{ "type": "URL", "indicator": "https://validurl.adatum.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://validurl.adatum.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4068342676, "indicator": "https://validurl.adatum.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "69b49ad5dd40a24d83cd6a72", "name": "Chris P. Ahmann \u2022 PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-03-13T23:16:37.716000", "created": "2026-03-13T23:16:37.716000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69631fbd16e306ee2b76c4da", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b496396ca4987e95ad37d1", "name": "Chris Buzz by QVashni (wow)", "description": "", "modified": "2026-03-13T22:56:57.314000", "created": "2026-03-13T22:56:57.314000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69482caa00d327da8f0a87bc", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b49587dd104e342dda1628", "name": "C Ahman Attorney Clone by Top Tier, Q.Vashti", "description": "", "modified": "2026-03-13T22:53:59.112000", "created": "2026-03-13T22:53:59.112000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac416596cd89cf76bce55", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:04:53.997000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac4327b5bc2e8be34f78a", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:05:22.323000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac438a696c993b672106d", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:05:28.261000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6964c08bf79bcb252eaa9e15", "name": "TrojanSpy - Spotify account under an attack which conceals artists releases / deletes followers", "description": "Spotify Attacks: TrojanSpy - Streamer Spotify account under an attack which conceals artists releases / deletes followers. The attack is adversarial. I\u2019m unclear how widespread it is. . Further research required. OTX auto generated Pegasus. Released work that was once viewable is now concealed, followers deleted.\n#cloudfront #spyware #delete_service #cloudfront_attacks", "modified": "2026-02-11T09:03:20.933000", "created": "2026-01-12T09:36:11.701000", "tags": [ "google", "fastly", "googlecl", "january", "http", "domain", "akamaias", "cloudflar", "page url", "de summary", "april", "reverse dns", "url https", "general full", "software", "united", "resource hash", "protocol h3", "security quic", "protocol h2", "security tls", "main", "present jan", "title", "gmt max", "certificate", "moved", "lowfi", "gmt content", "meta", "present dec", "status", "aaaa", "passive dns", "urls", "search", "expiration date", "win32", "files", "verdict", "files ip", "address", "mtb jan", "trojandropper", "backdoor", "win32upatre jan", "origin trial", "gmt cache", "443 ma2592000", "possible", "worm", "trojan", "ip address", "record value", "dark", "found", "ipv4 add", "error", "trojanspy", "emails", "servers", "pegasus", "america flag", "america asn", "tlsv1", "read c", "show", "medium", "lstockholm", "ospotify ab", "odigicert inc", "execution", "next", "dock", "write", "persistence", "dynamicloader", "yara rule", "ms windows", "pe32", "named pipe", "smartassembly", "delphi", "malware", "united states", "pe file", "filehash", "md5 add", "av detections", "ids detections", "yara detections", "alerts", "high", "write c", "tls sni", "tls handshake", "delete", "as15169", "stun binding", "request", "port", "win64", "themida", "guard", "risepro", "sha256", "sha1", "pattern match", "ascii text", "size", "mitre att", "ck id", "null", "refresh", "span", "hybrid", "general", "local", "path", "click", "strings", "tools", "look", "verify", "restart", "learn", "command", "name tactics", "suspicious", "informative", "spawns", "ck techniques", "evasion att", "t1480 execution", "directui", "element", "hwndhost", "classinfobase", "hwndelement", "value", "explorer", "insert", "movie", "hacktool", "showing", "entries http", "scans show", "california", "location united", "next associated", "pulse pulses", "name servers", "found request", "unique", "url add", "related nids", "files location", "expiration", "flag united", "present nov", "present sep", "href", "suricata stream", "command decode", "starfield", "encrypt", "iframe", "date", "title error", "hostname", "pulse submit", "memcommit", "checks", "windows", "capture", "cloudfront", "colorado", "creation date", "hostname add", "eset", "binary file", "pdb path", "internalname", "nod32", "amon" ], "references": [ "open.spotify.com \u2022", "https://open.spotify.com/intl-de/track/5KjB1j0u54VXg6M8SN8hH2", "https://open.spotify.com/track/5KjB1j0u54VXg6M8SN8hH2", "FileHash-SHA256 cb40cd426d6e55c2b175b5be3327bfdf8d5a0074bf48b823121bd4720ed2ad95", "events.launchdarkly.com \u2022 clientstream.launchdarkly. \u2022 app.launchdarkly.com", "https://target.tccwest.www.littleswimmers.fr/", "www.onyx-ware.com \u2022 endgamesystems.com", "cloudfront.net \u2022 d127qq8ld0aiq5.cloudfront.net" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Win.Packed.Stealerc-10017074-0", "display_name": "Win.Packed.Stealerc-10017074-0", "target": null }, { "id": "#Lowfi:Win32/AutoIt", "display_name": "#Lowfi:Win32/AutoIt", "target": "/malware/#Lowfi:Win32/AutoIt" }, { "id": "Win.Packed.Generic-9967832-0", "display_name": "Win.Packed.Generic-9967832-0", "target": null }, { "id": "TrojanSpy:MSIL/Yakbeex.A", "display_name": "TrojanSpy:MSIL/Yakbeex.A", "target": "/malware/TrojanSpy:MSIL/Yakbeex.A" }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "Win32:HacktoolX-gen\\ [Trj]", "display_name": "Win32:HacktoolX-gen\\ [Trj]", "target": null }, { "id": "nUFS_unicode", "display_name": "nUFS_unicode", "target": null }, { "id": "HackTool:Win32/CobaltStrike.A", "display_name": "HackTool:Win32/CobaltStrike.A", "target": "/malware/HackTool:Win32/CobaltStrike.A" }, { "id": "Win.Dropper.PoisonIvy-9876745-0", "display_name": "Win.Dropper.PoisonIvy-9876745-0", "target": null }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" } ], "industries": [ "Entertainment", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1293, "URL": 3389, "FileHash-MD5": 635, "FileHash-SHA1": 531, "FileHash-SHA256": 2345, "domain": 501, "email": 12, "SSLCertFingerprint": 16 }, "indicator_count": 8722, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "67 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691f4d4ef0a2a570b8b21cd2", "name": "Chris P. Ahmann Colorado State Criminal Defense Attorney", "description": "Chris P. Ahmann Colorado State Criminal Defense attorney hired by quasi government Workers Compensation to completely destroy Tsara Brashears literally to death. None of her spinal cord injuries , and other assault injuries discussed or compensated for in rushed settlement case. Her awful racist attorney refused to represent plaintiffs in hearing. Never met with in person for no good reason. Tsara represented herself. Less that 24 hour notice. No briefings, no awareness or mention that Ahmann was representing Jeffrey Scott Reimer for assault\n case. Brashears required 24 hour care by end of life. Received 0 workers compsarion payments. But if this doesn\u2019t prove Reimer\u2019s guilt what does? Continued harassment of associated. \n\nNotice the outages? You\u2019ve cost BILLIONS? Stop threatening everyone.", "modified": "2026-01-20T17:02:02.650000", "created": "2025-11-20T17:18:06.929000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69482caa00d327da8f0a87bc", "name": "Chris P.\u2019 Buzz\u2019 Ahmann Colorado State Criminal Defense Attorney (22.20.2025)", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-21T17:21:46.434000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "695557ee134b978b00883c29", "name": "Chris P. Ahmann \u2022 Stay out of PRIVATE PROPERTY HITMAN! Colorado State", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-31T17:05:50.134000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69631fbd16e306ee2b76c4da", "name": "Chris P. Ahmann \u2022 STAY Away!f PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2026-01-11T03:57:49.242000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "695557ee134b978b00883c29", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6907cc66855b7dfe1306b0d8", "name": "Inject : Defense Counsel attaches to Apple Notebooks - Targeting", "description": "TAM Legal attacking Tsara Brashears and associated. Christopher P. Ahmann Esq Is the Special Counsel assigned to pester , smear, tamper with, terrorize, arrange murders, dispatch stalkers, deny care, swatting , botnets, attach to devices , deflect award for life ending injuries to you and your Mafia, choose malicious media companies (Hall Render) to smear Jeffrey Scott Reimers assault victim. This is silencing. Not everyone has someone to speak. Back off. You\u2019re sick. Enjoying that money, while Tsara slept on air mattress during a couch tour. Demyelinating, from denied disclosed of cord compression; like George Floyd. You should turn yourself in, write a HUGA check , shut down this criminal operation , find Jesus , self exit to a place out away from you targets , go to your bunker forever. You are a God Forsaken terrorist hitman! You\u2019re all SO sick!\nEnd Game Now.", "modified": "2026-01-01T07:03:18.851000", "created": "2025-11-02T21:25:58.814000", "tags": [ "present nov", "unknown aaaa", "ip address", "win32", "america asn", "twitter", "united states", "america", "ipv4", "united", "a domains", "443 ma86400", "super", "read c", "memcommit", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "regsetvalueexa", "hack", "write", "february", "local", "unknown", "persistence", "execution", "xport", "kb body", "present aug", "present sep", "present oct", "for privacy", "false", "expirestue", "path", "p2404", "accept", "p11762282638", "host", "gmt range", "gmt ifnonematch", "p11762466264", "p11762417453", "nothing", "shutdown", "process32nextw", "langturkish", "sublangdefault", "regdword", "rtrcdata", "microsoft excel", "delphi", "worm", "malware", "error", "next", "format", "suspicious", "less see", "contacted", "all ip", "domains", "all related", "pulses otx", "related tags", "file type", "pexe", "christopher ahmann", "tam legal", "treece", "hacking", "highjacking", "modified", "quasi government", "ai google", "inject", "adversaries", "government", "insurance", "apple" ], "references": [ "External Apple Connection: Notepad.pw", "Sex Tools: m.pornsexer.xxx.3.1.adiosfil.roksit.net |", "www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process\t h", "takedown-communication-api.prod-c15a-awsuse.ppops.net", "L\u00b0\u00b0k @ You, okay Chris\u2026abgubdf.apple.cloudns.biz \u2022 cloudns.biz \u2022 https://abgubdf.apple.cloudns", "http://www.mof.gov.cn.lxcvc.com/ \u2022 https://r//www.csrc.gov.cn.lxcvc.com/", "http://www.mohurd.gov.cn.lxcvc.com/", "config.uca.cloud.unity3d.com", "0.0.iphone.8dyf8rf5k3.fr.mobiletrend.rtl2.adsenseformobileapps.com", "http://mp7tf.best-cell-phone-plans-for-seniors.cfd/", "sipphone.com", "uk5seki2ygz3kyfgliqe37477miq6jsf.nlsexolehxry4opotgpq" ], "public": 1, "adversary": "TAM Legal Christopher P. Ahmann Chief Terrorist", "targeted_countries": [], "malware_families": [ { "id": "Win.Malware.004bf-6866449-0", "display_name": "Win.Malware.004bf-6866449-0", "target": null }, { "id": "Custom Malware", "display_name": "Custom Malware", "target": null }, { "id": "Worn:Win32/AutoRun.XXY!bit", "display_name": "Worn:Win32/AutoRun.XXY!bit", "target": "/malware/Worn:Win32/AutoRun.XXY!bit" } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1094", "name": "Custom Command and Control Protocol", "display_name": "T1094 - Custom Command and Control Protocol" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" }, { "id": "T1184", "name": "SSH Hijacking", "display_name": "T1184 - SSH Hijacking" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" } ], "industries": [ "Legal", "Government", "Healthcare", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2615, "URL": 7521, "hostname": 1775, "domain": 689, "FileHash-MD5": 448, "FileHash-SHA1": 295, "SSLCertFingerprint": 12, "email": 1 }, "indicator_count": 13356, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "692e9b142a8508d5257d1662", "name": "Criminal Defender Chris Ahmann responsible for continued Apple hackathons removing IoC\u2019 l Targeting Tsara Brashears evidence of crime . Hit Man", "description": "", "modified": "2026-01-01T07:03:18.851000", "created": "2025-12-02T07:53:56.560000", "tags": [ "present nov", "unknown aaaa", "ip address", "win32", "america asn", "twitter", "united states", "america", "ipv4", "united", "a domains", "443 ma86400", "super", "read c", "memcommit", "msie", "windows nt", "wow64", "slcc2", "media center", "tlsv1", "regsetvalueexa", "hack", "write", "february", "local", "unknown", "persistence", "execution", "xport", "kb body", "present aug", "present sep", "present oct", "for privacy", "false", "expirestue", "path", "p2404", "accept", "p11762282638", "host", "gmt range", "gmt ifnonematch", "p11762466264", "p11762417453", "nothing", "shutdown", "process32nextw", "langturkish", "sublangdefault", "regdword", "rtrcdata", "microsoft excel", "delphi", "worm", "malware", "error", "next", "format", "suspicious", "less see", "contacted", "all ip", "domains", "all related", "pulses otx", "related tags", "file type", "pexe", "christopher ahmann", "tam legal", "treece", "hacking", "highjacking", "modified", "quasi government", "ai google", "inject", "adversaries", "government", "insurance", "apple" ], "references": [ "External Apple Connection: Notepad.pw", "Sex Tools: m.pornsexer.xxx.3.1.adiosfil.roksit.net |", "www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process\t h", "takedown-communication-api.prod-c15a-awsuse.ppops.net", "L\u00b0\u00b0k @ You, okay Chris\u2026abgubdf.apple.cloudns.biz \u2022 cloudns.biz \u2022 https://abgubdf.apple.cloudns", "http://www.mof.gov.cn.lxcvc.com/ \u2022 https://r//www.csrc.gov.cn.lxcvc.com/", "http://www.mohurd.gov.cn.lxcvc.com/", "config.uca.cloud.unity3d.com", "0.0.iphone.8dyf8rf5k3.fr.mobiletrend.rtl2.adsenseformobileapps.com", "http://mp7tf.best-cell-phone-plans-for-seniors.cfd/", "sipphone.com", "uk5seki2ygz3kyfgliqe37477miq6jsf.nlsexolehxry4opotgpq" ], "public": 1, "adversary": "TAM Legal Christopher P. Ahmann Chief Terrorist", "targeted_countries": [], "malware_families": [ { "id": "Win.Malware.004bf-6866449-0", "display_name": "Win.Malware.004bf-6866449-0", "target": null }, { "id": "Custom Malware", "display_name": "Custom Malware", "target": null }, { "id": "Worn:Win32/AutoRun.XXY!bit", "display_name": "Worn:Win32/AutoRun.XXY!bit", "target": "/malware/Worn:Win32/AutoRun.XXY!bit" } ], "attack_ids": [ { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" }, { "id": "T1094", "name": "Custom Command and Control Protocol", "display_name": "T1094 - Custom Command and Control Protocol" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" }, { "id": "T1147", "name": "Hidden Users", "display_name": "T1147 - Hidden Users" }, { "id": "T1155", "name": "AppleScript", "display_name": "T1155 - AppleScript" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1415", "name": "URL Scheme Hijacking", "display_name": "T1415 - URL Scheme Hijacking" }, { "id": "T1184", "name": "SSH Hijacking", "display_name": "T1184 - SSH Hijacking" }, { "id": "T1122", "name": "Component Object Model Hijacking", "display_name": "T1122 - Component Object Model Hijacking" } ], "industries": [ "Legal", "Government", "Healthcare", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": "6907cc66855b7dfe1306b0d8", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2615, "URL": 7437, "hostname": 1765, "domain": 686, "FileHash-MD5": 448, "FileHash-SHA1": 295, "SSLCertFingerprint": 12, "email": 1 }, "indicator_count": 13259, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "108 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68bbb31f6d91989d7fcd9592", "name": "Who is Argus Health Systems in relation to United Healthcare", "description": "Strange. Person/s handling a monitored targeted past accounts was contacted to have old bills paid. Told individual had Argus Health Insurance that wouldn\u2019t pay.\n\nIssues: \u2022 Individual wasn\u2019t a client of vendor in 2024\n\u2022 Was never an Argus client.\n\u2022 Social engineering type call. Angry employee demanding copy of front and back of Health Care Insurance card for UH payments for items purchased after approved prior authorization for in past purchases. \n\u2022 Gave an incredible amount of PHI over phone w/o appropriate new (or former) HIPPA standard verification. \u2022 Angrily refused to provide billing # or requesters name.