{ "type": "URL", "indicator": "https://cdn.stage.robotcache.io/client/RobotCacheSetup.exe", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cdn.stage.robotcache.io/client/RobotCacheSetup.exe", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3739391103, "indicator": "https://cdn.stage.robotcache.io/client/RobotCacheSetup.exe", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 22, "pulses": [ { "id": "69b49ad5dd40a24d83cd6a72", "name": "Chris P. Ahmann \u2022 PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-03-13T23:16:37.716000", "created": "2026-03-13T23:16:37.716000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69631fbd16e306ee2b76c4da", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b496396ca4987e95ad37d1", "name": "Chris Buzz by QVashni (wow)", "description": "", "modified": "2026-03-13T22:56:57.314000", "created": "2026-03-13T22:56:57.314000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69482caa00d327da8f0a87bc", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b49587dd104e342dda1628", "name": "C Ahman Attorney Clone by Top Tier, Q.Vashti", "description": "", "modified": "2026-03-13T22:53:59.112000", "created": "2026-03-13T22:53:59.112000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69631fbd16e306ee2b76c4da", "name": "Chris P. Ahmann \u2022 STAY Away!f PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2026-01-11T03:57:49.242000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "695557ee134b978b00883c29", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "695557ee134b978b00883c29", "name": "Chris P. Ahmann \u2022 Stay out of PRIVATE PROPERTY HITMAN! Colorado State", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-31T17:05:50.134000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69482caa00d327da8f0a87bc", "name": "Chris P.\u2019 Buzz\u2019 Ahmann Colorado State Criminal Defense Attorney (22.20.2025)", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-21T17:21:46.434000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691f4d4ef0a2a570b8b21cd2", "name": "Chris P. Ahmann Colorado State Criminal Defense Attorney", "description": "Chris P. Ahmann Colorado State Criminal Defense attorney hired by quasi government Workers Compensation to completely destroy Tsara Brashears literally to death. None of her spinal cord injuries , and other assault injuries discussed or compensated for in rushed settlement case. Her awful racist attorney refused to represent plaintiffs in hearing. Never met with in person for no good reason. Tsara represented herself. Less that 24 hour notice. No briefings, no awareness or mention that Ahmann was representing Jeffrey Scott Reimer for assault\n case. Brashears required 24 hour care by end of life. Received 0 workers compsarion payments. But if this doesn\u2019t prove Reimer\u2019s guilt what does? Continued harassment of associated. \n\nNotice the outages? You\u2019ve cost BILLIONS? Stop threatening everyone.", "modified": "2026-01-20T17:02:02.650000", "created": "2025-11-20T17:18:06.929000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b4624c5bb71879020ceb1c", "name": "Spyware | Ransomware | Direct Search Network | Trellian", "description": "Large, hard to believe fraudulent threat network. Fraud services from private investigators to attorneys. Social engineering by phone, email, sponsored advertising, malvertizing, remote attacks. tracking, in person, emails, surveys, text, ongoing espionage campaigns, info stealing, cyber attacks, arrange in person meetings , identified as 'gang stalking' by detective, service staging. Very real. Bad actors take advantage of targets devices installing overlays on windows,android. iOS. Targets can only see what adversary wants seen.\n\nLarge threat network in Colorado and abroad.