IPMediumSignal 96/100
178.79.208.1
Location
United StatesTempe, Arizona
First Seen
Feb 23, 2023
Last Seen
May 24, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionTempe, Arizona
OrganizationEDGIO, INC
Feed Intelligence Summary
8 reports96% confidence
8
Source reports
96%
Confidence score
Category tags
aaaaabuseacademic institutionsacceptaccept encodingaccess controlaccount discoveryaccount hijackingaccount profilingaccount securityaccount takeoverace utilitiesacrongl integactiveactive relatedactive scanactive scanningactive threatadded activeaddressadobeadobe acrobatadobe cloudadobe crashadobe signadult content associationadwareaerospace & defenseaf81 httpage86400 setagentagent teslaaigakamaiasn1albertaalberta doctorsalberta health servicesalberta medical associationalberta ndpalberta ucpalbertandpalertsalexaalexa topalienvault_ransomwareall octoseekall rightsall scoreblueall searchallowallyameramerica asnamerica flaganalysis dateanalysis ob0001analysis ob0002analyzeanarchy panelanchor hrefsandroid fileanguillaapeaksoft iosapi blogappleapple id phishingapple iosapple phoneapple safariapplication developmentarchive exfiltrationargentinaarialartemisarticleartroarubaascii textashburnasiaasnoneasnone indiaasnone ukraineasnone unitedassign functionasyncratatlasattackaustraliaauthentihashauthorityautoautomated attackav detectionsawfulawsaylo premiumazorultazureadmyorgbackbackdoorbad actorbad reputationbank securitybankerbankingbanking trojanbarbadosbasicbazaarbcnt1best currentbinarybinary fileblack mercedesblacknet ratbloodbodybody lengthbody xmlboobs130432 novbookboomr functionboomrmq stringbootboth forensicsbotname httpbotnetbotnet activitybouvet islandbreast cancerbrian sabeybrowser securitybrute forcebrute force attackbulzbundledburmabusiness impersonationbusiness selectbutt piratesc2c2 communicationcachecache analysiscache controlcache entrycallback functioncalls processcanadacanada unknowncanvascapbgxzcapecapturecarolcatalog treecellebrite ufedcerts frameschaoscheck registrycheckin m1chi2chinachina telecomchina unknownchinesechromechrome cachecisacisa alertcisco umbrellacity of edmontoncivil servicescivil societyck idck idsck matrixck techniquesclassclick-based attackclosecloud infrastructurecloud service abusecloudflare abusecloudfrontcn notecnamecobalt strikecodecode executioncode injectioncom laudecomedycommandcommand & controlcommand and controlcommand decodecommand executioncommunication protocolcommunication technologiescompany blogcompromised credentialscomspecconnect careconnectcare albertaconnectorcontactcontacted urlscontent lengthcontent typecontrolcontrol ob0004control ta0011cookiecookie patentcopycopy md5copy sha1copy sha256corecorporate lawcosta ricacountrycountry codecovenent healthcreation datecredential accesscredential brute forcecredential harvestingcredential stealingcredential stuffingcredential theftcredit card servicescritical riskcrlfcrlf linecry killcryptcryptedcryptocurrencycryptocurrency threatscryptojackingcsc corporatectsucubacuraçaocus cnamazoncus cndigicertcus cnmicrosoftcus cnr3cyber criminalcybervolkcybervolkscybervolks ransomwaredane archiwumdane obrazudapatodark powerdark web activitydatadata accessdata cdata copyingdata encryptiondata exfiltrationdata leakdata manipulationdata sellingdata store exposuredata theftdata transferdatabase securitydch vddosddos attacksde indicatorsdeaddead hostdeath threatsdefamation campaigndefensedefense contractingdefense logisticsdefense systemsdefense technologydeletedelete cdelphidelphi genericdenmark as32934denverdesktopdetection b0009detection listdetections typedev0537development methodologiesdevopsdgadiamondfoxdigital mediadinkle threatdisplaynamedisruption of servicesdistributed attacksdll sideloadingdnsdns attackdocs pricingdoctypedofoildomaindomains domaindomains iidomains showdos exedos executabledotnetdotnet_crypto_obfuscatordownldrdramadroppeddropped connectionsdynadot incdynamicdynamic linkdynamicloadereb e1eb e8edge browseredgecast wedmonton police serviceseducationeducation sectoreducational resourceseducational serviceseducational technologyeduroamee fceggnogelectronic health recordself collectionemailsemotetempty hashencryptencryptionenergyenergy distributionengbenigmaenomentertainment technologyentityentriesentries peentryepic gameserrorerror codeetpro trojaneurodns saeuropeeurope/asiaeva lisaeva reimerevasiveevilexe32executable codeexecutable fileexecution attexecution t1547exif standardexpiration dateexpiroexploitexploit sourceexploitation activityexport viewextortionf0 fffacebook urlfactoryfake pinterestfalconfalcon sandboxfalsefamilyfastlyfastly errorfeebsfeebs wormfeeds iocff d5ff ffffssfilefileless malwarefilesfiles locationfiles matchingfinal urlfinancefinancial institutionfinancial servicesfinancial technologyfindfirstfivehandsflag unitedfloodflow t1574floydfolderfor privacyformformatsfoundfoundryfragtorfraudfraud servicesfrontftp brute forceg htppsgame designgame developmentgame publishinggameid0 httpgaminggaming industrygaming platformsgaming technologygandi sasgay mangay porngaz1geckogeneral fullgeneral infogenericgeneric