{ "type": "Domain", "indicator": "scrd.ca", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/scrd.ca", "alexa": "http://www.alexa.com/siteinfo/scrd.ca", "indicator": "scrd.ca", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3559937210, "indicator": "scrd.ca", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69ba62b66d734aee46237920", "name": "Ransomware Victims for Canada - 03.18.26", "description": "A complete list of Canadian companies and companies identified as victims of the recent ransomware attack, which has affected more than 200,000 victims in the past two years, has been released by the Canadian government.", "modified": "2026-03-18T08:30:44.581000", "created": "2026-03-18T08:30:44.581000", "tags": [ "discovered", "attack", "canada", "canada logo", "logo", "ca play", "ca qilin", "play", "ca akira", "ca lockbit3", "ontario", "clop", "hunters", "energy", "everest", "dragonforce", "school", "metaencryptor", "ransom", "corona", "courier", "john", "termite", "ransomhouse", "calgary", "netwalker", "infostealer", "green", "alarm", "tridentlocker", "kryptos", "securotrop", "onex", "april", "hacked", "nightspire", "metal", "star", "underground", "michael", "mind", "zhang", "team", "target", "sant", "service", "krypton", "alliance", "pacer", "arctic", "pizza", "avoslocker", "gisborne", "building materials", "evergreen hospitality", "supply chain", "phantom security", "lawrie insurance", "indigo ent", "mbtw", "universal realty", "schauenburg", "liftow", "sundher", "osland financial", "myers automotive", "inland", "ransomware", "api", "rss", "breach", "leak", "post", "gang", "data", "tracking", "tracker", "monitoring", "monitor", "victim", "group", "ransomwatch", "julien", "mousqueton", "julien mousqueton", "cybersoc", "cti", "negotiations", "ransomnote", "ioc", "yara", "ttps", "soc", "qilin", "lockbit3", "incransom", "akira", "ransomhub", "safepay", "blackbasta", "lynx", "medusa", "cactus", "dispossessor", "bianlian", "monti", "rhysida", "sarcoma", "devman", "meow", "sinobi", "worldleaks", "killsec", "interlock", "kraken", "toufan", "royal", "warlock", "cicada3301", "funksec", "kairos", "cloak", "nokoyawa", "snatch", "ransomexx", "maze", "contact", "rock", "ailock", "medusalocker", "obscura", "light", "brotherhood", "anubis", "d4rk4rmy", "dunghill", "apos", "gunra", "ralord", "silent", "payoutsking", "story", "frag", "niko", "helldown", "trinity", "qiulong", "blackout", "daixin", "blackbyte", "vicesociety", "darkside", "egregor", "doppelpaymer", "conti", "Edmonton", "Alberta", "UAlberta", "UofC", "Keyano", "Telus" ], "references": [ "https://www.ransomware.live/country/CAN" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Gisborne", "display_name": "Gisborne", "target": null }, { "id": "Evergreen Hospitality", "display_name": "Evergreen Hospitality", "target": null }, { "id": "Supply Chain", "display_name": "Supply Chain", "target": null }, { "id": "Phantom Security", "display_name": "Phantom Security", "target": null }, { "id": "Lawrie Insurance", "display_name": "Lawrie Insurance", "target": null }, { "id": "Indigo ENT", "display_name": "Indigo ENT", "target": null }, { "id": "MBTW", "display_name": "MBTW", "target": null }, { "id": "UNIVERSAL REALTY", "display_name": "UNIVERSAL REALTY", "target": null }, { "id": "Schauenburg", "display_name": "Schauenburg", "target": null }, { "id": "Liftow", "display_name": "Liftow", "target": null }, { "id": "Sundher", "display_name": "Sundher", "target": null }, { "id": "Osland Financial", "display_name": "Osland Financial", "target": null }, { "id": "Myers Automotive", "display_name": "Myers Automotive", "target": null }, { "id": "Inland", "display_name": "Inland", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [ "Medical", "Health", "Food", "Hospitality", "Healthcare", "Financial Services", "Energy", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1909, "domain": 251, "hostname": 804, "FileHash-SHA256": 13 }, "indicator_count": 2977, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6330e95fc68aef9a74c3dadd", "name": "Twitter Feed - RedPacketSec - 25-09-2022", "description": "", "modified": "2022-09-25T23:50:55.533000", "created": "2022-09-25T23:50:55.533000", "tags": [ "ransomware" ], "references": [ "https://twitter.com/RedPacketSec/status/1573902722885115904", "https://twitter.com/RedPacketSec/status/1573902723858268160", "https://twitter.com/RedPacketSec/status/1573902724814589952", "https://twitter.com/RedPacketSec/status/1573902721832345603", "https://twitter.com/RedPacketSec/status/1574084256934117379", "https://twitter.com/RedPacketSec/status/1574084257936543745", "https://twitter.com/RedPacketSec/status/1574084255873126401" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1346 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/RedPacketSec/status/1573902721832345603", "https://www.ransomware.live/country/CAN", "https://twitter.com/RedPacketSec/status/1573902723858268160", "https://twitter.com/RedPacketSec/status/1574084257936543745", "https://twitter.com/RedPacketSec/status/1573902724814589952", "https://twitter.com/RedPacketSec/status/1574084256934117379", "https://twitter.com/RedPacketSec/status/1573902722885115904", "https://twitter.com/RedPacketSec/status/1574084255873126401" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Myers