IOC Radar
DomainMediumSignal 100/100

luma-ai.com

Location
UkraineUkraine
First Seen
Jun 26, 2025
Last Seen
Jun 5, 2026
Jun 26
First Seen
354d ago
Jun 5
Last Seen
9d ago
10
Reports
source reports
99%
Confidence
medium
14/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Feed Intelligence Summary

10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
ai themed attackattackbat fileblack hat seobrand abusebrowser fingerprintingc2c2 communicationc2 serverchatgptchatgpt exploitationcode injectioncommunity managementcontent sharingcredential accesscredential harvestingcredential stealing malwarecredential theftdata exfiltrationdata theftdigital platformseuropeexfiltrationget requestindicatorinformation stealinginfostealeriocslegion loaderlegionloaderluma ailuma ai exploitationlummalumma ailumma stealermalicious activitymalicious softwaremalwaremalware distributionmsi filenetsupport ratnetworknsis installerphishingphishing attackprocess injectionremote accessresearchedsearch engine poisoningseosocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingstealer malwaret1003t1005t1041t1049t1055t1057t1059t1059.007t1071t1071.001t1081t1083t1102t1104t1105t1113t1140t1176t1189t1190t1204t1204.001t1217t1486t1496t1539t1547t1555t1560t1565t1566t1566.001t1566.002t1566.003t1573t1574t1588t1598takeaways threatthreat actortraffic redirectionukraineuser engagementvidarvidar stealerweb exploitation

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **luma-ai.com**, originating from Ukraine, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on June

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenJun 26, 2025
Last seenJun 5, 2026

VirusTotal

14/ 91vendors flagged
15% detection rateJun 6, 2026

WHOIS

registrar
HOSTING UKRAINE LLC
domain rank
-1
raw
Admin City: Kiev Admin Country: UA Admin Email: [email protected] Admin Organization: Hosting Ukraine LLC Admin Postal Code: 04112 Creation Date: 2023-11-28T17:24:03Z DNSSEC: unsigned DNSSEC: unsignedURL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ Domain Name: LUMA-AI.COM Domain Status: ok http://www.icann.org/epp#ok Domain Status: ok https://icann.org/epp#ok Name Server: NS19.INHOSTEDNS.COM Name Server: NS29.INHOSTEDNS.NET Name Server: NS39.INHOSTEDNS.ORG Registrant City: 34c66d635a84ae13 Registrant Country: UA Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: caffdf4bc1326d1b Registrant Organization: 708b4ccfe76c2b3c Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 99778356cc3a79f5 Registrant Postal Code: f182718d3324cea8 Registrant State/Province: 3432650ec337c945 Registrant Street: a25c95c28bd73ce0 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +380.443927433 Registrar IANA ID: 2374 Registrar Registration Expiration Date: 2025-11-28T17:24:03Z Registrar URL: http://www.ukraine.com.ua Registrar URL: https://www.ukraine.com.ua Registrar WHOIS Server: whois.ukraine.com.ua Registrar: HOSTING UKRAINE LLC Registrar: Hosting Ukraine LLC Registry Admin ID: Not Available From Registry Registry Domain ID: 2833389052_DOMAIN_COM-VRSN Registry Expiry Date: 2025-11-28T17:24:03Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Kiev Tech Country: UA Tech Email: [email protected] Tech Organization: Hosting Ukraine LLC Tech Postal Code: 04112 Updated Date: 2024-11-08T08:20:05Z
references
https://www.zscaler.com/blogs/security-research/black-hat-seo-poisoning-search-engine-results-ai-distribute-malware, https://x.com/skocherhan/status/1922088229668344157, https://x.com/skocherhan/status/1922022323093143736, https://x.com/skocherhan/status/1922127244522356961, https://x.com/skocherhan/status/1922133808750436722, https://x.com/skocherhan/status/1922135739334078652, https://x.com/skocherhan/status/1922138570040430861, https://x.com/skocherhan/status/1922146568368435429, https://x.com/skocherhan/status/1922261189381300353, https://x.com/skocherhan/status/1922267683753509336, https://x.com/skocherhan/status/1922269784860766270, https://x.com/skocherhan/status/1922283405816774836, https://x.com/skocherhan/status/1922290527807938685, https://x.com/skocherhan/status/1922296558726332917, https://x.com/skocherhan/status/1922302556065153378, https://x.com/skocherhan/status/1922319725679280273, https://x.com/skocherhan/status/1922372009574432809, https://x.com/skocherhan/status/1922389683763384648, https://x.com/skocherhan/status/1922396080882278668, https://x.com/skocherhan/status/1922402250854437074, https://x.com/skocherhan/status/1922409801759268902, https://x.com/skocherhan/status/1922417392451297539, https://x.com/skocherhan/status/1921887460906226058, https://x.com/skocherhan/status/1921905749061480463, https://x.com/skocherhan/status/1921909441659633748, https://x.com/skocherhan/status/1921939831577292946, https://x.com/skocherhan/status/1921943491422155211, https://x.com/skocherhan/status/1921994200792314329, https://x.com/skocherhan/status/1922011840432738542, https://x.com/skocherhan/status/1922038460686258319, https://x.com/skocherhan/status/1922042871504425105
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 9 days ago
Appeared in 10 threat reports