{ "type": "Domain", "indicator": "mmunity.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/mmunity.com", "alexa": "http://www.alexa.com/siteinfo/mmunity.com", "indicator": "mmunity.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4078251900, "indicator": "mmunity.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6855ae943f355ff6dde0d14a", "name": "Steam Phishing: Popular as Ever", "description": "A recent phishing campaign targeting Steam users has been identified, involving deceptive messages sent through the platform's Friends list. The attackers use fraudulent URLs that closely mimic Steam's official domain, directing users to a fake 'Summer Gift Marathon' page. Upon logging in, users' credentials are stolen, potentially leading to further phishing attacks and theft of inventory items. The blog post lists numerous similar phishing domains and provides tips for users to stay safe, including only logging in through the legitimate Steam website, being cautious of unexpected messages with links, and using tools like URLscan.io and VirusTotal to check suspicious websites.", "modified": "2025-06-20T19:10:40.788000", "created": "2025-06-20T18:55:16.573000", "tags": [ "social engineering", "gaming", "steam", "phishing", "credential theft", "cybersecurity", "fraud" ], "references": [ "https://bartblaze.blogspot.com/2025/06/steam-phishing-popular-as-ever.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1528", "name": "Steal Application Access Token", "display_name": "T1528 - Steal Application Access Token" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 46, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 31 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 387080, "modified_text": "347 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://bartblaze.blogspot.com/2025/06/steam-phishing-popular-as-ever.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6855ae943f355ff6dde0d14a", "name": "Steam Phishing: Popular as Ever", "description": "A recent phishing campaign targeting Steam users has been identified, involving deceptive messages sent through the platform's Friends list. The attackers use fraudulent URLs that closely mimic Steam's official domain, directing users to a fake 'Summer Gift Marathon' page. Upon logging in, users' credentials are stolen, potentially leading to further phishing attacks and theft of inventory items. The blog post lists numerous similar phishing domains and provides tips for users to stay safe, including only logging in through the legitimate Steam website, being cautious of unexpected messages with links, and using tools like URLscan.io and VirusTotal to check suspicious websites.", "modified": "2025-06-20T19:10:40.788000", "created": "2025-06-20T18:55:16.573000", "tags": [ "social engineering", "gaming", "steam", "phishing", "credential theft", "cybersecurity", "fraud" ], "references": [ "https://bartblaze.blogspot.com/2025/06/steam-phishing-popular-as-ever.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1528", "name": "Steal Application Access Token", "display_name": "T1528 - Steal Application Access Token" }, { "id": "T1534", "name": "Internal Spearphishing", "display_name": "T1534 - Internal Spearphishing" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 46, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 31 }, "indicator_count": 31, "is_author": false, "is_subscribing": null, "subscriber_count": 387080, "modified_text": "347 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "mmunity.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "mmunity.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780487124.3383427 }