{ "type": "Domain", "indicator": "power.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/power.com", "alexa": "http://www.alexa.com/siteinfo/power.com", "indicator": "power.com", "type": "domain", "type_title": "Domain", "validation": [ { "source": "majestic", "message": "Whitelisted domain power.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4156488269, "indicator": "power.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-06-02T00:28:15.681000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "IPv4": 153, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10819, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "20 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-06-02T00:28:15.681000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "IPv4": 177, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11074, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "20 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f518b17a2558928eaae19d", "name": "Coordinated Vulnerability Disclosure \u2014 power.com", "description": "Per https://saviourr.org/uam-1.json \u2014 verify at https://saviourr.org/.well-known/security.txt", "modified": "2026-05-01T21:18:41.533000", "created": "2026-05-01T21:18:41.533000", "tags": [ "cvd", "iso-29147", "rfc-9116" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "31 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692dfcfbe3557856e3cd3bc4", "name": "Anonymous sent a Threat- Zero Day to an Apple product", "description": "State of Colorado? \nZero day sent to targets phone from a false Intermountain MyChart reminder. Of course target doesn\u2019t have a MyChart. Intermountain doesn\u2019t use \u2018Epic\u2019. \nFollow up call by \u2018Intermountain\u2019 \u201cIs this Tsara?\u201d\n\u201cYes it is\u201d I\u2019d say the same if they asked for \u201cDua Lipa\u201d Yes. Si. Oui. Ja.\n\nWrap her up in a package of lies. Send her off to a coconut island. I am not worried, I am not overly . \n\nThreat:\n\u201cWe do not forgive. We do not forget. Expect us. HACKED!\u201d \n\nI\u2019m taking this very seriously as a death threat. You are doing the crimes. Stop hacking people just to take your regret out on them. \nAs per victim\u2019s legal claim it was agreed by both parties she would hire an investigator to uncover true hacker. \n\nVictims of crimes aren\u2019t charged to research cybercrimes. I don\u2019t work alone. |\n\nMultiple death threats , attempts, injuries , death. You\u2019re mad? \n\nQuasi governments initial plan: Wrap her up in a package of lies. Send her off to a coconut island. I am not worried, I am not overly concerned", "modified": "2025-12-31T17:02:04.243000", "created": "2025-12-01T20:39:23.946000", "tags": [ "pm mst", "reply stop", "secure", "samesitenone", "httponly server", "cfray", "ip address", "google safe", "results nov", "united", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "contacted hosts", "msie", "windows nt", "wow64", "slcc2", "media center", "tls handshake", "search", "failure", "post http", "unknown", "trojan", "malware", "response", "gmt contenttype", "forbidden date", "gmt vary", "gmt etag", "deny", "vary", "network traffic", "hive", "target_tsara_brashears" ], "references": [ "https://mchrt.io/OaDiS--vvLULhoP9-ak", "172.64.147.230 \u2022 Error401.txt", "Error401.txt -> SHA256 d134ca025a6c63b2555200885d71cb6e61f8097cdfd7ecf13675b3df0c721797A", "https://otx.alienvault.com/otxapi/indicators/url/screenshot/https://mchrt.io/zviBxOFCAQJS13Uu--w", "FILEHASH - SHA256 55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "We are a Legion We do not forgive. We do not forget.EXPECT US. HACKED! [Colorado State Government] 100%", "You are NOT Yaweh. He does forgive. He does forget. Expect HIM! SAVED \u2018He\u2019s coming again.\u2019", "\u2018God Does\u2019 Red Clay Strays \u2026 I know that God does but , I know that God does\u2026.", "CVE-2017-17215 | https://otx.alienvault.com/indicator/cve/CVE-2017-17215", "link.mail.beehiiv.com \u2022 beehiiv.com" ], "public": 1, "adversary": "Colorado Government", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Healthcare", "Technology", "Civil Society", "Legal" ], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1071, "domain": 176, "hostname": 285, "FileHash-SHA256": 284, "FileHash-MD5": 21, "FileHash-SHA1": 15, "SSLCertFingerprint": 7, "CVE": 1 }, "indicator_count": 1860, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "153 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "\u2018God Does\u2019 Red Clay Strays \u2026 I know that God does but , I know that God does\u2026.", "Error401.txt -> SHA256 d134ca025a6c63b2555200885d71cb6e61f8097cdfd7ecf13675b3df0c721797A", "link.mail.beehiiv.com \u2022 beehiiv.com", "You are NOT Yaweh. He does forgive. He does forget. Expect HIM! SAVED \u2018He\u2019s coming again.