Sign in  

Jilly Juice - Jillian Epperly

Sharing is caring! Having problems with Jilly Juice - Jillian Epperly? Use ScamPulse to make a complaint

Jilly Juice - Jillian Epperly Reports & Reviews (8)

Report

Pseudo-Science Subject: JillyJuice
Subtext: Sodium Poisoning
Bad Actor: Jillian Mai Thi Epperly
Rogue Website: JillyJuice[]com
Tradecraft: Trojan.PDF.Agent
SHA256 Hash: 965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9
Topics: Racketeering, Computer Fraud and Abuse, Conspiracy, Quackery, Health Fraud, Deceptive Practice.
Tools used for Secret Knowledge: Falcon Sandbox, Blacklight, Virustotal, Cornell University
Smoking Gun Proof: https://www.hybrid-analysis.com/sample/965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb95... />
Consumer Protections:
https://www.amazon.com/Jilly-Juice-Protocol-Weaponized-Mainstreaming/product-rev... /> https://www.amazon.com/product-reviews/1716943590/ref=cm_cr_arp_d_viewopt_srt?ie... /> https://www.buzzfeednews.com/article/nidhisubbaraman/facebook-jilly-juice-cabbag... /> https://www.nzherald.co.nz/lifestyle/news/article.cfm?c_id=6&objectid=12138355 /> https://www.buzzfeednews.com/article/nidhisubbaraman/poop-cult-jilly-juice-ftc-w... /> https://www.wwlp.com/news/entertainment/dr-phil-jilly-juice-claims-to-cure-cance... /> https://www.nhs.uk/conditions/leaky-gut-syndrome/
https://www.bbb.org/us/oh/canton/profile/health-and-medical-products/jilly-juice... /> https://montrealgazette.com/opinion/columnists/the-right-chemistry-beware-of-sel... />
Youtube Page:
https://www.youtube.com/user/maithimouse
https://archive.is/wxVTR

FACEBOOK:
https://archive.fo/https://www.facebook.com/JillianEpperly
https://www.facebook.com/JillianEpperly

This is a file compiled on Jillian Mai-Thi Epperly.
Background Information is also inserted into this file.
Website Reviews:
https://www.trustpilot.com/review/jillyjuice.com
https://www.sitejabber.com/reviews/jillyjuice.com

Consumer Fraud Collection:
https://archive.li/https://www.facebook.com/exposingtheliescandidaweaponizedfung... />
FACEBOOK:
https://archive.fo/https://www.facebook.com/JillianEpperly

WOT Score Card:
https://www.mywot.com/scorecard/jillyjuice.com

BBB Reviews:
https://www.bbb.org/us/oh/canton/profile/health-and-medical-products/jilly-juice... />
Whois Record for Jillyjuice[dot]com
https://whois.domaintools.com/jillyjuice.com

Virustotal Passive DNS Replication
https://www.virustotal.com/#/ip-address/162.144.36.65

Product of a Honeypot Token On Jillian's Website, Email and other things below. A Scam-Baiting/Social Engineering method was used in order to extract the entire layout of where her server is and the IP's in which Email is sent. This reverse engineering analysis also shows that Jillian deceptively tampers with EXIF Metadataa to give a false impression to her viewers about her photos that she takes of herself. She used Adobe Photoshop to cloak adverse health effects on her own body from her lethal health hazard.
--------------------------------------
Received: from server.jillyjuice.com (server.jillyjuice.com [162.144.36.65])
by node6 (Haraka/2.8.16) with ESMTP id 55385CCF-E87B-4B53-85B4-3F6180D659BC.1
envelope-from ;
Tue, 7th Apr 2018 15:10:34 -0900
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=jillyjuice.com; s=default; h=Content-Type:MIME-Version:Message-ID:From:Date
:Subject:To:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=697w/BkQw+V/7dBrMBg354Onr0pXoGZ0fmyZm/7g0Wg=; b=DbtlbzwGlVStPCmLPTz4tvThC2
HdnpfK8s/M7xbE0SmsgFKhgFQREAZtK3ETEVIfAgsl7Kpc7YJvY04+1DXVsmiTv6u/cq88DjLGndc
k1esD8gJXUceGjgcePDnwkpl1uFQdNWDvB124Kez8GnbUQHc7aPf4+5/siN8ouvFhtiaB90NhpTUb
UKoN5Ng2nG6mF4MpGUHk0l5RGfHMbcl5RPSwiyHd1OwC3qIvYvNIAYriPWjASfXGYXRyOcaDriMsC
AOpdrj3GCtBdCpky66LBVjryW4PgeW0zZG97qnAaQBvBSO+wlaElsvmg7lQ6AiC0QVuQ9lIIielVl
kA//o2Mg==;
Received: from jillyjuice by server.jillyjuice.com with local (Exim 4.91)
(envelope-from )
id 7kD9Rs-12378fg-2W
for [email protected]; Tue, 22 Feb 2018 04:35:51 -0600
To: [email protected]
Subject: Thank you for registering for Jilly Juice LLC
X-PHP-Script: www.jillyjuice.com/index.php for 162.144.36.65, 167.114.101.64
X-PHP-Originating-Script: 500:class-phpmailer.php
Date: Tue, 22 Apr 2018 12:17:45 +15748
From: WordPress
Message-ID:
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-AntiAbuse: Primary Hostname - server.jillyjuice.com
X-AntiAbuse: Originator/Caller UID/GID - [500 500] / [47 12]
X-AntiAbuse: Sender Address Domain - server.jillyjuice.com
X-Get-Message-Sender-Via: server.jillyjuice.com: authenticated_id: jillyjui/from_h
X-Authenticated-Sender: server.jillyjuice.com: [email protected]
X-Source: /opt/cpanel/ea-php70/root/usr/bin/php-cgi
X-Source-Args: /opt/cpanel/ea-php70/root/usr/bin/php-cgi /home/jillyjui/public_html/index.php
X-Source-Dir: jillyjuice.com:/public_html

Output complete without errors.