\n*United Health Care has paid ZERO bills. \n* \n(Auto populated - Anel arauchealth cam) | https://www.argushealth.com. Argus Health Systems is a healthcare technology company based in Kansas City, MO. Specializing in pharmacy benefit management ...", "modified": "2025-10-06T03:04:31.707000", "created": "2025-09-06T04:05:50.955000", "tags": [ "server", "date", "registrar abuse", "csc corporate", "domains", "algorithm", "key identifier", "x509v3 subject", "country", "postal code", "code", "united", "showing", "entries", "ip address", "search", "name servers", "unknown aaaa", "domain add", "pulse submit", "passive dns", "content type", "type content", "all ipv4", "url analysis", "urls", "files", "title", "meta", "certificate", "creation date", "record value", "hostname add", "domain", "unknown ns", "china unknown", "body", "please", "x msedge", "pulse pulses", "present aug", "hong kong", "extraction", "data upload", "levelbluelabs", "search otx", "pcap", "stix", "url or", "texdr", "failedto", "drop", "aaaa", "record type", "ttl value", "historical ssl", "certificates", "thumbprint", "present jan", "next associated", "urls show", "date checked", "url hostname", "server response", "google safe", "results jul", "present jun", "moved", "gmt content", "a domains", "next http", "scans show", "error", "present sep", "present may", "present jul", "present mar", "present apr" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2091, "domain": 817, "URL": 7939, "email": 5, "FileHash-SHA256": 2960, "FileHash-SHA1": 240, "FileHash-MD5": 227 }, "indicator_count": 14279, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "195 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6824aa10fa32899c33abc3be", "name": "tp://adorno.pl and http://vgt.pl INVESTIGATION requstor user Axelo", "description": "https://t.co/zTZNBTe8GV", "modified": "2025-06-14T00:00:30.956000", "created": "2025-05-14T14:34:56.497000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 426, "FileHash-SHA1": 455, "FileHash-SHA256": 5596, "URL": 15206, "IPv4": 409, "domain": 2473, "hostname": 5059, "CVE": 3 }, "indicator_count": 29627, "is_author": false, "is_subscribing": null, "subscriber_count": 122, "modified_text": "309 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "FileHash-SHA256 cb40cd426d6e55c2b175b5be3327bfdf8d5a0074bf48b823121bd4720ed2ad95", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "http://watchhers.net/index.php", "http://www.mohurd.gov.cn.lxcvc.com/", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "uk5seki2ygz3kyfgliqe37477miq6jsf.nlsexolehxry4opotgpq", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "config.uca.cloud.unity3d.com", "cloudfront.net \u2022 d127qq8ld0aiq5.cloudfront.net", "http://www.mof.gov.cn.lxcvc.com/ \u2022 https://r//www.csrc.gov.cn.lxcvc.com/", "https://target.tccwest.www.littleswimmers.fr/", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process\t h", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.vgt.pl/favicon.ico", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "https://open.spotify.com/intl-de/track/5KjB1j0u54VXg6M8SN8hH2", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "takedown-communication-api.prod-c15a-awsuse.ppops.net", "External Apple Connection: Notepad.pw", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "L\u00b0\u00b0k @ You, okay Chris\u2026abgubdf.apple.cloudns.biz \u2022 cloudns.biz \u2022 https://abgubdf.apple.cloudns", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png", "Denver, US 80211 http://library.verizon.onereach.ai", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "open.spotify.com \u2022", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "pegasuspartners.followupboss.com", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "search.roi.ros.gov.uk", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "events.launchdarkly.com \u2022 clientstream.launchdarkly. \u2022 app.launchdarkly.com", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "www.onyx-ware.com \u2022 endgamesystems.com", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "0.0.iphone.8dyf8rf5k3.fr.mobiletrend.rtl2.adsenseformobileapps.com", "sipphone.com", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "Sex Tools: m.pornsexer.xxx.3.1.adiosfil.roksit.net |", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "http://mp7tf.best-cell-phone-plans-for-seniors.cfd/", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "https://open.spotify.com/track/5KjB1j0u54VXg6M8SN8hH2", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "TAM Legal Christopher P. Ahmann Chief Terrorist" ], "malware_families": [ "Other malware", "#lowfi:win32/autoit", "Trojan:win32/mydoom", "Win.packed.generic-9967832-0", "Pegasus", "Trojanspy:msil/yakbeex.a", "Win32:hacktoolx-gen\\ [trj]", "Worm:win32/autorun", "Win.trojan.barys-10005825-0", "Custom malware", "Win.malware.004bf-6866449-0", "Jaik", "Trojanspy:win32/nivdort", "Win.packed.stealerc-10017074-0", "Worn:win32/autorun.xxy!bit", "Alf:heraklezeval:trojan:win32/clipbanker", "Tofsee", "Trojan:win32/zombie.a", "Win.dropper.poisonivy-9876745-0", "Hacktool:win32/cobaltstrike.a", "Nufs_unicode", "Trojanspy", "Trojan:win32/qshell" ], "industries": [ "Legal", "Entertainment", "Technology", "Healthcare", "Government", "Telecommunications" ], "unique_indicators": 93136 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/adatum.com", "whois": "http://whois.domaintools.com/adatum.com", "domain": "adatum.com", "hostname": "validurl.adatum.