{ "type": "Domain", "indicator": "decoder.cloud", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/decoder.cloud", "alexa": "http://www.alexa.com/siteinfo/decoder.cloud", "indicator": "decoder.cloud", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3764858016, "indicator": "decoder.cloud", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69aed6b7d976e6f460341484", "name": "IOCS & Wins EXE", "description": "ive already had 4 harrassing calls today. do better.", "modified": "2026-04-08T00:00:45.252000", "created": "2026-03-09T14:18:31.220000", "tags": [ "yara detections", "high", "pulse pulses", "av detections", "ids detections", "alerts", "analysis date", "file score", "detections alf", "related pulses", "june", "virustotal", "copy", "guard" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 101, "FileHash-SHA1": 101, "FileHash-SHA256": 100, "URL": 24, "domain": 2, "hostname": 5 }, "indicator_count": 335, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651e7759f5cd95dc5864eb42", "name": "Multiple Booking Websites Compromised Due to Critical Vulnerabilities in Booking Engine", "description": "", "modified": "2023-10-05T08:44:50.872000", "created": "2023-10-05T08:44:09.213000", "tags": [ "bitdefender", "irm next generation", "resort data processing", "october", "compliance", "compliance live", "webinar", "close", "risk management", "security", "virgin islands", "september", "ismg account", "burma", "bugs", "evolution", "june", "general", "service", "look", "already", "king", "august", "cyber", "microbackdoor", "tips", "night", "strong", "server", "micro backdoor", "file", "resort", "path", "xmodule", "compromise", "martin", "first", "twitter", "themida", "execution", "comspec", "persistence", "enterprise", "security media", "dbir", "data breach investigations report", "learn", "read", "public sector", "level", "medium business", "healthcare", "utilities", "download", "data breach", "small", "energy", "contact", "sector", "find", "execute", "avast free", "kinghamlet king", "hamlet", "attack", "key use", "antivirus date", "eset nod32", "mcafee total", "windows", "system", "system account", "windows server", "microsoft", "though", "james forshaw", "logon session", "little too", "service account", "bits", "exploit" ], "references": [ "https://itm4n.github.io/printspooferSeptember 09th 2023 - CryptoGen Cyber Threat Intelligence Advisory #3214 - Multiple Booking Websites Compromised Due to Critical Vulnerabilities in Booking Engine-abusing-impersonate-privileges/" ], "public": 1, "adversary": "Security Media", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Hospitality", "Food" ], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 50, "domain": 2, "URL": 3, "email": 1, "hostname": 3 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://itm4n.github.io/printspooferSeptember 09th 2023 - CryptoGen Cyber Threat Intelligence Advisory #3214 - Multiple Booking Websites Compromised Due to Critical Vulnerabilities in Booking Engine-abusing-impersonate-privileges/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Security Media" ], "malware_families": [], "industries": [ "Food", "Hospitality" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69aed6b7d976e6f460341484", "name": "IOCS & Wins EXE", "description": "ive already had 4 harrassing calls today. do better.", "modified": "2026-04-08T00:00:45.252000", "created": "2026-03-09T14:18:31.220000", "tags": [ "yara detections", "high", "pulse pulses", "av detections", "ids detections", "alerts", "analysis date", "file score", "detections alf", "related pulses", "june", "virustotal", "copy", "guard" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 101, "FileHash-SHA1": 101, "FileHash-SHA256": 100, "URL": 24, "domain": 2, "hostname": 5 }, "indicator_count": 335, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651e7759f5cd95dc5864eb42", "name": "Multiple Booking Websites Compromised Due to Critical Vulnerabilities in Booking Engine", "description": "", "modified": "2023-10-05T08:44:50.872000", "created": "2023-10-05T08:44:09.213000", "tags": [ "bitdefender", "irm next generation", "resort data processing", "october", "compliance", "compliance live", "webinar", "close", "risk management", "security", "virgin islands", "september", "ismg account", "burma", "bugs", "evolution", "june", "general", "service", "look", "already", "king", "august", "cyber", "microbackdoor", "tips", "night", "strong", "server", "micro backdoor", "file", "resort", "path", "xmodule", "compromise", "martin", "first", "twitter", "themida", "execution", "comspec", "persistence", "enterprise", "security media", "dbir", "data breach investigations report", "learn", "read", "public sector", "level", "medium business", "healthcare", "utilities", "download", "data breach", "small", "energy", "contact", "sector", "find", "execute", "avast free", "kinghamlet king", "hamlet", "attack", "key use", "antivirus date", "eset nod32", "mcafee total", "windows", "system", "system account", "windows server", "microsoft", "though", "james forshaw", "logon session", "little too", "service account", "bits", "exploit" ], "references": [ "https://itm4n.github.io/printspooferSeptember 09th 2023 - CryptoGen Cyber Threat Intelligence Advisory #3214 - Multiple Booking Websites Compromised Due to Critical Vulnerabilities in Booking Engine-abusing-impersonate-privileges/" ], "public": 1, "adversary": "Security Media", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [ "Hospitality", "Food" ], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 10, "FileHash-MD5": 50, "domain": 2, "URL": 3, "email": 1, "hostname": 3 }, "indicator_count": 69, "is_author": false, "is_subscribing": null, "subscriber_count": 499, "modified_text": "970 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "decoder.cloud", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "decoder.cloud", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780371948.070528 }