{ "type": "Domain", "indicator": "incodesolutions.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/incodesolutions.com", "alexa": "http://www.alexa.com/siteinfo/incodesolutions.com", "indicator": "incodesolutions.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 143021473, "indicator": "incodesolutions.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69f47e886aac3dce3a958d27", "name": "2011: Malware Analysis Report", "description": "", "modified": "2026-05-01T10:20:56.666000", "created": "2026-05-01T10:20:56.666000", "tags": [], "references": [ "2011-03-11 - Trojan.Koredos Comes with an Unwelcomed Surprise.pdf", "2011-01-20 - Beschreibung des Virus Backdoor.Win32. Buterat.afj.pdf", "2011-03-08 - Worm-Win32-Yimfoca.A.pdf", "2011-03-02 - TDL4 and Glupteba- Piggyback PiggyBugs.pdf", "2011-04-26 - SpyEye Targets Opera, Google Chrome Users.pdf", "2011-03-28 - Microsoft Hunting Rustock Controllers.pdf", "2011-01-09 - Jan 6 CVE-2010-3333 DOC with info theft trojan from the American Chamber of Commerce.pdf", "2011-04-19 - TDSS part 1- The x64 Dollar Question.pdf", "2011-04-16 - Troj-Sasfis-O.pdf", "2011-05-19 - Win32-Expiro.pdf", "2011-06-22 - Criminals gain control over Mac with BackDoor.Olyx.pdf", "2011-04-30 - BKA-Trojaner (Ransomware).pdf", "2011-06-29 - Inside a Back Door Attack.pdf", "2011-07-26 - SpyEye Trojan defeating online banking defenses.pdf", "2011-04-28 - Un observateur d\u2019\u00e9v\u00e9nements aveugle\u2026.pdf", "2011-07-08 - Trojan.Mayachok.2- ?????? ??????? ?????????? VBR-???????.pdf", "2011-07-14 - Cycbot- Ready to Ride.pdf", "2011-07-06 - Cybercriminals switch from MBR to NTFS.pdf", "2011-07-28 - Trojan Tricks Victims Into Transferring Funds.pdf", "2011-08-27 - Morto.A.pdf", "2011-01-30 - GpCode Ransomware 2010 Simple Analysis.pdf", "2011-08-03 - HTran and the Advanced Persistent Threat.pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading.pdf", "2011-09-09 - BIOS Threat is Showing up Again!.pdf", "2011-09-02 - ZeuS Gets Another Update.pdf", "2011-08-24 - Ice IX, the first crimeware based on the leaked ZeuS sources.pdf", "2011-09-13 - Mebromi- the first BIOS rootkit in the wild.pdf", "2011-08-04 - Analysis of ngrBot.pdf", "2011-09-14 - Ice IX- not cool at all.pdf", "2011-09-14 - Malware burrows deep into computer BIOS to escape AV.pdf", "2011-09-19 - Mebromi BIOS rootkit affecting Award BIOS (aka -BMW- virus).pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading22.pdf", "2011-09-21 - Sept 21 Greedy Shylock - financial malware.pdf", "2011-09-09 - Stuxnet Malware Analysis Paper.pdf", "2011-09-27 - Debugging Injected Code with IDA Pro.pdf", "2011-10-07 - Rustock samples and analysis links. Rustock.C, E, I, J and other variants.pdf", "2011-10-14 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-10-06 - ZeuS-in-the-Mobile \u2013 Facts and Theories.pdf", "2011-10-08 - Possible Governmental Backdoor Found (-Case R2D2-).pdf", "2011-10-17 - W32-Yunsip!tr.pws.pdf", "2011-10-06 - Sep 28 CVE-2010-3333 Manuscript with Taidoor (Trojan.Matryoshka by CyberESI).pdf", "2011-10-13 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-10-31 - The Significance of the -Nitro- Attacks.pdf", "2011-10-26 - Tsunami Backdoor Can Be Used for Denial of Service Attacks.pdf", "2011-12-20 - Analyzing CVE-2011-4369 \u2013 Part One.pdf", "2011-12-08 - The Sykipot Attacks.pdf", "2011-12-11 - Intro. To Reversing - W32Pinkslipbot.pdf", "Duqu Trojan Questions and Answers.pdf", "Palebot trojan.pdf", "HTran.pdf", "Ghost RAT- Many faces.pdf", "Operation Shady Rat.pdf", "Alleged APT Intrusion Set 1.php Group.pdf", "Stuxnet , Duqu - The Evolution of Drivers.pdf", "The RSA Hack.pdf", "The Nitro Attacks - Stealing secrets from the Chemical Industry.pdf", "Global_Energy_Cyberattacks_-_Night_Dragon_.pdf", "The LURID Downloader.