader Observed TLS Handshake Failure", "Trellis: High Priority Alerts: network_icmp modifies_proxy_wpad packer_polymorphic", "Trellis:TrojanDownloader:Win32/Upatre.A | Yara Detections Upack_all_versions", "Trellis: secure04-appleid.com | http://secure04-appleid.com | cpcalendars.secure04-appleid.com" ], "public": 1, "adversary": "Parking Crew", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:Win32/Zbot.SIBG3!MTB", "display_name": "Trojan:Win32/Zbot.SIBG3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBG3!MTB" }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "P2P ZeuS - S0016", "display_name": "P2P ZeuS - S0016", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Research", "Telecommunications", "Technology", "Civilians" ], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 269, "FileHash-SHA1": 266, "FileHash-SHA256": 981, "domain": 480, "hostname": 684, "email": 1, "URL": 2102 }, "indicator_count": 4783, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "572 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://us.1.powerfront.com/thehealthylivingshow/scripts/redir.asp?link=https://www.sexbestgals.info/cougar-porn/ [trellis.law]", "Scam Aggregators: https://trellis.law/case/8035/2017cv030026-suppressed/reimer-jeffrey-v-brashears-tsara [parked here: ctjsz.com]", "IDS Detections: Downloader (P2P Zeus dropper UA) Common Upatre Header Structure 2 Upatre Retrieving encoded payload (Common Header Struct)", "Judge Shay Whittaker dismissed Reimers 'malicious' prosecution claom", "IDS Detections: Suspicious User-Agent containing Loader Observed TLS Handshake Failure", "Brashears would LOVE for the true court proceedings to be read. She feels they were hacked away. DougCo was unable to 'print' records 'glitch'", "https://urlscan.io/result/e4ed8a1d-1b23-46cd-a237-a2ad4e974fc3/content/", "False: Never served. Had several PI's and background checks", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "Brian Sabey offered Brashears a settlement. Begged her to accept it.", "Brashears Review: 'He would benefit from more training' [Very considerate considering the complimentary spinal cord injuries 'plural']", "Trellis: http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT | https://search.app.goo.gl/?ofl", "Case: Defamation of character based on truthful reviews left on HealthGrades.", "Survivor was told an investigation would begin, she'd be safe among other careless things her MD advised", "Reimer often criticized non English speakers, large women and short Hispanic men according to witness.", "Brashears would gladly go to court as stated in court documents to then judge who wished to be briefed by Brashears. Thwarted by Sabey.", "Trellis: 3.223.115.185 In cloud provider range: provider=AWS\t IPv4 34.240.160.162 In cloud provider range: provider=AWS", "Jeffrey Scott Reimer PT , DPT. assaulters defense: 'I had to be of the top/front of Brashears, She consented!'", "Brian Sabey. Esq filed motion to dismiss after judge dismissed Reimers meritlesscase", "sex2e.com | http://qq664.com/seximanhua/22128.html [trellis.law]", "Brian Sabey Speaking for Jeffrey Scott Reimer DPT refused further court proceedings", "Brian Sabey had cashiers check delivered to Brashears in person.", "Unless tampered with, court records will show Brashears dropped as a patient to be told she'd face legal consequences if she did.", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD", "Trellis: www.youtube.com/watch?v=GyuMozsVyYs \t\u00bb Survivors video references assault. Does not name or depict Reimers likeness.", "Trellis: Hostname blockpage.bt.com | hdredirect-lb7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com | itunes.apple.com | search.app.goo.gl | www.youtube.com", "Trellis: secure04-appleid.com | http://secure04-appleid.com | cpcalendars.secure04-appleid.com", "https://help.competitionsuite.com/article/76-using-the-judge-app-tablets", "Trellis: High Priority Alerts: network_icmp modifies_proxy_wpad packer_polymorphic", "Brian