\u2019", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "https://mchrt.io/OaDiS--vvLULhoP9-ak", "https://otx.alienvault.com/otxapi/indicators/url/screenshot/https://mchrt.io/zviBxOFCAQJS13Uu--w", "We are a Legion We do not forgive. We do not forget.EXPECT US. HACKED! [Colorado State Government] 100%", "FILEHASH - SHA256 55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "172.64.147.230 \u2022 Error401.txt", "CVE-2017-17215 | https://otx.alienvault.com/indicator/cve/CVE-2017-17215" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Colorado Government" ], "malware_families": [], "industries": [ "Healthcare", "Civil society", "Government", "Technology", "Legal" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-06-02T00:28:15.681000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "IPv4": 153, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10819, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "20 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-06-02T00:28:15.681000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "IPv4": 177, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11074, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "20 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f518b17a2558928eaae19d", "name": "Coordinated Vulnerability Disclosure \u2014 power.com", "description": "Per https://saviourr.org/uam-1.json \u2014 verify at https://saviourr.org/.well-known/security.txt", "modified": "2026-05-01T21:18:41.533000", "created": "2026-05-01T21:18:41.533000", "tags": [ "cvd", "iso-29147", "rfc-9116" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 24, "modified_text": "31 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692dfcfbe3557856e3cd3bc4", "name": "Anonymous sent a Threat- Zero Day to an Apple product", "description": "State of Colorado? \nZero day sent to targets phone from a false Intermountain MyChart reminder. Of course target doesn\u2019t have a MyChart. Intermountain doesn\u2019t use \u2018Epic\u2019. \nFollow up call by \u2018Intermountain\u2019 \u201cIs this Tsara?\u201d\n\u201cYes it is\u201d I\u2019d say the same if they asked for \u201cDua Lipa\u201d Yes. Si. Oui. Ja.\n\nWrap her up in a package of lies. Send her off to a coconut island. I am not worried, I am not overly . \n\nThreat:\n\u201cWe do not forgive. We do not forget. Expect us. HACKED!\u201d \n\nI\u2019m taking this very seriously as a death threat. You are doing the crimes. Stop hacking people just to take your regret out on them. \nAs per victim\u2019s legal claim it was agreed by both parties she would hire an investigator to uncover true hacker. \n\nVictims of crimes aren\u2019t charged to research cybercrimes. I don\u2019t work alone. |\n\nMultiple death threats , attempts, injuries , death. You\u2019re mad? \n\nQuasi governments initial plan: Wrap her up in a package of lies. Send her off to a coconut island. I am not worried, I am not overly concerned", "modified": "2025-12-31T17:02:04.243000", "created": "2025-12-01T20:39:23.946000", "tags": [ "pm mst", "reply stop", "secure", "samesitenone", "httponly server", "cfray", "ip address", "google safe", "results nov", "united", "windir", "openurl c", "prefetch2", "analysis", "tor analysis", "dns requests", "domain address", "contacted hosts", "msie", "windows nt", "wow64", "slcc2", "media center", "tls handshake", "search", "failure", "post http", "unknown", "trojan", "malware", "response", "gmt contenttype", "forbidden date", "gmt vary", "gmt etag", "deny", "vary", "network traffic", "hive", "target_tsara_brashears" ], "references": [ "https://mchrt.io/OaDiS--vvLULhoP9-ak", "172.64.147.230 \u2022 Error401.txt", "Error401.txt -> SHA256 d134ca025a6c63b2555200885d71cb6e61f8097cdfd7ecf13675b3df0c721797A", "https://otx.alienvault.com/otxapi/indicators/url/screenshot/https://mchrt.io/zviBxOFCAQJS13Uu--w", "FILEHASH - SHA256 55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "https://otx.alienvault.com/otxapi/indicators/file/screenshot/55d829336075705b1ac26f5300650b6030467123591ab265eeb04578a7c67a86", "We are a Legion We do not forgive. We do not forget.EXPECT US. HACKED! [Colorado State Government] 100%", "You are NOT Yaweh. He does forgive. He does forget. Expect HIM! SAVED \u2018He\u2019s coming again.\u2019", "\u2018God Does\u2019 Red Clay Strays \u2026 I know that God does but , I know that God does\u2026.", "CVE-2017-17215 | https://otx.alienvault.com/indicator/cve/CVE-2017-17215", "link.mail.beehiiv.com \u2022 beehiiv.com" ], "public": 1, "adversary": "Colorado Government", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Healthcare", "Technology", "Civil Society", "Legal" ], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1071, "domain": 176, "hostname": 285, "FileHash-SHA256": 284, "FileHash-MD5": 21, "FileHash-SHA1": 15, "SSLCertFingerprint": 7, "CVE": 1 }, "indicator_count": 1860, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "153 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "power.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "power.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780432424.3640776 }