\nScreenshot: https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://1redirc.com/r2.php\nCouldn't submit 1st pulse. contacted, spyware, phishing,trojan, registrar abuse", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T01:54:20.513000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b865697c59050da541247f", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:41.045000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b86568e1eaace7d9f062b4", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:40.484000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b474c9c9bed0cdd00a9480", "name": "Spyware | Ransomware | Threat & Direct Search Network | Trellian", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T03:13:13.978000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "65b4624c5bb71879020ceb1c", "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a0f9b23d7ffc8b37b144", "name": "Cyber Warfare", "description": "", "modified": "2023-12-06T16:27:37.575000", "created": "2023-12-06T16:27:37.575000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 650, "FileHash-SHA256": 426, "URL": 499, "domain": 354, "FileHash-MD5": 74, "FileHash-SHA1": 70, "email": 8 }, "indicator_count": 2081, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a0f681c7fa27f220d410", "name": "Botnet Command and Control Server OMG! Robo Message sent to device | Malicious Mail Spammer", "description": "", "modified": "2023-12-06T16:27:34.159000", "created": "2023-12-06T16:27:34.159000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 650, "FileHash-SHA256": 426, "URL": 499, "domain": 354, "FileHash-MD5": 74, "FileHash-SHA1": 70, "email": 8 }, "indicator_count": 2081, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709fe5e685939cb8ce7486", "name": "Direct Search Network", "description": "", "modified": "2023-12-06T16:23:01.912000", "created": "2023-12-06T16:23:01.912000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1105, "domain": 665, "FileHash-SHA256": 1203, "URL": 2334, "FileHash-MD5": 384, "FileHash-SHA1": 62, "email": 2 }, "indicator_count": 5755, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "866 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6545be6e02e0f9f82cb1febf", "name": "Vawtrak credential stealer | CNC", "description": "", "modified": "2023-11-30T07:01:37.424000", "created": "2023-11-04T03:45:50.234000", "tags": [ "contacted", "resolutions", "origin1", "ip address", "list", "communicating", "cyber threat", "united", "phishing", "phishing site", "covid19", "threat report", "ip summary", "url summary", "summary", "detection list", "installcore", "nymaim", "suppobox", "malicious", "cisco umbrella", "site", "alexa top", "million", "safe site", "malware", "malware site", "malicious site", "heur", "exploit", "alexa", "riskware", "team", "blacklist https", "blacklist", "facebook", "engineering", "iframe", "downloader", "unsafe", "artemis", "trojanx", "agent", "unruy", "win64", "fakealert", "fusioncore", "redirector", "killav", "trojan", "lokibot", "emotet", "redline stealer", "cobalt strike", "citadel", "vawtrak", "qakbot", "qbot", "bankerx", "dropper", "nimda", "formbook", "swrort", "adwind", "crack", "generic", "wacatac", "opencandy", "nircmd", "downldr", "filetour", "cleaner", "conduit", "tiggre", "presenoker", "zpevdo", "webcompanion", "seraph", "tofsee", "xrat", "xtrat", "patcher", "adload", "stealer", "vidar", "raccoon", "bank", "urls", "generic malware", "noname057", "reimer", "agency", "charles", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "name verdict", "date", "root ca", "markmonitor", "name server", "windir", "unknown", "swisscom root", "post root", "trust", "hybrid", "general", "click", "strings", "class", "generator", "critical", "error", "defence", "fraud", "logistics", "ipv4", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "cyber warfare", "created", "months ago", "modified", "next", "url https", "url http", "all octoseek", "month ago", "utmsourcemailer", "ck id", "t1140", "filehashsha256", "keylogger", "sample path", "Miles IT" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "green", "cloned_from": "65413ea960cc79abf6d446fb", "export_count": 86, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 166, "FileHash-SHA1": 125, "FileHash-SHA256": 5688, "URL": 15015, "domain": 3262, "hostname": 4687, "CVE": 16, "email": 8 }, "indicator_count": 28967, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "872 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65413ea960cc79abf6d446fb", "name": "Vawtrak credential stealer | CNC", "description": "Cyber warfare\nTracking\nMonitoring\nMalvertizing\nCNC\nKeylogging\nBotNet\nSever Privacy Invasion", "modified": "2023-11-30T07:01:37.424000", "created": "2023-10-31T17:51:37.016000", "tags": [ "contacted", "resolutions", "origin1", "ip address", "list", "communicating", "cyber threat", "united", "phishing", "phishing site", "covid19", "threat report", "ip summary", "url