{ "type": "URL", "indicator": "https://api.phonebook.cz", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.phonebook.cz", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3930940887, "indicator": "https://api.phonebook.cz", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "126 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c4780e758249ca5e4e2345", "name": "easydns[.]com - 09.12.25", "description": "Just taking a peak into something", "modified": "2025-10-12T19:19:29.699000", "created": "2025-09-12T19:44:14.645000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "pcap processing", "pcap", "brand", "gecko", "win64", "khtml", "windows nt", "microsoft edge", "ansi", "cookie", "date", "apache", "accept", "window", "wind", "suspicious", "mozi", "mozilla", "comspec", "hybrid", "model", "close", "click", "hosts", "bran", "general", "path", "encrypt", "form", "iframe", "dest", "strings", "contact", "url", "scanner", "reputation", "phishing", "wordpress", "javascript", "google tag", "manager", "domain", "mysql", "warning icon", "share report", "systems", "cloudflare", "write", "beaver", "static analyzer", "emulation", "analyzer", "asset search", "entity", "virus", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "platform", "please" ], "references": [ "https://hybrid-analysis.com/sample/bae6209a84b8b9558b228097c01111583ce257b69a6b25e19986a0a4d29adda2/68c46ded99414072330569f7", "https://urlquery.net/report/647c05f2-4e0d-4b33-8ec7-4c949e928bfb", "https://app.threat.zone/submission/bee9384a-885f-4a41-84d1-3fd6a20a6202/url-analysis-report", "https://www.criminalip.io/asset/search?query=easydns.com", "https://www.virustotal.com/graph/embed/g69ea548b8df6420181ba26257fd94c975c372d52a00741e0962ca0f024740ffa?theme=dark", "https://www.filescan.io/uploads/68c46d04dbc6f5a29c427d1b/reports/f599fde4-a148-45cd-a7f8-ecc996938de2/ioc", "https://www.virustotal.com/gui/domain/easydns.com/details", "https://www.virustotal.com/gui/domain/easydns.com/relations", "https://intelx.io/?s=easydns.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beaver", "display_name": "Beaver", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 140, "FileHash-SHA1": 133, "FileHash-SHA256": 507, "SSLCertFingerprint": 16, "URL": 271, "domain": 68, "email": 3, "hostname": 273 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "189 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66a93c8f75886d2d79470aae", "name": "dosdean[@]ualberta[.]ca breach and leak of PII - [CA]54[.]39[.]36[.]60.rar/Important Files/Profile/Desktop/CA.txt", "description": "dosdean[@]ualberta[.]ca breach and leak of PII - [CA]54[.]39[.]36[.]60.rar/Important Files/Profile/Desktop/CA.txt\nThis collection is a puzzle piece outlining the what and where re: an unreported leak (detected with Intelligence X) by some leadership/admin folks\nhttps://intelx.io/?s=dosdean%40ualberta.ca\n07.30.24: https://www.virustotal.com/graph/embed/g5d1e9d5c08cc40108a8b683c12187fd93590ba8e2a614af3a045039b3f03f866?theme=dark", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-30T19:18:39.681000", "tags": [ "please", "javascript", "entity", "ovh sas", "intelligence x", "results", "product blog", "login", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/summary", "https://www.virustotal.com/graph/embed/g5d1e9d5c08cc40108a8b683c12187fd93590ba8e2a614af3a045039b3f03f866?theme=dark", "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/iocs", "https://intelx.io/?s=dosdean%40ualberta.ca" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 303, "URL": 36, "domain": 22, "hostname": 164, "CVE": 8 }, "indicator_count": 659, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.urlvoid.com/dns-records-lookup/", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://intelx.io/?s=easydns.com", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://bgpview.io/asn/3359#whois", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://app.threat.zone/submission/bee9384a-885f-4a41-84d1-3fd6a20a6202/url-analysis-report", "https://www.virustotal.com/graph/embed/g5d1e9d5c08cc40108a8b683c12187fd93590ba8e2a614af3a045039b3f03f866?theme=dark", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://viz.greynoise.io/query/AS3359", "https://dnsdumpster.com/", "https://hybrid-analysis.com/sample/bae6209a84b8b9558b228097c01111583ce257b69a6b25e19986a0a4d29adda2/68c46ded99414072330569f7", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.shodan.io/search?query=ualberta.ca", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://www.criminalip.io/asset/search?query=easydns.com", "https://intelx.io/?s=ualberta.ca", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "https://search.odin.io/hosts?query=