IPTC

Coded Character Set = 27, 37, 71
Record Version = 0
Original Transmission Reference = uln6HNN0xcq_Qm6Wvs8Z

IPTC Core (Adobe XMP)

Expand All / Collapse All / Show/Hide XMP Source / Show/Hide XMP Legend
EXIF IFD0

Image Width {0x0100} = 720 pixels
Image Length {0x0101} = 720 pixels
Bits Per Sample {0x0102} = 8,8,8
Photometric Interpretation {0x0106} = RGB (2)
Picture Orientation {0x0112} = normal (1)
Samples Per Pixel {0x0115} = 3
X-Resolution {0x011A} = 72/1 ===> 72
Y-Resolution {0x011B} = 72/1 ===> 72
X/Y-Resolution Unit {0x0128} = inch (2)
Software / Firmware Version {0x0131} = Adobe Photoshop CC 2017 (Windows)
Last Modified Date/Time {0x0132} = 2018:05:21 12:45:05

EXIF Sub IFD

EXIF Version {0x9000} = 0221
Colour Space {0xA001} = sRGB (1)
Image Width {0xA002} = 455 pixels
Image Height {0xA003} = 455 pixels

EXIF IFD1

Compression {0x0103} = JPEG compression (6)
X-Resolution {0x011A} = 72/1 ===> 72
Y-Resolution {0x011B} = 72/1 ===> 72
X/Y-Resolution Unit {0x0128} = inch (2)

ImageWidth 720
ImageHeight 720
BitsPerSample 8,8,8
PhotometricInterpretation 2
Orientation 1
SamplesPerPixel 3
XResolution 72
YResolution 72
ResolutionUnit 2
Software Adobe Photoshop CC 2017 (Windows)
ModifyDate 2018:05:21 12:45:05
ColorSpace 1
ExifImageWidth 455
ExifImageHeight 455
HasThumbnail true
ThumbnailWidth 160
ThumbnailHeight 160
ThumbnailType image/jpeg

Quantization Tables
Standard JPEG Table Quality=82
Table 0 (8 bit)
6 4 4 5 4 4 6 5
5 5 6 6 6 7 9 14
9 9 8 8 9 18 13 13
10 14 21 18 22 22 21 18
20 20 23 26 33 28 23 24
31 25 20 20 29 39 29 31
34 35 37 37 37 22 28 41
44 40 36 43 33 36 37 36
Table 1 (8 bit)
6 6 6 9 8 9 17 9
9 17 36 24 20 24 36 36
36 36 36 36 36 36 36 36
36 36 36 36 36 36 36 36
36 36 36 36 36 36 36 36
36 36 36 36 36 36 36 36
36 36 36 36 36 36 36 36
36 36 36 36 36 36 36 36
Structure

SOI
APP0
APP1
APP2
APP13 (IPTC)
APP1
DQT
DQT
SOF0 (Baseline DCT)
DHT
DHT
DHT
DHT
SOS
EOI

String Extraction:
JFIF
Adobe Photoshop CC 2017 (Windows)
2018:05:21 12:45:05
0221
Adobe_CM
Adobe
b34r
7GWgw
dEU6te
Wew3
cYfD9
2prj
McGF
ICC_PROFILE
lcms
mntrRGB XYZ
9acspAPPL
desc
wtpt
bkpt
rTRC
text
curv
DPhotoshop 3.0
8BIM
uln6HNN0xcq_Qm6Wvs8Z
http://ns.adobe.com/xap/1.0/
?xpacket begin="
" id="W5M0MpCehiHzreSzNTczkc9d"?> adobe:docid:photoshop:e3c0e814-5d1a-11e8-8617-9b54fcc26d73
),($+!$%$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
5CFVcst
6Kpx
17qo
Y3Px
eJGuP
mo0D
BuGg
NgUf
tr41
CnVs
uLn8
iJBrFI
rJRp
4s2H
A6Y2
k1C/"W7f
0mK2
LQW2
Jp51
6Aoj
mkdk

