{ "type": "Domain", "indicator": "marvelvod.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/marvelvod.com", "alexa": "http://www.alexa.com/siteinfo/marvelvod.com", "indicator": "marvelvod.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4009935320, "indicator": "marvelvod.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "5cda259f82165754a51c3177", "name": "Amadey - Malware Domain Feed V2", "description": "Command and Control domains for malware known as Amadey. These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains.", "modified": "2026-05-28T17:04:07.004000", "created": "2019-05-14T02:19:11.089000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "hostname": 8 }, "indicator_count": 97, "is_author": false, "is_subscribing": null, "subscriber_count": 1095, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692bb2fa01e72150943be3ee", "name": "gfdsagwef", "description": "", "modified": "2026-02-20T13:55:08.706000", "created": "2025-11-30T02:59:06.644000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 29, "URL": 352, "FileHash-MD5": 48, "FileHash-SHA1": 47, "FileHash-SHA256": 135, "hostname": 9 }, "indicator_count": 620, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "101 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691b8869e00b107fa20d9482", "name": "ThreatFix", "description": "ThreatFix is an effort to publish various details about ransomware variants and ransomware threat actors. ThreatFix advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.", "modified": "2026-01-23T11:01:07.175000", "created": "2025-11-17T20:41:11.797000", "tags": [ "", "ransomware", "malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "zlepos384", "id": "103244", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 8010, "FileHash-SHA1": 7922, "FileHash-SHA256": 8893, "URL": 57004, "domain": 36018, "hostname": 96473 }, "indicator_count": 214320, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691a02d238fcc3cdca917f79", "name": "Top 10 Malware Q3 2025", "description": "In the third quarter of 2025, the frequency of malware notifications rose by 38%, indicating an escalating cyber threat landscape. Notably, SocGholish remained the most prevalent malware, accounting for 26% of detections. It functions as a downloader, primarily written in JavaScript, and is disseminated through malicious websites that impersonate legitimate browser updates. Infections from SocGholish can result in further exploitation, including the deployment of remote access tools (RATs) like NetSupport and AsyncRAT. The Multi-State Information Sharing and Analysis Center (MS-ISAC) identifies three primary initial infection vectors for the top malware: Dropped, Malspam, and Malvertisement, with some malware exhibiting multiple infection methods depending on their context.", "modified": "2025-11-16T16:58:58.497000", "created": "2025-11-16T16:58:58.497000", "tags": [ "lumma stealer", "sha256 hashes", "malware", "jinupd", "coinminer", "agent tesla", "cis cti", "msisac", "javascript", "netsupport", "gh0st", "telegrab", "venomrat", "asyncrat", "malspam", "nanocore", "cobalt strike", "telegram", "service", "jackpos", "leverage", "local", "zphp", "socgholish", "lumma" ], "references": [ "https://www.cisecurity.org/insights/blog/top-10-malware-q3-2025" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Jinupd", "display_name": "Jinupd", "target": null }, { "id": "Malspam", "display_name": "Malspam", "target": null }, { "id": "VenomRat", "display_name": "VenomRat", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "ZPHP", "display_name": "ZPHP", "target": null }, { "id": "SocGholish", "display_name": "SocGholish", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 33, "FileHash-SHA256": 49, "domain": 17, "hostname": 12 }, "indicator_count": 144, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.cisecurity.org/insights/blog/top-10-malware-q3-2025" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "", "Zphp", "Cobalt strike", "Jinupd", "Malspam", "Socgholish", "Venomrat", "Lumma" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "5cda259f82165754a51c3177", "name": "Amadey - Malware Domain Feed V2", "description": "Command and Control domains for malware known as Amadey. These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains.", "modified": "2026-05-28T17:04:07.004000", "created": "2019-05-14T02:19:11.089000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "hostname": 8 }, "indicator_count": 97, "is_author": false, "is_subscribing": null, "subscriber_count": 1095, "modified_text": "4 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692bb2fa01e72150943be3ee", "name": "gfdsagwef", "description": "", "modified": "2026-02-20T13:55:08.706000", "created": "2025-11-30T02:59:06.644000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 29, "URL": 352, "FileHash-MD5": 48, "FileHash-SHA1": 47, "FileHash-SHA256": 135, "hostname": 9 }, "indicator_count": 620, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "101 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691b8869e00b107fa20d9482", "name": "ThreatFix", "description": "ThreatFix is an effort to publish various details about ransomware variants and ransomware threat actors. ThreatFix advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.", "modified": "2026-01-23T11:01:07.175000", "created": "2025-11-17T20:41:11.797000", "tags": [ "", "ransomware", "malware" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "", "display_name": "", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "zlepos384", "id": "103244", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 8010, "FileHash-SHA1": 7922, "FileHash-SHA256": 8893, "URL": 57004, "domain": 36018, "hostname": 96473 }, "indicator_count": 214320, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "129 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691a02d238fcc3cdca917f79", "name": "Top 10 Malware Q3 2025", "description": "In the third quarter of 2025, the frequency of malware notifications rose by 38%, indicating an escalating cyber threat landscape. Notably, SocGholish remained the most prevalent malware, accounting for 26% of detections. It functions as a downloader, primarily written in JavaScript, and is disseminated through malicious websites that impersonate legitimate browser updates. Infections from SocGholish can result in further exploitation, including the deployment of remote access tools (RATs) like NetSupport and AsyncRAT. The Multi-State Information Sharing and Analysis Center (MS-ISAC) identifies three primary initial infection vectors for the top malware: Dropped, Malspam, and Malvertisement, with some malware exhibiting multiple infection methods depending on their context.", "modified": "2025-11-16T16:58:58.497000", "created": "2025-11-16T16:58:58.497000", "tags": [ "lumma stealer", "sha256 hashes", "malware", "jinupd", "coinminer", "agent tesla", "cis cti", "msisac", "javascript", "netsupport", "gh0st", "telegrab", "venomrat", "asyncrat", "malspam", "nanocore", "cobalt strike", "telegram", "service", "jackpos", "leverage", "local", "zphp", "socgholish", "lumma" ], "references": [ "https://www.cisecurity.org/insights/blog/top-10-malware-q3-2025" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Jinupd", "display_name": "Jinupd", "target": null }, { "id": "Malspam", "display_name": "Malspam", "target": null }, { "id": "VenomRat", "display_name": "VenomRat", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "ZPHP", "display_name": "ZPHP", "target": null }, { "id": "SocGholish", "display_name": "SocGholish", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056.001", "name": "Keylogging", "display_name": "T1056.001 - Keylogging" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.007", "name": "JavaScript", "display_name": "T1059.007 - JavaScript" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 33, "FileHash-SHA256": 49, "domain": 17, "hostname": 12 }, "indicator_count": 144, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "197 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "marvelvod.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "marvelvod.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780363796.8604603 }