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://www.virustotal.com/gui/domain/easydns.com/relations", "https://www.whoxy.com/ualberta.ca", "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/summary", "https://www.virustotal.com/graph/embed/g69ea548b8df6420181ba26257fd94c975c372d52a00741e0962ca0f024740ffa?theme=dark", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://whois.domaintools.com/ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://who.is/whois/ualberta.ca", "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/iocs", "https://bgp.he.net/dns/ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.filescan.io/uploads/68c46d04dbc6f5a29c427d1b/reports/f599fde4-a148-45cd-a7f8-ecc996938de2/ioc", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://centralops.net/co/", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.virustotal.com/gui/domain/easydns.com/details", "https://urlquery.net/report/647c05f2-4e0d-4b33-8ec7-4c949e928bfb", "https://intelx.io/?s=dosdean%40ualberta.ca", "https://www.criminalip.io/asset/search?query=ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://whois.easycounter.com/ualberta.ca" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Beaver" ], "industries": [ "Education", "Technology" ], "unique_indicators": 11975 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/phonebook.cz", "whois": "http://whois.domaintools.com/phonebook.cz", "domain": "phonebook.cz", "hostname": "api.phonebook.cz" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68b60cdecf42fb532f2ceb12", "name": "U of A DataBreach Update - 11.13.25", "description": "Domain Analysis that serves as evidence of an on-going DataBreaches at the University of Alberta with associated references.\nAnalysis demonstrates abused critical infrastructure in the Province of Alberta stemming from UAlberta as detailed in this Pulse.", "modified": "2025-12-13T22:01:27.739000", "created": "2025-09-01T21:15:10.117000", "tags": [ "as16509", "amazon02", "redirect", "tags", "as14618", "amazonaes", "search", "public", "search live", "api blog", "patch http", "please", "javascript", "url", "website", "web", "scanner", "analyze", "analyzer", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login", "greynoise", "visualizer skip", "service status", "company blog", "us careers", "policies vpat", "slo privacy", "cookie patent", "copyright", "google privacy", "sandbox", "reputation", "phishing", "malware", "amazon web", "services", "warning icon", "share report", "systems", "cloudflare", "varnish", "nginx", "apache", "write", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "course", "program", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/iocs", "https://www.virustotal.com/gui/collection/081aaa3e4cc9594cebbd39781c156d337527737e7123481e44ca9de1b39852ee/summary", "https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://viz.greynoise.io/ip/analysis/d90b0bd7-aaa1-4ea6-93c1-92bfd2d8f930", "https://urlquery.net/report/e9f9c430-fb2f-4166-8bfb-500339fdb9c0", "https://www.filescan.io/uploads/68b608d639a6221faa7935aa/reports/dd218cea-f81d-43ed-97fe-dd8c5aec52a3/ioc", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43", "https://viz.greynoise.io/query/AS3359", "https://www.virustotal.com/graph/embed/g4022b02acb3b46ddb4b24043845853d9f56a84d80b5849188fee79c90217d4ca?theme=dark", "http://ci-www.threatcrowd.org/domain.php?domain=ualberta.ca", "https://www.urlvoid.com/dns-records-lookup/", "https://www.shodan.io/search?query=ualberta.ca", "https://dnsdumpster.com/", "https://bgpview.io/asn/3359#whois", "https://centralops.net/co/", "https://app.netlas.io/domains/stats/?facets=domain&indices=&q=domain%3A%2A.ualberta.ca&size=1100", "09.10.25 - https://viz.greynoise.io/ip/analysis/df2c8c37-f8f2-4398-b709-7c716b03b697", "09.10.25 - https://urlscan.io/search/#page.domain%3Awww.ualberta.ca", "https://hybrid-analysis.com/sample/3b036b4b2b1d24e19238c6af7bbfaba465cf54cb2f9aab048002deddeafb7f43/680e723df123be6c63004290", "https://www.criminalip.io/asset/search?query=ualberta.ca", "09.20.25 - https://urlscan.io/search/#page.domain%3Aualberta.ca", "https://app.threat.zone/submission/c70698bf-881e-491a-a582-eee634b4bf73/url-analysis-report", "https://whois.domaintools.com/ualberta.ca", "https://research.domaintools.com/research/whois-history/search/?q=ualberta.ca", "https://viewdns.info/iphistory/?domain=ualberta.ca", "https://viewdns.info/portscan/?host=ualberta.ca", "https://whois.easycounter.com/ualberta.ca", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=ualberta.ca", "https://who.is/whois/ualberta.ca", "https://www.robtex.com/en/dns-lookup/ca/ualberta", "https://www.whoxy.com/ualberta.ca", "https://reverseip.domaintools.com/search/?q=ualberta.ca", "https://bgp.he.net/dns/ualberta.ca", "https://intelx.io/?s=ualberta.ca", "https://pulsedive.com/indicator/?indicator=ualberta.ca", "https://web.archive.org/web/20250000000000*/ualberta.ca", "https://crt.sh/?q=ualberta.ca&exclude=expired&group=none", "https://viewdns.info/traceroute/?domain=ualberta.ca", "https://centralops.net/co/DomainDossier.aspx", "https://search.odin.io/hosts?query=ualberta.ca", "https://www.merklemap.com/search?query=ualberta.ca&page=0" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 92, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 9901, "domain": 790, "email": 982, "hostname": 10520, "FileHash-MD5": 550, "FileHash-SHA256": 1726, "FileHash-SHA1": 519, "SSLCertFingerprint": 64, "CIDR": 26, "CVE": 12 }, "indicator_count": 25090, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "126 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68c4780e758249ca5e4e2345", "name": "easydns[.]com - 09.12.25", "description": "Just taking a peak into something", "modified": "2025-10-12T19:19:29.699000", "created": "2025-09-12T19:44:14.645000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "pcap processing", "pcap", "brand", "gecko", "win64", "khtml", "windows nt", "microsoft edge", "ansi", "cookie", "date", "apache", "accept", "window", "wind", "suspicious", "mozi", "mozilla", "comspec", "hybrid", "model", "close", "click", "hosts", "bran", "general", "path", "encrypt", "form", "iframe", "dest", "strings", "contact", "url", "scanner", "reputation", "phishing", "wordpress", "javascript", "google tag", "manager", "domain", "mysql", "warning icon", "share report", "systems", "cloudflare", "write", "beaver", "static analyzer", "emulation", "analyzer", "asset search", "entity", "virus", "ransomware", "static", "indicator of compromise", "ioc", "extraction", "platform", "please" ], "references": [ "https://hybrid-analysis.com/sample/bae6209a84b8b9558b228097c01111583ce257b69a6b25e19986a0a4d29adda2/68c46ded99414072330569f7", "https://urlquery.net/report/647c05f2-4e0d-4b33-8ec7-4c949e928bfb", "https://app.threat.zone/submission/bee9384a-885f-4a41-84d1-3fd6a20a6202/url-analysis-report", "https://www.criminalip.io/asset/search?query=easydns.com", "https://www.virustotal.com/graph/embed/g69ea548b8df6420181ba26257fd94c975c372d52a00741e0962ca0f024740ffa?theme=dark", "https://www.filescan.io/uploads/68c46d04dbc6f5a29c427d1b/reports/f599fde4-a148-45cd-a7f8-ecc996938de2/ioc", "https://www.virustotal.com/gui/domain/easydns.com/details", "https://www.virustotal.com/gui/domain/easydns.com/relations", "https://intelx.io/?s=easydns.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Beaver", "display_name": "Beaver", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 140, "FileHash-SHA1": 133, "FileHash-SHA256": 507, "SSLCertFingerprint": 16, "URL": 271, "domain": 68, "email": 3, "hostname": 273 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "189 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "66a93c8f75886d2d79470aae", "name": "dosdean[@]ualberta[.]ca breach and leak of PII - [CA]54[.]39[.]36[.]60.rar/Important Files/Profile/Desktop/CA.txt", "description": "dosdean[@]ualberta[.]ca breach and leak of PII - [CA]54[.]39[.]36[.]60.rar/Important Files/Profile/Desktop/CA.txt\nThis collection is a puzzle piece outlining the what and where re: an unreported leak (detected with Intelligence X) by some leadership/admin folks\nhttps://intelx.io/?s=dosdean%40ualberta.ca\n07.30.24: https://www.virustotal.com/graph/embed/g5d1e9d5c08cc40108a8b683c12187fd93590ba8e2a614af3a045039b3f03f866?theme=dark", "modified": "2024-09-03T00:02:13.980000", "created": "2024-07-30T19:18:39.681000", "tags": [ "please", "javascript", "entity", "ovh sas", "intelligence x", "results", "product blog", "login", "sign", "most relevant", "darknet", "please search", "search advanced", "categories date", "term", "slow", "scroll", "UAlberta" ], "references": [ "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/summary", "https://www.virustotal.com/graph/embed/g5d1e9d5c08cc40108a8b683c12187fd93590ba8e2a614af3a045039b3f03f866?theme=dark", "https://www.virustotal.com/gui/collection/548c5a0005aa38898622757c81250a39ff50e3c9abc7c671954e169ea72f50be/iocs", "https://intelx.io/?s=dosdean%40ualberta.ca" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "FileHash-MD5": 62, "FileHash-SHA1": 62, "FileHash-SHA256": 303, "URL": 36, "domain": 22, "hostname": 164, "CVE": 8 }, "indicator_count": 659, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.phonebook.cz", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.phonebook.cz", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776629944.9790244 }