EXIF Tool Metadata:
File Name : jillianhead1cudrop-300x300.jpg
File Size : 25 kB
File Permissions : rw-rw-rw-
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Exif Byte Order : Big-endian (Motorola, MM)
Photometric Interpretation : RGB
Orientation : Horizontal (normal)
Samples Per Pixel : 3
X Resolution : 72
Y Resolution : 72
Resolution Unit : inches
Software : Adobe Photoshop CC 2017 (Windows)
Modify Date : 2018:05:21 12:45:05
Exif Version : 0221
Color Space : sRGB
Exif Image Width : 455
Exif Image Height : 455
Compression : JPEG (old-style)
Thumbnail Offset : 416
Thumbnail Length : 5285
Profile CMM Type : lcms
Profile Version : 2.1.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 2012:01:25 03:41:57
Profile File Signature : acsp
Primary Platform : Apple Computer Inc.
CMM Flags : Not Embedded, Independent
Device Manufacturer :
Device Model :
Device Attributes : Reflective, Glossy, Positive, Color
Rendering Intent : Perceptual
Connection Space Illuminant : 0.9642 1 0.82491
Profile Creator : lcms
Profile ID : 0
Profile Description : c2
Profile Copyright : FB
Media White Point : 0.9642 1 0.82491
Media Black Point : 0.01205 0.0125 0.01031
Red Matrix Column : 0.43607 0.22249 0.01392
Green Matrix Column : 0.38515 0.71687 0.09708
Blue Matrix Column : 0.14307 0.06061 0.7141
Red Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Green Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Blue Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Current IPTC Digest : d95b0edccc80f379b250406d7a4e1868
Coded Character Set : UTF8
Application Record Version : 0
Original Transmission Reference : uln6HNN0xcq_Qm6Wvs8Z
XMP Toolkit : Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01
Legacy IPTC Digest : D95B0EDCCC80F379B250406D7A4E1868
Transmission Reference : uln6HNN0xcq_Qm6Wvs8Z
Color Mode : RGB
ICC Profile Name : c2
Document ID : adobe:docid:photoshop:a24ec360-5d1e-11e8-8617-9b54fcc26d73
Instance ID : xmp.iid:c6ce409e-0cb5-d640-ab13-45165a3ee49f
Original Document ID : EBF9B2F49126DAA9D7D05E246D617FE6
Format : image/jpeg
Create Date : 2018:05:21 12:15:23-05:00
Metadata Date : 2018:05:21 12:45:05-05:00
Creator Tool : Adobe Photoshop CC 2017 (Windows)
Document Ancestors : adobe:docid:photoshop:e3c0e814-5d1a-11e8-8617-9b54fcc26d73
History Action : saved, saved
History Instance ID : xmp.iid:ae1aef6d-4af2-e64c-a7ac-520ccc2b016a, xmp.iid:c6ce409e-0cb5-d640-ab13-45165a3ee49f
History When : 2018:05:21 12:18:02-05:00, 2018:05:21 12:45:05-05:00
History Software Agent : Adobe Photoshop CC 2017 (Windows), Adobe Photoshop CC 2017 (Windows)
History Changed : /, /
Image Width : 300
Image Height : 300
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
Image Size : 300x300
Megapixels : 0.090
Thumbnail Image : (Binary data 5285 bytes, use -b option to extract)

Jillian's IP address:
64.85.137.178

Country
United States Of America
City
Cleveland
Region
Ohio
Domain Name
Everstream.net
Timezone
04:00

Block
64.85.137.0 - 64.85.137.255
Internet Service Provider
Everstream Llc
Net Speed
DSL
Latitude
41.494619
Longitude
81.675465

Cornell University Walkthrough on Computer Fraud and Abuse:
https://www.law.cornell.edu/uscode/text/18/1030

Blacklight Inspection Results:
https://themarkup.org/blacklight?url=gamesbox.com
https://themarkup.org/blacklight?url=jillyjuice.com

Virustotal Results:
https://www.virustotal.com/gui/file/965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb95089... />
33
Ad trackers found on this site. This is more than the average of seven that we found on popular sites.

Websites containing advertising tracking technology load Javascript code or small invisible images that are used to either build your advertising profile or to identify you for ad targeting on this site. These techniques are often used in addition to cookies to profile you.

Blacklight detected trackers on this page sending data to companies involved in online advertising. Blacklight detected scripts belonging to LiveIntent Inc., DataXu, and twenty-five other companies.
How We Define This
Survey of Popular Websites
79
Third-party cookies were found. This is more than the average of three that we found on popular sites.

MITRE ATT&CK™ Techniques Detection:
MITRE ATT&CK™ Technique - T1192 - Spearphishing Link
ATT&CK ID T1192
Tactics Initial Access
Description Spearphishing with a link is a specific variant of spearphishing(...)
Source https://attack.mitre.org/techniques/T1192
Suspicious Indicators

PDF file has an embedded URL referencing an URL shortener service

MITRE ATT&CK™ Technique - T1055 - Process Injection
ATT&CK ID T1055
Tactics Defense Evasion, Privilege Escalation
Permissions Required User, Administrator, SYSTEM, root
Description Process injection is a method of executing arbitrary code in the address space of a separate live process(...)
Source https://attack.mitre.org/techniques/T1055
Informative Indicators

Found a string that may be used as part of an injection method

MITRE ATT&CK™ Technique - T1207 - DCShadow
ATT&CK ID T1207
Tactics Defense Evasion
Permissions Required Administrator
Description DCShadow is a method of manipulating Active Directory (AD) data, including objects and schemas, by registering (or reusing an inactive registration) and simulating the behavior of a Domain Controller (DC)(...)
Source https://attack.mitre.org/techniques/T1207
Informative Indicators

Contains object with compressed stream data

MITRE ATT&CK™ Technique - T1055 - Process Injection
ATT&CK ID T1055
Tactics Defense Evasion, Privilege Escalation
Permissions Required User, Administrator, SYSTEM, root
Description Process injection is a method of executing arbitrary code in the address space of a separate live process(...)
Source https://attack.mitre.org/techniques/T1055
Informative Indicators

Found a string that may be used as part of an injection method

MITRE ATT&CK™ Technique - T1010 - Application Window Discovery
ATT&CK ID T1010
Tactics Discovery
Permissions Required User
Description Adversaries may attempt to get a listing of open application windows(...)
Source https://attack.mitre.org/techniques/T1010
Informative Indicators

Scanning for window names

Filename
file
Size
126KiB (128896 bytes)
Type
pdf
Description
PDF document, version 1.5
Document author
Softplicity
Document creator
Softplicity
Document producer
Softplicity
Document pages
5
Architecture
WINDOWS
SHA256
965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9
MD5
2650d2f5fbc419aca85622033f281559
SHA1
0d9a38f61bff2b7b4223d59dbf4b14c823311577
ssdeep
1536:HEuLNsLLO8CWIt5yuYYVCGqnkJIIIXTN1zElCJJ:xLVWIjgYVzGkJIIIXT7zElCJJ
Classification (TrID)
100.0% (.PDF) Adobe Portable Document Format

