-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1ac9977
commit 12da554
Showing
4 changed files
with
4 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"description": "UrlScan Domain", "schema_version": "1.0.23", "type": "investigation", "search-txt": "domain:\"u1011145jia.ha004.t.justns.ru\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":2431625000.0001674,\"updated-perf\":2431630000.000041,\"type\":\"collect\",\"created\":\"2021-02-04T06:52:19.439Z\",\"state\":\"ok\",\"arg\":\"u1011145jia.ha004.t.justns.ru\",\"result\":[{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}],\"id\":\"collect-9453405e\",\"uuid\":\"eac1ed4d-be26-4c2e-8c98-9350b6980253\"},{\"created-perf\":2907270000.000153,\"updated-perf\":2907270000.000153,\"type\":\"deliberate\",\"created\":\"2021-02-04T06:52:19.915Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"u1011145jia.ha004.t.justns.ru\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2024-05-02T06:52:19.828Z\",\"end_time\":\"2024-06-01T06:52:19.828Z\"}}]}}}]},\"id\":\"deliberate-fc98a18c\",\"uuid\":\"38d74b7c-da83-4275-b20e-f03d503aea48\"},{\"created-perf\":4387000000.000171,\"updated-perf\":4387000000.000171,\"type\":\"investigate\",\"created\":\"2021-02-04T06:52:21.395Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"u1011145jia.ha004.t.justns.ru\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"judgement_id\":\"transient:e5f71dea-d7d4-4901-b8e4-cfe8eb828b9b\",\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2024-05-02T06:52:20.256Z\",\"end_time\":\"2024-06-01T06:52:20.256Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2024-05-02T06:52:20.256Z\",\"end_time\":\"2024-06-01T06:52:20.256Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":5,\"reason\":\"Neutral Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=u1011145jia.ha004.t.justns.ru\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:e5f71dea-d7d4-4901-b8e4-cfe8eb828b9b\",\"severity\":\"Low\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"urlscan. URL and website sandbox\",\"module_instance_id\":\"df2c646a-d9a3-4a97-a576-656a02b3b192\",\"module_type_id\":\"a0d1f3ca-bc86-4b87-b6de-496d3c4b4d63\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"description\":\"\u0421lassified as phishing\",\"tags\":[\"phishing\"],\"valid_time\":{},\"producer\":\"urlscan.io\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"\u0421lassified as phishing\",\"title\":\"phishing\",\"id\":\"transient:indicator-344f10f2-89cc-5bbb-9176-726345d25538\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:sighting-12685897-13cb-46da-8a9f-4091a33ae1b3\",\"type\":\"relationship\",\"source_ref\":\"transient:indicator-344f10f2-89cc-5bbb-9176-726345d25538\",\"id\":\"transient:relationship-cbee07de-48a9-4344-b911-150b02d91a97\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2024-05-02T06:51:28.897Z\",\"end_time\":\"2024-05-09T06:51:28.897Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"urlscan.io\",\"disposition\":2,\"external_references\":[{\"source_name\":\"urlscan.io\",\"description\":\"domURL\",\"url\":\"https://urlscan.io/dom/6441b0af-6514-4d98-8ea4-740f3b704bc4/\"},{\"source_name\":\"urlscan.io\",\"description\":\"screenshotURL\",\"url\":\"https://urlscan.io/screenshots/6441b0af-6514-4d98-8ea4-740f3b704bc4.png\"},{\"source_name\":\"urlscan.io\",\"description\":\"reportURL\",\"url\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4/\"}],\"reason\":\"phishing\",\"source_uri\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4/\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-ffae6456-ad99-4d36-b41e-9352afe40850\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Scan Result\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"urlscan.io Module\",\"relation\":\"Contains\",\"source\":{\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\",\"type\":\"url\"},\"related\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}},{\"origin\":\"urlscan.io Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"related\":{\"value\":\"2a00:b700::41\",\"type\":\"ipv6\"}},{\"origin\":\"urlscan.io