Sabey begged victim to accept tiny settlement. Contingency, 'Brashears may use settlement to find hacker.'", "Jeffrey Scott Reimer DPT was allegedly arrested 02/14/2022 | Very unreliable self proclaimed PI's (multiple)", "False: Brashears didn't expect this coming. Jeffrey Reimer DPT suddenly jumped on top of Brashears and tried to start a family. He didn't ask.", "A series of reviews detailing Jeffrey Reimer DPT egregious behavior proved not left by Brashears except 2 with comments -4", "He also spoke frequently about Brashears infamously 'real' large bosom and figure. He decided to touch, grab, grope, assault,injure, beg for more", "http://www.qq664.com/seximanhua/22128.html [looks legit to me]", "http://www.philippinesredcat.com/girls-for-sex-in-manila/ [trellis.law]", "Did I mention she prevailed, won, got a check? Tsara Lynn Brashears survivor; won her counter claim. Weak Reimer claim burned like a dying moth.", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "Reimers case V Brashears in 2017 after Denver Police Major Crimes located Reimer", "https://www.paidhmars.com/", "False: This case was filed in Douglas County Superior Courts with Jeffrey K Holmes presiding. | Who is he?", "Brian Sabey wanted to appear to win. Sandy demanded Brashears remove every patients negative review about Jeffrey Reimer DPT", "Trellis:TrojanDownloader:Win32/Upatre.A | Yara Detections Upack_all_versions", "Brian Sabey would be most foolish after it was determined Brashears was 100% disabled. This was cause by Jeffrey Scott Reimer DPT", "Health Grades erased 20+ positive reviews that originated from Reimers email address.", "Most of not all positive Jeffrey Reimer DPT reviews are false. Reimer wasn't practicing when 'amazing' trat,ent alleged", "Brashears documented on corr record she wanted to proceed with case", "Victim is willing to have her attorney post entire court proceedings online , on YouTube and more", "https://prnbae.com/191693/at-37-ellie-discovers-the-unique-sensations-of-double-vaginal-sex/ [trellis.law]", "There is NO other physical therapist with as many reviews as Jeffrey Reimer DPT, even non offenders. Reimers clientele is largely non-english speaking.", "Trellis: https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Parking Crew" ], "malware_families": [ "Trojan:win32/zbot.sibg3!mtb", "Beach research", "Trojandownloader:win32/upatre.a", "Webtoolbar", "Maltiverse", "P2p zeus - s0016" ], "industries": [ "Research", "Telecommunications", "Technology", "Nutritional", "Medical", "Civilians", "Health", "Medicine" ], "unique_indicators": 32272 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/amplitude.com", "whois": "http://whois.domaintools.com/amplitude.com", "domain": "amplitude.com", "hostname": "api.amplitude.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69d38c3c31ed79d5da57c209", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.822000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d38c3c712738e344743ed2", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.065000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69efc3a63f5aa5107bb41dbf", "name": "[clone-Jeffrey Reimer DPT Tsara Brashears Court Records | ]by scoreblue", "description": "", "modified": "2026-04-27T23:20:58.970000", "created": "2026-04-27T20:14:30.720000", "tags": [ "reimer-jeffrey-v-brashears-tsara", "2017cv030026 suppressed", "case 2017cv030026 suppressed", "docket", "legal case", "legal", "litigation", "court cases", "state court docket", "robert r", "lung", "county", "case", "money", "ben l", "leutwyler iii", "reimer", "brashears", "douglas county", "tips", "district", "date", "judge", "shane", "bank", "contact", "service", "brashears accepts", "jeffrey scott", "reimer dpt", "reimer paid", "sa victim", "settlement", "reimer-jeffrey-paid-tsara-brahears-settlement", "reimer-jeffrey-claim-dismissed", "brashears-tsara-claims-upheld", "reverse dns", "general full", "protocol h2", "security