Malicious Indicators 2
External Systems
Sample was identified as malicious by a trusted Antivirus engine

details
No specific details available
source
External System
relevance
5/10

Sample was identified as malicious by at least one Antivirus engine

details
2/37 Antivirus vendors marked sample as malicious (5% detection rate)
8/61 Antivirus vendors marked sample as malicious (13% detection rate)
source
External System
relevance
8/10

Suspicious Indicators 2
Exploit/Shellcode

Possible heap spraying attempt detected

details
"RdrCEF.exe" issued more than 3000 memory allocations
source
API Call
relevance
10/10

Unusual Characteristics

PDF file has an embedded URL referencing an URL shortener service

details
"http://gamesbox.com" contains URL shortener service "x.co" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
source
String
relevance
10/10

This website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection Policy.
Logo

Request Info

malicious
Threat Score: 50/100 AV Detection: 39% Labeled as: Trojan.PDF.Agent
file

This report is generated from a file or URL submitted to this webservice on June 25th 2021 01:59:42 (UTC)
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v8.48.9 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
This report has 4 indicators that were mapped to 5 attack techniques and 4 tactics.

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 2
External Systems
Sample was identified as malicious by a trusted Antivirus engine

details
No specific details available
source
External System
relevance
5/10

Sample was identified as malicious by at least one Antivirus engine

details
2/37 Antivirus vendors marked sample as malicious (5% detection rate)
8/61 Antivirus vendors marked sample as malicious (13% detection rate)
source
External System
relevance
8/10

Suspicious Indicators 2
Exploit/Shellcode
Possible heap spraying attempt detected

details
"RdrCEF.exe" issued more than 3000 memory allocations
source
API Call
relevance
10/10

Unusual Characteristics
PDF file has an embedded URL referencing an URL shortener service

details
"http://gamesbox.com" contains URL shortener service "x.co" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
source
String
relevance
10/10
ATT&CK ID
T1192 (Show technique in the MITRE ATT&CK™ matrix)

Informative 10
General
Contains object with compressed stream data

details
Object ID 12 contains compressed stream data: No filters
Object ID 14 contains compressed stream data: No filters
Object ID 18 contains compressed stream data: No filters
Object ID 20 contains compressed stream data: No filters
Object ID 76 contains compressed stream data: No filters
Object ID 84 contains compressed stream data: No filters
Object ID 88 contains compressed stream data: /CIDInit /ProcSet findresource begin
12 dict begin
begincmap
/CIDSystemInfo
> def
/CMapName /F1+0 def
/CMapType 2 def
1 begincodespacerange

endcodespacerange
55 beginb ...
source
Static Parser
relevance
10/10
ATT&CK ID
T1207 (Show technique in the MITRE ATT&CK™ matrix)

Creates mutants

details
"DBWinMutex"
"LocalAcrobat Instance Mutex"
"Sessions1BaseNamedObjectsDBWinMutex"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
"Sessions1BaseNamedObjectscom.adobe.acrobat.rna.RdrCefBrowserLock.DC"
source
Created Mutant
relevance
3/10

PDF file has an embedded URL

details
"http://abstractcentral.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://secure-decoration.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://abc.net.au" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://adcast.com.br" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://marmalead.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://moe.gov.om" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://poembook.ru" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://shokugekinosoma.net" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://cepu.it" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://ebrosur.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://bseh.org.in" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://chacott-jp.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://newgadget3mai.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://boatrace-biwako.jp" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://megogo.ru" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://apnsettings.org" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://9xmovies.org.in" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://teslamotorsinc.sharepoint.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://iranic.com" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
"http://ax98.ws" (Based on: "965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin")
source
String
relevance
3/10

Process launched with changed environment

details
Process "RdrCEF.exe" (Show Process) was launched with modified environment variables: "Path"
source
Monitored Target
relevance
10/10

Scanning for window names

details
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "JFWUI2"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "Shell_TrayWnd"
source
API Call
relevance
10/10
ATT&CK ID
T1010 (Show technique in the MITRE ATT&CK™ matrix)

Spawns new processes

details
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=E87303C8A13906006E70A6C0 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=C70C68BAE0FDB7E836EABA23 ..." (Show Process)
source
Monitored Target
relevance
3/10

Installation/Persistence
Dropped files

details
"GlobSettings" has type "ASCII text"
"SharedDataEvents-journal" has type "SQLite Rollback Journal"
"A9Ruxylrn_he3fnv_2mo.tmp" has type "data"
"data_1" has type "data"
"A9Rz6jwtw_he3fnw_2mo.tmp" has type "data"
"Visited Links" has type "data"
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
"A9Rzf0lii_he3fny_2mo.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"SharedDataEvents" has type "SQLite 3.x database"
"A9R7cebx2_he3fnu_2mo.tmp" has type "data"
"CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl" has type "data"
"IconCacheRdr65536.dat" has type "data"
source
Extracted File
relevance
3/10

Found a string that may be used as part of an injection method

details
"Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
source
String
relevance
4/10
ATT&CK ID
T1055 (Show technique in the MITRE ATT&CK™ matrix)