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "69b49ad5dd40a24d83cd6a72", "name": "Chris P. Ahmann \u2022 PRIVATE PROPERTY Colorado State Fixer!", "description": "", "modified": "2026-03-13T23:16:37.716000", "created": "2026-03-13T23:16:37.716000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69631fbd16e306ee2b76c4da", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b496396ca4987e95ad37d1", "name": "Chris Buzz by QVashni (wow)", "description": "", "modified": "2026-03-13T22:56:57.314000", "created": "2026-03-13T22:56:57.314000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "69482caa00d327da8f0a87bc", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b49587dd104e342dda1628", "name": "C Ahman Attorney Clone by Top Tier, Q.Vashti", "description": "", "modified": "2026-03-13T22:53:59.112000", "created": "2026-03-13T22:53:59.112000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "36 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac416596cd89cf76bce55", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:04:53.997000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac4327b5bc2e8be34f78a", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:05:22.323000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "696ac438a696c993b672106d", "name": "VERIZON \u2022 One Reach AI \u2022 LEGAL \u2022 Crazy Frost \u2022 Denver, US MEGA PULSE", "description": "Found in peripheral looking for patterns.\nLegal mischief , Monitoring, Spyware. a Pegasus service needs to be examined further. Just glancing. [OTX Auto generated-HOSTNAME: Verizon.com-vdda.co.cc -has been added to the Pulse website, the first time the site has done so.]", "modified": "2026-02-15T22:03:06.041000", "created": "2026-01-16T23:05:28.261000", "tags": [ "united", "win32", "urls", "twitter", "trojan", "united states", "dynamicloader", "default", "delete c", "json", "ascii text", "high", "data", "write c", "stream", "write", "malware", "dirty", "servers", "unknown aaaa", "Crazy Frost", "create c", "port", "destination", "unknown", "encrypt", "passive dns", "Verizon", "Twitter", "url analysis", "url add", "http", "files related", "related tags", "Project Cicada", "present nov", "present dec", "present sep", "present jul", "present jun", "or icon", "gold w", "dots larger", "background", "pegasus", "meta", "backdoor", "ransom", "checkin", "trojandropper", "mtb nov", "ipv4", "data upload", "extraction", "ottow", "Christopher Ahmann", "Pegasus", "url https", "hostname", "files domain", "present jan", "moved", "ip address", "record value", "apache", "paris", "followupboss", "type", "hostname add", "next associated", "title error", "reverse dns", "windows nt", "wow64", "khtml", "gecko", "connect", "head", "tlsv1", "accept", "date", "powershell", "iframe", "span", "push", "next", "shark", "Connection", "learn", "command", "ck id", "name tactics", "suspicious", "informative", "adversaries", "spawns", "mitre att", "ck techniques", "pattern match", "size", "null", "refresh", "hybrid", "general", "local", "path", "click", "strings", "error", "tools", "look", "verify", "restart", "Denver, Co 80211", "body", "title", "One Reach AI" ], "references": [ "https://pegasuspartners.followupboss.com/unsubscribe/eh-MhVRQnJl0_bAFwnKkNcLhcpKKkFNZoZGVdqXUj3YdKSnKqAu_ZtK_m2bfbflpBDP5tU_QK4_N_bD0zVR_qs69dqt0K9vHSjNpk4p_WlGOHiyG5drGp98yBthkeHFIf3TXQbQPk8UzVtbZUILxzg~~ No Expiration\t0", "pegasuspartners.followupboss.com", "Project Cicada: verizon.pr1414.my.nonprod-asurion53.com", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/07d20574d361258ee514f507936703dbea55db4a6d123602c0d2a67e9f14196d", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/fbb538f322026e57d467e9dbccdbaf181e08149c50216385b7235a43e80ea0c8", "Hostname admin.test-aws-responsible-oyster-8905-us-east-1.space.dev.a0core.net", "search.roi.ros.gov.uk", "ftp.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "forum.remote.docs.home.git.fr.yandex.avito.sberbank.pay.avito.blablacar.blablacar.gitlab.ces4ld2kbfghhbju9r40.haard.info", "Denver, US 80211 https://otx.alienvault.com/indicator/domain/onereach.ai", "Denver, US 80211 http://library.verizon.onereach.ai", "https://sa.josht.ca\t\u2022 https://sa.josht.ca/ \u2022 https://staging.josht.ca/\t\u2022 https://test.josht.ca/", "https://p2d.josht.ca/api/depots/info/?depot= \u2022 https://p2d.josht" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "display_name": "ALF:HeraklezEval:Trojan:Win32/ClipBanker", "target": null }, { "id": "Other Malware", "display_name": "Other Malware", "target": null }, { "id": "Pegasus", "display_name": "Pegasus", "target": null } ], "attack_ids": [ { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 11078, "hostname": 4331, "domain": 1932, "FileHash-SHA256": 1999, "FileHash-MD5": 357, "FileHash-SHA1": 169, "email": 5, "SSLCertFingerprint": 6, "CVE": 1 }, "indicator_count": 19878, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "63 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6964c08bf79bcb252eaa9e15", "name": "TrojanSpy - Spotify account under an attack which conceals artists releases / deletes followers", "description": "Spotify Attacks: TrojanSpy - Streamer Spotify account under an attack which conceals artists releases / deletes followers. The attack is adversarial. I\u2019m unclear how widespread it is. . Further research required. OTX auto generated Pegasus. Released work that was once viewable is now concealed, followers deleted.