malwaregeneric windosgeo-political event exploitationgeoipgermanyget h2get httpghostgif imagegiftglobalnpfgmbh versiongoldmaxgooglegoogle chromegoogle privacygovernment of albertagovernment technologygrabbergraphgraph communitygraph summarygriftergroupgvb gelimedhall renderhandshashhasheshashes fileshashes hasheshead microsoftheader intelheadershealth care and social assistancehealth information technologyhealthcare information systemshealthcare sectorhellokittyhellokitty ransomware activityhelphelperheurhiddenhidden formhighhigh processhigher educationhired hit menhistoricalhistorical sslhome welcomehong konghospital managementhostid echostnamehostname addhostname enumerationhours agohrefshtml documenthtml infohtml internethttphttp attackhttp brute forcehttp requestshttp responsehttp scannerhttpshybridianaiana idiana specialicannicons libraryidentity & access exploitationidentity theftids detectionsiframeillegalillegal activity allegationsimphashimphaszincorporatedindicatorindonesiainflight entertainmentinfoinfo compilerinfo headerinformation gatheringinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinjection attacksinjection t1055input validation bypassintelintellectual property lawintellectual property theftinternal nameinternet accessinternet of thingsiociocsiot botnetiot securityiot/ics attackipv4ipv4 addircirc botircbotirelandireland unknownit infrastructureit legalit4us cloneit4us ransomwareitaly unknownja3sjacksonjapan unknownjavascript zjeffrey reimerjeffrey scottjoin urljpegjpeg imagejsonjson dataju samak-12 educationk0pmbckdekevinkey algorithmkey identifierkey infokeyloggerkeyskgs0kgso activitykhtmlkidney cancerkittykls0klso activitykong asnl4ke.aff3ct.216lab commandlapsuslateral movementlaunchreslaw christopherlaw practicelayer protocollazaruslcc linkerlcidlearnlearn morelegal consultinglegal researchlegal serviceslegal technologylevellevel3librarylibrary exelink injectionlink libraryliveliver cancerlocallockbitlogicloginlogon autostartlogoslolkeklooklookup countrylostlotuslovelowfiltd dbalub ciekaplikulukelumma stealerlung cancermadangmagic htmlmagic pe32magnusmail spammermainmakopmalibotmalicious activitymalicious downloadmalicious file transfersmalicious linksmalicious powershell activitymalicious sitemalicious softwaremalwaremalware analysismalware distributionmalware droppermalware huntingmalware indicatorsmalware infectionmalware sitemanagemark brian sabeymark sabeymarkmonitormarkusmatches rulematomomaui ransomwaremediamedia & entertainmentmedia centermedia distributionmedical centermedical servicesmediummeistermelikamemory patternmemscanmetameta tagsmetadata analysismexicomicrosoft azuremicrosoft crmmicrosoft powermicrosoft teamsmikemile highmilehighmedia relatedmilitary operationsmillionmillion alexaminiministry of healthminiuser avatarmirai botnetmitremitre attmm28mobilemobile carriersmobile gamingmobile networksmobile securitymobile threatmodelmodule loadmonitoringmontano markmovedmozillampressms visualms windowsms wordmsiemsilmsnvhmultimedia productionmultiplugmusicmwdbmybotmydoomnamename md5name servername serversname tacticsname verdictnamecheap incnamed pipenation-state activitynational securitynazwa smyczkinazwapliku manetherlandsnetworknetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnextnext associatednginxnivdortnjratnlno datanone filenone relatednorth americanortonnsisntmzacntopenfile filenumbero tiresobserved emailoceaniaodigicert incofficeoil & gasoletopenopen redirectopen threatoperating systemoperating system securityos2 executableotx octoseekotx scoreblueoverlayp2404packed executablepackerpagepalantir doingpaq objectparent domainparent siblingsparisparking crewparking crew abusepassive dnspasswordpassword attackpassword attackspassword bypasspastepathpath maxpath traversalpatient carepattern domainspattern matchpayment processingpe resourcepe32 compilerpe32 executablepe32 linkerpe32 packerpegasuspejzaszperforms dnsperupetitepexeephiphilippinesphishphishingphishing attackphishing attemptsphishing campaignphishing paypalphishing sitephone hackingpicsyspiipiwikpleaseplease forgive meplease selectplugxpng imagepodcastpolandpoland based activitypoland unknownpolicies vpatpoppypornhubportpossible botnet activitypost-compromise activitypotential phishingpotential scanpower generationpower systemsprecreate readpremiumpresent aprpresent augpresent decpresent janpresent julpresent junpresent marpresent novpresent sepprivateloaderprivilege httpspro platformprobeproblemprocessprocess injectionprocesses treeproduct developmentprogram gatewayprostate cancerprotectprotocol exploitationprotocol h2protocol t1071protonproxyproxy activitypublic administrationpublic infrastructurepublic policypublic urlpulse httppulse pulsespulse submitpulsespulses nonepulses urlpushpythonq htppsq httpsqakbotqbotquad9 blockedquality assurancequasarquasar ratquasi governmentqueryraccoonstealerrally cryransomransomexxransomwareransomware infectionrapidrarratrat trojanrcmprcmp abrcmp kelownareadread creconreconnaissancerecord keepingrecord typerecord valuerecording industryredacted forredline stealerredlinestealerrefreshregistry