summary", "summary", "detection list", "installcore", "nymaim", "suppobox", "malicious", "cisco umbrella", "site", "alexa top", "million", "safe site", "malware", "malware site", "malicious site", "heur", "exploit", "alexa", "riskware", "team", "blacklist https", "blacklist", "facebook", "engineering", "iframe", "downloader", "unsafe", "artemis", "trojanx", "agent", "unruy", "win64", "fakealert", "fusioncore", "redirector", "killav", "trojan", "lokibot", "emotet", "redline stealer", "cobalt strike", "citadel", "vawtrak", "qakbot", "qbot", "bankerx", "dropper", "nimda", "formbook", "swrort", "adwind", "crack", "generic", "wacatac", "opencandy", "nircmd", "downldr", "filetour", "cleaner", "conduit", "tiggre", "presenoker", "zpevdo", "webcompanion", "seraph", "tofsee", "xrat", "xtrat", "patcher", "adload", "stealer", "vidar", "raccoon", "bank", "urls", "generic malware", "noname057", "reimer", "agency", "charles", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "name verdict", "date", "root ca", "markmonitor", "name server", "windir", "unknown", "swisscom root", "post root", "trust", "hybrid", "general", "click", "strings", "class", "generator", "critical", "error", "defence", "fraud", "logistics", "ipv4", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "cyber warfare", "created", "months ago", "modified", "next", "url https", "url http", "all octoseek", "month ago", "utmsourcemailer", "ck id", "t1140", "filehashsha256", "keylogger", "sample path", "Miles IT" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 74, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 166, "FileHash-SHA1": 125, "FileHash-SHA256": 5688, "URL": 15015, "domain": 3262, "hostname": 4687, "CVE": 16, "email": 8 }, "indicator_count": 28967, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "872 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654136c8e530066ae793dc64", "name": "Cyber Espionage", "description": "Cyber warfare. Extravagant attack that includes, phishing, monitoring, spyware, tracking, remote vehicle tracking, API calls after identification of anything computerized; car, phone, mobile phone, mail, ups, television. Apple private data services nr-data.net. This may be a Honeypot. Interesting. Attacker alleging to be a government contractor actively attacks and porn smears alleged SA victim assaulted by someone with his last name. Coincidence or Honeypot?\nTarget still at risk.\nTarget again is Tsara Brashears. \nSevere privacy invasion.\nShhhh....Active Silencing", "modified": "2023-11-30T07:01:37.424000", "created": "2023-10-31T17:18:00.623000", "tags": [ "contacted", "resolutions", "origin1", "ip address", "list", "communicating", "cyber threat", "united", "phishing", "phishing site", "covid19", "threat report", "ip summary", "url summary", "summary", "detection list", "installcore", "nymaim", "suppobox", "malicious", "cisco umbrella", "site", "alexa top", "million", "safe site", "malware", "malware site", "malicious site", "heur", "exploit", "alexa", "riskware", "team", "blacklist https", "blacklist", "facebook", "engineering", "iframe", "downloader", "unsafe", "artemis", "trojanx", "agent", "unruy", "win64", "fakealert", "fusioncore", "redirector", "killav", "trojan", "lokibot", "emotet", "redline stealer", "cobalt strike", "citadel", "vawtrak", "qakbot", "qbot", "bankerx", "dropper", "nimda", "formbook", "swrort", "adwind", "crack", "generic", "wacatac", "opencandy", "nircmd", "downldr", "filetour", "cleaner", "conduit", "tiggre", "presenoker", "zpevdo", "webcompanion", "seraph", "tofsee", "xrat", "xtrat", "patcher", "adload", "stealer", "vidar", "raccoon", "bank", "urls", "generic malware", "noname057", "reimer", "agency", "charles", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "name verdict", "date", "root ca", "markmonitor", "name server", "windir", "unknown", "swisscom root", "post root", "trust", "hybrid", "general", "click", "strings", "class", "generator", "critical", "error", "defence", "fraud", "logistics", "ipv4", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "cyber warfare", "created", "months ago", "modified", "next", "url https", "url http", "all octoseek", "month ago", "utmsourcemailer", "ck id", "t1140", "filehashsha256", "tsara brashears", "adult content", "pornography", "malvertizing", "privacy invasion", "privilege