\n#cloudfront #spyware #delete_service #cloudfront_attacks", "modified": "2026-02-11T09:03:20.933000", "created": "2026-01-12T09:36:11.701000", "tags": [ "google", "fastly", "googlecl", "january", "http", "domain", "akamaias", "cloudflar", "page url", "de summary", "april", "reverse dns", "url https", "general full", "software", "united", "resource hash", "protocol h3", "security quic", "protocol h2", "security tls", "main", "present jan", "title", "gmt max", "certificate", "moved", "lowfi", "gmt content", "meta", "present dec", "status", "aaaa", "passive dns", "urls", "search", "expiration date", "win32", "files", "verdict", "files ip", "address", "mtb jan", "trojandropper", "backdoor", "win32upatre jan", "origin trial", "gmt cache", "443 ma2592000", "possible", "worm", "trojan", "ip address", "record value", "dark", "found", "ipv4 add", "error", "trojanspy", "emails", "servers", "pegasus", "america flag", "america asn", "tlsv1", "read c", "show", "medium", "lstockholm", "ospotify ab", "odigicert inc", "execution", "next", "dock", "write", "persistence", "dynamicloader", "yara rule", "ms windows", "pe32", "named pipe", "smartassembly", "delphi", "malware", "united states", "pe file", "filehash", "md5 add", "av detections", "ids detections", "yara detections", "alerts", "high", "write c", "tls sni", "tls handshake", "delete", "as15169", "stun binding", "request", "port", "win64", "themida", "guard", "risepro", "sha256", "sha1", "pattern match", "ascii text", "size", "mitre att", "ck id", "null", "refresh", "span", "hybrid", "general", "local", "path", "click", "strings", "tools", "look", "verify", "restart", "learn", "command", "name tactics", "suspicious", "informative", "spawns", "ck techniques", "evasion att", "t1480 execution", "directui", "element", "hwndhost", "classinfobase", "hwndelement", "value", "explorer", "insert", "movie", "hacktool", "showing", "entries http", "scans show", "california", "location united", "next associated", "pulse pulses", "name servers", "found request", "unique", "url add", "related nids", "files location", "expiration", "flag united", "present nov", "present sep", "href", "suricata stream", "command decode", "starfield", "encrypt", "iframe", "date", "title error", "hostname", "pulse submit", "memcommit", "checks", "windows", "capture", "cloudfront", "colorado", "creation date", "hostname add", "eset", "binary file", "pdb path", "internalname", "nod32", "amon" ], "references": [ "open.spotify.com \u2022", "https://open.spotify.com/intl-de/track/5KjB1j0u54VXg6M8SN8hH2", "https://open.spotify.com/track/5KjB1j0u54VXg6M8SN8hH2", "FileHash-SHA256 cb40cd426d6e55c2b175b5be3327bfdf8d5a0074bf48b823121bd4720ed2ad95", "events.launchdarkly.com \u2022 clientstream.launchdarkly. \u2022 app.launchdarkly.com", "https://target.tccwest.www.littleswimmers.fr/", "www.onyx-ware.com \u2022 endgamesystems.com", "cloudfront.net \u2022 d127qq8ld0aiq5.cloudfront.net" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "Win.Packed.Stealerc-10017074-0", "display_name": "Win.Packed.Stealerc-10017074-0", "target": null }, { "id": "#Lowfi:Win32/AutoIt", "display_name": "#Lowfi:Win32/AutoIt", "target": "/malware/#Lowfi:Win32/AutoIt" }, { "id": "Win.Packed.Generic-9967832-0", "display_name": "Win.Packed.Generic-9967832-0", "target": null }, { "id": "TrojanSpy:MSIL/Yakbeex.A", "display_name": "TrojanSpy:MSIL/Yakbeex.A", "target": "/malware/TrojanSpy:MSIL/Yakbeex.A" }, { "id": "Pegasus", "display_name": "Pegasus", "target": null }, { "id": "Win32:HacktoolX-gen\\ [Trj]", "display_name": "Win32:HacktoolX-gen\\ [Trj]", "target": null }, { "id": "nUFS_unicode", "display_name": "nUFS_unicode", "target": null }, { "id": "HackTool:Win32/CobaltStrike.A", "display_name": "HackTool:Win32/CobaltStrike.A", "target": "/malware/HackTool:Win32/CobaltStrike.A" }, { "id": "Win.Dropper.PoisonIvy-9876745-0", "display_name": "Win.Dropper.PoisonIvy-9876745-0", "target": null }, { "id": "Trojan:Win32/Zombie.A", "display_name": "Trojan:Win32/Zombie.A", "target": "/malware/Trojan:Win32/Zombie.A" }, { "id": "Win.Trojan.Barys-10005825-0", "display_name": "Win.Trojan.Barys-10005825-0", "target": null } ], "attack_ids": [ { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "TA0003", "name": "Persistence", "display_name": "TA0003 - Persistence" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" }, { "id": "TA0037", "name": "Command and Control", "display_name": "TA0037 - Command and Control" } ], "industries": [ "Entertainment", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1293, "URL": 3389, "FileHash-MD5": 635, "FileHash-SHA1": 531, "FileHash-SHA256": 2345, "domain": 501, "email": 12, "SSLCertFingerprint": 16 }, "indicator_count": 8722, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "67 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "691f4d4ef0a2a570b8b21cd2", "name": "Chris P. Ahmann Colorado State Criminal Defense Attorney", "description": "Chris P. Ahmann Colorado State Criminal Defense attorney hired by quasi government Workers Compensation to completely destroy Tsara Brashears literally to death. None of her spinal cord injuries , and other assault injuries discussed or compensated for in rushed settlement case. Her awful racist attorney refused to represent plaintiffs in hearing. Never met with in person for no good reason. Tsara represented herself. Less that 24 hour notice. No briefings, no awareness or mention that Ahmann was representing Jeffrey Scott Reimer for assault\n case. Brashears required 24 hour care by end of life. Received 0 workers compsarion payments. But if this doesn\u2019t prove Reimer\u2019s guilt what does? Continued harassment of associated. \n\nNotice the outages? You\u2019ve cost BILLIONS? Stop threatening everyone.", "modified": "2026-01-20T17:02:02.650000", "created": "2025-11-20T17:18:06.929000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 139, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69482caa00d327da8f0a87bc", "name": "Chris P.