← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
WHITE eric.ford 2024-12-16 Modified: 2024-12-16
191
IOCs
HIGH VOLUME
Guardio Labs reported on a large-scale fake captcha campaign distributing Lumma Stealer that circumvents general security measures like Safe Browsing. The campaign relies entirely on a single ad network for propagation (malvertising), Monetag, a subsidiary of ProepllerAds previously tracked by Infoblox under the name “Vane Viper.” These ads, leveraging BeMob for tracking, receive over 1 million daily “impressions,” potentially causing thousands of daily infections of Lumma Stealer through a network of 3,000+ sites using Monetag scripts. The research dissects this campaign and provides insights into the malvertising industry’s infrastructure, tactics, and key players.
MalvertisingLumma StealerBeMob Ad Tracking
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Lumma Stealer
Indicators of Compromise (191)
All domain URL FileHash-MD5 hostname
TYPEINDICATORDESCRIPTIONCREATED
domain chromeupdates.com 2024-12-16
URL https://scrutinycheck.cash/go/f94e2fd6-3569-4d2d-b596-5e07f79a5818 2024-12-16
URL https://searchmegood.com/go/897a19a7-2e55-408c-94a6-d82617b5361f 2024-12-16
FileHash-MD5 7a0525921ff54f1193db83d7303c6ee8 2024-12-16
URL http://bmy7etxgksxo.objectstorage.ca-toronto-1.oci.customer-oci.com/n/bmy7etxgksxo/b/... 2024-12-16
URL http://bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com/n/bmy7etxgksxo/b/ 2024-12-16
URL http://cloud-checked.com/cf/verify/ 2024-12-16
URL http://fiare-activity.com/cf/verify/ 2024-12-16
URL http://fingerboarding.com/cha 2024-12-16
URL http://foodrailway.cfd/tracker/index.php 2024-12-16
URL http://marimarbahamas.me/downloads/index.html 2024-12-16
URL http://restoindia.me/recaptcha/downloads 2024-12-16
URL http://sos-ch-gva-2.sos-cdn.net/bytebin/ 2024-12-16
URL http://travelwithandrew.xyz/assets/index.html 2024-12-16
URL https://addonclicks.com/go/aa22d074-412b-41b9-ba13-7dcf967019d9 2024-12-16
URL https://addonclicks.com/go/b37e8c6f-ddee-4501-8a45-c5a466afee72 2024-12-16
URL https://adstrails.com/go/3a2f0420-aa82-403a-a04e-4df13708bc04 2024-12-16
URL https://adstrails.com/go/708fba2f-fbc0-45d0-831f-4e92054b1b73 2024-12-16
URL https://adstrails.com/go/ac3d7719-d344-478a-b3b6-06bf5461f189 2024-12-16
URL https://boltsreach.com/go/83afb110-50f2-4b29-a93e-15e37801c7e2 2024-12-16
URL https://camplytic.com/go/7110a328-a727-4c2c-9e88-3a71adf76cb1 2024-12-16
URL https://clickzstreamer.com/go/7110a328-a727-4c2c-9e88-3a71adf76cb1 2024-12-16
URL https://clickzstreamer.com/go/cdff9f96-8cbd-4c44-b679-2f612a64cd00 2024-12-16
URL https://clovixo.com/go/35b66391-3541-4d40-a116-52515cc39b9e 2024-12-16
URL https://editorcoms.com/go/49b491b8-09d0-422d-8735-275dc82a37ca 2024-12-16
URL https://editorcoms.com/go/dd423e06-1ace-4a1f-80be-1790bdbbe75d 2024-12-16
URL https://fineclouding.com/go/0160ee85-0b3d-45cf-adbd-4801966ce1dd 2024-12-16
URL https://fineclouding.com/go/134f0807-4dc8-4a61-895c-acf5107b611a 2024-12-16
URL https://fineclouding.com/go/7ffe1a51-dc79-4e3f-ac7e-ab76c4741738 2024-12-16
URL https://fineclouding.com/go/83a7f27f-d3ae-4935-b854-fdf492984ed3 2024-12-16
URL https://fineclouding.com/go/e331e010-c671-4ea5-83c7-7518b2f08b7b 2024-12-16
URL https://freeofapps.com/go/9f900112-9d2f-41f7-a8db-cd21dd738750 2024-12-16