Touches files in the Windows directory

details
"RdrCEF.exe" touched file "%WINDIR%System32oleaccrc.dll"
"RdrCEF.exe" touched file "%WINDIR%GlobalizationSortingSortDefault.nls"
"RdrCEF.exe" touched file "%WINDIR%System32KBDUS.DLL"
"RdrCEF.exe" touched file "%WINDIR%System32driversetchosts"
"RdrCEF.exe" touched file "%WINDIR%Fontsarial.ttf"
"RdrCEF.exe" touched file "%WINDIR%Fontsariali.ttf"
"RdrCEF.exe" touched file "%WINDIR%FontsARIALNI.TTF"
"RdrCEF.exe" touched file "%WINDIR%Fontsarialbd.ttf"
"RdrCEF.exe" touched file "%WINDIR%FontsARIALNB.TTF"
"RdrCEF.exe" touched file "%WINDIR%Fontsarialbi.ttf"
"RdrCEF.exe" touched file "%WINDIR%FontsARIALNBI.TTF"
"RdrCEF.exe" touched file "%WINDIR%Fontsariblk.ttf"
"RdrCEF.exe" touched file "%WINDIR%Fontssegoeuil.ttf"
"RdrCEF.exe" touched file "%WINDIR%FontsSEGOEUISL.TTF"
"RdrCEF.exe" touched file "%WINDIR%Fontssegoeui.ttf"
"RdrCEF.exe" touched file "%WINDIR%Fontssegoeuii.ttf"
source
API Call
relevance
7/10

Network Related
Found potential URL in binary/memory

File Details
All Details:
file

Filename
file
Size
126KiB (128896 bytes)
Type
pdf
Description
PDF document, version 1.5
Document author
Softplicity
Document creator
Softplicity
Document producer
Softplicity
Document pages
5
Architecture
WINDOWS
SHA256
965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9Copy SHA256 to clipboard
MD5
2650d2f5fbc419aca85622033f281559Copy MD5 to clipboard
SHA1
0d9a38f61bff2b7b4223d59dbf4b14c823311577Copy SHA1 to clipboard
ssdeep
1536:HEuLNsLLO8CWIt5yuYYVCGqnkJIIIXTN1zElCJJ:xLVWIjgYVzGkJIIIXT7zElCJJ Copy ssdeep to clipboard

Resources

Icon
Sample Icon

Visualization

Input File (PortEx)
PE Visualization

Classification (TrID)

100.0% (.PDF) Adobe Portable Document Format

Screenshots
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 4 processes in total.

AcroRd32.exe "C:file.pdf" (PID: 3408)
RdrCEF.exe --backgroundcolor=16448250 (PID: 3544)
RdrCEF.exe --type=renderer --primordial-pipe-token=E87303C8A13906006E70A6C0A7E6794C --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%AdobeAcrobat Reader DCReaderAcroCEFdebug.log" --log-severity=disable --product-version="ReaderServices/18.11.20036 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,... --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=E87303C8A13906006E70A6C0A7E6794C --renderer-client-id=2 --mojo-platform-channel-handle=1268 --allow-no-sandbox-job /prefetch:1 (PID: 2596)
RdrCEF.exe --type=renderer --primordial-pipe-token=C70C68BAE0FDB7E836EABA23EB5A4A2A --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%AdobeAcrobat Reader DCReaderAcroCEFdebug.log" --log-severity=disable --product-version="ReaderServices/18.11.20036 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,... --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=C70C68BAE0FDB7E836EABA23EB5A4A2A --renderer-client-id=3 --mojo-platform-channel-handle=1348 --allow-no-sandbox-job /prefetch:1 (PID: 4040)

Logged Script Calls Logged Stdout Extracted Streams Memory Dumps
Reduced Monitoring Network Activityy Network Error Multiscan Match
Network Analysis
This report was generated with enabled TOR analysis
DNS Requests

No relevant DNS requests were made.
Contacted Hosts

No relevant hosts were contacted.
HTTP Traffic

No relevant HTTP requests were made.
Extracted Strings
All Details:

All Strings (339)
Interesting (101)
screen_12.png (162)
965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb9508905488ab82b07bb4e8bf9.bin (91)
AcroRd32.exe (1)
screen_0.png (8)
screen_6.png (36)
RdrCEF.exe (3)
AcroRd32.exe:3408 (35)
GlobSettings (2)
RdrCEF.exe:3544 (1)

!e.com
" application/pdfSoftplicitySoftplicity2018-07-08T22:28:35+02:00Softplicityid="W5M0MpCehiHzreSzNTczkc9d"?>application/pdfSoftplicitySoftplicity2018-07-08T2... /> $ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=
(_aT.).
+endstreamendobj79 0 objnullendobj81 0 objstreamendstreamendobj82 0 objstream

Useful
Reply
Report

Two Patterns of Racketeering Activity:
Computer Crimes
Health Fraud

Pattern 1: Computer Crimes
------------------------------------
Malvertising [7/16/2019]
https://archive.is/cRsji

Quttera Result Files Analysis
https://archive.is/3ocNL

Virustotal Reverse Engineering Competitive Intelligence
https://www.virustotal.com/gui/url/77b690afe99a61accafb8d249bf3ed52fbbc9fe7bc8f9... />
IP Address Relations
https://www.virustotal.com/gui/ip-address/198.57.219.8/relations

Threat MD5 Analysis
https://ybin.me/p/fcd6708f5bf87cd1#5Wy6knEH8rd5OffdYGeT/3+aSVajEX0by36pvT3wgDE=<... /> ------------------------------------
Pattern 2: Health Fraud

Proof of Concept -> BBB Scam Tracker
BBB Scam Tracker Report Incidents from 2018
Date Scam Type Postal Code Dollars Lost Details
Mar 27, 2018 Healthcare/Medicaid/Medicare 44706 $30.00 View
Mar 24, 2018 Healthcare/Medicaid/Medicare V2R 5S5 $150.00 View
Mar 07, 2018 Healthcare/Medicaid/Medicare 30004 $0.00 View
Feb 03, 2018 Healthcare/Medicaid/Medicare 77014 $230.00 View
Jan 29, 2018 Healthcare/Medicaid/Medicare 77477 $0.00 View

Computer Fraud and Abuse Act
18 U.S. Code §1030. Fraud and related activity in connection with computers
18 U.S.C. § 1030(a)(5): Damaging a protected computer (including viruses, worms)

[2019-07-12]
Be advised that Jillian Mai-Thai Epperly is hosting a downloadable trojan browser hijacker on her Jillyjuice website named "DailyRecipeGuide". She is hosting different "Advertisements" to lure website visitors in for reasons of social engineering. She requires you to give consent in order to execute the file. Don't. The file was tested. It isn't safe to execute and isn't safe to visit that website. She has it rigged up with potential "Malvertising". The trojan executable is a browser hijacker that allows her to spy in on your browsing activities. She will be attempting to track your every move if you download and excute that file.

