{
"type": "URL",
"indicator": "https://account.alberta.ca/login",
"general": {
"sections": [
"general",
"url_list",
"http_scans",
"screenshot"
],
"indicator": "https://account.alberta.ca/login",
"type": "url",
"type_title": "URL",
"validation": [
{
"source": "majestic",
"message": "Whitelisted domain alberta.ca",
"name": "Whitelisted domain"
}
],
"base_indicator": {
"id": 4037178131,
"indicator": "https://account.alberta.ca/login",
"type": "URL",
"title": "",
"description": "",
"content": "",
"access_type": "public",
"access_reason": ""
},
"pulse_info": {
"count": 3,
"pulses": [
{
"id": "69228447b9c71795633314df",
"name": "Keep Corrupt - University of Alberta Incidents continue to escalate - 04.24.26",
"description": "Recovered accounts that have been used & abused - courtesy of decisions by non-technical leadership = accounts for UAlberta students -> PW manager made inaccessible (tied to UAlberta account) during a Data-Breach.\nWhen PW manager & Accounts returned, was populated by these (many = fraudulent; some appear to be abuse of legitimate services, while others do not, yet don't know function or origin)\n\nNot representative of OG PW manager. Many (most) accts. used/abused (on-going). \n\nDon't have a backup of original = hard to compare. Don't quite know what the majority of these companies etc. are for and/or do exactly. Putting them together as they roll-in.\nCan't turn them off in most cases - I don't have access to the U of A accounts these originate from and/or original recovery methods. \n\n2 more batches to add to this pulse (Need to add into VT) 02.16.26\n\nCountries listed are where 2 victims (UAlberta Graduates) have citizenship or some tie with.",
"modified": "2026-05-24T21:18:51.782000",
"created": "2025-11-23T03:49:27.649000",
"tags": [
"geoip",
"as54113",
"fastly",
"as20940",
"as15169",
"google",
"as214401",
"maincubesas",
"gmbh",
"apache geoip",
"facebook",
"UAlberta",
"AHS",
"Treaty 8",
"GoA",
"Alberta",
"Edmonton",
"YEG"
],
"references": [
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a",
"URLscanio, FSio, vT",
"03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark",
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary",
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs",
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Cura\u00e7ao",
"Guatemala",
"Sint Maarten (Dutch part)",
"Tanzania, United Republic of",
"Barbados",
"United States of America",
"Bahamas",
"Anguilla",
"Canada",
"Saint Vincent and the Grenadines",
"United Kingdom of Great Britain and Northern Ireland",
"Kenya",
"France",
"Aruba",
"Mexico",
"Poland",
"Costa Rica",
"Ireland",
"Trinidad and Tobago",
"Netherlands",
"Slovakia",
"Spain",
"Philippines"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Technology",
"Telecommunications",
"Education",
"Healthcare",
"Finance",
"Retail",
"Hospitality",
"Transportation"
],
"TLP": "white",
"cloned_from": null,
"export_count": 4,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 3,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CIDR": 47,
"FileHash-MD5": 53,
"FileHash-SHA1": 16,
"FileHash-SHA256": 1059,
"URL": 6374,
"domain": 3314,
"email": 1395,
"hostname": 3740,
"CVE": 1
},
"indicator_count": 15999,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 136,
"modified_text": "8 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "241 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "370 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"references": [
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe",
"",
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)",
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a",
"URLscanio, FSio, vT",
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary"
],
"related": {
"alienvault": {
"adversary": [],
"malware_families": [],
"industries": [],
"unique_indicators": 0
},
"other": {
"adversary": [],
"malware_families": [],
"industries": [
"Hospitality",
"Technology",
"Healthcare",
"Finance",
"Education",
"Retail",
"Government",
"Telecommunications",
"Transportation"
],
"unique_indicators": 9570
}
}
},
"false_positive": [],
"alexa": "http://www.alexa.com/siteinfo/alberta.ca",
"whois": "http://whois.domaintools.com/alberta.ca",
"domain": "alberta.ca",
"hostname": "account.alberta.ca"
},
"geo": {},
"geo_ipapicom": {},
"pulse_count": 3,
"pulses": [
{
"id": "69228447b9c71795633314df",
"name": "Keep Corrupt - University of Alberta Incidents continue to escalate - 04.24.26",
"description": "Recovered accounts that have been used & abused - courtesy of decisions by non-technical leadership = accounts for UAlberta students -> PW manager made inaccessible (tied to UAlberta account) during a Data-Breach.\nWhen PW manager & Accounts returned, was populated by these (many = fraudulent; some appear to be abuse of legitimate services, while others do not, yet don't know function or origin)\n\nNot representative of OG PW manager. Many (most) accts. used/abused (on-going). \n\nDon't have a backup of original = hard to compare. Don't quite know what the majority of these companies etc. are for and/or do exactly. Putting them together as they roll-in.\nCan't turn them off in most cases - I don't have access to the U of A accounts these originate from and/or original recovery methods. \n\n2 more batches to add to this pulse (Need to add into VT) 02.16.26\n\nCountries listed are where 2 victims (UAlberta Graduates) have citizenship or some tie with.",
