{ "type": "Domain", "indicator": "blessdeckite.fun", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/blessdeckite.fun", "alexa": "http://www.alexa.com/siteinfo/blessdeckite.fun", "indicator": "blessdeckite.fun", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3763607365, "indicator": "blessdeckite.fun", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "650872ca8537ef361b8b1e3f", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-04-17T02:51:24.154000", "created": "2023-09-18T15:54:50.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 184, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 649, "hostname": 3 }, "indicator_count": 652, "is_author": false, "is_subscribing": null, "subscriber_count": 1112, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f7ff2fd0f04df7d66cbd8d", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-03-07T21:38:37.387000", "created": "2023-09-06T04:25:19.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 316, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 566, "hostname": 4 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 595, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67617edafa11fa408b73322c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 17-12-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2025-01-16T13:03:38.406000", "created": "2024-12-17T13:38:34.760000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.virustotal.com/graph/embed/gec57b97e0f194fd38738be6392abba6f180fe9d93be24891af76fb2c7bec3638?theme=dark", "https://www.virustotal.com/gui/collection/bf70caf191025dfa3e68e8bc63882880ae2ca60f72ece512aaee246b487c5ad6" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 27, "URL": 301, "domain": 665, "hostname": 8 }, "indicator_count": 1052, "is_author": false, "is_subscribing": null, "subscriber_count": 267, "modified_text": "458 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674c9f48cd2a512e28ef6523", "name": "ACTIVIDAD MALICIOSA | Relacionada con LummaStealer 01-12-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-12-31T17:05:00.863000", "created": "2024-12-01T17:39:20.573000", "tags": [ "http", "access", "discovery", "uexfvbqog9i67m", "mmirygls1g", "vt51x7b9cwn7e4x", "v2fnqdfylkobc", "tcticas", "ta0001 initial", "t1003 data" ], "references": [ "https://www.virustotal.com/graph/embed/g31920c46027f42a085f0a4040c4609fcccba0ba580b3451893964f393d84ac65?theme=dark", "https://www.virustotal.com/gui/collection/9419ada66b99877877ab2cbbe22a5e2de65cd18153db39736cb4fe1d06cc1129", "https://darfe.es/ciberwiki/index.php?title=Lumma" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1161, "FileHash-SHA1": 1159, "FileHash-SHA256": 1167, "URL": 255, "domain": 665, "hostname": 8 }, "indicator_count": 4415, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65a34fadf3f24ebc31fa8f21", "name": "Win32.Lumma", "description": "", "modified": "2024-01-14T03:06:21.268000", "created": "2024-01-14T03:06:21.268000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "650872ca8537ef361b8b1e3f", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 31 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "826 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/9419ada66b99877877ab2cbbe22a5e2de65cd18153db39736cb4fe1d06cc1129", "https://www.virustotal.com/gui/collection/bf70caf191025dfa3e68e8bc63882880ae2ca60f72ece512aaee246b487c5ad6", "https://www.virustotal.com/graph/embed/g31920c46027f42a085f0a4040c4609fcccba0ba580b3451893964f393d84ac65?theme=dark", "https://www.virustotal.com/graph/embed/gec57b97e0f194fd38738be6392abba6f180fe9d93be24891af76fb2c7bec3638?theme=dark", "https://darfe.es/ciberwiki/index.php?title=Lumma" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Lumma stealer" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "650872ca8537ef361b8b1e3f", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-04-17T02:51:24.154000", "created": "2023-09-18T15:54:50.501000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 184, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo", "id": "78495", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 649, "hostname": 3 }, "indicator_count": 652, "is_author": false, "is_subscribing": null, "subscriber_count": 1112, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64f7ff2fd0f04df7d66cbd8d", "name": "Win32.Lumma - Malware Domain Feed V2", "description": "Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.", "modified": "2026-03-07T21:38:37.387000", "created": "2023-09-06T04:25:19.708000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 316, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "otxrobottwo_testing", "id": "83138", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 566, "hostname": 4 }, "indicator_count": 570, "is_author": false, "is_subscribing": null, "subscriber_count": 595, "modified_text": "42 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67617edafa11fa408b73322c", "name": "ACTIVIDAD MALICIOSA | Relacionada con Lumma Stealer 17-12-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2025-01-16T13:03:38.406000", "created": "2024-12-17T13:38:34.760000", "tags": [ "access", "discovery", "ta0001 initial", "t1003 data", "local system", "t1033 system", "t1057 process", "t1082 system", "t1087 account" ], "references": [ "https://darfe.es/ciberwiki/index.php?title=Lumma", "https://www.virustotal.com/graph/embed/gec57b97e0f194fd38738be6392abba6f180fe9d93be24891af76fb2c7bec3638?theme=dark", "https://www.virustotal.com/gui/collection/bf70caf191025dfa3e68e8bc63882880ae2ca60f72ece512aaee246b487c5ad6" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 25, "FileHash-SHA256": 27, "URL": 301, "domain": 665, "hostname": 8 }, "indicator_count": 1052, "is_author": false, "is_subscribing": null, "subscriber_count": 267, "modified_text": "458 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674c9f48cd2a512e28ef6523", "name": "ACTIVIDAD MALICIOSA | Relacionada con LummaStealer 01-12-2024", "description": "Lumma Stealer es un tipo de software malicioso dise\u00f1ado para robar informaci\u00f3n confidencial de los dispositivos infectados. Este malware se infiltra en los sistemas y extrae datos personales, como nombres de usuario, contrase\u00f1as, informaci\u00f3n bancaria y detalles de tarjetas de cr\u00e9dito. LummaStealer puede afectar varias cuentas, incluidas redes sociales, correos electr\u00f3nicos y monederos de criptomonedas. Los delincuentes pueden usar la informaci\u00f3n robada para chantaje, suplantaci\u00f3n de identidad, y realizar transacciones fraudulentas, lo que puede causar serios problemas de privacidad y p\u00e9rdidas econ\u00f3micas significativas para las v\u00edctimas.", "modified": "2024-12-31T17:05:00.863000", "created": "2024-12-01T17:39:20.573000", "tags": [ "http", "access", "discovery", "uexfvbqog9i67m", "mmirygls1g", "vt51x7b9cwn7e4x", "v2fnqdfylkobc", "tcticas", "ta0001 initial", "t1003 data" ], "references": [ "https://www.virustotal.com/graph/embed/g31920c46027f42a085f0a4040c4609fcccba0ba580b3451893964f393d84ac65?theme=dark", "https://www.virustotal.com/gui/collection/9419ada66b99877877ab2cbbe22a5e2de65cd18153db39736cb4fe1d06cc1129", "https://darfe.es/ciberwiki/index.php?title=Lumma" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Lumma Stealer", "display_name": "Lumma Stealer", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1087", "name": "Account Discovery", "display_name": "T1087 - Account Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1161, "FileHash-SHA1": 1159, "FileHash-SHA256": 1167, "URL": 255, "domain": 665, "hostname": 8 }, "indicator_count": 4415, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65a34fadf3f24ebc31fa8f21", "name": "Win32.Lumma", "description": "", "modified": "2024-01-14T03:06:21.268000", "created": "2024-01-14T03:06:21.268000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "650872ca8537ef361b8b1e3f", "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 31 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 218, "modified_text": "826 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "blessdeckite.fun", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "blessdeckite.fun", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776616058.404154 }