escalation", "packed", "aig.com", "aig.rastreator.mx", "apple", "ios", "tracking", "monitoring", "nr-data.net", "asp.net" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" } ], "industries": [ "Defense", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 166, "FileHash-SHA1": 125, "FileHash-SHA256": 5806, "URL": 16475, "domain": 3302, "hostname": 5135, "CVE": 16, "email": 8 }, "indicator_count": 31033, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "872 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654136c1ac991f85328604d2", "name": "Cyber Espionage", "description": "Cyber warfare. Extravagant attack that includes, phishing, monitoring, spyware, tracking, remote vehicle tracking, API calls after identification of anything computerized; car, phone, mobile phone, mail, ups, television. Apple private data services nr-data.net. This may be a Honeypot. Interesting. Attacker alleging to be a government contractor actively attacks and porn smears alleged SA victim assaulted by someone with his last name. Coincidence or Honeypot?\nTarget still at risk.\nTarget again is Tsara Brashears. \nSevere privacy invasion.\nShhhh....Active Silencing", "modified": "2023-11-30T07:01:37.424000", "created": "2023-10-31T17:17:52.382000", "tags": [ "contacted", "resolutions", "origin1", "ip address", "list", "communicating", "cyber threat", "united", "phishing", "phishing site", "covid19", "threat report", "ip summary", "url summary", "summary", "detection list", "installcore", "nymaim", "suppobox", "malicious", "cisco umbrella", "site", "alexa top", "million", "safe site", "malware", "malware site", "malicious site", "heur", "exploit", "alexa", "riskware", "team", "blacklist https", "blacklist", "facebook", "engineering", "iframe", "downloader", "unsafe", "artemis", "trojanx", "agent", "unruy", "win64", "fakealert", "fusioncore", "redirector", "killav", "trojan", "lokibot", "emotet", "redline stealer", "cobalt strike", "citadel", "vawtrak", "qakbot", "qbot", "bankerx", "dropper", "nimda", "formbook", "swrort", "adwind", "crack", "generic", "wacatac", "opencandy", "nircmd", "downldr", "filetour", "cleaner", "conduit", "tiggre", "presenoker", "zpevdo", "webcompanion", "seraph", "tofsee", "xrat", "xtrat", "patcher", "adload", "stealer", "vidar", "raccoon", "bank", "urls", "generic malware", "noname057", "reimer", "agency", "charles", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "name verdict", "date", "root ca", "markmonitor", "name server", "windir", "unknown", "swisscom root", "post root", "trust", "hybrid", "general", "click", "strings", "class", "generator", "critical", "error", "defence", "fraud", "logistics", "ipv4", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "cyber warfare", "created", "months ago", "modified", "next", "url https", "url http", "all octoseek", "month ago", "utmsourcemailer", "ck id", "t1140", "filehashsha256", "tsara brashears", "adult content", "pornography", "malvertizing", "privacy invasion", "privilege escalation", "packed", "aig.com", "aig.rastreator.mx", "apple", "ios", "tracking", "monitoring", "nr-data.net", "asp.net" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" } ], "industries": [ "Defense", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 69, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 166, "FileHash-SHA1": 125, "FileHash-SHA256": 5806, "URL": 16475, "domain": 3302, "hostname": 5135, "CVE": 16, "email": 8 }, "indicator_count": 31033, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "872 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "654136b5eb9bdd21070ff9d7", "name": "Cyber Espionage", "description": "Cyber warfare. Extravagant attack that includes, phishing, monitoring, spyware, tracking, remote vehicle tracking, API calls after identification of anything computerized; car, phone, mobile phone, mail, ups, television. Apple private data services nr-data.net. This may be a Honeypot. Interesting. Attacker alleging to be a government contractor actively attacks and porn smears alleged SA victim assaulted by someone with his last name. Coincidence or Honeypot?\nTarget still at risk.\nTarget again is Tsara Brashears. \nSevere privacy invasion.