Closed g0d33p3rsec closed 1 month ago
This domain is being used to distribute Lumma Stealer. See #681 and https://github.com/mitchellkrogza/phishing/pull/450
scratchedcards.com|malicious
No response
https://scratchedcards.com/can/cantruck https://urlscan.io/result/d7d70aa7-eb5b-457d-bc1d-7225b5ca4fc8/ https://www.virustotal.com/gui/file/59d2c2ca389ab1ba1fefa4a06b14ae18a8f5b70644158d5ec4fb7a7eac4c0a08 https://scratchedcards.com/can/IHBHXXQF.exe https://urlscan.io/result/1bcaff89-5bcd-459a-8a37-c4694551dcf7/ https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34 https://any.run/report/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/82700ba4-69b0-4479-8148-71ce74324606 https://scratchedcards.com/update/invoice_past https://urlscan.io/result/247adbd8-60ed-4887-96dc-c0751332892c/ https://www.virustotal.com/gui/file/ee4a9350d2f86473b8bee1aaea30d427ac97d9e83f8b5379dfa966bf6080e3ab https://scratchedcards.com/binary/scrscrscr https://urlscan.io/result/3b6ed669-431f-4663-abdb-0ecbc662c2a2/ https://www.virustotal.com/gui/file/c6ddf38097bdc8e2f9830c87e7574d48fdd2c95cf799307b1a32a1c2ceadbc70 https://scratchedcards.com/binary/wizardWatcher.exe https://urlscan.io/result/a80c0c90-4a25-422c-b580-738f1f6b01fa/ https://www.virustotal.com/gui/file/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e https://any.run/report/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e/639b23af-a076-4563-8889-b8f0895f11a3
N/A
Comments
This domain is being used to distribute Lumma Stealer. See #681 and https://github.com/mitchellkrogza/phishing/pull/450
Wildcard domain records
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
Links to external sources
logs from uBlock Origin
N/A