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1031, "domain": 435, "CVE": 13, "FileHash-MD5": 155, "FileHash-SHA1": 8, "FileHash-SHA256": 234, "IPv4": 88, "email": 9, "hostname": 1031 }, "indicator_count": 3004, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69375583aeea809ad44d73cf", "name": "Investigating Indonesias Gambling Ecosystem: Indicators of National-Level Cyber Operations", "description": "Research has uncovered a substantial state-sponsored cybercrime operation in Indonesia that has been active for over 14 years, significantly revolving around illegal gambling activities. This infrastructure, attributed to a sophisticated Advanced Persistent Threat (APT), operates with remarkable resources typical of state-level actors and consists of over 328,000 domains, including 90,125 hacked domains and 236,433 purchased domains. The campaign employs extensive domain hijacking techniques, primarily targeting organizations and government entities across multiple sectors. Indicators of its operations include the use of TLS-terminating reverse proxies to conceal command and control (C2) traffic and facilitate cookie theft on compromised sites.", "modified": "2025-12-08T22:54:05.801000", "created": "2025-12-08T22:47:31.272000", "tags": [ "indonesia", "wordpress", "ip address", "android", "fqdns", "slack", "facebook", "scribd", "exploit", "envato" ], "references": [ "https://www.malanta.ai/blog-posts/investigating-indonesias-gambling-ecosystem-indicators-of-national-level-cyber-operations" ], "public": 1, "adversary": "", "targeted_countries": [ "Indonesia", "United States of America", "Ecuador" ], "malware_families": [ { "id": "Envato", "display_name": "Envato", "target": null } ], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1505.003", "name": "Web Shell", "display_name": "T1505.003 - Web Shell" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" } ], "industries": [ "Manufacturing", "Transport", "Healthcare", "Government", "Education" ], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 466892, "hostname": 5011, "FileHash-MD5": 344, "FileHash-SHA1": 342, "FileHash-SHA256": 15639 }, "indicator_count": 488228, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.malanta.ai/blog-posts/investigating-indonesias-gambling-ecosystem-indicators-of-national-level-cyber-operations", "2011-05-19 - Win32-Expiro.pdf", "2011-07-14 - Cycbot- Ready to Ride.pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading22.pdf", "2011-09-27 - Debugging Injected Code with IDA Pro.pdf", "Duqu Trojan Questions and Answers.pdf", "2011-06-29 - Inside a Back Door Attack.pdf", "2011-04-30 - BKA-Trojaner (Ransomware).pdf", "2011-03-02 - TDL4 and Glupteba- Piggyback PiggyBugs.pdf", "Stuxnet , Duqu - The Evolution of Drivers.pdf", "2011-04-26 - SpyEye Targets Opera, Google Chrome Users.pdf", "2011-09-21 - Sept 21 Greedy Shylock - financial malware.pdf", "2011-10-17 - W32-Yunsip!tr.pws.pdf", "2011-12-20 - Analyzing CVE-2011-4369 \u2013 Part One.pdf", "Global_Energy_Cyberattacks_-_Night_Dragon_.pdf", "2011-04-19 - TDSS part 1- The x64 Dollar Question.pdf", "The Nitro Attacks - Stealing secrets from the Chemical Industry.pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading.pdf", "2011-07-06 - Cybercriminals switch from MBR to NTFS.pdf", "2011-09-09 - Stuxnet Malware Analysis Paper.pdf", "2011-07-28 - Trojan Tricks Victims Into Transferring Funds.pdf", "2011-10-14 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-03-11 - Trojan.Koredos Comes with an Unwelcomed Surprise.pdf", "2011-09-02 - ZeuS Gets Another Update.pdf", "2011-10-13 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-10-26 - Tsunami Backdoor Can Be Used for Denial of Service Attacks.pdf", "The LURID Downloader.pdf", "2011-03-28 - Microsoft Hunting Rustock Controllers.pdf", "2011-04-28 - Un observateur d\u2019\u00e9v\u00e9nements aveugle\u2026.pdf", "2011-01-30 - GpCode Ransomware 2010 Simple Analysis.pdf", "2011-12-11 - Intro. To Reversing - W32Pinkslipbot.pdf", "2011-09-14 - Malware burrows deep into computer BIOS to escape AV.pdf", "2011-10-06 - Sep 