\nShhhh....Active Silencing", "modified": "2023-11-30T07:01:37.424000", "created": "2023-10-31T17:17:41.263000", "tags": [ "contacted", "resolutions", "origin1", "ip address", "list", "communicating", "cyber threat", "united", "phishing", "phishing site", "covid19", "threat report", "ip summary", "url summary", "summary", "detection list", "installcore", "nymaim", "suppobox", "malicious", "cisco umbrella", "site", "alexa top", "million", "safe site", "malware", "malware site", "malicious site", "heur", "exploit", "alexa", "riskware", "team", "blacklist https", "blacklist", "facebook", "engineering", "iframe", "downloader", "unsafe", "artemis", "trojanx", "agent", "unruy", "win64", "fakealert", "fusioncore", "redirector", "killav", "trojan", "lokibot", "emotet", "redline stealer", "cobalt strike", "citadel", "vawtrak", "qakbot", "qbot", "bankerx", "dropper", "nimda", "formbook", "swrort", "adwind", "crack", "generic", "wacatac", "opencandy", "nircmd", "downldr", "filetour", "cleaner", "conduit", "tiggre", "presenoker", "zpevdo", "webcompanion", "seraph", "tofsee", "xrat", "xtrat", "patcher", "adload", "stealer", "vidar", "raccoon", "bank", "urls", "generic malware", "noname057", "reimer", "agency", "charles", "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "name verdict", "date", "root ca", "markmonitor", "name server", "windir", "unknown", "swisscom root", "post root", "trust", "hybrid", "general", "click", "strings", "class", "generator", "critical", "error", "defence", "fraud", "logistics", "ipv4", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "cyber warfare", "created", "months ago", "modified", "next", "url https", "url http", "all octoseek", "month ago", "utmsourcemailer", "ck id", "t1140", "filehashsha256", "tsara brashears", "adult content", "pornography", "malvertizing", "privacy invasion", "privilege escalation", "packed", "aig.com", "aig.rastreator.mx", "apple", "ios", "tracking", "monitoring", "nr-data.net", "asp.net" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1071.003", "name": "Mail Protocols", "display_name": "T1071.003 - Mail Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "TA0004", "name": "Privilege Escalation", "display_name": "TA0004 - Privilege Escalation" } ], "industries": [ "Defense", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 70, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 166, "FileHash-SHA1": 125, "FileHash-SHA256": 5806, "URL": 16475, "domain": 3302, "hostname": 5135, "CVE": 16, "email": 8 }, "indicator_count": 31033, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "872 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eaa9aedea5059cd863d4c0", "name": "Cyber Warfare ", "description": "", "modified": "2023-09-26T00:03:07.414000", "created": "2023-08-27T01:41:02.878000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "headers nel", "contentencoding", "express", "reimer", "agency", "charles", "html info", "title charles", "specialist", "wiza meta", "tags", "view charles", "north wales", "contacted", "ssl certificate", "historical ssl", "whois record", "whois whois", "formbook", "referrer", "parent domain", "resolutions", "malware", "core", "awful", "crypto", "asyncrat", "redline", "emotet", "malicious", "cyber warfare", "hasty hacker", "execution", "urls url", "files", "apple ios", "hacktool", "heur", "generic malware", "noname057", "dns replication", "date", "type name", "win32 exe", "macho restore", "text", "javascript", "redacted for", "server", "registrar abuse", "rebel ltd", "code", "registrant fax", "privacy tech", "new relic", "contact phone", "detections type", "name", "macintosh disk", "record type", "ttl value", "email", "domain status", "available from", "milton keynes", "postal code", "mk14", "dnssec", "sat dec", "ip sun", "sat jun", "sun jan", "tue nov" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64eaa7a2c1fe0402bab07b19", "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 354, "FileHash-SHA256": 426, "URL": 499, "hostname": 650, "FileHash-MD5": 74, "FileHash-SHA1": 70, "email": 8 }, "indicator_count": 2081, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "937 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eaa7a2c1fe0402bab07b19", "name": "Botnet Command and Control Server OMG! Robo Message sent to device | Malicious Mail Spammer", "description": "Botnet Command and Control Server\nSocial Engineering, Phishing Other, virut, Generic.Malware\n'linkedin phishing - happened!!'