Module\",\"relation\":\"Hosted_By\",\"source\":{\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\",\"type\":\"url\"},\"related\":{\"value\":\"2a00:b700::41\",\"type\":\"ipv6\"}}],\"observables\":[{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"urlscan.io\",\"external_ids\":[\"6441b0af-6514-4d98-8ea4-740f3b704bc4\"],\"internal\":false,\"source_uri\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4\",\"id\":\"transient:sighting-12685897-13cb-46da-8a9f-4091a33ae1b3\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-05-02T06:51:28.897Z\",\"end_time\":\"2024-05-02T06:51:28.897Z\"},\"data\":{\"columns\":[{\"name\":\"uniqIPs\",\"type\":\"integer\"},{\"name\":\"consoleMsgs\",\"type\":\"integer\"},{\"name\":\"uniqCountries\",\"type\":\"integer\"},{\"name\":\"dataLength\",\"type\":\"integer\"},{\"name\":\"encodedDataLength\",\"type\":\"integer\"},{\"name\":\"requests\",\"type\":\"integer\"}],\"rows\":[[10,2,6,5441552,1213680,26]]}}]}}}]},\"id\":\"investigate-93443c61\",\"uuid\":\"294a5541-c8ce-47ab-97ae-1b87fc4563c6\"},{\"created-perf\":64845255000.000175,\"updated-perf\":64845255000.000175,\"type\":\"deliberate\",\"created\":\"2021-02-04T06:53:21.864Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"url\",\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\"},{\"type\":\"ipv6\",\"value\":\"2a00:b700::41\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}],\"errors\":[{\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"code\":\"module-timeout\",\"message\":\"There was a timeout in the 'SDS-Investigate' module\",\"type\":\"warning\",\"module\":\"Talos Intelligence\"}]},\"id\":\"deliberate-f1be77f9\",\"uuid\":\"cfbc295d-b46e-421c-a6fb-731d680995e0\"}]", "short_description": "Snapshot @ 20210204 06:56:57", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-e826812c-ecb1-472c-bc74-c9ea09ec8c0a", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-02-04T06:57:10.668Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} | ||
| {"description": "UrlScan Domain", "schema_version": "1.0.23", "type": "investigation", "search-txt": "domain:\"u1011145jia.ha004.t.justns.ru\"", "source": "Anastasiia Rozlyvan", "actions": "[{\"created-perf\":2431625000.0001674,\"updated-perf\":2431630000.000041,\"type\":\"collect\",\"created\":\"2021-02-04T06:52:19.439Z\",\"state\":\"ok\",\"arg\":\"u1011145jia.ha004.t.justns.ru\",\"result\":[{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}],\"id\":\"collect-9453405e\",\"uuid\":\"eac1ed4d-be26-4c2e-8c98-9350b6980253\"},{\"created-perf\":2907270000.000153,\"updated-perf\":2907270000.000153,\"type\":\"deliberate\",\"created\":\"2021-02-04T06:52:19.915Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"u1011145jia.ha004.t.justns.ru\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2024-05-09T06:52:19.828Z\",\"end_time\":\"2024-06-08T06:52:19.828Z\"}}]}}}]},\"id\":\"deliberate-fc98a18c\",\"uuid\":\"38d74b7c-da83-4275-b20e-f03d503aea48\"},{\"created-perf\":4387000000.000171,\"updated-perf\":4387000000.000171,\"type\":\"investigate\",\"created\":\"2021-02-04T06:52:21.395Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"u1011145jia.ha004.t.justns.ru\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"judgement_id\":\"transient:e5f71dea-d7d4-4901-b8e4-cfe8eb828b9b\",\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2024-05-09T06:52:20.256Z\",\"end_time\":\"2024-06-08T06:52:20.256Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2024-05-09T06:52:20.256Z\",\"end_time\":\"2024-06-08T06:52:20.256Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":5,\"reason\":\"Neutral Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=u1011145jia.ha004.t.justns.ru\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:e5f71dea-d7d4-4901-b8e4-cfe8eb828b9b\",\"severity\":\"Low\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"urlscan. URL and website sandbox\",\"module_instance_id\":\"df2c646a-d9a3-4a97-a576-656a02b3b192\",\"module_type_id\":\"a0d1f3ca-bc86-4b87-b6de-496d3c4b4d63\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"description\":\"\u0421lassified as