Sandbox Proof of Concept on 7-12-2019:
https://archive.is/X9XGa
https://archive.fo/Xyvxs
https://archive.fo/1qqvS
https://archive.fo/eY1ET

Tencent HABO Intel
https://vtbehaviour.commondatastorage.googleapis.com/f21b2144f01819886d7e1f78a3b... />
Virustotal Reverse Engineering Intel
https://www.virustotal.com/gui/file/f21b2144f01819886d7e1f78a3b08867f147cc9fa955... />
Mindspark Domain Information
https://www.virustotal.com/gui/domain/www.mindspark.com/relations

Adversary Algorithm Flow Layout:
1. Initial Access -> Sucker List.
2. Discovery -> Targets of Interest.
3. Technical Information Gathering -> Specific Details on the Mark
4. Pretext -> Invitation to product X through Invitation.
5. Defense Evasion -> Plausible Denial of menacing activities.
6. Spoofing -> Product is masked as a remedy
7. Privilege Escalation -> Ingratiation with the target(s).
8. Credential Access -> Credit Card Numbers, Debit Card Numbers etc, Passwords, Username, Email, Routing Numbers etc.
9. Lateral Movement -> Move from node to node smoothly.
10. Data Exfiltration -> Data of Interest Acquisition.
11. Impact -> Zero-sum.
12. Backdoor -> Return to the environment to direct and administer malevolent activity upon marks previous conformance to the confidence trick.

SHA256: 965e7bbdf3e6a1171a50fcc4f0e5a9ac45b42cb*******488ab82b07bb4e8bf9
Exiftool File Metadata
CreatorTool: Softplicity
FileType: PDF
FileTypeExtension: pdf
Format: application/pdf
Linearized: No
MIMEType: application/pdf
ModifyDate: 2018:07:08 22:28:35+02:00
PDFVersion: 1.5
PageCount: 5
PageLayout: SinglePage
PageMode: UseNone

Phishing Website Contacted from The PDF File Linked with JillyJuice
http: //Hunter () serv-botsalw () ru/
ESET -> Phishing
*checks-user-input
*detect-debug-environment
*direct-cpu-clock-access
*long-sleeps
*pdf runtime-modules

Processes Injected:
(2504) C:Program Files (x86)AdobeReader 9.0ReaderAcroRd32.exe

Commonly Abused Properties:
*Contains 5 page(s).
*Contains 81 object start declaration(s) and 81 object end declaration(s).
*Contains 9 stream object start declaration(s) and 9 stream object end declaration(s).
*This PDF document has a cross reference table (xref).
*Has a pointer to the cross reference table (startxref).
*Has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.

WHOIS Records:
Creation Date: 2017-12-28T20:58:46Z
DNSSEC: unsigned
Domain Name: JILLYJUICE.COM
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS14.WIXDNS.NET | NS15.WIXDNS.NET
Registrar: Network Solutions, LLC
Registrar Abuse Contact Email: *******@web.com
Registrar Abuse Contact Phone: *******680
Registrar IANA ID: 2
Registrar URL: http://networksolutions.com
Registrar WHOIS Server: whois.networksolutions.com
Registry Domain ID: *******180_DOMAIN_COM-VRSN
Registry Expiry Date: 2023-12-28T20:58:46Z
Updated Date: 2019-06-05T03:05:59Z

*Process Injection
ID: T1055
Sub-techniques: T1055.001, T1055.002, T1055.003, T1055.004, T1055.005, T1055.008, T1055.009, T1055.011, T1055.012, T1055.013, T1055.014
Tactics: Defense Evasion, Privilege Escalation
Platforms: Linux, Windows, macOS
Data Sources: API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Defense Bypassed: Anti-virus, Application control
CAPEC ID: CAPEC-640
Contributors: Anastasios Pingios; Christiaan Beek, @ChristiaanBeek; Ryan Becwar
Version: 1.1
Created: 31 May 2017
Last Modified: 20 June 2020

Malicious Website Advertisement on JillyJuice
https://www.virustotal.com/gui/domain/free.dailyrecipeguide.com/relations

Cash App Archived URL for reasons of Documenting Private Financial Advantage linked with Jillians Illicit Activities:
https://www.virustotal.com/gui/url/a4f55ad1e7578c6442c184fee4b6b31684f21c192b040... />
2019 Detected technologies:
*Wix (CMS)
*Website React (JavaScript Frameworks)
*Website Google AdSense (Advertising Networks)

2018 Detected technologies:
*WordPress (CMS)
*PHP (Programming Languages)
*Nginx (Web Servers)
*React (JavaScript Frameworks)
*Google AdSense (Advertising Networks)
*Google Analytics (Analytics)
*Twitter Emoji (Twemoji) (Miscellaneous)
*jQuery (JavaScript Libraries)

