{ "type": "URL", "indicator": "https://cemvasm.com/bind/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://cemvasm.com/bind/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3757272345, "indicator": "https://cemvasm.com/bind/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "684a93360163e8802e213158", "name": "ELF:Mirai AMAZON-02 - Autonomous System 65.0.0.0/14", "description": "ELF:Mirai-BHZ\\ [Trj]\t\n65.0.0.0/14\nAutonomous System Number\n16509\nAutonomous System Label\nAMAZON-02\nRelated to \u2022 103.252.236.26 | \n\u2022 sr2.reliedhosting.com | \n.\u2022 http://planitair.com/ |\n\u2022 bgptools-wildcard-confirmed.acemalibu.com | \n\u2022 https://www.anyxxxtube.net/search-porn/tsara-brashears/ | \t\t\t\n\u2022 static.ads-twitter.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\t\n\u2022 analytics.twitter.com\n\u2022 appleupdate.org\n\u2022 apps.apple.com\n\u2022 pin.it |\n\u2022 https://pin.it/ |\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian Critical issue. Cyber weaponry [Unclear] Stealth contractual US cyber defense entity, endless DGA\u2019s. India IP block.\nAdversary named by bupyeongop:\n\ubd80\ud3c9\uc624\ud53c \ucd9c\uc7a5\ub9c8\uc0ac\uc9c0\uc548\ub0b4.COM \ubd80\ud3c9OP (massage service?)\n*DoS with many OTX features", "modified": "2025-07-12T07:04:05.635000", "created": "2025-06-12T08:43:34.719000", "tags": [ "thumbprint", "apnic", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "internet", "iana", "address range", "cidr", "network name", "allocation type", "whois server", "algorithm", "v3 serial", "number", "cbe oglobalsign", "r6 alphassl", "validity", "subject public", "key info", "key algorithm", "key identifier", "link", "search", "united", "a domains", "ip address", "creation date", "record value", "date", "showing", "india unknown", "status", "passive dns", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "location india", "india asn", "as133296 web", "dns resolutions" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 27, "domain": 2499, "hostname": 2651, "URL": 10986, "CIDR": 2, "FileHash-SHA256": 3596, "email": 1, "FileHash-MD5": 23, "CVE": 7 }, "indicator_count": 19792, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "324 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650cd0f36c127252fa8982ef", "name": "URLHaus data - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:39.564000", "tags": [ "32-bit", "elf", "mips", "Mozi", "SocGholish", "hajime", "mirai", "x86-32", "AgentTesla", "DarkGate", "PDF", "USA", "xll", "exe", "VoidRAT", "ascii", "Encoded", "GuLoader", "opendir", "RecordBreaker", "encrypted", "rat", "RemcosRAT", "dll", "dropped-by-PrivateLoader", "PrivateLoader", "RedLine", "dropped-by-amadey", "RedLineStealer", "Smoke Loader", "dropped-by-SmokeLoader", "android", "apk", "IRATA", "discord", "EpsilonStealer", "infostealer", "pwd-latsunabeta", "ddos", "Agenttelsa", "vbs", "Formbook", "CoinMiner", "xmrig" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 67, "domain": 202 }, "indicator_count": 649, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Apnic" ], "industries": [], "unique_indicators": 20703 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cemvasm.com", "whois": "http://whois.domaintools.com/cemvasm.com", "domain": "cemvasm.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "684a93360163e8802e213158", "name": "ELF:Mirai AMAZON-02 - Autonomous System 65.0.0.0/14", "description": "ELF:Mirai-BHZ\\ [Trj]\t\n65.0.0.0/14\nAutonomous System Number\n16509\nAutonomous System Label\nAMAZON-02\nRelated to \u2022 103.252.236.26 | \n\u2022 sr2.reliedhosting.com | \n.\u2022 http://planitair.com/ |\n\u2022 bgptools-wildcard-confirmed.acemalibu.com | \n\u2022 https://www.anyxxxtube.net/search-porn/tsara-brashears/ | \t\t\t\n\u2022 static.ads-twitter.com\t\n\u2022 https://twitter.com/PORNO_SEXYBABES\t\n\u2022 analytics.twitter.com\n\u2022 appleupdate.org\n\u2022 apps.apple.com\n\u2022 pin.it |\n\u2022 https://pin.it/ |\n\u2022 https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian Critical issue. Cyber weaponry [Unclear] Stealth contractual US cyber defense entity, endless DGA\u2019s. India IP block.\nAdversary named by bupyeongop:\n\ubd80\ud3c9\uc624\ud53c \ucd9c\uc7a5\ub9c8\uc0ac\uc9c0\uc548\ub0b4.COM \ubd80\ud3c9OP (massage service?)\n*DoS with many OTX features", "modified": "2025-07-12T07:04:05.635000", "created": "2025-06-12T08:43:34.719000", "tags": [ "thumbprint", "apnic", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "internet", "iana", "address range", "cidr", "network name", "allocation type", "whois server", "algorithm", "v3 serial", "number", "cbe oglobalsign", "r6 alphassl", "validity", "subject public", "key info", "key algorithm", "key identifier", "link", "search", "united", "a domains", "ip address", "creation date", "record value", "date", "showing", "india unknown", "status", "passive dns", "ipv4 add", "pulse submit", "url analysis", "urls", "files", "location india", "india asn", "as133296 web", "dns resolutions" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 27, "domain": 2499, "hostname": 2651, "URL": 10986, "CIDR": 2, "FileHash-SHA256": 3596, "email": 1, "FileHash-MD5": 23, "CVE": 7 }, "indicator_count": 19792, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "324 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "650cd0f36c127252fa8982ef", "name": "URLHaus data - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:39.564000", "tags": [ "32-bit", "elf", "mips", "Mozi", "SocGholish", "hajime", "mirai", "x86-32", "AgentTesla", "DarkGate", "PDF", "USA", "xll", "exe", "VoidRAT", "ascii", "Encoded", "GuLoader", "opendir", "RecordBreaker", "encrypted", "rat", "RemcosRAT", "dll", "dropped-by-PrivateLoader", "PrivateLoader", "RedLine", "dropped-by-amadey", "RedLineStealer", "Smoke Loader", "dropped-by-SmokeLoader", "android", "apk", "IRATA", "discord", "EpsilonStealer", "infostealer", "pwd-latsunabeta", "ddos", "Agenttelsa", "vbs", "Formbook", "CoinMiner", "xmrig" ], "references": [ "https://urlhaus.abuse.ch/browse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 40, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 380, "hostname": 67, "domain": 202 }, "indicator_count": 649, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "953 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://cemvasm.com/bind/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://cemvasm.com/bind/", "type": "URL", "found": true, "verdict": "malicious", "url_status": "offline", "threat": "malware_download", "tags": [ "DarkGate", "PDF", "USA", "xll" ], "date_added": "2023-09-21", "last_online": "2023-09-23", "reporter": "Cryptolaemus1", "host": "cemvasm.com", "payloads": [ { "filename": "C.xll", "file_type": "dll", "md5": "d1a45948f411c02136ca98410475de52", "sha256": "392fd4d218a8e333bc422635e48fdfae59054413c7a6be764c0275752d45ab23", "signature": "DarkGate", "first_seen": "2023-09-23" }, { "filename": "M.xll", "file_type": "dll", "md5": "8866d0e530cb613fde59c5476ea6c331", "sha256": "98c59262ad396b4da5b0a3e82f819923f860e974f687c4fff9b852f25a56c50f", "signature": "DarkGate", "first_seen": "2023-09-23" }, { "filename": "Lvh.xll", "file_type": "dll", "md5": "a2fb0b0d34d71073cd037e872d40ea14", "sha256": "091b7c16791cf976e684fe22ee18a4099a4e26ec75fa145b85dd14603b466b00", "signature": "DarkGate", "first_seen": "2023-09-21" }, { "filename": "Vc.xll", "file_type": "dll", "md5": "f1b91fdbcd062031687e2766ab6773b6", "sha256": "305de78353b0d599cd40a73c7e639df7f5946d1fc36691c8f7798a99ee6835e7", "signature": "DarkGate", "first_seen": "2023-09-21" }, { "filename": "Gdc.zip", "file_type": "zip", "md5": "df1b50b263a4681bb1e2375ea7541ef8", "sha256": "f81fb9304362705752524d511d581519e93c1e0a601bac8e1c5aa363b1e2b074", "signature": null, "first_seen": "2023-09-21" } ], "error": null }, "from_cache": true, "_cached_at": 1780309130.3988147 }