{ "type": "Domain", "indicator": "algfbg.live", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/algfbg.live", "alexa": "http://www.alexa.com/siteinfo/algfbg.live", "indicator": "algfbg.live", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4072539754, "indicator": "algfbg.live", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "68548f8da071ef219ccb11ae", "name": "Part 2: Tracking LummaC2 Infrastructure", "description": "An investigation into domains associated with the LummaC2 infostealing-malware campaign revealed a broader network of nearly 500 domains with highly malicious risk scores. These domains share similar registration patterns, including the use of Eastern European names and the inbox[.]eu email domain. The domains predominantly advertise technical education courses, but are likely lures for malware delivery. Four domains were identified as LummaC2 login panels. The campaign's infrastructure uses specific TLDs, naming conventions, and a Hong Kong address linked to OFAC-sanctioned entities. Security teams are advised to monitor for similar domain patterns, scrutinize suspicious training sites, and educate users about the risks.", "modified": "2025-07-09T07:57:58.222000", "created": "2025-06-19T22:30:37.574000", "tags": [ "acreed", "lummac2", "domain infrastructure", "technical education lure", "eastern european names", "infostealer", "malicious domains" ], "references": [ "https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure" ], "public": 1, "adversary": "LummaC2", "targeted_countries": [], "malware_families": [ { "id": "LummaC2", "display_name": "LummaC2", "target": null }, { "id": "Acreed", "display_name": "Acreed", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 844, "domain": 500 }, "indicator_count": 1344, "is_author": false, "is_subscribing": null, "subscriber_count": 387007, "modified_text": "328 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683e679e792536dce5d41180", "name": "Amadey", "description": "", "modified": "2026-01-28T23:04:30.172000", "created": "2025-06-03T03:10:22.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 289, "FileHash-MD5": 74, "FileHash-SHA1": 73, "FileHash-SHA256": 269, "hostname": 6 }, "indicator_count": 776, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6840e875d8d4878459b15340", "name": "Amadey", "description": "", "modified": "2025-08-09T04:04:53.466000", "created": "2025-06-05T00:44:37.515000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 103, "hostname": 29, "FileHash-MD5": 85, "FileHash-SHA1": 85, "FileHash-SHA256": 168, "domain": 135 }, "indicator_count": 605, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "298 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68590661bd2b8f9e79b8c092", "name": "IOC - Part 2: Tracking LummaC2 Infrastructure", "description": "", "modified": "2025-07-19T22:00:26.208000", "created": "2025-06-23T07:46:41.274000", "tags": [ "acreed", "lummac2", "domain infrastructure", "technical education lure", "eastern european names", "infostealer", "malicious domains" ], "references": [ "https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure" ], "public": 1, "adversary": "LummaC2", "targeted_countries": [], "malware_families": [ { "id": "LummaC2", "display_name": "LummaC2", "target": null }, { "id": "Acreed", "display_name": "Acreed", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [], "TLP": "white", "cloned_from": "68548f8da071ef219ccb11ae", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 844, "domain": 505, "hostname": 26 }, "indicator_count": 1375, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683f895de7b306620f5cf6f0", "name": "Twitter Feed - skocherhan - 03-06-2025", "description": "", "modified": "2025-07-03T23:02:45.532000", "created": "2025-06-03T23:46:34.941000", "tags": [ "LummaStealer", "Lumma", "APT", "AsyncRAT", "phishing" ], "references": [ "https://x.com/skocherhan/status/1929721088763675083", "https://x.com/skocherhan/status/1929730673679663576", "https://x.com/skocherhan/status/1929734441477329239", "https://x.com/skocherhan/status/1929739565352300796", "https://x.com/skocherhan/status/1929757757478986208", "https://x.com/skocherhan/status/1929773114986025282", "https://x.com/skocherhan/status/1929782715642966338", "https://x.com/skocherhan/status/1929789519341002786", "https://x.com/skocherhan/status/1929791786005762391", "https://x.com/skocherhan/status/1929802390019928319", "https://x.com/skocherhan/status/1929807079608365116", "https://x.com/skocherhan/status/1929820053500727642", "https://x.com/skocherhan/status/1929872587997221242", "https://x.com/skocherhan/status/1929910273906708982", "https://x.com/skocherhan/status/1929920264898273432", "https://x.com/skocherhan/status/1930017651000066478", "https://x.com/skocherhan/status/1930023527337312599", "https://x.com/skocherhan/status/1930024711695614305" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 