Scan History:
https://urlscan.io/search/#page.domain%3Awww.jillyjuice.com

Detailed Technology Profile:
https://builtwith.com/detailed/jillyjuice.com

2018 DOM Tree:
https://urlscan.io/result/70b7d872-41b5-42ef-8566-4921b19295ba/dom/

2019 DOM Tree:
https://urlscan.io/result/1e541633-7bf4-4d4c-a3e4-c071c8dd2c9a/

404 URLs. Suspicious Indicators.
https://www.jillyjuice (dot) com/ 404 No Content
https://www.jillyjuice (dot) com/z;a.crossorigin= 404 No Content
https://www.jillyjuice (dot) com/[];c[l]={onLoad:function(b){h.push(b);g&&!x||e(h)},forceLoad:function(){x=!0... 404 No content

Proof of Concept [18-07-2019]
https://archive.is/zKf5D

Competitive Reverse Engineering Intel on Jillian's Malvertisements
https://www.virustotal.com/gui/file/f425880db443b7eb5895db65d168e6e7d7b1af92f466... /> https://www.virustotal.com/gui/ip-address/35.244.218.203/relations
https://www.virustotal.com/gui/domain/infragistics.com/relations
https://www.virustotal.com/gui/domain/asp.net/relations

Useful
Reply
Report

Previously known as Jilly Juice. Jillian MaiThi Epperly pushes a recipe for a dangerously high salted cabbage drink and her information relating to this drink which includes being used to help the recovery and prevention of all illnesses including cancer and COVID-19 and being able to live indefinitely. The aim is to drink large amounts until it induces diarrhea (waterfalls). Jillian claims this will be painful but pain is needed to heal. Excess antibodies will then be flushed from the body as Jillian thinks antibodies are literally 'anti- body'. She regularly changes her claims which just proves that her previous claims of candida and parasites causing all illness were fake. Jillian has been warned by the FDA and Ohio AG to stop making unfounded health claims about her juice but she continues. She thinks if she changes the verbiage she can get around loopholes in the law. She has published books on LuLu.com that contain false medical information and pseudoscience relating to many illnesses and conditions including COVID-19. She also makes these claims on her youtube channel and in a FaceBook group, two pages and her personal FaceBook wall. Jillian has many followers who claim to be drinking this high sodium concoction regularly and freely admits she knows nothing about their backgrounds or medical conditions. She has no qualifications or medical training and should not be encouraging sick people to have bouts of acute diarrhea or to exceed the daily recommended salt intake. Her followers are also encouraged to feed this drink to their children and pets. Scams that involve people's health are the vilest of them all, even viler in the middle of a pandemic!

Useful
Reply
Report

Jillian Epperly of Canton, OH, USA is the creator of 'JillyJuice', an online recipe for salt, cabbage, and water. Epperly has garnered an online following worldwide and has managed to convince people that they are infested with parasites. She instructs her followers to drink upwards of a gallon a day of her "jillyjuice" recipe a day, in an effort, as purported by Epperly, to rid themselves of Candida and Parasites, which are responsible for their illness and cancer.

Epperly is convincing pregnant mothers to consume her 'jillyjuice' recipe to rid the womb of parasites and candida. Epperly also instructs the parents of infants to replace the children's formula or breast milk with her recipe to detox the child. In a gallon of 'Jillyjuice', there are 8 TABLESPOONS of salt, which is equivalent to ~60,000mg Sodium. Epperly recommends upwards a gallon or more every day.

WHO(World Health Organization) strongly recommends <2 g/day sodium (5 g/day salt) in adults and should be monitored for children based on their needs but less than 2,000mg/day. Epperly convinces parents to induce her recipe to children via enema and oral. This is dangerous because it is difficult and likely impossible to gauge how much sodium an adult or child is absorbing through the gut.

Sodium poisoning is real and causes side effects such as seizures, hypernatremia, and loss of consciousness. These serious events have been reported by several victims and their children. We don't know what to do or who to contact in an effort to stop Jillian Epperly from preying on people's fears and misunderstanding of their illnesses.

I have reason to believe and evidence to support the idea that Epperly is an online predator. She has admitted to, and I have proof that Epperly will provide dangerous medical and nutritional advice for $75/hr or $40/half hour.

We have contacted the Ohio Attorney General, Ohio Medical Board, the FDA and other government agencies in hopes that one will step in and prevent Epperly from her practices, which seem very unlawful. Epperly is providing medical and nutritional advice without proper medical education, credentials, and/or certification.

Useful
Reply
Report

Jillian Epperly claims that drinking her juice (which is salty cabbage juice) will reverse aging, Down Syndrome, Autism, and every medical issue on the face of the earth. She advises against anyone seeing actual medical professionals, and claims that the salt poisoning symptoms people experience are "healing symptoms". She charges a fee to access her poorly constructed website, and will ban anyone who questions her about her qualifications (of which she has NONE) and will not refund the fee. She attempts to get around calling it a fee by describing it as a "mandatory voluntary contribution" which is a complete oxymoron. Her advice has harmed countless individuals, and possibly contributed to the deaths of at least two people. See here: *** She advocates feeding this juice as a replacement for breastmilk or formula, and many of her cult members feed it to their children.