\nMalicious domain, Phishing ING Direct, Malware distribution site,Phishing Generic/Spear Phishing, CVE-2017-8570, target unspecified phishing, TSPY_HPLOKI.SMBD, Kryptik.UIR, zoom phishing, Downloader.Delf, AGEN.1124298, DangerousObject.Multi, DHL phishing, Artemis, Phishing Microsoft, Suppobox, Malicious url, Anonymisation Services, Mail Spammer, InstallCore, Gen:Variant.Zusy, Inmortal malware domain, Nymaim, fakeav,jorik, Defacement, Gen:Trojan.Heur.JP, Trojan.Delf.FareIt.Gen, Malware.Generic, Gen:Variant.Ulise, Unwanted Software, Malicious Host, exploit, Wacatac.B, Trojan.OTNR, Trojan.Kryptik, Phishing Magalu, DNS Open Resolver, DNS Server, pykspa_v2_fake, Malware Download, Simda, Malware.Yd.Generic, Malicious URL.\nI think this is a personal attack", "modified": "2023-09-26T00:03:07.414000", "created": "2023-08-27T01:32:18.615000", "tags": [ "http response", "final url", "serving ip", "address", "status code", "body length", "kb body", "headers nel", "contentencoding", "express", "reimer", "agency", "charles", "html info", "title charles", "specialist", "wiza meta", "tags", "view charles", "north wales", "contacted", "ssl certificate", "historical ssl", "whois record", "whois whois", "formbook", "referrer", "parent domain", "resolutions", "malware", "core", "awful", "crypto", "asyncrat", "redline", "emotet", "malicious", "cyber warfare", "hasty hacker", "execution", "urls url", "files", "apple ios", "hacktool", "heur", "generic malware", "noname057", "dns replication", "date", "type name", "win32 exe", "macho restore", "text", "javascript", "redacted for", "server", "registrar abuse", "rebel ltd", "code", "registrant fax", "privacy tech", "new relic", "contact phone", "detections type", "name", "macintosh disk", "record type", "ttl value", "email", "domain status", "available from", "milton keynes", "postal code", "mk14", "dnssec", "sat dec", "ip sun", "sat jun", "sun jan", "tue nov" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 354, "FileHash-SHA256": 426, "URL": 499, "hostname": 650, "FileHash-MD5": 74, "FileHash-SHA1": 70, "email": 8 }, "indicator_count": 2081, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "937 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64dac57e96082bfaec2f2334", "name": "Direct Search Network", "description": "Direct Search Network - Direct Navigation Traffic\nBat Downloader, Riskware, Malware, Ransomware, AdWare spam, Bots\nMalicious Host\n\nTags:\ncve-2007-0774\ncve-2011-5007\ncve-2009-1122\nbobsoft\ncontains-embedded-js\ncontains-elf\nnsis\ncve-1999-0016\narmadillo\nattachment\ncve-2020-11899\ncve-2016-2211\ncontains-pe\ncve-2010-3281", "modified": "2023-09-14T15:04:53.181000", "created": "2023-08-15T00:23:26.018000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2552, "FileHash-SHA256": 2345, "domain": 1477, "email": 31, "URL": 5053, "FileHash-MD5": 544, "FileHash-SHA1": 79 }, "indicator_count": 12081, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "949 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/favicon.ico", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://watchhers.net/index.php", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://www.vgt.pl/94.152.152.233/images/logo.png", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "remotewd.com device local", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "https://www.sweetheartvideo.com/model/63710/brandi-love", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Trojan:win32/mydoom", "Worm:win32/autorun", "Trojan:win32/qshell", "Tofsee", "Jaik", "Trojanspy:win32/nivdort" ], "industries": [ "Government", "Defense" ], "unique_indicators": 62593 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/robotcache.io", "whois": "http://whois.domaintools.com/robotcache.io", "domain": "robotcache.io", "hostname": "cdn.stage.robotcache.io" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 22, "pulses": [ { "id": "69b49ad5dd40a24d83cd6a72", "name": "Chris P. Ahmann \u2022 PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-03-13T23:16:37.716000", "created": "2026-03-13T23:16:37.716000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69631fbd16e306ee2b76c4da", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b496396ca4987e95ad37d1", "name": "Chris Buzz by QVashni (wow)", "description": "", "modified": "2026-03-13T22:56:57.314000", "created": "2026-03-13T22:56:57.314000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69482caa00d327da8f0a87bc", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b49587dd104e342dda1628", "name": "C