tls", "resource", "united", "hash", "name value", "security", "main", "facebook", "brashears-tsara-v-reimer-jeffrey", "so false", "as134548 dxtl", "kwan o", "hong kong", "passive dns", "scan endpoints", "all scoreblue", "ipv4", "export graph", "historical ssl", "referrer", "gameprofitshack", "webstudio", "smartdata", "alloymedia", "industries", "theakkas", "korplug", "default", "module load", "t1129", "show", "search", "regbinary", "malware beacon", "upatre", "suspicious", "trojan", "copy", "dock", "downloader", "loader", "write", "malware", "av detections", "ids detections", "yara detections", "alerts", "related pulses", "dashboard", "browse scan", "endpoints all", "showing", "p2p zeus", "september", "popper", "cookies", "x function", "hsp boolean", "oribili boolean", "hstcran", "hsusertoken", "domainpath name", "ns nxdomain", "parked", "tsara won", "brashears prevails", "reimer dismissal", "dangerous data collection", "get device", "parked uri" ], "references": [ "Scam Aggregators: https://trellis.law/case/8035/2017cv030026-suppressed/reimer-jeffrey-v-brashears-tsara [parked here: ctjsz.com]", "http://www.qq664.com/seximanhua/22128.html [looks legit to me]", "sex2e.com | http://qq664.com/seximanhua/22128.html [trellis.law]", "https://prnbae.com/191693/at-37-ellie-discovers-the-unique-sensations-of-double-vaginal-sex/ [trellis.law]", "http://www.philippinesredcat.com/girls-for-sex-in-manila/ [trellis.law]", "http://us.1.powerfront.com/thehealthylivingshow/scripts/redir.asp?link=https://www.sexbestgals.info/cougar-porn/ [trellis.law]", "https://help.competitionsuite.com/article/76-using-the-judge-app-tablets", "https://www.paidhmars.com/", "https://urlscan.io/result/e4ed8a1d-1b23-46cd-a237-a2ad4e974fc3/content/", "False: This case was filed in Douglas County Superior Courts with Jeffrey K Holmes presiding. | Who is he?", "False: Never served. Had several PI's and background checks", "Jeffrey Scott Reimer DPT was allegedly arrested 02/14/2022 | Very unreliable self proclaimed PI's (multiple)", "Brian Sabey begged victim to accept tiny settlement. Contingency, 'Brashears may use settlement to find hacker.'", "Judge Shay Whittaker dismissed Reimers 'malicious' prosecution claom", "Reimers case V Brashears in 2017 after Denver Police Major Crimes located Reimer", "Brashears documented on corr record she wanted to proceed with case", "Brian Sabey Speaking for Jeffrey Scott Reimer DPT refused further court proceedings", "Brian Sabey offered Brashears a settlement. Begged her to accept it.", "Case: Defamation of character based on truthful reviews left on HealthGrades.", "A series of reviews detailing Jeffrey Reimer DPT egregious behavior proved not left by Brashears except 2 with comments -4", "Brashears Review: 'He would benefit from more training' [Very considerate considering the complimentary spinal cord injuries 'plural']", "Health Grades erased 20+ positive reviews that originated from Reimers email address.", "Most of not all positive Jeffrey Reimer DPT reviews are false. Reimer wasn't practicing when 'amazing' trat,ent alleged", "Brian Sabey. Esq filed motion to dismiss after judge dismissed Reimers meritlesscase", "Brian Sabey would be most foolish after it was determined Brashears was 100% disabled. This was cause by Jeffrey Scott Reimer DPT", "Brashears would gladly go to court as stated in court documents to then judge who wished to be briefed by Brashears. Thwarted by Sabey.", "Brian Sabey wanted to appear to win. Sandy demanded Brashears remove every patients negative review about Jeffrey Reimer DPT", "Brian Sabey had cashiers check delivered to Brashears in person.", "Victim is willing to have her attorney post entire court proceedings online , on YouTube and more", "There is NO other physical therapist with as many reviews as Jeffrey Reimer DPT, even non offenders. Reimers clientele is largely non-english speaking.", "Reimer often criticized non English speakers, large women and short Hispanic men according to witness.", "He