{
  "type": "URL",
  "indicator": "https://www.overdrive.com/apps/libby",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://www.overdrive.com/apps/libby",
    "type": "url",
    "type_title": "URL",
    "validation": [
      {
        "source": "akamai",
        "message": "Akamai rank: #3879",
        "name": "Akamai Popular Domain"
      },
      {
        "source": "whitelist",
        "message": "Whitelisted domain overdrive.com",
        "name": "Whitelisted domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain overdrive.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 4289235540,
      "indicator": "https://www.overdrive.com/apps/libby",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 2,
      "pulses": [
        {
          "id": "69cc876e1a85eb578af3460c",
          "name": "Gatsby.",
          "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
          "modified": "2026-05-17T15:52:23.338000",
          "created": "2026-04-01T02:48:14.165000",
          "tags": [
            "a nxdomain",
            "unknown",
            "ip address",
            "domain",
            "present jun",
            "files",
            "ip related",
            "pulses otx",
            "pulses",
            "tags",
            "number",
            "ja3s",
            "get http",
            "ja3 client",
            "ja3 server",
            "ssdeep",
            "file type",
            "magic ascii",
            "crlf line",
            "trid digital",
            "unix",
            "cache entry",
            "zstandard",
            "dictionary id",
            "extra info",
            "process",
            "performs dns",
            "urls",
            "domain ip",
            "tls version",
            "https"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 272,
            "domain": 170,
            "hostname": 281,
            "FileHash-MD5": 170,
            "FileHash-SHA1": 51,
            "FileHash-SHA256": 113,
            "email": 6
          },
          "indicator_count": 1063,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 70,
          "modified_text": "16 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cc7c56a6de2ada64f680a3",
          "name": "VirusTotal report\n                    for index.html",
          "description": "A full report on an attack on the Windows operating system:   Google Tag Manager for GA4, a search engine for web addresses, and the results of an investigation into a malicious web address. https://www.virustotal.com/gui/file/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4/behavior",
          "modified": "2026-05-01T02:13:09.867000",
          "created": "2026-04-01T02:00:54.253000",
          "tags": [
            "performs dns",
            "file type",
            "https",
            "united",
            "urls",
            "unix",
            "cache entry",
            "tls version",
            "mitre attack",
            "network info",
            "phishing",
            "next"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 2,
            "FileHash-SHA1": 2,
            "FileHash-SHA256": 12,
            "URL": 62,
            "domain": 12,
            "hostname": 56
          },
          "indicator_count": 146,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "32 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 561
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/overdrive.com",
    "whois": "http://whois.domaintools.com/overdrive.com",
    "domain": "overdrive.com",
    "hostname": "www.overdrive.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 2,
  "pulses": [
    {
      "id": "69cc876e1a85eb578af3460c",
      "name": "Gatsby.",
      "description": "The results of an analysis of data gathered from a single web address are published on the website of the University of California, San Francisco, as part of its 2016/17 Research into Open Access.<pretext.fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4",
      "modified": "2026-05-17T15:52:23.338000",
      "created": "2026-04-01T02:48:14.165000",
      "tags": [
        "a nxdomain",
        "unknown",
        "ip address",
        "domain",
        "present jun",
        "files",
        "ip related",
        "pulses otx",
        "pulses",
        "tags",
        "number",
        "ja3s",
        "get http",
        "ja3 client",
        "ja3 server",
        "ssdeep",
        "file type",
        "magic ascii",
        "crlf line",
        "trid digital",
        "unix",
        "cache entry",
        "zstandard",
        "dictionary id",
        "extra info",
        "process",
        "performs dns",
        "urls",
        "domain ip",
        "tls version",
        "https"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 272,
        "domain": 170,
        "hostname": 281,
        "FileHash-MD5": 170,
        "FileHash-SHA1": 51,
        "FileHash-SHA256": 113,
        "email": 6
      },
      "indicator_count": 1063,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 70,
      "modified_text": "16 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cc7c56a6de2ada64f680a3",
      "name": "VirusTotal report\n                    for index.html",
      "description": "A full report on an attack on the Windows operating system:   Google Tag Manager for GA4, a search engine for web addresses, and the results of an investigation into a malicious web address. https://www.virustotal.com/gui/file/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4/behavior",
      "modified": "2026-05-01T02:13:09.867000",
      "created": "2026-04-01T02:00:54.253000",
      "tags": [
        "performs dns",
        "file type",
        "https",
        "united",
        "urls",
        "unix",
        "cache entry",
        "tls version",
        "mitre attack",
        "network info",
        "phishing",
        "next"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/fb43553d906781edd1ae894cf50d7735a1207fcad1123eb837d55eb4d448fed4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775009023&Signature=PziYPmignr4yS1lhHo3FLsy%2B3wv6NV3HLbjKGJEMNVGQ9aD9FDW5NK9YX72ZvwWQuRF%2Btlid2IMM4%2FSbExMWxsHBCbZgbfKOPbTmlL18CN3TRx76z6G99I5R3PdJ22Af%2FxunZxS5jido7mF%2FfbGNwDC%2FCsiIAEzqUMOrSXJSl5nL8wRA1i6D%2FlUeL5y9QJrChIb8dpWja0nNAlwwrI7VYKsu75vAi%2Fb0cjTeplMhdUDufC3dilUscH"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 2,
        "FileHash-SHA1": 2,
        "FileHash-SHA256": 12,
        "URL": 62,
        "domain": 12,
        "hostname": 56
      },
      "indicator_count": 146,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "32 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://www.overdrive.com/apps/libby",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://www.overdrive.com/apps/libby",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780423868.4200587
}