Ahman Attorney Clone by Top Tier, Q.Vashti", "description": "", "modified": "2026-03-13T22:53:59.112000", "created": "2026-03-13T22:53:59.112000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "37 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69631fbd16e306ee2b76c4da", "name": "Chris P. Ahmann \u2022 STAY Away!f PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2026-01-11T03:57:49.242000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "695557ee134b978b00883c29", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "695557ee134b978b00883c29", "name": "Chris P. Ahmann \u2022 Stay out of PRIVATE PROPERTY HITMAN! Colorado State", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-31T17:05:50.134000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69482caa00d327da8f0a87bc", "name": "Chris P.\u2019 Buzz\u2019 Ahmann Colorado State Criminal Defense Attorney (22.20.2025)", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-21T17:21:46.434000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691f4d4ef0a2a570b8b21cd2", "name": "Chris P. Ahmann Colorado State Criminal Defense Attorney", "description": "Chris P. Ahmann Colorado State Criminal Defense attorney hired by quasi government Workers Compensation to completely destroy Tsara Brashears literally to death. None of her spinal cord injuries , and other assault injuries discussed or compensated for in rushed settlement case. Her awful racist attorney refused to represent plaintiffs in hearing. Never met with in person for no good reason. Tsara represented herself. Less that 24 hour notice. No briefings, no awareness or mention that Ahmann was representing Jeffrey Scott Reimer for assault\n case. Brashears required 24 hour care by end of life. Received 0 workers compsarion payments. But if this doesn\u2019t prove Reimer\u2019s guilt what does? Continued harassment of associated. \n\nNotice the outages? You\u2019ve cost BILLIONS? Stop threatening everyone.", "modified": "2026-01-20T17:02:02.650000", "created": "2025-11-20T17:18:06.929000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "90 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b4624c5bb71879020ceb1c", "name": "Spyware | Ransomware | Direct Search Network | Trellian", "description": "Large, hard to believe fraudulent threat network. Fraud services from private investigators to attorneys. Social engineering by phone, email, sponsored advertising, malvertizing, remote attacks. tracking, in person, emails, surveys, text, ongoing espionage campaigns, info stealing, cyber attacks, arrange in person meetings , identified as 'gang stalking' by detective, service staging. Very real. Bad actors take advantage of targets devices installing overlays on windows,android. iOS. Targets can only see what adversary wants seen.\n\nLarge threat network in Colorado and abroad.\nScreenshot: https://otx.alienvault.com/otxapi/indicators/url/screenshot/http://1redirc.com/r2.php\nCouldn't submit 1st pulse. contacted, spyware, phishing,trojan, registrar abuse", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-27T01:54:20.513000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b865697c59050da541247f", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:41.045000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65b86568e1eaace7d9f062b4", "name": "Tags auto populated in original Threat Network pulse missing", "description": "", "modified": "2024-02-26T01:04:33.201000", "created": "2024-01-30T02:56:40.484000", "tags": [ "no expiration", "expiration", "url https", "filehashmd5", "ipv4", "filehashsha1", "filehashsha256", "domain", "url http", "iocs", "next", "hostname", "scan endpoints", "all scoreblue", "pdf report", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3010, "FileHash-MD5": 1902, "FileHash-SHA1": 1467, "FileHash-SHA256": 2664, "domain": 1195, "hostname": 1802, "email": 27, "SSLCertFingerprint": 9 }, "indicator_count": 12076, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "784 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cdn.stage.robotcache.io/client/RobotCacheSetup.exe", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cdn.stage.robotcache.io/client/RobotCacheSetup.exe", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776719293.32736 }