28 CVE-2010-3333 Manuscript with Taidoor (Trojan.Matryoshka by CyberESI).pdf", "2011-08-04 - Analysis of ngrBot.pdf", "2011-12-08 - The Sykipot Attacks.pdf", "2011-07-26 - SpyEye Trojan defeating online banking defenses.pdf", "2011-08-24 - Ice IX, the first crimeware based on the leaked ZeuS sources.pdf", "2011-04-16 - Troj-Sasfis-O.pdf", "2011-09-14 - Ice IX- not cool at all.pdf", "2011-10-31 - The Significance of the -Nitro- Attacks.pdf", "Palebot trojan.pdf", "2011-09-13 - Mebromi- the first BIOS rootkit in the wild.pdf", "2011-06-22 - Criminals gain control over Mac with BackDoor.Olyx.pdf", "2011-01-20 - Beschreibung des Virus Backdoor.Win32. Buterat.afj.pdf", "2011-10-07 - Rustock samples and analysis links. Rustock.C, E, I, J and other variants.pdf", "Ghost RAT- Many faces.pdf", "2011-03-08 - Worm-Win32-Yimfoca.A.pdf", "2011-07-08 - Trojan.Mayachok.2- ?????? ??????? ?????????? VBR-???????.pdf", "2011-10-08 - Possible Governmental Backdoor Found (-Case R2D2-).pdf", "2011-08-27 - Morto.A.pdf", "2011-08-03 - HTran and the Advanced Persistent Threat.pdf", "Operation Shady Rat.pdf", "2011-10-06 - ZeuS-in-the-Mobile \u2013 Facts and Theories.pdf", "The RSA Hack.pdf", "Alleged APT Intrusion Set 1.php Group.pdf", "HTran.pdf", "2011-09-09 - BIOS Threat is Showing up Again!.pdf", "2011-09-19 - Mebromi BIOS rootkit affecting Award BIOS (aka -BMW- virus).pdf", "2011-01-09 - Jan 6 CVE-2010-3333 DOC with info theft trojan from the American Chamber of Commerce.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Envato" ], "industries": [ "Healthcare", "Transport", "Manufacturing", "Education", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69f47e886aac3dce3a958d27", "name": "2011: Malware Analysis Report", "description": "", "modified": "2026-05-01T10:20:56.666000", "created": "2026-05-01T10:20:56.666000", "tags": [], "references": [ "2011-03-11 - Trojan.Koredos Comes with an Unwelcomed Surprise.pdf", "2011-01-20 - Beschreibung des Virus Backdoor.Win32. Buterat.afj.pdf", "2011-03-08 - Worm-Win32-Yimfoca.A.pdf", "2011-03-02 - TDL4 and Glupteba- Piggyback PiggyBugs.pdf", "2011-04-26 - SpyEye Targets Opera, Google Chrome Users.pdf", "2011-03-28 - Microsoft Hunting Rustock Controllers.pdf", "2011-01-09 - Jan 6 CVE-2010-3333 DOC with info theft trojan from the American Chamber of Commerce.pdf", "2011-04-19 - TDSS part 1- The x64 Dollar Question.pdf", "2011-04-16 - Troj-Sasfis-O.pdf", "2011-05-19 - Win32-Expiro.pdf", "2011-06-22 - Criminals gain control over Mac with BackDoor.Olyx.pdf", "2011-04-30 - BKA-Trojaner (Ransomware).pdf", "2011-06-29 - Inside a Back Door Attack.pdf", "2011-07-26 - SpyEye Trojan defeating online banking defenses.pdf", "2011-04-28 - Un observateur d\u2019\u00e9v\u00e9nements aveugle\u2026.pdf", "2011-07-08 - Trojan.Mayachok.2- ?????? ??????? ?????????? VBR-???????.pdf", "2011-07-14 - Cycbot- Ready to Ride.pdf", "2011-07-06 - Cybercriminals switch from MBR to NTFS.pdf", "2011-07-28 - Trojan Tricks Victims Into Transferring Funds.pdf", "2011-08-27 - Morto.A.pdf", "2011-01-30 - GpCode Ransomware 2010 Simple Analysis.pdf", "2011-08-03 - HTran and the Advanced Persistent Threat.pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading.pdf", "2011-09-09 - BIOS Threat is Showing up Again!.pdf", "2011-09-02 - ZeuS Gets Another Update.pdf", "2011-08-24 - Ice IX, the first crimeware based on the leaked ZeuS sources.pdf", "2011-09-13 - Mebromi- the first BIOS rootkit in the wild.pdf", "2011-08-04 - Analysis of ngrBot.pdf", "2011-09-14 - Ice IX- not cool at all.pdf", "2011-09-14 - Malware burrows deep into computer BIOS to escape AV.pdf", "2011-09-19 - Mebromi BIOS rootkit affecting Award BIOS (aka -BMW- virus).pdf", "2011-08-28 - Windows Remote Desktop Worm -Morto- Spreading22.pdf", "2011-09-21 - Sept 21 Greedy Shylock - financial malware.pdf", "2011-09-09 - Stuxnet Malware Analysis Paper.pdf", "2011-09-27 - Debugging Injected Code with IDA Pro.pdf", "2011-10-07 - Rustock samples and analysis links. Rustock.C, E, I, J and other variants.pdf", "2011-10-14 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-10-06 - ZeuS-in-the-Mobile \u2013 Facts and Theories.pdf", "2011-10-08 - Possible Governmental Backdoor Found (-Case R2D2-).pdf", "2011-10-17 - W32-Yunsip!tr.pws.pdf", "2011-10-06 - Sep 28 CVE-2010-3333 Manuscript with Taidoor (Trojan.Matryoshka by CyberESI).pdf", "2011-10-13 - A Detailed Analysis of an Advanced Persistent Threat Malware.pdf", "2011-10-31 - The Significance of the -Nitro- Attacks.pdf", "2011-10-26 - Tsunami Backdoor Can Be Used for Denial of Service Attacks.pdf", "2011-12-20 - Analyzing CVE-2011-4369 \u2013 Part One.pdf", "2011-12-08 - The Sykipot Attacks.pdf", "2011-12-11 - Intro. To Reversing - W32Pinkslipbot.pdf", "Duqu Trojan Questions and Answers.pdf", "Palebot trojan.pdf", "HTran.pdf", "Ghost RAT- Many faces.pdf", "Operation Shady Rat.pdf", "Alleged APT Intrusion Set 1.php Group.pdf", "Stuxnet , Duqu - The Evolution of Drivers.pdf", "The RSA Hack.pdf", "The Nitro Attacks - Stealing secrets from the Chemical Industry.pdf", "Global_Energy_Cyberattacks_-_Night_Dragon_.pdf", "The LURID Downloader.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1031, "domain": 435, "CVE": 13, "FileHash-MD5": 155, "FileHash-SHA1": 8, "FileHash-SHA256": 234, "IPv4": 88, "email": 9, "hostname": 1031 }, "indicator_count": 3004, "is_author": false, "is_subscribing": null, "subscriber_count": 12, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69375583aeea809ad44d73cf", "name": "Investigating Indonesias Gambling Ecosystem: Indicators of National-Level Cyber Operations", "description": "Research has uncovered a substantial state-sponsored cybercrime operation in Indonesia that has been active for over 14 years, significantly revolving around illegal gambling activities. This infrastructure, attributed to a sophisticated Advanced Persistent Threat (APT), operates with remarkable resources typical of state-level actors and consists of over 328,000 domains, including 90,125 hacked domains and 236,433 purchased domains. The campaign employs extensive domain hijacking techniques, primarily targeting organizations and government entities across multiple sectors. Indicators of its operations include the use of TLS-terminating reverse proxies to conceal command and control (C2) traffic and facilitate cookie theft on compromised sites.", "modified": "2025-12-08T22:54:05.801000", "created": "2025-12-08T22:47:31.272000", "tags": [ "indonesia", "wordpress", "ip address", "android", "fqdns", "slack", "facebook", "scribd", "exploit", "envato" ], "references": [ "https://www.malanta.ai/blog-posts/investigating-indonesias-gambling-ecosystem-indicators-of-national-level-cyber-operations" ], "public": 1, "adversary": "", "targeted_countries": [ "Indonesia", "United States of America", "Ecuador" ], "malware_families": [ { "id": "Envato", "display_name": "Envato", "target": null } ], "attack_ids": [ { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1584", "name": "Compromise Infrastructure", "display_name": "T1584 - Compromise Infrastructure" }, { "id": "T1608", "name": "Stage Capabilities", "display_name": "T1608 - Stage Capabilities" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1505.003", "name": "Web Shell", "display_name": "T1505.003 - Web Shell" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" } ], "industries": [ "Manufacturing", "Transport", "Healthcare", "Government", "Education" ], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 466892, "hostname": 5011, "FileHash-MD5": 344, "FileHash-SHA1": 342, "FileHash-SHA256": 15639 }, "indicator_count": 488228, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "173 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "incodesolutions.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "incodesolutions.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780214272.4860878 }