Useful
Reply
- Alpharetta, GA, USA
Report

Jillian Epperly began a Facebook group promoting her "protocol" in April of 2017. This protocol consists of a typical anti-candida diet and daily consumption of a "fermented" cabbage juice drink. This cabbage juice drink is a "[censored]ized" (Jillian proudly admits) recipe that she had taken from a well-known and respected health website. Jillian changed the recipe from 1 teaspoon of salt : 2 cups water : 2 cups cabbage to 1 TABLESPOON salt : 2 cups water : 2 cups cabbage. Members are instructed to use these new ratios and allow the concoction to "ferment" for 3 days. This juice is touted by Jillian and her moderators to be able to reverse all health conditions, including cancer, ALS, Autism, etc. Some of her claims are even more outrageous: reversal of Downs Syndrome, regrow the of foreskin on circumcised males, regrowth of uteruses in women who had undergone hysterectomies. To achieve these results, Jillian urges members to drink up to 1 gallon of her ferment per day - which calculates out to be at least 4 TABLESPOONS of salt. The goal in consuming large amounts of this juice is to induce what Jillian calls "waterfalls", better known as explosive diarrhea. These "waterfalls", according to Jillian, will expel all of the candida and parasites in a person's body which she says are causing all of these health problems in the first place. Any negative effects reported back to Jillian by members are labeled as "healing symptoms" - even extreme swelling, seizures, heart attack symptoms, and severe headaches. On top of all of this dangerous advice, Jillian charges $75/hour for a private consultation and she frequently posted in her Facebook group about accepting donations. Because of this obvious scam and cult-like nature of the group, there is a movement to spread awareness and warn people about Jillians protocol on social media, involving many groups. For this reason, Jillain has moved off of Facebook, creating her jillyjuice.com website, so she can carry on with her scam with mire privacy. Her fees seem to be changing, but the last time I saw, her fee is $30 for a membership, nit including private consultations, which I believe are still $75/hour. This scam needs to be STOPPED! Many people & pets (including her own dog,) have been and are being harmed. children, as young as 3 months old, have been or are being fed this dangerous cabbage and salt solution. There are 2 alleged deaths from excessive consumption of this juice. I implore you to investigate this website further! Thank you for your time.

Useful
Reply
Report

This is a complicated scam.

Jillian Epperly also known as Jillian Burke or Jillian Mai Thi has been running a group through social media, facebook for some time, preying on vulnerable people with health conditions. She claims to have found a way to reverse all health conditions A to Z. Including cancer, HIV, Down syndrome and homosexuality, as well as growing back organs and limbs.

She takes payment for consultations, giving health and diet advise for a fee of $75.

She recently has moved to a purpose built webpage pushing her dangerous protocol which consists of an anti inflammatory diet (AIP diet) with gallons of a high salt and pureed cabbage concoction which she claims to be a ferment, but isnt.

The problem with her 'Juice' is that is it very high in salt, she advises to drink 8 tablespoons of salt a day, which is enough to kill and adult human. She also recommends this as a sole food for babies to replace infant formula or breastfeeding.

Many in her group have had serious side affects and there are a number of her followers who have died. She removes all negative feed back from her groups and web site so others cant see the truth of what is happening.

I became aware of this scam when a good friend of mine and her newborn son were recommended this protocol for candida, and started it in good faith. The pair of them nearly died while Jillian claimed the pains they were suffering were healing symptoms. They had severe kidney issues, and salt poisoning. Chills, fevers, shakes weakness, diarrhea, vomiting and hallucinations.

Jillian is now running this same scam through her paid members wordpress webpage. She is charging $30 for a years access to her page, thinly veiled behind the word donation although her language changes frequently. She is still charging for private consultations despite being totally unlicensed which is illegal.

This woman is charging people to join her club, feeding them false medical facts, and damaging them then cutting them off without refund when they need help. Often doxxing and shunning them making videos to shame them for questioning her, or her no existent qualifications.

Jillian Epperly is dangerous, please help stop her hurting more people

Useful
Reply
- Stafford, TX, USA
Report

Jillian Epperly is practicing medicine without a license. She has diagnosed people and attempted to prescribe a specific diet to cure/heal/reverse all ailments including cancer,autism,and down syndrome. She has created a website www.jillyjuice.com where she charges people a fee to view her medical claims. She offers coaching and private consultations which she charges people for. She was doing this on facebook for an entire year but now there are many injuries and even deaths associated with jillian epperly and her "jilly juice"

*** There has been a ripoff report filed against her due to someone dying after they paid Jillian for her coaching. *** *** was encouraged by Jillian and her team to drink a gallon of her recipe per day. There is 4 tablespoons of salt per gallon of "jilly Juice". Jillian Epperly told *** he could heal his cancer with her salty recipe.

Jillian Epperly is selling a recipe that is mostly salt and Jillian intends on selling specific salt on her website. Salt is toxic in high amounts and people are being harmed by the jilly juice protocol.

Many people are being harmed. Seizures are reported among many other painful side effects like bloody stool and uncontrollable vomitting. Children are being subjected to this and have been given enemas. Children have passed what looks like stomach lining after being subjected to this.

Pets are also being harmed. I have seen a report of a dog having a seizure and a cat died after given the recipe.

Jillian tells parents its safe to feed her recipe to infants and that her recipe is better than formula. She insists that mothers are infecting babies via breastmilk and that they have to purge their babies of viruses. Jillian admits her recipe can cause detox in infants.

This link discusses kids on Jillian Epperlys protocol

*** This blog is dedicated to exposing this scam and the pain associated with salt poisoning:

*** *** And someone made a youtube video exposing her

*** Jillian Epperly actively targets,harasses and cyber bullies anyone who speaks out about her protocol. She doxxes them and tries to scare people into silence. I am in fear of my online safety as a result because of Jillians bullying. Please keep my name private.

Useful
Reply
Check fields!

Report Jilly Juice - Jillian Epperly


Upload here Increase visibility and credibility of your review by
adding a photo, document or video
Submit

Jilly Juice - Jillian Epperly Contacts

Jilly Juice - Jillian Epperly associated photos:


Website:

 www.jillyjuice.com

This website was reported to be associated with Jilly Juice - Jillian Epperly.

E-mails:
Sign in to see

Social networks:

If you know any contact information for Jilly Juice - Jillian Epperly, help other victims by adding it!

Add new contacts
| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | New