IOC Radar
DomainMediumSignal 79/100

bluesaks.fun

First Seen
Oct 22, 2023
Last Seen
Apr 7, 2026
Oct 22
First Seen
963d ago
Apr 7
Last Seen
65d ago
10
Reports
source reports
79%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

27 techniques

Feed Intelligence Summary

10 reports79% confidence
10
Source reports
79%
Confidence score
Category tags
accessactive scanaptbotnetbotnet activitybrute forcec2command & controlcommand and controlcommunication protocolcredential harvestingcredential stealingcredential stuffingdata exfiltrationdata store exposuredata theftdistributed attacksexploitation activityhttp scanneridentity & access exploitationindicatorinfostealerinfrastructure acquisitionreconnaissanceinjection activityioclocal systemlummalumma stealermalicious softwaremalwaremalware distributionnetworkoperating systemphishingphishing attackprocess injectionremote servicesresearchedsocial engineeringt1003 datat1005t1016t1021t1021.001t1033 systemt1036t1041t1055t1057 processt1059t1069.001t1071t1071.001t1078t1082 systemt1087 accountt1105t1190t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1571t1573t1587.001t1590.001ta0001 initialtcticasthreat actortor nodeweb trafficwin32 malwarewindows malware

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
10
Reports
First seenOct 22, 2023
Last seenApr 7, 2026

VirusTotal

Not checked

WHOIS

registrar
PDR Ltd. d/b/a PublicDomainRegistry.com
description
Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Admin City: Remlap Admin Country: US Admin Email: [email protected] Admin Postal Code: 35133 Admin State/Province: Alabama Creation Date: 2023-10-10T23:37:38.0Z Creation Date: 2023-10-10T23:37:38Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: BLUESAKS.FUN Domain Status: REDEMPTIONPERIOD https://icann.org/epp#redemptionPeriod Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: pendingDelete https://icann.org/epp#pendingDelete Domain Status: redemptionPeriod https://icann.org/epp#redemptionPeriod Domain Status: serverHold https://icann.org/epp#serverHold Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Name Server: DNS5.PARKPAGE.FOUNDATIONAPI.COM Name Server: DNS6.PARKPAGE.FOUNDATIONAPI.COM Registrant City: 6864b319da914847 Registrant Country: US Registrant Email: [email protected] Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: ef2c0ab88576fe54 Registrant Organization: 3432650ec337c945 Registrant Organization: 8fc09420615ed80d Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 2efc01ef7445926a Registrant Postal Code: 0ad13e8358f6f058 Registrant State/Province: 73e63d33bf59a73e Registrant Street: 59ba3c26427160bb Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2013775952 Registrar IANA ID: 303 Registrar Registration Expiration Date: 2024-10-10T23:59:59Z Registrar URL: https://publicdomainregistry.com Registrar URL: www.publicdomainregistry.com Registrar WHOIS Server: whois.PublicDomainRegistry.com Registrar WHOIS Server: whois.publicdomainregistry.com Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com Registry Admin ID: Not Available From Registry Registry Domain ID: D402492372-CNIC Registry Domain ID: Not Available From Registry Registry Expiry Date: 2024-10-10T23:59:59.0Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Remlap Tech Country: US Tech Email: [email protected] Tech Postal Code: 35133 Tech State/Province: Alabama Updated Date: 2024-11-16T00:51:15.0Z Updated Date: 2024-11-16T00:51:16Z
references
https://darfe.es/ciberwiki/index.php?title=Lumma, https://www.virustotal.com/graph/embed/gec57b97e0f194fd38738be6392abba6f180fe9d93be24891af76fb2c7bec3638?theme=dark, https://www.virustotal.com/gui/collection/bf70caf191025dfa3e68e8bc63882880ae2ca60f72ece512aaee246b487c5ad6, https://www.virustotal.com/graph/embed/g31920c46027f42a085f0a4040c4609fcccba0ba580b3451893964f393d84ac65?theme=dark, https://www.virustotal.com/gui/collection/9419ada66b99877877ab2cbbe22a5e2de65cd18153db39736cb4fe1d06cc1129
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 10 threat reports