{ "type": "URL", "indicator": "https://au.fourtiz.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://au.fourtiz.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3753565843, "indicator": "https://au.fourtiz.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "692f04e9fa3d782118e94aac", "name": "LevelBlue - Open Threat Exchange - Delete AppDeployed", "description": "I\u2019m not sure what to think. |\ndeploy-delete-app-us-east-2-1.deploy-delete-test-us-east-2-1mtsufd.us-east-2.gamma.forgeapps.ec2.aws.dev | Are these\npulses being sold or attacked? Christopher P. Ahmann of TAM Legal and his other firms has ALWAYS attacked targets phones and networks. Nothing is too outrageous for this maniac.\n\nHe is responsible for the recent attacks on devices , clouds , google accounts and a flurry of threats. Indicators in recently pulsed reports have been removed. I\u2019ve done my best to restore. \n\nI am also concerned about the safety or legitimacy of this platform.\n\nNo one is ever alerted. Simply calling someone and telling them about the compromises can equate to a big pay day for Level Blue and nothing for the victims of attacks. I need my pulses restored. \n\nIt\u2019s plausible to believe OTX was attacked by an external threat actor.\nAnything is possible when it comes to money.", "modified": "2026-01-01T15:04:20.907000", "created": "2025-12-02T15:25:29.158000", "tags": [ "levelblue", "open threat", "dynamicloader", "tlsv1", "high", "msie", "windows nt", "delete c", "fwlink", "stream", "powershell", "write", "malware", "local", "united", "flag", "date", "server", "crazy egg", "name server", "gmt flag", "domain address", "markmonitor", "enom", "sugges", "onv incude", "data upload", "find s", "extraction", "types", "type", "indicator", "click", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "contacted hosts", "search", "entries", "read c", "medium", "memcommit", "tls handshake", "failure", "module load", "next", "execution", "dock", "capture", "persistence", "copy", "unknown", "suricata alert", "et info", "bad traffic", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "t1480 execution", "file defense", "write c", "x02x82", "xe6x15c6", "x16f", "xc0xc0xc0", "revengerat", "guard", "service", "encrypt", "entries yara", "delphi", "win32", "jordan", "delete app" ], "references": [ "https://otx.alienvault.com/indicator/domain/Tamlegal.com", "DotNET_Reactor System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography System.Security.Cryptography ICryptoTransform Eziriz", "endgames.com \u2022 endgames.us \u2022 endgamesystems.com \u2022 http://www.onyx-ware.com/lander", "deploy-delete-app-us-east-2-1.deploy-delete-test-us-east-2-1mtsufd.us-east-2.gamma.forgeapps.ec2.aws.dev" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Vmprotect-9880726-0", "display_name": "Win.Malware.Vmprotect-9880726-0", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null } ], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" } ], "industries": [ "Technology", "Legal" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4624, "FileHash-SHA256": 2021, "FileHash-MD5": 51, "FileHash-SHA1": 20, "SSLCertFingerprint": 10, "hostname": 1433, "domain": 728 }, "indicator_count": 8887, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "864 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "Virus & Attack Analysis", "Online Analysis observation of issue", "Data Analysis", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "endgames.com \u2022 endgames.us \u2022 endgamesystems.com \u2022 http://www.onyx-ware.com/lander", "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "DotNET_Reactor System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography System.Security.Cryptography ICryptoTransform Eziriz", "https://otx.alienvault.com/indicator/domain/Tamlegal.com", "deploy-delete-app-us-east-2-1.deploy-delete-test-us-east-2-1mtsufd.us-east-2.gamma.forgeapps.ec2.aws.dev" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Skynet", "Malware.qvm06.gen", "Trojan.blocker/delfiles", "Kraken cryptor ransomware", "Trojan.packed.25266", "Backdoor:php/artemis", "Trojan.autoit/agufpxbi", "Trojware.win32.ransom.blocker.cdf@4tkf0k", "Suppobox", "Bscope.trojanransom.blocker", "W32.common.00000000", "Win.malware.vmprotect-9880726-0", "Win32/virus.adware.42b", "Trojan.win32.generic!sb.0", "Win32.outbreak", "Trojan.xanfpezes/fugrafa", "W32.aidetectvm.malware", "Decovid19", "Virut", "Other malware", "Ai:packer.a54e0a4f1d", "Malware.fakefolder/icon!1.6aa9 (classic)", "Trojan.genericrxep", "Malware.ai.332823813", "Trojan.autoit.wirus", "Trojan.installcore.fe", "Autokms.hacktool.patcher.dds" ], "industries": [ "Legal", "Technology", "Reputation devastation", "Hacking", "Media", "Abuse" ], "unique_indicators": 10756 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/fourtiz.com", "whois": "http://whois.domaintools.com/fourtiz.com", "domain": "fourtiz.com", "hostname": "au.fourtiz.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "692f04e9fa3d782118e94aac", "name": "LevelBlue - Open Threat Exchange - Delete AppDeployed", "description": "I\u2019m not sure what to think. |\ndeploy-delete-app-us-east-2-1.deploy-delete-test-us-east-2-1mtsufd.us-east-2.gamma.forgeapps.ec2.aws.dev | Are these\npulses being sold or attacked? Christopher P. Ahmann of TAM Legal and his other firms has ALWAYS attacked targets phones and networks. Nothing is too outrageous for this maniac.\n\nHe is responsible for the recent attacks on devices , clouds , google accounts and a flurry of threats. Indicators in recently pulsed reports have been removed. I\u2019ve done my best to restore. \n\nI am also concerned about the safety or legitimacy of this platform.\n\nNo one is ever alerted. Simply calling someone and telling them about the compromises can equate to a big pay day for Level Blue and nothing for the victims of attacks. I need my pulses restored. \n\nIt\u2019s plausible to believe OTX was attacked by an external threat actor.\nAnything is possible when it comes to money.", "modified": "2026-01-01T15:04:20.907000", "created": "2025-12-02T15:25:29.158000", "tags": [ "levelblue", "open threat", "dynamicloader", "tlsv1", "high", "msie", "windows nt", "delete c", "fwlink", "stream", "powershell", "write", "malware", "local", "united", "flag", "date", "server", "crazy egg", "name server", "gmt flag", "domain address", "markmonitor", "enom", "sugges", "onv incude", "data upload", "find s", "extraction", "types", "type", "indicator", "click", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "contacted hosts", "search", "entries", "read c", "medium", "memcommit", "tls handshake", "failure", "module load", "next", "execution", "dock", "capture", "persistence", "copy", "unknown", "suricata alert", "et info", "bad traffic", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "t1480 execution", "file defense", "write c", "x02x82", "xe6x15c6", "x16f", "xc0xc0xc0", "revengerat", "guard", "service", "encrypt", "entries yara", "delphi", "win32", "jordan", "delete app" ], "references": [ "https://otx.alienvault.com/indicator/domain/Tamlegal.com", "DotNET_Reactor System.Security.Cryptography.AesCryptoServiceProvider System.Security.Cryptography System.Security.Cryptography ICryptoTransform Eziriz", "endgames.com \u2022 endgames.us \u2022 endgamesystems.com \u2022 http://www.onyx-ware.com/lander", "deploy-delete-app-us-east-2-1.deploy-delete-test-us-east-2-1mtsufd.us-east-2.gamma.forgeapps.ec2.aws.dev" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Malware.Vmprotect-9880726-0", "display_name": "Win.Malware.Vmprotect-9880726-0", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null } ], "attack_ids": [ { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" } ], "industries": [ "Technology", "Legal" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4624, "FileHash-SHA256": 2021, "FileHash-MD5": 51, "FileHash-SHA1": 20, "SSLCertFingerprint": 10, "hostname": 1433, "domain": 728 }, "indicator_count": 8887, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "107 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "864 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://au.fourtiz.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://au.fourtiz.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776606799.2172594 }