\u2019 Buzz\u2019 Ahmann Colorado State Criminal Defense Attorney (22.20.2025)", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-21T17:21:46.434000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "695557ee134b978b00883c29", "name": "Chris P. Ahmann \u2022 Stay out of PRIVATE PROPERTY HITMAN! Colorado State", "description": "", "modified": "2026-01-20T17:02:02.650000", "created": "2025-12-31T17:05:50.134000", "tags": [ "related pulses", "p1377925676", "gaz1", "sid1696503456", "sct1", "active", "dynamicloader", "medium", "write c", "search", "show", "high", "program gateway", "http traffic", "http", "write", "malware", "nivdort", "serving ip", "address", "status code", "kb body", "sha256", "gw5hjz7t975", "url https", "url http", "indicator role", "pulses url", "hostname", "poland unknown", "present sep", "present jul", "present may", "present apr", "present dec", "present jan", "moved", "passive dns", "ip address", "title", "location poland", "asn as29522", "gmt content", "accept encoding", "ipv4 add", "urls", "files", "reverse dns", "united", "record value", "aaaa", "mtb oct", "found", "error", "read c", "memcommit", "module load", "next", "showing", "trojan", "execution", "unknown", "entries", "ms windows", "intel", "as15169", "codeoverlap", "yara detections", "delphi", "worm", "win32", "win64", "learn", "ck id", "name tactics", "suspicious", "informative", "adversaries", "command", "spawns", "ssl certificate", "execution att", "script urls", "treece alfrey", "meta", "germany unknown", "for privacy", "title added", "active related", "pulses", "asnone", "named pipe", "type indicator", "role title", "added active", "filehashsha256", "ally", "melika", "information", "law christopher", "https", "fake pinterest", "tsara", "traceback man", "expiro", "capture", "domain", "types of", "germany", "poland", "netherlands", "cve cve20178977", "boobs130432 nov", "learn more", "filehashmd5", "utmsourceawin", "pe32", "head microsoft", "delete", "main", "backdoor", "next associated", "gmt connection", "control", "content type", "twitter", "certificate", "redirect date", "cache", "unknown ns", "hostname add", "ipv4", "pulse pulses", "location united", "america flag", "america asn", "windows", "total", "ids detections", "url add", "related nids", "files location", "flag united", "win32mydoom nov", "domain add", "yara rule", "ee fc", "ff d5", "f0 ff", "eb e1", "ff ff", "c1 e8", "c1 c0", "eb e8", "mpress", "cache control", "x cache", "date", "name servers", "arial", "present aug", "present jun", "may god", "hall render", "palantir doing", "jeffrey scott", "jeffrey reimer", "brian sabey", "butt pirates", "scott reimer", "colorado", "quasi government", "workers compensation", "eva lisa", "eva reimer", "sammie", "montano mark", "death threats", "tulach", "hired hit men", "gay man", "gay porn", "concentra", "corruption", "palantir", "foundry", "grifter", "warning", "illegal", "apple", "contacted", "ransom", "dead", "denver" ], "references": [ "https://tamlegal.com/attorneys/christopher-p-ahmann/#breadcrumb \u2022 https://www.milehighmedia.com/en/movies", "https://www.milehighmedia.com/legal/2257 \u2022 https://www.milehighmedia", "www.milehighmedia.com \u2022 https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512", "https://www.milehighmedia.com/en/login/index/aHR0cHMlM0ElMkYlMkZtZW1iZXJzLm1pbGVoaWdobWVkaWEuY29tJTJGZW4lMkZ2aWRlb3MlMkZzd2VldGhlYXJ0dmlkZW8lM0ZhbHVwJTNEQURqeF9ITjhfd1oweU96UnpsU3NNNUZLaVVxSzBXNEN0X3NmTFpKTGVJc3M2b0RVUzkwVmp6VllNVko5eFpmdENYcFNKd3IzOTNaMG1mOEpXeVhVeVZpLTJZYVRsaGd3M25DSDRpYnRwZ25BRC1zUFhDQVUycjZJOXo2WWtRMzNVWVFhMFZyWC1YckxvcnRkVjJZdEgxSDYxZ1lhMTFNS3RZSkEzY3FlSXhFQzhtSlAzSk1tbloySURMQXlMZndPcHozSFFiTzF4T0FseXJIQ0xYem1ldFElMkE=\t \thttp://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNz", "http://www.milehighmedia.com/legal\t \u2022 https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017", "https://www.milehighmedia.com/de/MileHighMedia/scene/129689?utm_source=271174&utm_medium=affiliate&utm_campaign=", "http://www.milehighmedia.com/?ats=eyJhIjoyOTYzMTgsImMiOjU3OTYzNzc1LCJuIjo3NiwicyI6NT...", "ttps://www.milehighmedia.com/scene/4404473/creampie-adventures-scene-2-sneaky-melanie", "https://www.milehighmedia.com/join \u2022 https://www.milehighmedia.com/models \u2022 https://www.milehighmedia.com/movies", "https://www.milehighmedia.com/model/59136/avi-love \u2022https://www.milehighmedia.com/model/60418/Justin-Hunt \u2022", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.milehighmedia.com/en/movies \u2022 https://www.milehighmedia.com/join", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "pornhub-e.com \u2022 www.pornhub.com \u2022", "https://www.sweetheartvideo.com/tsara-brashears/ \u2022 www.sweetheartvideo.com", "https://www.sweetheartvideo.com/en/?s=1?s=1&utm_source=272160&utm_medium=affiliate&utm_campaign=lovelezzies", "https://www.sweetheartvideo.com/en/dvd/Lesbian-Massage/49895", "https://www.sweetheartvideo.com/en/dvds \u2022 https://www.sweetheartvideo.com/en/login", "https://www.sweetheartvideo.com/en/model/Mona-Wales/49601 \u2022 https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432 No Expiration\t0\t URL https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432 \u2022 https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/model/63710/brandi-love", "https://www.sweetheartvideo.com/scenes?models=63710", "https://www.sweetheartvideo.com/it/model/Kristen-Scott/50432", "https://www.sweetheartvideo.com/en/scene/Truth-Dare--Boobs/130432", "https://www.milehighmedia.com/en/photo/milehighmedia/The-Mother-I-Cant-Resist/52380", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022", "https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "https://www.vgt.pl/favicon.ico", "https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/font/roboto/Roboto-Medium.ttf", "https://www.vgt.pl/font/roboto/Roboto-Light.ttf \u2022", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/font/roboto/Roboto-Medium.eot", "https://www.vgt.pl/font/roboto/Roboto-Regular.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Thin.