domainregistry keysregistry runregistry techregulatory agenciesregulatory compliancerekhterrelated nidsrelated pulsesrelated tagsrelicremoteremote accessremote access attemptsremote access trojanremote servicesremoteurl marenewable energyreport spamreputation damagerequestresearchedresource hashresource hijackingrestartrevenge ratrevenue servicereverse dnsreverse iprgbarich periffrights reservedringqrisk managementrogersrole titlerolefunctionromaniaroot carootsrouterticon neutralrun keysrunning webserverrussiarussia unknownryukryuk ransomwares3 bucketsa victimsabeysafe sitesalitysammiesamplessarcomasay helloscamscams & fraudscan endpointsscanning activityscanning hostschemescott reimerscriptscript domainsscript scriptscript urlsscripting attackssea altsea pseaborgiumsearchsearch livesecurity policysecurity tlsselfsend feedbackserverserver caserversserviceservice abuseservice disruptionservice privacyservice scanservice statusserving ipseznamsha2 secureshell codeshellexecuteexwshop tiresshowshow techniqueshowingsiblings domainsibotsimda httpsint maarten (dutch part)sitesite safesite topsizeskin cancerskynetslcc2slo privacyslovakiasmart searchsmlensmoke loadersmokeloadersnatchsocial engineeringsocial engineering attacksocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware testingsolvesouth americasouthwest wifisp6 buildspamspansparkspawnsspeedspsfsbspy cvesqlisqli dumpersrsplusssdeepssdpssh attackssl certificatestack stringsstartupstartup folderstatusstatus codestatus pagestealerstealthstealth techniquesstolec kradniestreamstreaming servicesstringformatstringformatdotstringsstrongsubjectsubject keysubject publicsuitesummarysummary iocssummersuricata ipv4suricata udpv4surveysuspsweetheartvideo relatedswipperswisynsyn scansystemsystem disruptionszybki startt matrixt1003t1005t1007t1012t1014t1016t1018t1021t1021.001t1027t1030t1031t1033t1036t1040t1041t1045t1046t1046 sendst1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.007t1060t1063t1064t1068t1069t1069.001t1071t1071.001t1071.004t1076t1078t1082t1083t1086t1087t1089t1090t1095t1096t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1119t1129t1133t1134t1140t1143t1189t1190t1192t1197t1203t1204t1204.001t1204.002t1205t1210t1218t1221t1480t1485t1486t1490t1491t1496t1497t1499.001t1499.002t1499.003t1518t1542t1547t1553t1555t1562t1562.001t1563t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1568t1569.002t1573t1574t1583t1587.001t1589t1589.001t1590t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.003t1602t1602.001t1619ta0007 networktag counttags nonetaobao networktargettargeting databasetargetstargets satcp scantcpipteams apitekst asciitelecom grouptelecom servicestelecommunicationstelnet threattelustemptest zgodnocitherahand thouroughhandthird-party compromisethird-party vulnerabilitythreatthreat actorthreat actor: unknownthreat analyzerthreat groupthreat networkthreat preventionthreat reportthreat roundupthreat scoretiff imagetirestires languagetitletitle addedtitle shoptofseetoggletoolstor nodetotaltotal commandertraceback mantrang chtreaty 6treaty 7treaty 8tree linkstreece alfreytrid filetrid win32trinidad and tobagotrojantrojan malwaretrojandroppertrojanspytruetsaratsara brashearsttl valuetulachtwittertypetype indicatortype nametype typetypes oftzw variantsualbertaudp scanukraineunauthorized accessunicodeunicode textuniqueunitedunited arabunited kingdomunited statesuniversity of calgaryunixunknown nsunruyunsafeunsafeevalupackupgradeurlsurls httpurls httpsurls urlursnifus careersuser agentuser data analysisuser executionusgs impersonationuss cusvwusvwuutc submissionsutf8 textv3 serialvaluevarious threatvbsvbscript malware archivevendoverifyversionvgt.pl relatedvhashvidarvideo gamesvirgin islandsvirgin islands, u.s.virtoolvirtual machinevirusvisiblevithg1vp8 encodingvt graphvulnerability scanvwdzfew przypadkuwannacrywarningwcry ransomwarewealth managementweb application attackweb application attacksweb application exploitationweb exploitationweb securityweb trafficwebp imagewebsite compromise attemptwebsite injectionwestlaw njratwhaszwheels onlinewhoiswhois domainwhois lookupwhois recordwhois whoiswifiwifi accesswifi hotspotwifi internetwin.worm.eggnog-6win16 newin32 dllwin32 dynamicwin32 exewin32 malwarewin32/madang.awin32/phishbank.awin32:multiplug-adlwin32mydoom febwin32mydoom novwindirwindowswindows 11windows doctorwindows malwarewindows ntwindows sandboxwindows serverwindows wgetwiperworkers compensationwormworm.picsyswornwritewrite cwykrycia yarax cachex85bxa1px92xacxc2x84xportxserveryarayara detectionsyara ruleyouthyuv colorz bardzoz terminatoramizbotzero trustzfglddkl58a urlzip archive
Activity Timeline
May 24May 24
Threat Activity Heatmap
· Peak: 2026-05-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
8
Reports
First seenFeb 23, 2023
Last seenMay 24, 2026
GeolocationUS
CountryUnited States
LocationTempe, Arizona
OrgEDGIO, INC
Coords33.4281, -111.9400
VirusTotal
Not checked
WHOIS
- description
- Here is the full text of Yomi's Verdict, which was sent to the BBC by the MITRE team and is now available to view via the web browser, via iPlayer, £1.