79, "FileHash-MD5": 13, "domain": 42, "hostname": 30, "FileHash-SHA256": 1 }, "indicator_count": 165, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "334 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685bf62cc1ff7548c7c333ac", "name": "Part 2: Tracking LummaC2 Infrastructure as Technical Training Courses", "description": "LummaC2 domains \nhttps://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure/\nhttps://github.com/DomainTools/SecuritySnacks/blob/main/2025/LummaC2-Domains-Continued.csv", "modified": "2025-06-25T13:14:20.915000", "created": "2025-06-25T13:14:20.915000", "tags": [ "Lumma Stealer" ], "references": [ "LummaC2-Domains1.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 499 }, "indicator_count": 499, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "342 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://x.com/skocherhan/status/1929910273906708982", "https://x.com/skocherhan/status/1930023527337312599", "https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure", "https://x.com/skocherhan/status/1929789519341002786", "https://x.com/skocherhan/status/1929807079608365116", "https://x.com/skocherhan/status/1929802390019928319", "https://x.com/skocherhan/status/1929791786005762391", "https://x.com/skocherhan/status/1930017651000066478", "https://x.com/skocherhan/status/1929773114986025282", "https://x.com/skocherhan/status/1929782715642966338", "https://x.com/skocherhan/status/1929739565352300796", "https://x.com/skocherhan/status/1929920264898273432", "LummaC2-Domains1.csv", "https://x.com/skocherhan/status/1929820053500727642", "https://x.com/skocherhan/status/1929730673679663576", "https://x.com/skocherhan/status/1929757757478986208", "https://x.com/skocherhan/status/1929721088763675083", "https://x.com/skocherhan/status/1929734441477329239", "https://x.com/skocherhan/status/1929872587997221242", "https://x.com/skocherhan/status/1930024711695614305" ], "related": { "alienvault": { "adversary": [ "LummaC2" ], "malware_families": [ "Acreed", "Lummac2" ], "industries": [] }, "other": { "adversary": [ "LummaC2" ], "malware_families": [ "Acreed", "Lumma", "Lummac2" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "68548f8da071ef219ccb11ae", "name": "Part 2: Tracking LummaC2 Infrastructure", "description": "An investigation into domains associated with the LummaC2 infostealing-malware campaign revealed a broader network of nearly 500 domains with highly malicious risk scores. These domains share similar registration patterns, including the use of Eastern European names and the inbox[.]eu email domain. The domains predominantly advertise technical education courses, but are likely lures for malware delivery. Four domains were identified as LummaC2 login panels. The campaign's infrastructure uses specific TLDs, naming conventions, and a Hong Kong address linked to OFAC-sanctioned entities. Security teams are advised to monitor for similar domain patterns, scrutinize suspicious training sites, and educate users about the risks.", "modified": "2025-07-09T07:57:58.222000", "created": "2025-06-19T22:30:37.574000", "tags": [ "acreed", "lummac2", "domain infrastructure", "technical education lure", "eastern european names", "infostealer", "malicious domains" ], "references": [ "https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure" ], "public": 1, "adversary": "LummaC2", "targeted_countries": [], "malware_families": [ { "id": "LummaC2", "display_name": "LummaC2", "target": null }, { "id": "Acreed", "display_name": "Acreed", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 60, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 844, "domain": 500 }, "indicator_count": 1344, "is_author": false, "is_subscribing": null, "subscriber_count": 387007, "modified_text": "328 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683e679e792536dce5d41180", "name": "Amadey", "description": "", "modified": "2026-01-28T23:04:30.172000", "created": "2025-06-03T03:10:22.479000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "URL": 289, "FileHash-MD5": 74, "FileHash-SHA1": 73, "FileHash-SHA256": 