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.js.179.252.2", "https://www.vgt.pl/font/roboto/Roboto-Thin.ttf \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "https://www.vgt.pl/font/roboto/Roboto-Regular.eot \u2022 https://www.vgt.pl/94.152.156.22/logo.png \u2022 https://www.vgt.pl/css/", "vgt.pl \u2022 www.hak.vgt.pl \u2022 www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 aristocrat.vgt.pl", "https://www.vgt.pl/ phishing \u2022 https://vgt.pl/ \u2022www.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "http://www.pornokind.vgt.pl \u2022 https://dbkuewww.m.vgt.pl \u2022 https://lokalnyhost.vgt.pl \u2022 www.xn--twj-hna.pedofil.vgt.pl", "http://www.hak.vgt.pl \u2022 http://pornokind.vgt.pl \u2022 http://sip.vgt.pl \u2022 http://smtp-qa.vgt.pl \u2022 http://vgt.pl/*.", "https://pornokind.vgt.pl \u2022 https://sip.vgt.pl \u2022 https://smtp-qa.vgt.pl \u2022 https://www.vgt.pl/94.152.156.22/logo.png", "www.localhost.vgt.pl \u2022 www.certyfikat.vgt.pl \u2022 https://www.vgt.pl/94.152.152.233/images/logo.png", "https://www.vgt.pl/css/ \u2022 https://www.vgt.pl/favicon.ico \u2022 https://www.vgt.pl/font/fa/fontawesome-webfont.eot", "https://www.vgt.pl/font/roboto/Roboto-Bold.eot \u2022 https://www.vgt.pl/font/roboto/Roboto-Bold.ttf \u2022 https://www.vgt.pl/font/roboto/Roboto-Light.eot", "https://www.vgt.pl/static/js/bootstrap-typeahead.jstic/js/bootstrap-typeahead.js", "https://www.vgt.pl/style/style.css \u2022 https://www.vgt.pl/static/js/bootstrap-typeahead.js", "IP Address 94.152.58.192 Location Poland ASN AS29522 h88 s.a. Nameservers ns1.kei.pl. , ns2.kei.pl.", "www.happylifehappywife.com \u2022 http://www.happylifehappywife.com/2010/02/'>", "http://www.happylifehappywife.com/2010/04/'> \u2022 http://www.happylifehappywife.com/2010/05/'>", "http://www.happylifehappywife.com/2010/07/'> \u2022 http://www.happylifehappywife.com/2010/09/'>", "http://www.happylifehappywife.com/2011/06/'> \u2022 http://www.happylifehappywife.com/2011/08/'", "http://www.happylifehappywife.com/2011/08/'> \u2022 http://www.happylifehappywife.com/2012/07/'>", "http://www.happylifehappywife.com/2013/03/'> \u2022 http://www.happylifehappywife.com/index.php", "http://www.happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg", "https://amp.mypornvid.fun/videos/8/AhxS-ej1myg/gf-18-com/\ud83c\udf81-i39m-your-present-\ud83c\udf81-girlfriend-surprises-you-for-christmas-reunion-soft-kisses-amp-cuddles", "8-25-220-162-static.reverse.queryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t5\t domain\tqueryfoundry.net\t\t\tNov 1, 2025, 9:34:14 AM\t\t8\t URL\thttp://117-114-251-162-static.reverse.queryfoundry.net/", "http://watchhers.net/index.php", "remotewd.com device local", "nr-data.net \u2022 applemusic-spotlight.myunidays.com \u2022 init.ess.apple.com \u2022 tv.apple.com", "https://browntubeporn.com/tsara-brashearsAccept-Language", "https://cg864.myhotzpic.com phishing \u2022 http://dashboard.myhotzpic.com/", "https://myhotzpic.com/tsara-brashears-hardcore-lesbian-sex/anime-studio.org*thumbs-fa...", "https://mypornvid.com/videos/27/x510fb2/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/caillou-finger", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 http://siteinlink.d1.cnbd.net/site/maps.google.com.lb/", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-assaulted-by-jeffrey-reimer", "http://siteinlink.d1.cnbd.net/search/tsara-brashears-dead \u2022 https://videolal.com/videos/tsara-brashears-dead-by-daylight.html", "http://pixelrz.com/lists/keywords/tsara-brashears-dead/360 \u2022 http://pixelrz.com/lists/keywords/tsara-brashears-dead/360] No Expiration\t4\t Domain tsara-brashears-deadspin-twitter-suspended-account-help.ht", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian", "https://www.anyxxxtube.net/search-porn/tsara-brashears/", "https://twitter.com/PORNO_SEXYBABES \u2022 girlsdoporn.com", "Treece Alfrey Musat P.C. Attorneys at Law Christopher P. Ahmann | https://TamLegal.com", "https://urlscan.io/screenshots/e931bb02-80dc-46db-92f0-43d5afa258be.png" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "TrojanSpy:Win32/Nivdort", "display_name": "TrojanSpy:Win32/Nivdort", "target": "/malware/TrojanSpy:Win32/Nivdort" }, { "id": "Worm:Win32/Autorun", "display_name": "Worm:Win32/Autorun", "target": "/malware/Worm:Win32/Autorun" }, { "id": "Tofsee", "display_name": "Tofsee", "target": null }, { "id": "Jaik", "display_name": "Jaik", "target": null }, { "id": "Trojan:Win32/Qshell", "display_name": "Trojan:Win32/Qshell", "target": "/malware/Trojan:Win32/Qshell" }, { "id": "Trojan:Win32/Mydoom", "display_name": "Trojan:Win32/Mydoom", "target": "/malware/Trojan:Win32/Mydoom" } ], "attack_ids": [ { "id": "T1045", "name": "Software Packing", "display_name": "T1045 - Software Packing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1063", "name": "Security Software Discovery", "display_name": "T1063 - Security Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1197", "name": "BITS Jobs", "display_name": "T1197 - BITS Jobs" }, { "id": "T1210", "name": "Exploitation of Remote Services", "display_name": "T1210 - Exploitation of Remote Services" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": "691f4d4ef0a2a570b8b21cd2", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8897, "domain": 2102, "hostname": 2867, "FileHash-SHA256": 3886, "FileHash-MD5": 619, "FileHash-SHA1": 555, "CVE": 3, "email": 5, "SSLCertFingerprint": 8 }, "indicator_count": 18942, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "89 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://validurl.adatum.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://validurl.adatum.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776638670.342255 }