automotive", "Liftow", "Sundher", "Phantom security", "Supply chain", "Indigo ent", "Inland", "Gisborne", "Evergreen hospitality", "Universal realty", "Schauenburg", "Lawrie insurance", "Osland financial", "Mbtw" ], "industries": [ "Education", "Hospitality", "Financial services", "Healthcare", "Energy", "Medical", "Telecommunications", "Food", "Health" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69ba62b66d734aee46237920", "name": "Ransomware Victims for Canada - 03.18.26", "description": "A complete list of Canadian companies and companies identified as victims of the recent ransomware attack, which has affected more than 200,000 victims in the past two years, has been released by the Canadian government.", "modified": "2026-03-18T08:30:44.581000", "created": "2026-03-18T08:30:44.581000", "tags": [ "discovered", "attack", "canada", "canada logo", "logo", "ca play", "ca qilin", "play", "ca akira", "ca lockbit3", "ontario", "clop", "hunters", "energy", "everest", "dragonforce", "school", "metaencryptor", "ransom", "corona", "courier", "john", "termite", "ransomhouse", "calgary", "netwalker", "infostealer", "green", "alarm", "tridentlocker", "kryptos", "securotrop", "onex", "april", "hacked", "nightspire", "metal", "star", "underground", "michael", "mind", "zhang", "team", "target", "sant", "service", "krypton", "alliance", "pacer", "arctic", "pizza", "avoslocker", "gisborne", "building materials", "evergreen hospitality", "supply chain", "phantom security", "lawrie insurance", "indigo ent", "mbtw", "universal realty", "schauenburg", "liftow", "sundher", "osland financial", "myers automotive", "inland", "ransomware", "api", "rss", "breach", "leak", "post", "gang", "data", "tracking", "tracker", "monitoring", "monitor", "victim", "group", "ransomwatch", "julien", "mousqueton", "julien mousqueton", "cybersoc", "cti", "negotiations", "ransomnote", "ioc", "yara", "ttps", "soc", "qilin", "lockbit3", "incransom", "akira", "ransomhub", "safepay", "blackbasta", "lynx", "medusa", "cactus", "dispossessor", "bianlian", "monti", "rhysida", "sarcoma", "devman", "meow", "sinobi", "worldleaks", "killsec", "interlock", "kraken", "toufan", "royal", "warlock", "cicada3301", "funksec", "kairos", "cloak", "nokoyawa", "snatch", "ransomexx", "maze", "contact", "rock", "ailock", "medusalocker", "obscura", "light", "brotherhood", "anubis", "d4rk4rmy", "dunghill", "apos", "gunra", "ralord", "silent", "payoutsking", "story", "frag", "niko", "helldown", "trinity", "qiulong", "blackout", "daixin", "blackbyte", "vicesociety", "darkside", "egregor", "doppelpaymer", "conti", "Edmonton", "Alberta", "UAlberta", "UofC", "Keyano", "Telus" ], "references": [ "https://www.ransomware.live/country/CAN" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [ { "id": "Gisborne", "display_name": "Gisborne", "target": null }, { "id": "Evergreen Hospitality", "display_name": "Evergreen Hospitality", "target": null }, { "id": "Supply Chain", "display_name": "Supply Chain", "target": null }, { "id": "Phantom Security", "display_name": "Phantom Security", "target": null }, { "id": "Lawrie Insurance", "display_name": "Lawrie Insurance", "target": null }, { "id": "Indigo ENT", "display_name": "Indigo ENT", "target": null }, { "id": "MBTW", "display_name": "MBTW", "target": null }, { "id": "UNIVERSAL REALTY", "display_name": "UNIVERSAL REALTY", "target": null }, { "id": "Schauenburg", "display_name": "Schauenburg", "target": null }, { "id": "Liftow", "display_name": "Liftow", "target": null }, { "id": "Sundher", "display_name": "Sundher", "target": null }, { "id": "Osland Financial", "display_name": "Osland Financial", "target": null }, { "id": "Myers Automotive", "display_name": "Myers Automotive", "target": null }, { "id": "Inland", "display_name": "Inland", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" } ], "industries": [ "Medical", "Health", "Food", "Hospitality", "Healthcare", "Financial Services", "Energy", "Education", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1909, "domain": 251, "hostname": 804, "FileHash-SHA256": 13 }, "indicator_count": 2977, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6330e95fc68aef9a74c3dadd", "name": "Twitter Feed - RedPacketSec - 25-09-2022", "description": "", "modified": "2022-09-25T23:50:55.533000", "created": "2022-09-25T23:50:55.533000", "tags": [ "ransomware" ], "references": [ "https://twitter.com/RedPacketSec/status/1573902722885115904", "https://twitter.com/RedPacketSec/status/1573902723858268160", "https://twitter.com/RedPacketSec/status/1573902724814589952", "https://twitter.com/RedPacketSec/status/1573902721832345603", "https://twitter.com/RedPacketSec/status/1574084256934117379", "https://twitter.com/RedPacketSec/status/1574084257936543745", "https://twitter.com/RedPacketSec/status/1574084255873126401" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "1346 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "scrd.ca", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "scrd.ca", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780450997.3920028 }