269, "hostname": 6 }, "indicator_count": 776, "is_author": false, "is_subscribing": null, "subscriber_count": 185, "modified_text": "125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6840e875d8d4878459b15340", "name": "Amadey", "description": "", "modified": "2025-08-09T04:04:53.466000", "created": "2025-06-05T00:44:37.515000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 103, "hostname": 29, "FileHash-MD5": 85, "FileHash-SHA1": 85, "FileHash-SHA256": 168, "domain": 135 }, "indicator_count": 605, "is_author": false, "is_subscribing": null, "subscriber_count": 184, "modified_text": "298 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68590661bd2b8f9e79b8c092", "name": "IOC - Part 2: Tracking LummaC2 Infrastructure", "description": "", "modified": "2025-07-19T22:00:26.208000", "created": "2025-06-23T07:46:41.274000", "tags": [ "acreed", "lummac2", "domain infrastructure", "technical education lure", "eastern european names", "infostealer", "malicious domains" ], "references": [ "https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure" ], "public": 1, "adversary": "LummaC2", "targeted_countries": [], "malware_families": [ { "id": "LummaC2", "display_name": "LummaC2", "target": null }, { "id": "Acreed", "display_name": "Acreed", "target": null } ], "attack_ids": [ { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1589.002", "name": "Email Addresses", "display_name": "T1589.002 - Email Addresses" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" }, { "id": "T1592.002", "name": "Software", "display_name": "T1592.002 - Software" }, { "id": "T1585", "name": "Establish Accounts", "display_name": "T1585 - Establish Accounts" }, { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" } ], "industries": [], "TLP": "white", "cloned_from": "68548f8da071ef219ccb11ae", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 844, "domain": 505, "hostname": 26 }, "indicator_count": 1375, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "318 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "683f895de7b306620f5cf6f0", "name": "Twitter Feed - skocherhan - 03-06-2025", "description": "", "modified": "2025-07-03T23:02:45.532000", "created": "2025-06-03T23:46:34.941000", "tags": [ "LummaStealer", "Lumma", "APT", "AsyncRAT", "phishing" ], "references": [ "https://x.com/skocherhan/status/1929721088763675083", "https://x.com/skocherhan/status/1929730673679663576", "https://x.com/skocherhan/status/1929734441477329239", "https://x.com/skocherhan/status/1929739565352300796", "https://x.com/skocherhan/status/1929757757478986208", "https://x.com/skocherhan/status/1929773114986025282", "https://x.com/skocherhan/status/1929782715642966338", "https://x.com/skocherhan/status/1929789519341002786", "https://x.com/skocherhan/status/1929791786005762391", "https://x.com/skocherhan/status/1929802390019928319", "https://x.com/skocherhan/status/1929807079608365116", "https://x.com/skocherhan/status/1929820053500727642", "https://x.com/skocherhan/status/1929872587997221242", "https://x.com/skocherhan/status/1929910273906708982", "https://x.com/skocherhan/status/1929920264898273432", "https://x.com/skocherhan/status/1930017651000066478", "https://x.com/skocherhan/status/1930023527337312599", "https://x.com/skocherhan/status/1930024711695614305" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 79, "FileHash-MD5": 13, "domain": 42, "hostname": 30, "FileHash-SHA256": 1 }, "indicator_count": 165, "is_author": false, "is_subscribing": null, "subscriber_count": 1624, "modified_text": "334 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685bf62cc1ff7548c7c333ac", "name": "Part 2: Tracking LummaC2 Infrastructure as Technical Training Courses", "description": "LummaC2 domains \nhttps://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure/\nhttps://github.com/DomainTools/SecuritySnacks/blob/main/2025/LummaC2-Domains-Continued.csv", "modified": "2025-06-25T13:14:20.915000", "created": "2025-06-25T13:14:20.915000", "tags": [ "Lumma Stealer" ], "references": [ "LummaC2-Domains1.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Techronik", "id": "114546", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 499 }, "indicator_count": 499, "is_author": false, "is_subscribing": null, "subscriber_count": 82, "modified_text": "342 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "algfbg.live", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "algfbg.live", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780462148.2128198 }