phishing\",\"tags\":[\"phishing\"],\"valid_time\":{},\"producer\":\"urlscan.io\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"short_description\":\"\u0421lassified as phishing\",\"title\":\"phishing\",\"id\":\"transient:indicator-344f10f2-89cc-5bbb-9176-726345d25538\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":1,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:sighting-12685897-13cb-46da-8a9f-4091a33ae1b3\",\"type\":\"relationship\",\"source_ref\":\"transient:indicator-344f10f2-89cc-5bbb-9176-726345d25538\",\"id\":\"transient:relationship-cbee07de-48a9-4344-b911-150b02d91a97\",\"relationship_type\":\"indicates\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2024-05-09T06:51:28.897Z\",\"end_time\":\"2024-05-16T06:51:28.897Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"urlscan.io\",\"disposition\":2,\"external_references\":[{\"source_name\":\"urlscan.io\",\"description\":\"domURL\",\"url\":\"https://urlscan.io/dom/6441b0af-6514-4d98-8ea4-740f3b704bc4/\"},{\"source_name\":\"urlscan.io\",\"description\":\"screenshotURL\",\"url\":\"https://urlscan.io/screenshots/6441b0af-6514-4d98-8ea4-740f3b704bc4.png\"},{\"source_name\":\"urlscan.io\",\"description\":\"reportURL\",\"url\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4/\"}],\"reason\":\"phishing\",\"source_uri\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4/\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-ffae6456-ad99-4d36-b41e-9352afe40850\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"Scan Result\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"urlscan.io Module\",\"relation\":\"Contains\",\"source\":{\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\",\"type\":\"url\"},\"related\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}},{\"origin\":\"urlscan.io Module\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"},\"related\":{\"value\":\"2a00:b700::41\",\"type\":\"ipv6\"}},{\"origin\":\"urlscan.io Module\",\"relation\":\"Hosted_By\",\"source\":{\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\",\"type\":\"url\"},\"related\":{\"value\":\"2a00:b700::41\",\"type\":\"ipv6\"}}],\"observables\":[{\"value\":\"u1011145jia.ha004.t.justns.ru\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"urlscan.io\",\"external_ids\":[\"6441b0af-6514-4d98-8ea4-740f3b704bc4\"],\"internal\":false,\"source_uri\":\"https://urlscan.io/result/6441b0af-6514-4d98-8ea4-740f3b704bc4\",\"id\":\"transient:sighting-12685897-13cb-46da-8a9f-4091a33ae1b3\",\"count\":1,\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2024-05-09T06:51:28.897Z\",\"end_time\":\"2024-05-09T06:51:28.897Z\"},\"data\":{\"columns\":[{\"name\":\"uniqIPs\",\"type\":\"integer\"},{\"name\":\"consoleMsgs\",\"type\":\"integer\"},{\"name\":\"uniqCountries\",\"type\":\"integer\"},{\"name\":\"dataLength\",\"type\":\"integer\"},{\"name\":\"encodedDataLength\",\"type\":\"integer\"},{\"name\":\"requests\",\"type\":\"integer\"}],\"rows\":[[10,2,6,5441552,1213680,26]]}}]}}}]},\"id\":\"investigate-93443c61\",\"uuid\":\"294a5541-c8ce-47ab-97ae-1b87fc4563c6\"},{\"created-perf\":64845255000.000175,\"updated-perf\":64845255000.000175,\"type\":\"deliberate\",\"created\":\"2021-02-04T06:53:21.864Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"url\",\"value\":\"https://u1011145jia.ha004.t.justns.ru/nbvde/NBC/3dd292e20a88cf34dbe6e292690fd7ed/\"},{\"type\":\"ipv6\",\"value\":\"2a00:b700::41\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}],\"errors\":[{\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"code\":\"module-timeout\",\"message\":\"There was a timeout in the 'SDS-Investigate' module\",\"type\":\"warning\",\"module\":\"Talos Intelligence\"}]},\"id\":\"deliberate-f1be77f9\",\"uuid\":\"cfbc295d-b46e-421c-a6fb-731d680995e0\"}]", "short_description": "Snapshot @ 20210204 06:56:57", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-e826812c-ecb1-472c-bc74-c9ea09ec8c0a", "tlp": "amber", "groups": ["32e22c6d-7624-477e-8bbd-989c979b552e"], "timestamp": "2021-02-04T06:57:10.668Z", "owner": "9d64bbce-2e7c-43f0-b9d7-0e2fa3c2d88d"} |
Oops, something went wrong.