Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scratchedcards.com #684

Closed
g0d33p3rsec opened this issue Jul 12, 2024 · 0 comments
Closed

scratchedcards.com #684

g0d33p3rsec opened this issue Jul 12, 2024 · 0 comments
Labels
Malicious Domains used for Malicious software

Comments

@g0d33p3rsec
Copy link
Collaborator

Comments

This domain is being used to distribute Lumma Stealer. See #681 and Phishing-Database/phishing#450

Wildcard domain records

scratchedcards.com|malicious

Sub-Domain records

No response

Hosts (RFC:953) specific records, not used by DNS RPZ firewalls

No response

SeafeSearch records

No response

Screenshots

Screenshot

Links to external sources

https://scratchedcards.com/can/cantruck
https://urlscan.io/result/d7d70aa7-eb5b-457d-bc1d-7225b5ca4fc8/
https://www.virustotal.com/gui/file/59d2c2ca389ab1ba1fefa4a06b14ae18a8f5b70644158d5ec4fb7a7eac4c0a08
https://scratchedcards.com/can/IHBHXXQF.exe
https://urlscan.io/result/1bcaff89-5bcd-459a-8a37-c4694551dcf7/
https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34
https://any.run/report/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/82700ba4-69b0-4479-8148-71ce74324606
https://scratchedcards.com/update/invoice_past
https://urlscan.io/result/247adbd8-60ed-4887-96dc-c0751332892c/
https://www.virustotal.com/gui/file/ee4a9350d2f86473b8bee1aaea30d427ac97d9e83f8b5379dfa966bf6080e3ab
https://scratchedcards.com/binary/scrscrscr
https://urlscan.io/result/3b6ed669-431f-4663-abdb-0ecbc662c2a2/
https://www.virustotal.com/gui/file/c6ddf38097bdc8e2f9830c87e7574d48fdd2c95cf799307b1a32a1c2ceadbc70
https://scratchedcards.com/binary/wizardWatcher.exe
https://urlscan.io/result/a80c0c90-4a25-422c-b580-738f1f6b01fa/
https://www.virustotal.com/gui/file/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e
https://any.run/report/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e/639b23af-a076-4563-8889-b8f0895f11a3

logs from uBlock Origin

N/A

@g0d33p3rsec g0d33p3rsec added the Malicious Domains used for Malicious software label Jul 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Malicious Domains used for Malicious software
Development

No branches or pull requests

1 participant