also spoke frequently about Brashears infamously 'real' large bosom and figure. He decided to touch, grab, grope, assault,injure, beg for more", "Jeffrey Scott Reimer PT , DPT. assaulters defense: 'I had to be of the top/front of Brashears, She consented!'", "False: Brashears didn't expect this coming. Jeffrey Reimer DPT suddenly jumped on top of Brashears and tried to start a family. He didn't ask.", "Unless tampered with, court records will show Brashears dropped as a patient to be told she'd face legal consequences if she did.", "Survivor was told an investigation would begin, she'd be safe among other careless things her MD advised", "Brashears would LOVE for the true court proceedings to be read. She feels they were hacked away. DougCo was unable to 'print' records 'glitch'", "Did I mention she prevailed, won, got a check? Tsara Lynn Brashears survivor; won her counter claim. Weak Reimer claim burned like a dying moth.", "Trellis: 3.223.115.185 In cloud provider range: provider=AWS\t IPv4 34.240.160.162 In cloud provider range: provider=AWS", "Trellis: http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT | https://search.app.goo.gl/?ofl", "Trellis: www.youtube.com/watch?v=GyuMozsVyYs \t\u00bb Survivors video references assault. Does not name or depict Reimers likeness.", "Trellis: Hostname blockpage.bt.com | hdredirect-lb7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com | itunes.apple.com | search.app.goo.gl | www.youtube.com", "Trellis: https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635", "IDS Detections: Downloader (P2P Zeus dropper UA) Common Upatre Header Structure 2 Upatre Retrieving encoded payload (Common Header Struct)", "IDS Detections: Suspicious User-Agent containing Loader Observed TLS Handshake Failure", "Trellis: High Priority Alerts: network_icmp modifies_proxy_wpad packer_polymorphic", "Trellis:TrojanDownloader:Win32/Upatre.A | Yara Detections Upack_all_versions", "Trellis: secure04-appleid.com | http://secure04-appleid.com | cpcalendars.secure04-appleid.com" ], "public": 1, "adversary": "Parking Crew", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:Win32/Zbot.SIBG3!MTB", "display_name": "Trojan:Win32/Zbot.SIBG3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBG3!MTB" }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "P2P ZeuS - S0016", "display_name": "P2P ZeuS - S0016", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Research", "Telecommunications", "Technology", "Civilians" ], "TLP": "green", "cloned_from": "66d490668683aec2631cfa20", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 269, "FileHash-SHA1": 266, "FileHash-SHA256": 981, "domain": 480, "hostname": 684, "email": 1, "URL": 2102 }, "indicator_count": 4783, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "34 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66d490668683aec2631cfa20", "name": "Jeffrey Reimer DPT Tsara Brashears Court Records | Trellis.Law", "description": "Phishing expedition: Malicious bait. Threat actor/s attempting to hack whoever can see and clicks on link. The URl is parked, is malicious, attempts infiltrate device.", "modified": "2024-11-05T00:02:43.336000", "created": "2024-09-01T16:03:50.411000", "tags": [ "reimer-jeffrey-v-brashears-tsara", "2017cv030026 suppressed", "case 2017cv030026 suppressed", "docket", "legal case", "legal", "litigation", "court cases", "state court docket", "robert r", "lung", "county", "case", "money", "ben l", "leutwyler iii", "reimer", "brashears", "douglas county", "tips", "district", "date", "judge", "shane", "bank", "contact", "service", "brashears accepts", "jeffrey scott", "reimer dpt", "reimer paid", "sa victim", "settlement", "reimer-jeffrey-paid-tsara-brahears-settlement", "reimer-jeffrey-claim-dismissed", "brashears-tsara-claims-upheld", "reverse dns", "general full", "protocol h2", "security tls", "resource", "united", "hash", "name value", "security", "main", "facebook", "brashears-tsara-v-reimer-jeffrey", "so false", "as134548 dxtl", "kwan o", "hong kong", "passive dns", "scan endpoints", "all scoreblue", "ipv4", "export graph", "historical ssl", "referrer", "gameprofitshack", "webstudio", "smartdata", "alloymedia", "industries", "theakkas", "korplug", "default", "module load", "t1129", "show", "search", "regbinary", "malware beacon", "upatre", "suspicious", "trojan", "copy", "dock", "downloader", "loader", "write", "malware", "av detections", "ids detections", "yara detections", "alerts", "related pulses", "dashboard", "browse scan", "endpoints all", "showing", "p2p zeus", "september", "popper", "cookies", "x function", "hsp boolean", "oribili boolean", "hstcran", "hsusertoken", "domainpath name", "ns nxdomain", "parked", "tsara won", "brashears prevails", "reimer dismissal", "dangerous data collection", "get device", "parked uri" ], "references": [ "Scam Aggregators: https://trellis.law/case/8035/2017cv030026-suppressed/reimer-jeffrey-v-brashears-tsara [parked here: ctjsz.com]", "http://www.qq664.com/seximanhua/22128.html [looks legit to me]", "sex2e.com | http://qq664.com/seximanhua/22128.html [trellis.law]", "https://prnbae.com/191693/at-37-ellie-discovers-the-unique-sensations-of-double-vaginal-sex/ [trellis.law]", "http://www.philippinesredcat.com/girls-for-sex-in-manila/ [trellis.law]", "http://us.1.powerfront.com/thehealthylivingshow/scripts/redir.asp?link=https://www.sexbestgals.info/cougar-porn/ [trellis.law]", "https://help.competitionsuite.com/article/76-using-the-judge-app-tablets", "https://www.paidhmars.com/", "https://urlscan.io/result/e4ed8a1d-1b23-46cd-a237-a2ad4e974fc3/content/", "False: This case was filed in Douglas County Superior Courts with Jeffrey K Holmes presiding. | Who is he?", "False: Never served. Had several PI's and background checks", "Jeffrey Scott Reimer DPT was allegedly arrested 02/14/2022 | Very unreliable self proclaimed PI's (multiple)", "Brian Sabey begged victim to accept tiny settlement. Contingency, 'Brashears may use settlement to find hacker.'", "Judge Shay Whittaker dismissed Reimers 'malicious' prosecution claom", "Reimers case V Brashears in 2017 after Denver Police Major Crimes located Reimer", "Brashears documented on corr record she wanted to proceed with case", "Brian Sabey Speaking for Jeffrey Scott Reimer DPT refused further court proceedings", "Brian Sabey offered Brashears a settlement. Begged her to accept it.", "Case: Defamation of character based on truthful reviews left on HealthGrades.", "A series of reviews detailing Jeffrey Reimer DPT egregious behavior proved not left by Brashears except 2 with comments -4", "Brashears Review: 'He would benefit from more training' [Very considerate considering the complimentary spinal cord injuries 'plural']", "Health Grades erased 20+ positive reviews that originated from Reimers email address.", "Most of not all positive Jeffrey Reimer DPT reviews are false. Reimer wasn't practicing when 'amazing' trat,ent alleged", "Brian Sabey. Esq filed motion to dismiss after judge dismissed Reimers meritlesscase", "Brian Sabey would be most foolish after it was determined Brashears was 100% disabled. This was cause by Jeffrey Scott Reimer DPT", "Brashears would gladly go to court as stated in court documents to then judge who wished to be briefed by Brashears. Thwarted by Sabey.", "Brian Sabey wanted to appear to win. Sandy demanded Brashears remove every patients negative review about Jeffrey Reimer DPT", "Brian Sabey had cashiers check delivered to Brashears in person.", "Victim is willing to have her attorney post entire court proceedings online , on YouTube and more", "There is NO other physical therapist with as many reviews as Jeffrey Reimer DPT, even non offenders. Reimers clientele is largely non-english speaking.", "Reimer often criticized non English speakers, large women and short Hispanic men according to witness.", "He also spoke frequently about Brashears infamously 'real' large bosom and figure. He decided to touch, grab, grope, assault,injure, beg for more", "Jeffrey Scott Reimer PT , DPT. assaulters defense: 'I had to be of the top/front of Brashears, She consented!'", "False: Brashears didn't expect this coming. Jeffrey Reimer DPT suddenly jumped on top of Brashears and tried to start a family. He didn't ask.", "Unless tampered with, court records will show Brashears dropped as a patient to be told she'd face legal consequences if she did.", "Survivor was told an investigation would begin, she'd be safe among other careless things her MD advised", "Brashears would LOVE for the true court proceedings to be read. She feels they were hacked away. DougCo was unable to 'print' records 'glitch'", "Did I mention she prevailed, won, got a check? Tsara Lynn Brashears survivor; won her counter claim. Weak Reimer claim burned like a dying moth.", "Trellis: 3.223.115.185 In cloud provider range: provider=AWS\t IPv4 34.240.160.162 In cloud provider range: provider=AWS", "Trellis: http://blockpage.bt.com/pcstaticpage/blocked.html?list=BT | https://search.app.goo.gl/?ofl", "Trellis: www.youtube.com/watch?v=GyuMozsVyYs \t\u00bb Survivors video references assault. Does not name or depict Reimers likeness.", "Trellis: Hostname blockpage.bt.com | hdredirect-lb7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com | itunes.apple.com | search.app.goo.gl | www.youtube.com", "Trellis: https://itunes.apple.com/app/apple-store/id284815942/us/app/samsung-galaxy-watch-gear-s/id1117310635", "IDS Detections: Downloader (P2P Zeus dropper UA) Common Upatre Header Structure 2 Upatre Retrieving encoded payload (Common Header Struct)", "IDS Detections: Suspicious User-Agent containing Loader Observed TLS Handshake Failure", "Trellis: High Priority Alerts: network_icmp modifies_proxy_wpad packer_polymorphic", "Trellis:TrojanDownloader:Win32/Upatre.A | Yara Detections Upack_all_versions", "Trellis: secure04-appleid.com | http://secure04-appleid.com | cpcalendars.secure04-appleid.com" ], "public": 1, "adversary": "Parking Crew", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Trojan:Win32/Zbot.SIBG3!MTB", "display_name": "Trojan:Win32/Zbot.SIBG3!MTB", "target": "/malware/Trojan:Win32/Zbot.SIBG3!MTB" }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "P2P ZeuS - S0016", "display_name": "P2P ZeuS - S0016", "target": null } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1399", "name": "Modify Trusted Execution Environment", "display_name": "T1399 - Modify Trusted Execution Environment" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" } ], "industries": [ "Research", "Telecommunications", "Technology", "Civilians" ], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 269, "FileHash-SHA1": 266, "FileHash-SHA256": 981, "domain": 480, "hostname": 684, "email": 1, "URL": 2102 }, "indicator_count": 4783, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "572 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cb4447c8d87ad85fa75", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:24.343000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65574cbe6bdbe24ecb170b24", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-17T11:21:34.083000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": null, "export_count": 102, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c1516990d69644fb3d0", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:57.372000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 100, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65580c17e69371b34a573f72", "name": "Masquerading", "description": "", "modified": "2023-12-17T11:03:45.376000", "created": "2023-11-18T00:57:59.619000", "tags": [ "no expiration", "filehashsha256", "filehashmd5", "iocs", "url http", "expiration", "scan endpoints", "all search", "otx octoseek", "create new", "blacklist http", "laplasclipper", "malicious url", "cisco umbrella", "site", "alexa top", "blacklist", "safe site", "malware site", "phishing site", "malicious site", "malware", "china unknown", "united", "unknown", "as54994 quantil", "cname", "nxdomain", "as8068", "as4134 chinanet", "passive dns", "domain", "next", "filehashsha1", "service company", "servers", "ndicator role", "title added", "active related", "pulses url", "showing", "entries", "pulses http", "url https", "type indicator", "role title", "added active", "related pulses", "report spam", "author avatar", "created", "hour ago", "trojanspy", "redline", "pulses hostname", "blacklist https", "indicator role", "bidid", "adid", "v4us", "v51845481", "hostname", "http", "cisco", "umbrella rank", "search live", "api blog", "docs pricing", "november", "de summary", "frankfurt", "main", "reverse dns", "general full", "asn16509", "amazon02", "resource", "protocol h2", "security tls", "hash", "de indicators", "domains", "hashes", "copyright", "gmbh version", "follow", "value", "postitem", "variables", "parameters", "systemid object", "def function", "login", "get h2", "secrets llc", "agreement", "the site", "content", "policy", "this site", "claims", "florida", "please", "premium", "service", "restrict", "express", "media", "facebook", "twitter", "final", "first", "cloudflarenet", "gts ca", "software", "million", "hours ago", "chameleon", "heur", "phishing", "riskware", "agent", "unsafe", "opencandy", "exploit", "mimikatz", "iframe", "downldr", "presenoker", "artemis", "download", "beach research", "germany", "asn20940", "akamaiasn1", "threat report", "url summary", "summary", "sample", "samples", "detection list", "alexa", "maltiverse", "google", "qtsas", "name value", "no data", "tag count", "count blacklist", "pbiptbmvd0k4", "glelexoputyh", "suppobox", "team", "bambernek", "internet storm", "phishtank", "phish", "trickbot", "telecom", "bank", "ipv4", "octoseek report", "spam https", "tsara brashears", "malvertizing", "tracking", "tagging", "spyder", "cybercrime", "email collection", "apple data collection", "win32 exe", "ms word", "document", "type name", "javascript", "network capture", "files", "detections type", "name", "ssl certificate", "whois whois", "tsara brashears", "whois record", "asn owner", "highly targeted", "kgs0", "kls0", "relacionada", "family", "lolkek", "emotet", "dark power", "wiper", "ransomware", "cobalt strike", "quasar rat", "ursnif", "remcos", "core", "redline stealer", "bitrat", "hacktool", "critical", "copy", "installer", "execution", "network", "communicating", "referrer", "parent", "historical ssl", "siblings", "resolutions", "name verdict", "falcon sandbox", "pattern match", "error", "file", "indicator", "script", "typeof e", "ascii text", "appdata", "date", "windir", "span", "body", "meta", "class", "generator", "info", "null", "refresh", "hybrid", "general", "local", "click", "strings", "tools", "look", "verify", "restart", "form", "footer", "html", "union", "outbreak", "downer", "shell", "mediamagnet", "sality", "swrort", "adaptivebee", "unruy", "iobit", "dropper", "trojanx", "installcore", "webshell", "crack", "webtoolbar", "threat roundup", "contacted", "june", "july", "october", "august" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beach Research", "display_name": "Beach Research", "target": null }, { "id": "Maltiverse", "display_name": "Maltiverse", "target": null }, { "id": "WebToolbar", "display_name": "WebToolbar", "target": null } ], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" } ], "industries": [ "Health", "Nutritional", "Medical", "Medicine" ], "TLP": "white", "cloned_from": "65574cb4447c8d87ad85fa75", "export_count": 103, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 400, "FileHash-SHA1": 240, "FileHash-SHA256": 6459, "hostname": 4845, "URL": 11514, "CVE": 15, "domain": 3179, "email": 31 }, "indicator_count": 26683, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "896 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.amplitude.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.amplitude.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780271553.4124956 }