- raw
- inetnum: 178.79.192.0 - 178.79.255.255 netname: US-LLNW-20100512 geofeed: https://geofeed.llnw.net/ country: EU country: SE country: DE country: NL country: GB country: ES country: FR country: IT org: ORG-LNI1-RIPE admin-c: SK15192-RIPE tech-c: SK15192-RIPE status: ALLOCATED PA remarks: ****************** ABUSE COMPLAINTS TO: [email protected] remarks: Geofeed https://geofeed.llnw.net/ mnt-by: RIPE-NCC-HM-MNT mnt-by: LLNW-MNT mnt-domains: LLNW-MNT mnt-routes: LLNW-MNT created: 2010-05-12T16:20:38Z last-modified: 2023-02-13T14:19:10Z source: RIPE # Filtered abuse-c: LAD36-RIPE organisation: ORG-LNI1-RIPE org-name: EDGIO, INC. country: US org-type: LIR address: 222 South Mill Avenue address: 85281 address: Tempe, AZ address: UNITED STATES phone: +16028505095 fax-no: +16020000000 abuse-c: LAD36-RIPE mnt-ref: LLNW-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: LLNW-MNT admin-c: SK15192-RIPE created: 2005-05-06T10:01:10Z last-modified: 2023-12-13T09:19:56Z source: RIPE # Filtered person: Shawn Kleinart address: 1465 N Scottsdale Rd, Suite 400 phone: +1-602-850-4845 nic-hdl: SK15192-RIPE mnt-by: LLNW-MNT created: 2021-10-20T18:49:25Z last-modified: 2021-10-20T18:49:25Z source: RIPE
- references
- https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb, https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs, https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649, https://www.virustotal.com/graph/ge00e0cc424f8420d878fabdd7d541850f535dfea47f347caa73aed03e026b370, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3, https://www.virustotal.com/graph/embed/gd8e70aa0638046c8af997e3e7fe529f1cfe2a121f5ca473880544f95a17eb56e?theme=dark, https://www.virustotal.com/gui/collection/7b031642a30f1ee179e901d885a09c9e285273ad8a0605f08b84e81b4f715ea3/iocs, https://tria.ge/240930-t6zdtsvfmk, https://mwdb.cert.pl/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://jaffacakes118.dev/analysis/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://tip.neiki.dev/file/382eccd545c69bcf07e9b7b73701bd2bea707c58452cb108f99d3f541545b86b, https://www.virustotal.com/graph/g32c95818bb21491ba46825aac40fa4ca7c9f5cd230f54823b87177ab146f1aaa, https://viz.greynoise.io/analysis/22d66e7a-1cba-4f35-b81c-cb7b06, https://theravenfile.com/2025/04/10/hellokitty-resurfaced/, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List, https://www.virustotal.com/graph/embed/g84ffb59887f04fb18800730c719885ee47fb3550b0424eb0abfba8008d7d068f?theme=dark, https://detect.fyi/cybervolks-ransomware-ad38134b1b0a, https://www.virustotal.com/gui/collection/5f828f87e081a432bcbd5a04e653cbd0764c40a1474b88a5c8630d54f62963dc/summary, https://www.virustotal.com/gui/collection/7438ef9bc55a0f42ddb6db4c0613b4ff4e9f00d5c0edd4759f5d0b1446fd9bd3/graph, Project Endgame - pegausintel.com -Unsjre if related to NSO Group, Antivirus Detections: ALF:HeraklezEval:Rogue:Win32/FakeRean, Yara Detections: compromised_site_redirector_fromcharcode , Cabinet_Archive , SFX_CAB, Alerts: infostealer_cookies persistence_autorun recon_programs recon_fingerprint removes_zoneid_ads anomalous_deletefile, P’s Contacted: 93.184.221.240 3.33.130.190 | Domains Contacted: counterslocal.com, compromised_site_redirector_fromcharcode fromCharCode, Interesting Strings: http://www.interoperabilitybridges.com/wmp http://crbug.com/40902 http://crbug.com/516527, Interesting Strings: http://service.real.com/realplayer/security/02062012_player/en/, Interesting Strings: https://support.google.com/chrome/?p=plugin_pdf, https://support.google.com/chrome/?p=plugin_quicktime https://chrome.google.com/, Interesting Strings: http://schema.org/GovernmentOrganization https://support.google.com/chrome/?p=plugin_java https://crbug.com/593166, Pdf.Phishing.TtraffRobotInstall-7605656-0 00004feb58be42ba1bd506ea89f90c5e1d83e6e1fb84841931949a454b0bb539, Antivirus Detections Cryp_Xed-12 , Mal/Generic-S , Packed/Upack Yara Detections Upackv039finalDwing , UpackV037Dwing, https://pin.it/ | https://www.anyxxxtube.net/search-porn/tsara-brashears/, https://www.anyxxxtube.net/search-porn/tsara-brashears/, https://www.virustotal.com/gui/collection/214d66e7fff860079a91b06f1afd20d5b7c252688e60a5cf0f3042e306a2dc83/summary, https://www.virustotal.com/graph/embed/g3895e842beb845c2b0c70bf413d327edd588233cf21b43de92e6f75967db41e6?theme=dark, https://www.virustotal.com/gui/collection/214d66e7fff860079a91b06f1afd20d5b7c252688e60a5cf0f3042e306a2dc83/iocs, https://www.virustotal.com/gui/collection/81d4d6a6d5b649a3d2e736918f5977067c947572d72adf68167d61b217d7a7b9/summary, https://www.virustotal.com/graph/embed/gc3a6dc62b46646e9931672b5a15fd962bc485d3db8bb461e8387c1488f76c04f?theme=dark, https://www.virustotal.com/graph/embed/gacb9519e222d42bd9826f8dc9b094136489ec51c3f084f4a9daea19e7603587d?theme=dark, https://www.virustotal.com/gui/collection/81d4d6a6d5b649a3d2e736918f5977067c947572d72adf68167d61b217d7a7b9/iocs, https://www.virustotal.com/gui/collection/81d4d6a6d5b649a3d2e736918f5977067c947572d72adf68167d61b217d7a7b9/graph, https://www.virustotal.com/gui/collection/4d39a5a213fa98a1f239a7b835c1e602f95d74d8da8f1bb524588d94549c1462/iocs, https://www.virustotal.com/gui/collection/4d39a5a213fa98a1f239a7b835c1e602f95d74d8da8f1bb524588d94549c1462, https://www.virustotal.com/gui/collection/4d39a5a213fa98a1f239a7b835c1e602f95d74d8da8f1bb524588d94549c1462/graph, https://www.virustotal.com/graph/embed/g6973da6bf569466684b319eca60fbbfa1a1d5dda9fb341e0847c60bba73e1512?theme=dark, https://www.virustotal.com/graph/embed/gd18d88e068b641ce8fc47ac76c2b6909a9991c1969244750b4b9de9e83562c47?theme=dark, https://www.9xiuzb.com/activity/activity_pcunion?piusr=t_420, tracking.epicgames.com | epicgames.com | https://www.epicgames.com/id/activate, Conneted to Network: [email protected] | milesit.com | milestechnologies.com | info.milestechnologies.com | www.milesit.com | www.milestechnologies.com, Conneted to Network: http://seed.wavebrowser.co/seed?osname=win&channel=stable&milestone=1 | f16ac036e3.nxcli.net, Conneted to Network: https://getconnected.southwestwifi.com | www.coloradoltcpartnership.org, https://otx.alienvault.com/otxapi/indicators/file/screenshot/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b, https://otx.alienvault.com/otxapi/indicators/file/screenshot/233e5b27962a141061eff04ae07699d1a2faa8d47077a2da31770a5f59327ee3, https://otx.alienvault.com/indicator/file/58d35aa65e820e83be595049b9e5a223ffb1f5f9111b64ccdd2622479cda9e1b, https://otx.alienvault.com/otxapi/indicators/file/screenshot/f0d38614f706da3a08acdf7188eac139a352621ccada40e5e22d191412acc357, Phone purchased for target by a 'self-proclaimed' W/F PI from Lakewood, Colorado w/o consent/prior knowledge. PI fitful, so target paid for phone., Found claims PI was a hacker. Brother a hitman. Verbalized non-specific affiliation w/City of Lakewood. Refused to provide target phone passcode., Target admits to ignoring major signs: 'PI' called just before request submitted.Spent hours researching & denouncing targets former 'questionable 'PI, 'PI' feigned high concern for target, begged her to meet at 10 P.M. Target refused. Target states she will only meet in safe public spot in daylight., 'PI' arrives in separate car w/unseen veteran. Points out DV LP to target , states he's not with her. Leads target to restaurant 'to talk'. Stays awhile., 'PI' orders 2 meals. Leaves restaurant a few times. Talks about troubled mother w/medication addictions. Incredibly emotional vowing to be better., Emotionally demands disabled target cash advanced to pay all bills. Denies formerly alleged abilities & skills, still wants $1500 for 4 hours of nothing., Of note: Alleging Federal Investigator calls target. Found her in Bark? No. He asks for $4G to relocate target in 2 days provide hacker secured iPhone., 'PI' claims to have information. Sends picture of who he claims is attacker now millionaire owner of Mile High Sports & Rehabilitation. Asks if she knew., Target knows nothing about assaulter. Chicago Fed text photo for target to confirm identity of attacker. Be sends a photo of Dr. John T. Sasha., Target was treated by Dr. Sasha, was not assaulter. Target relays Law Firm dropped her as she refused to include Sasha in Injury claim., Goal to present targets case, blame & have Sacha removed by board of Colorado attorneys. Widely known firm angrily begins misconduct in her case., Fed alleged if Sasha was in cahoots she could get millions. Target again refused. Alleging Chicago Fed contends be needs to move her 50+ miles., Fed lost interest after satisfied Sasha wasn't of interest. Target interest to rid self of hackers and stalkers. Inundated with calls from fake PI's., Colorado doesn't require a PI licensure. That's a major problem as many stalkers, malicious hackers & the ruthless are drawn to this occupation., Metro T-Mobile refuses refund. Allows target to store phone with them in resealed box. When retrieved box opened and tampered with., Issues: Target contacted a single PI from a very compromised device, received sealed as gift from trusted person via provider. Others contact her., I know this isn't a blog. If someone is targeted, every device will be compromised. It's the goal of the attackers. Unwarranted bounty found., Law enforcement aware and assure target in person she's not a suspect in any crime is Colorado or nationally. All DA's, law enforcement PI's check., You can either have a runner or become a hacker. Only 2 choices for targeted individuals. Target needs to become ethical hacker or ethical grey hat, Purple teamer., Device security reset temporarily before epicgames[.]com a resource being used attempted to self download. Relentless..., Self whitelisting tool, domains moved within nginx., cliconfg.exe, Tulach Malware- 114.114.114.114, nr-data.net [Apple Private Data Collection], Ransomware: addons-dev.adobe.com • FileHash-SHA256 289ce6fa2a3d57905c91bcef6d76946f78a4300030f8e8ca7abb868efda9d759 [lhdfrgui.exe], CS IDS Rules: ATTACK [PTsecurity] Unimplemented Trans2 Sub-Command code. Possible ETERNALBLUE (WannaCry, Petya) tool, CS IDS Rules: INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry, CS IDS Rules: OS-WINDOWS Microsoft Windows SMB remote code execution attempt, CS IDS Rules: ET EXPLOIT ETERNALBLUE Probe Vulnerable System Response, CS IDS Rules: ATTACK [PTsecurity] Metasploit MS17-010 ETERNALBLUE Exploitation (CVE-2017-0144), CS IDS Rules: ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spra, CS IDS Rules: ET MALWARE Possible WannaCry DNS Lookup 1, CS IDS Rules: ET DROP Spamhaus DROP Listed Traffic Inbound groups 9, 13, 14, 29, CS IDS Rules: OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt, CS IDS Rules: OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt, CS IDS Rules: ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection, CS IDS Rules: Destination IP: 203.26.160.24 Destination port: 445 Rule references • https://doc.emergingthreats.net/2001569, CS Yara Rules: WannaCry_Ransomware from ruleset crime_wannacry by Florian Roth (with the help of binar.ly), http://remotewd.com/ (Offline Hostname) Apple ID phishing | Downed malware, 192.168.122.29 | http://datatracker.ietf.org/doc/rfc1918 | Login Admin • Router Network, 192.168.122.29 | Private IP addresses in trace route, Route →116.233.0.0/16(Route of ASN), Related : https://otx.alienvault.com/indicator/domain/remotewd.com, workers.dev [extraction • GET request attack], ddos.dnsnb8.net [command_and_control], www.supernetforme.com [command_and_control], https://www.trendmicro.com/en_us/what-is/ransomware/ryuk-ransomware.html, http://www.supernetforme.com/search.php?q=2075.2075.300.4096.0.756ae987de3398fb3871e5916bf6fa3ea748bb384f297c252a6a6c52397bb6be.1.399198437 [phishing • python], https://www.milehighmedia.com/legal/2257 [Brazzers Porn Virus Network • Data collection • phishing], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ phishing • virus network • Apple data collection ], CVE: CVE-2023-23397, 0-129-112027imap-intranet-pv-175-166.matomo.cloud, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [iOS password decryption • unlocker], https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512, https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017, https://twitter.com/PORNO_SEXYBABES, sex-ukraine.net, http://ww38.hardsexxxtube.com/scj/thumbs/295/196_teen_Megan.jpg • humani-teens.com, feedercontroller.webcrawlingeap-prod-co4.binginternal.com, accessoire-telephones.fr • bks-tv.ru [telecom] • coltel.ru [telecom] • ceptelefondata.com.tr [data collection • USA] ts-astra.ru [telecom] wifi.ru, nexus.b2btest.ertelecom.ru, Virus Network: 192.229.211.108 | Tracking: http://d1ql3z8u1oo390.cloudfront.net/offer.php?affId=7512&trackingId=433313787&instId=7584&ho_trackingid=HO433313787&cc=DE&sb=x64&wv=7sp1&db=InternetExplorer&uac=1&cid=bcbaa53dffa0965e557319f4f2155088&v=3&net=4.8.03761&ie=8.0.7601.17514&res=800x600&osd=151&kid=hqmrb21boa4c9c32d7k, Tracking: trackyouremails.com • https://adservice.google.com.uy/clk, http://micrologin.ogspy.net/track/dhl-information-contact.html, https://side3.com/, https://www.side3.com, http://koshishmarketing.com/mo8igygw3uv/t4z68181/ [malware_hosting], http://l2filesget.com/horyuclassic/updater/Launcher_Horyu_Classic.exe [malware_hosting], http://fillmark.net/index.php [phishing], https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [phishing], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing], www-temp.metrobyt-mobile.com [malicious | data collection], www.icloud.com [wp-login.php], webdisk.thehomemakers.nl [spyware | tracking], https://tulach.cc/ [phishing - malware engineers. Malware commonly associated with m.brian sabey of hallrender.(.)com [malware hosting/attacking legal team], URL https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [OS & iOS password cracker] | 136-186.pornhub.org, cs9.wac.phicdn.net.1.1.e64a8639.roksit.net, www.anyxxxtube.net [malicious data collection], s3.amazonaws.com [targeting data collection], https://twitter.com/PORNO_SEXYBABES | https://otx.alienvault.com/indicator/url/https://www.anyxxxtube.net/search-porn/a-m-c-ate-xxx-videos/, nr-data.net [Apple Private Data Collection] | 67.199.248.12 [apple data collection IP], api.utah.edu [access apple], https://applemusic-spotlight.myunidays.com/US/en-US? [access to vulnerable or targeted devices via media], tv.apple.com, 104.92.250.162 [Apple image scanning IP] || appleid.com [insecure. other users], andrewka6.pythonanywhere.com [python connection - apple], http://l2filesget.com/horyuclassic/updater/system-eu/EnchantStatBonus_Classic.dat.lzma, https://www.picussecurity.com/resource/unc2452-nobelium-threat-group-attack-campaign, sonymobilemail.com, https://onhimalayas.com/ckfinder/userfiles/files/jafufedopegagedolabib.pdf, pegahpouraseflaw.info, http://mouthgrave.net/index.php, ransomed.vc, Intellectual property accessed and distributed, https://www.healthonecares.com/locations/presbyterian-st-lukes-medical-center/physicians, https://www.hybrid-analysis.com/sample/63bf920be2401947bd686d7dd146af7f3e56800409307360105bf50cebb1c1ea, www2.megawebfind.com [command and control], http://ifdnzact.com/?dn=megawebdeals.com&pid=9PO755G95 [ phishing], 20.99.186.246 [exploit source], https://www.healthonecares.com/locations/presbyterian-st-lukes-medical-center/physicians/ [heuristic], Win32:RATX-gen [Trj] identified., CS Sigma Rules: Shadow Copies Deletion Using Operating Systems Utilities by Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades), CS Sigma Rules: Disable UAC Using Registry by frack113, http://45.159.189.105/bot/regex [ tracking | botnet], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [Password cracker | Patient being tracked through multiple medical systems], 0-173-x.msn.com | https://twitter.com/PORNO_SEXYBABES | 0-3.duckdns.org | 0-212.pornhub.org | 000web.pornhub.org, https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing], CS Sigma Rules: Wow6432Node CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), Remote Access Trojan, prometheus.43002.maintenis.com, appleid-secure-login.com, adsl-074-168-130-217.sip.pns.bellsouth.net, https://www.crccolorado.com/dr-adam-sang, CS IDS Rules: MALWARE Possible Compromised Host, CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz, CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt, CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses, CS IDS Rules: ET AnubisNetworks Sinkhole Cookie Value btst, http://www.defi-realty.com/jem9/ [phishing], http://45.159.189.105/bot/regex [phishing | tracking], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing | data collection| browser vulnerability], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption], https://www.sentinelone.com/blog/going-deep-a-guide-to-reversing-smoke-loader-malware/, https://attack.mitre.org/software/S0226/, http://watchhers.net/index.php. [ data collection], remotewd.com, https://remote.krogerlaw.com, device-local-7e6b3aa6-e3de-4e8f-9213-9f15c92d1d81.remotewd.com, www.pornhub.com [password decryption], www.supernetforme.com [CnC], ddos.dnsnb8.net [CnC], http://happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg [phishing], http://amaiorpascoadetodas2.com/cgi-sys/suspendedpage.cgi?smart-tv-led-55-samsung-55ru7100-ultra-hd-4k-com-conversor-digital-3-hdmi-2-usb-wi-fi-visual-livre-de-cabos-controle-remoto-%C3%9Anico-e-bluetooth-&skullid=539293743, http://url7639.ascglobal-email.com/wf/open?upn=HDu-2BON2WuckNVJ2U1s3AlMizU2CbfEvFl7S9TXTdQm2nLS-2F0QX6mc4PxuUDVyCyIzMeTvJRSiC633rEV-2B8mukshW0CHiC-2FvQOWOgJR6RGOtzDWutJV4OtjBHGduMDUigvEESSJQD8KXk1UU3bXtRdyd7QpBC-2F7Ti-2Bq6tNr1C4yz-2FXcUbYvtJX4ip5d5t5eXud233BW97tdcojPu0yKWZ0Zm2DyXbj1RIwt-2FO0RcYLC7feNtrpw6OxBd8r4Tc3uHoT7Z9NFErDUBbBuYpsze-2FiBRziGeeMExS5l82Xna4au56co0IdOcfscmwGtC-2BxD3xiJW4v560wXMZQU0G9hqqPVeYTnwZwyfebBz1KLSW-2BIJtHMF6DCNHhatvrb3WM84-2BGpgCxOK1dFKPiKsmPzSc-2BdCAO9BzU3K6G7EaDYNu2cRHdGmat-2BCJs, https://darkforums.me/Thread-Check-Any-Indian-Vehicle-Owner-Details-home-address-phone-number [Whoa Nelly!], https://us-bankofamerica.com/PhoneVerification.php/, http://www.w3.org/TR/html4/loose.dtd | www.w3.org [collection], http://dl.ariamobile.net/mobile/2008.10.a/applications/My_Phone-v2.01-S60v3-[wWw.Ariamobile.Net].zip, http://iphones.email [redirection chain], *Patient PII & PHI at critical risk, google.com.uy [Google search browser, masked, links to malicious porn malware spreader, malvertizing, collection host], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [ iOS unlocker & password cracker], toolbarqueries.google.com.uy, Game-Version-Update.exe, File: 2373aaec6f38bb129aab12741f2d8be237e0629db1f50206bae0ebefd959815a, history.ie, Yara ruleset match: Windows_API_Function by InQuest Labs, registry-commander.exe, password-recovery-tools-2012-professional-trial.exe, https://www.anyxxxtube.net/search-porn/tsara-brashears/ [how could this be in everything!?], https://www.anyxxxtube.net/media/favicon/apple, https://mail.greycroft.com/owa/redir.aspx?SURL=zRgJdPcEmzMcui5aPZuMhrMWFaQp7UWJt7B48ki50f3tl7bBVhrTCGgAdAB0AHAAcwA6AC8ALwBpAHQAdQBuAGUAcwAuAGEAcABwAGwAZQAuAGMAbwBtAC8AdQBzAC8AYQBwAHAALwBhAG4AaQBtAGEAdABpAGMALQBiAHkALQBpAG4AawBiAG8AYQByAGQALwBpAGQAMQAwADUAMgAzADcAOQAxADUANAA_AGwAcwA9ADEAJgBtAHQAPQA4AA..&URL=https://itunes.apple.com/us/app/animatic-by-inkboard/id1052379154?ls=1&mt=8, https://mediacherry.space/vn/vb/wheel/?key=eyJ0aW1lc3RhbXAiOiIxNzA0ODcwMzc2IiwiaGFzaCI6ImI5OWQ3ODQ3NTIyMDA5NTBmNmRiODY1NmUxNWY5YWMyZTc3MGExMTcifQ==&ccc=VN&ppp=PropellerAds:Popunder&tdom=www.a1000.online&zoneid=6534225&bemobdata=c=2f8cb72d-d2e6-4570-b258-aeb3acc53b24..l=6d25aa09-cccc-4797-aef4-7aa11d1e0dcb..a=0..b=0..z=0.000035..e=768844675632074752..c1=6534225..c2=7541054..c3=VN..c4=wireless..c5=viettel_mobile-vn..c6=other..c7=chrome..c8=27..c9=viettelcorporation..c10=Mozilla/5~BEMOB_DOT~0(Linux;Android10;K, device-local-bf56eb52-6fc6-435b-aadb-9fa1dd89702c.remotewd.com, https://www.virustotal.com/gui/url/76b30b054701dd52394b91dd11937fefc8888994ee214f02d22ebc2c8cb7e057/summary, CVE-2017-0147, https://otx.alienvault.com/indicator/cve/CVE-2017-0147, https://www.virustotal.com/gui/url/9fa23b2600cf067195442b801633ec4e67e17d0b0e807561cd6001808a8930bf/summary, 114.114.114.114 - Tulach Malware, Targeting, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian, tsarabrashears.com, https://pin.it/ malicious Pinterest redirect targets Tsara Brashears, sweetheartvideo.com, https://www.sweetheartvideo.com/tsara-brashears/ [Tracking & BotNet campaign], www.dead-speak.com, Certificate Subject CN=brazzerspesonals.com, http://r3.o.lencr.org, 156.254.243.90 [cnc] Unix.Trojan.Mirai-6981169-0, Mirai: a90557a4165401091b1d8d0132465170475508f810e7a5c7f585c17c2120447 ELF:DDoS-S\ [Trj], 104.247.75.218 | [cnc ], www.governmentattic.org [privilege: malicious malware downloading], https://www.adultforce.com/ [malvertizing Tsara Brashears], https://hybrid-analysis.com/sample/3fb8f0af07a9e94045be0f592c675e4f6146c95523f1774bc03f8eb5cf8c7d4e/65951c3d58467c9eb00f69dc, https://cellebrite.com/en/commander/, https://hybrid-analysis.com/sample/9c664935c8b82101733515e488e990d3c2db4b2594b0e427d01147e50953906e/658df4ed7644098eee08e1a4, https://otx.alienvault.com/pulse/650f714b099ee92d73840f63, https://otx.alienvault.com/pulse/650361b276a56506778d9231, https://otx.alienvault.com/pulse/65036040d3847fa5df0b8496, https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy, https://www.virustotal.com/gui/url/d59f52d614f880192a2a31417a1922d7572332bf891783dbd3124654a07e36e7/community
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 21 days ago
Appeared in 8 threat reports