"modified": "2026-05-24T21:18:51.782000",
"created": "2025-11-23T03:49:27.649000",
"tags": [
"geoip",
"as54113",
"fastly",
"as20940",
"as15169",
"google",
"as214401",
"maincubesas",
"gmbh",
"apache geoip",
"facebook",
"UAlberta",
"AHS",
"Treaty 8",
"GoA",
"Alberta",
"Edmonton",
"YEG"
],
"references": [
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a",
"URLscanio, FSio, vT",
"03.11.14: https://www.virustotal.com/graph/embed/ge2e309eb8bd34fcca56398089b2291058dfe1fca69dc4e5aa66db0365caf735b?theme=dark",
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/summary",
"https://www.virustotal.com/gui/collection/6a41ae1cf2d3d51fedd2393d893c3b26ed0352dde2e0851d03f0bae9aaa69ae1/iocs",
"https://viz.greynoise.io/ip/analysis/3cf1334a-df9d-448f-8145-d5fe67637c1a (11.22.25)"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Cura\u00e7ao",
"Guatemala",
"Sint Maarten (Dutch part)",
"Tanzania, United Republic of",
"Barbados",
"United States of America",
"Bahamas",
"Anguilla",
"Canada",
"Saint Vincent and the Grenadines",
"United Kingdom of Great Britain and Northern Ireland",
"Kenya",
"France",
"Aruba",
"Mexico",
"Poland",
"Costa Rica",
"Ireland",
"Trinidad and Tobago",
"Netherlands",
"Slovakia",
"Spain",
"Philippines"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Technology",
"Telecommunications",
"Education",
"Healthcare",
"Finance",
"Retail",
"Hospitality",
"Transportation"
],
"TLP": "white",
"cloned_from": null,
"export_count": 4,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 3,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"CIDR": 47,
"FileHash-MD5": 53,
"FileHash-SHA1": 16,
"FileHash-SHA256": 1059,
"URL": 6374,
"domain": 3314,
"email": 1395,
"hostname": 3740,
"CVE": 1
},
"indicator_count": 15999,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 136,
"modified_text": "8 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "68b78d521f024d3a98fc79c8",
"name": "VT Graph miniuser - Databreach IOCs & Links",
"description": "Related to Pulse: Food for Thought (Updated 09.02.25)\n\n*Note most links are malicious",
"modified": "2025-10-03T00:01:12.616000",
"created": "2025-09-03T00:35:30.936000",
"tags": [
"kgs0",
"kls0",
"entity",
"UAlberta",
"University of Alberta",
"Hacked",
"DataBreach"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 7,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 0,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 132,
"FileHash-SHA1": 121,
"FileHash-SHA256": 711,
"URL": 83,
"domain": 50,
"hostname": 125
},
"indicator_count": 1222,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 129,
"modified_text": "241 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
},
{
"id": "67b109cbfbcc6f92c399b327",
"name": "UAlberta Breach Data - Food for thought - thoughts & input on how to 'bring some attention to this' (not enriched)",
"description": "Just thought I'd throw thisntogether and 'see what ya'll make of it' (documents a VT graph produced and slightly modified) that pulls a lot of things together. Highlights both 'some problems' - U of A / Gov. of AB (who are also some 'solutions'). \nIdeas on how to grab their attention and maybe bring some 'urgency' to this issue? I have a few solutions and ideas for everyone - problem: I require some folks to 'do their jobs' (there is not 10 of me). Thoughts on how to encourage them to act on these problems. Present status: Connected directly to them on other devices. Within literal 5 min walking range.",
"modified": "2025-05-27T07:01:17.646000",
"created": "2025-02-15T21:40:27.895000",
"tags": [
"kgs0",
"kls0"
],
"references": [
"https://www.virustotal.com/graph/embed/g1ed56ef53af34510a0e0ee0c2d204f066a8684fa5aeb4e69aef49403742ef6a5?theme=dark",
"",
"Government of AB https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecce OTX AlienVault 2096",
"UAlberta = https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665da3e8886f5e4ecbe"
],
"public": 1,
"adversary": "",
"targeted_countries": [
"United States of America",
"Canada"
],
"malware_families": [],
"attack_ids": [],
"industries": [
"Government",
"Healthcare",
"Education"
],
"TLP": "white",
"cloned_from": null,
"export_count": 6,
"upvotes_count": 0,
"downvotes_count": 0,
"votes_count": 0,
"locked": false,
"pulse_source": "web",
"validator_count": 0,
"comment_count": 5,
"follower_count": 0,
"vote": 0,
"author": {
"username": "Disable_Duck",
"id": "244325",
"avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png",
"is_subscribed": false,
"is_following": false
},
"indicator_type_counts": {
"FileHash-MD5": 215,
"FileHash-SHA1": 193,
"FileHash-SHA256": 1302,
"URL": 166,
"domain": 100,
"hostname": 234
},
"indicator_count": 2210,
"is_author": false,
"is_subscribing": null,
"subscriber_count": 131,
"modified_text": "370 days ago ",
"is_modified": true,
"groups": [],
"in_group": false,
"threat_hunter_scannable": true,
"threat_hunter_has_agents": 1,
"related_indicator_type": "URL",
"related_indicator_is_active": 1
}
],
"error": null,
"vt": {
"error": "VirusTotal rate limit reached. Try again shortly.",
"indicator": "https://account.alberta.ca/login",
"type": "URL"
},
"abuseipdb": null,
"urlhaus": {
"indicator": "https://account.alberta.ca/login",
"type": "URL",
"found": false,
"verdict": "clean",
"error": null
},
"from_cache": true,
"_cached_at": 1780356945.9046998
}