{ "type": "URL", "indicator": "https://fashionstune.com/cgi-sys/suspendedpage.cgi", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://fashionstune.com/cgi-sys/suspendedpage.cgi", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4088321343, "indicator": "https://fashionstune.com/cgi-sys/suspendedpage.cgi", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "687059a339b3b2a79765dbec", "name": "inverte", "description": "", "modified": "2026-02-01T17:53:50.806000", "created": "2025-07-11T00:24:03.079000", "tags": [], "references": [ "https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 10129, "URL": 14767, "domain": 3421, "hostname": 7022, "CVE": 7 }, "indicator_count": 35346, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "120 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69116f89c600907a25e6b397", "name": "GoBrut Service Bruter CnC Activity \u2022 TAM Legal \u2022 Christopher P. Ahmann", "description": "Malicious attacks from Special Counsel criminal attorney defending Jeffrey Scott Reimer and Concentra against and on premises vicious SA. Caused grate bodily injury. Christopher P. Ahmann and Hall\nRender (down the street) Palantir has been harassing , working 24/7 at silencing one crime victim. I\u2019m sure there are more because we thwarted an attempt in 2018. \n\nHitman hired. You couldn\u2019t believe manpower and cyber attacks one family has been through. They attack the Large Loss clients.", "modified": "2025-12-10T04:02:00.145000", "created": "2025-11-10T04:52:25.542000", "tags": [ "united", "ipv4", "america asn", "asn as397241", "neustar", "united states", "ubuntu", "linux x8664", "gobrut service", "bruter cnc", "activity", "malware", "present mar", "present oct", "present jun", "brazil", "present jul", "present feb", "present nov", "moved", "a domains", "win64", "alfper", "ransom", "script urls", "bank", "trojan", "win32", "meta", "path", "read c", "port", "destination", "delete", "write", "persistence", "execution", "generic", "hostile", "cookie", "suspicious", "e ee", "epeq", "efjeg", "eebe", "e ge", "eveoe6ee", "elem", "e ie", "eieeieeie", "jea ebjecedjee", "ipv4 add", "files", "reverse dns", "america flag", "msie", "chrome", "title", "h1 center", "gmt content", "unknown ns", "ip address", "for privacy", "icedid", "bokbot", "united states", "div div", "link", "amazon web", "a li", "click", "span", "unknown aaaa", "record value", "apache x", "asn as398101", "hosting", "twitter", "present may", "present jan", "error", "present sep", "url analysis", "passive dns", "urls", "less whois", "registrar", "criminal defense", "quasi gov", "tam legal", "monitored target", "p", "amazon", "apple", "japan unknown", "license", "expiresmon", "gmt path", "html", "tokyo", "show", "unknown", "tracking", "germany unknown", "bq nov", "virtool", "germany asn", "as47846", "cyber attacks", "christopher", "ahmann", "pulse pulses", "location united", "dns resolutions", "domains top", "hitmen", "hall", "hall render", "telper", "hostname add", "pulse submit", "domain", "files ip", "address", "yara detections", "contacted", "filehash", "av detections", "ids detections", "alerts", "analysis date", "file score", "detections elf", "lowfi", "entries", "win32midia", "next associated", "trojanclicker", "win32ellell jan", "date" ], "references": [ "Tam Legal \u2022 Christopher P. Ahmann Esq Cyber Criminal", "GoBrut Service Bruter CnC Activity", "interface.xpacemobilitycloud.com", "103.224.182.243 ghdukshop.com lb-182-243.above.comAustraliaCOUNTRYAS133618 trellian pty. limited", "http://pornsure.com/ \u2022 http://www.kittipornfiberglass.com/ \u2022 kittipornfiberglass.com \u2022 pornsure.com", "http://colorado-realestate-finder.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Australia" ], "malware_families": [ { "id": "TrojanDownloader:Linux/Morila", "display_name": "TrojanDownloader:Linux/Morila", "target": "/malware/TrojanDownloader:Linux/Morila" }, { "id": "Gafgyt", "display_name": "Gafgyt", "target": null }, { "id": "ELF:Agent-VW\\ [Trj]", "display_name": "ELF:Agent-VW\\ [Trj]", "target": null }, { "id": "Win32:IcedID-E\\ [Bank]", "display_name": "Win32:IcedID-E\\ [Bank]", "target": null }, { "id": "Win64:MalwareX-gen\\ [Trj]", "display_name": "Win64:MalwareX-gen\\ [Trj]", "target": null }, { "id": "Ransom:Win32/ContiCrypt", "display_name": "Ransom:Win32/ContiCrypt", "target": "/malware/Ransom:Win32/ContiCrypt" }, { "id": "ALFPER:RefLoadApiHash", "display_name": "ALFPER:RefLoadApiHash", "target": null }, { "id": "Win64:CrypterX-gen\\ [Trj]", "display_name": "Win64:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Win64:BotX-gen\\ [Trj]", "display_name": "Win64:BotX-gen\\ [Trj]", "target": null }, { "id": "Bank", "display_name": "Bank", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Exploit:Win32/CVE-2017-0147", "display_name": "Exploit:Win32/CVE-2017-0147", "target": "/malware/Exploit:Win32/CVE-2017-0147" }, { "id": "Win.Trojan.Agent", "display_name": "Win.Trojan.Agent", "target": null }, { "id": "AutoRun", "display_name": "AutoRun", "target": null }, { "id": "Win.Trojan.Agent-316098", "display_name": "Win.Trojan.Agent-316098", "target": null }, { "id": "virtool:Win32/Injector.gen!BQ", "display_name": "virtool:Win32/Injector.gen!BQ", "target": "/malware/virtool:Win32/Injector.gen!BQ" } ], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3031, "email": 8, "hostname": 1840, "FileHash-SHA256": 1015, "URL": 4792, "FileHash-MD5": 441, "FileHash-SHA1": 432, "SSLCertFingerprint": 9, "CVE": 1 }, "indicator_count": 11569, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "GoBrut Service Bruter CnC Activity", "103.224.182.243 ghdukshop.com lb-182-243.above.comAustraliaCOUNTRYAS133618 trellian pty. limited", "Tam Legal \u2022 Christopher P. Ahmann Esq Cyber Criminal", "https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv", "http://colorado-realestate-finder.com/", "http://pornsure.com/ \u2022 http://www.kittipornfiberglass.com/ \u2022 kittipornfiberglass.com \u2022 pornsure.com", "interface.xpacemobilitycloud.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Elf:agent-vw\\ [trj]", "Win64:crypterx-gen\\ [trj]", "Exploit:win32/cve-2017-0147", "Win32:icedid-e\\ [bank]", "Virtool:win32/injector.gen!bq", "Ransom:win32/conticrypt", "Autorun", "Trojandownloader:linux/morila", "Win.trojan.agent-316098", "Win.trojan.agent", "Other malware", "Gafgyt", "Win64:botx-gen\\ [trj]", "Win64:malwarex-gen\\ [trj]", "Bank", "Alfper:refloadapihash" ], "industries": [], "unique_indicators": 47073 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/fashionstune.com", "whois": "http://whois.domaintools.com/fashionstune.com", "domain": "fashionstune.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "687059a339b3b2a79765dbec", "name": "inverte", "description": "", "modified": "2026-02-01T17:53:50.806000", "created": "2025-07-11T00:24:03.079000", "tags": [], "references": [ "https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 10129, "URL": 14767, "domain": 3421, "hostname": 7022, "CVE": 7 }, "indicator_count": 35346, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "120 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69116f89c600907a25e6b397", "name": "GoBrut Service Bruter CnC Activity \u2022 TAM Legal \u2022 Christopher P. Ahmann", "description": "Malicious attacks from Special Counsel criminal attorney defending Jeffrey Scott Reimer and Concentra against and on premises vicious SA. Caused grate bodily injury. Christopher P. Ahmann and Hall\nRender (down the street) Palantir has been harassing , working 24/7 at silencing one crime victim. I\u2019m sure there are more because we thwarted an attempt in 2018. \n\nHitman hired. You couldn\u2019t believe manpower and cyber attacks one family has been through. They attack the Large Loss clients.", "modified": "2025-12-10T04:02:00.145000", "created": "2025-11-10T04:52:25.542000", "tags": [ "united", "ipv4", "america asn", "asn as397241", "neustar", "united states", "ubuntu", "linux x8664", "gobrut service", "bruter cnc", "activity", "malware", "present mar", "present oct", "present jun", "brazil", "present jul", "present feb", "present nov", "moved", "a domains", "win64", "alfper", "ransom", "script urls", "bank", "trojan", "win32", "meta", "path", "read c", "port", "destination", "delete", "write", "persistence", "execution", "generic", "hostile", "cookie", "suspicious", "e ee", "epeq", "efjeg", "eebe", "e ge", "eveoe6ee", "elem", "e ie", "eieeieeie", "jea ebjecedjee", "ipv4 add", "files", "reverse dns", "america flag", "msie", "chrome", "title", "h1 center", "gmt content", "unknown ns", "ip address", "for privacy", "icedid", "bokbot", "united states", "div div", "link", "amazon web", "a li", "click", "span", "unknown aaaa", "record value", "apache x", "asn as398101", "hosting", "twitter", "present may", "present jan", "error", "present sep", "url analysis", "passive dns", "urls", "less whois", "registrar", "criminal defense", "quasi gov", "tam legal", "monitored target", "p", "amazon", "apple", "japan unknown", "license", "expiresmon", "gmt path", "html", "tokyo", "show", "unknown", "tracking", "germany unknown", "bq nov", "virtool", "germany asn", "as47846", "cyber attacks", "christopher", "ahmann", "pulse pulses", "location united", "dns resolutions", "domains top", "hitmen", "hall", "hall render", "telper", "hostname add", "pulse submit", "domain", "files ip", "address", "yara detections", "contacted", "filehash", "av detections", "ids detections", "alerts", "analysis date", "file score", "detections elf", "lowfi", "entries", "win32midia", "next associated", "trojanclicker", "win32ellell jan", "date" ], "references": [ "Tam Legal \u2022 Christopher P. Ahmann Esq Cyber Criminal", "GoBrut Service Bruter CnC Activity", "interface.xpacemobilitycloud.com", "103.224.182.243 ghdukshop.com lb-182-243.above.comAustraliaCOUNTRYAS133618 trellian pty. limited", "http://pornsure.com/ \u2022 http://www.kittipornfiberglass.com/ \u2022 kittipornfiberglass.com \u2022 pornsure.com", "http://colorado-realestate-finder.com/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Australia" ], "malware_families": [ { "id": "TrojanDownloader:Linux/Morila", "display_name": "TrojanDownloader:Linux/Morila", "target": "/malware/TrojanDownloader:Linux/Morila" }, { "id": "Gafgyt", "display_name": "Gafgyt", "target": null }, { "id": "ELF:Agent-VW\\ [Trj]", "display_name": "ELF:Agent-VW\\ [Trj]", "target": null }, { "id": "Win32:IcedID-E\\ [Bank]", "display_name": "Win32:IcedID-E\\ [Bank]", "target": null }, { "id": "Win64:MalwareX-gen\\ [Trj]", "display_name": "Win64:MalwareX-gen\\ [Trj]", "target": null }, { "id": "Ransom:Win32/ContiCrypt", "display_name": "Ransom:Win32/ContiCrypt", "target": "/malware/Ransom:Win32/ContiCrypt" }, { "id": "ALFPER:RefLoadApiHash", "display_name": "ALFPER:RefLoadApiHash", "target": null }, { "id": "Win64:CrypterX-gen\\ [Trj]", "display_name": "Win64:CrypterX-gen\\ [Trj]", "target": null }, { "id": "Win64:BotX-gen\\ [Trj]", "display_name": "Win64:BotX-gen\\ [Trj]", "target": null }, { "id": "Bank", "display_name": "Bank", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Exploit:Win32/CVE-2017-0147", "display_name": "Exploit:Win32/CVE-2017-0147", "target": "/malware/Exploit:Win32/CVE-2017-0147" }, { "id": "Win.Trojan.Agent", "display_name": "Win.Trojan.Agent", "target": null }, { "id": "AutoRun", "display_name": "AutoRun", "target": null }, { "id": "Win.Trojan.Agent-316098", "display_name": "Win.Trojan.Agent-316098", "target": null }, { "id": "virtool:Win32/Injector.gen!BQ", "display_name": "virtool:Win32/Injector.gen!BQ", "target": "/malware/virtool:Win32/Injector.gen!BQ" } ], "attack_ids": [ { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3031, "email": 8, "hostname": 1840, "FileHash-SHA256": 1015, "URL": 4792, "FileHash-MD5": 441, "FileHash-SHA1": 432, "SSLCertFingerprint": 9, "CVE": 1 }, "indicator_count": 11569, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://fashionstune.com/cgi-sys/suspendedpage.cgi", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://fashionstune.com/cgi-sys/suspendedpage.cgi", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780357967.8866615 }