URL https://gamebalri.com/go/6818d61d-1f2e-4bc0-a98b-c63669acc41f 2024-12-16
URL https://gawanjaneto.com/go/180f58b8-38df-46cb-a0d2-d6f12d8aa8a8 2024-12-16
URL https://gawanjaneto.com/go/7b4c672a-7787-45cc-913b-1f2f9108d002 2024-12-16
URL https://getcodavbiz.com/go/ce1c3e68-e155-4e87-992c-b66f1485aef9 2024-12-16
URL https://glidronix.com/go/8eb5d9be-98ca-42c4-8185-090a299eb3ef 2024-12-16
URL https://godagichi.com/go/10a84a68-b524-4885-adb2-bfbda4c17778 2024-12-16
URL https://helpmemoverand.com/go/26131470-304e-4f6c-b6dc-1ffd5c5a9930 2024-12-16
URL https://helpmemoverand.com/go/a895c485-d572-4e80-bd52-9dd3540c81d9 2024-12-16
URL https://helpmemoverand.com/go/dc3ae9c2-de16-4dc0-b614-b0b36b81f319 2024-12-16
URL https://impressflow.com/go/f7d8c7fb-c416-4972-94cd-2f1ede1bac38 2024-12-16
URL https://insigelo.com/go/0e94e3bf-65a0-476a-b00e-5ababc6ff856 2024-12-16
URL https://insigelo.com/go/96f84023-dd9d-4331-9788-5705babb7f0c 2024-12-16
URL https://insigelo.com/go/fecdc64b-280d-4ee1-9f28-96efb38acb15 2024-12-16
URL https://latestgadet.com/go/837d85a4-fda0-4b10-89c8-c840455acb25 2024-12-16
URL https://linkspans.com/go/7110a328-a727-4c2c-9e88-3a71adf76cb1 2024-12-16
URL https://mediamanagerverif.com/go/2bf025b9-52c0-4587-bf7f-9a8cdd459851 2024-12-16
URL https://mediamanagerverif.com/go/9626641b-871b-45e1-b360-84e2767326cc 2024-12-16
URL https://mediamanagerverif.com/go/d3aa1081-e2fd-4bc5-b168-5502eae928f1 2024-12-16
URL https://mytecbiz.org/go/a8b87aed-1575-4d89-b503-974f4e932152 2024-12-16
URL https://nettrilo.com/go/4c5443a1-ba90-487a-839a-b67a2b0317a8 2024-12-16
URL https://nettrilo.com/go/708fba2f-fbc0-45d0-831f-4e92054b1b73 2024-12-16
URL https://nowuseemi.com/go/e594bfab-e401-456c-a4fc-63d70055ff5b 2024-12-16
URL https://offerzforu.com/go/7a343cf8-3eb1-4b24-9534-948f237f0941 2024-12-16
URL https://offerztodayforu.com/go/61eba7aa-81b9-4836-9636-76b263f6f8cd 2024-12-16
URL https://privatemeld.com/go/014e411a-91a4-44b3-9da2-5954404438dc 2024-12-16
URL https://privatox.com/go/a391ee5e-c1f4-4654-90a8-f545126dc3a7 2024-12-16
URL https://provenhandshakecap.com/go/3442df81-6329-4d47-8594-73a9455c5363 2024-12-16
URL https://provenhandshakecap.com/go/c33549db-0cfb-4805-a3f6-64213cd4c3a9 2024-12-16
URL https://provenhandshakecap.com/go/d2ce67cc-16c8-4a3a-938e-c3389b412786 2024-12-16
URL https://purnimaali.com/go/b36d4019-1072-445e-8719-8fae7640ed7f 2024-12-16
URL https://reachorax.com/go/2f3b2ad6-8c07-4095-ad09-89abc67a495d 2024-12-16
URL https://regsigara.com/go/a78798ba-50d8-4cef-9a64-1bd0e917da8e 2024-12-16
URL https://satisfiedweb.com/go/3710d145-158f-4faa-942f-467142fd9201 2024-12-16
URL https://scrutinycheck.cash/go/180f58b8-38df-46cb-a0d2-d6f12d8aa8a8 2024-12-16
URL https://searchmegood.com/go/49c2dac8-63b7-46d9-a9f6-6ebdaa1ce3ee 2024-12-16
URL https://secureporter.com/go/c788f30c-9d6f-4fdd-96bc-1767e250f9c5 2024-12-16
URL https://servinglane.com/go/83864c8d-2168-4d4e-bf47-b67a99e6178a 2024-12-16
URL https://sheenglathora.com/go/3442df81-6329-4d47-8594-73a9455c5363 2024-12-16
URL https://smartlinkoffer.com/go/15ef9db0-585b-4c85-9ffc-a2b6e81c4bfa 2024-12-16
URL https://smartlinkoffer.com/go/6754805d-41c5-46b7-929f-6655b02fce2c 2024-12-16
URL https://smartlinkoffer.com/go/b11f973d-01d4-4a5b-8af3-139daaa5443f 2024-12-16
URL https://spotconningo.com/go/3119e6d0-9df0-4116-816f-0ff62631557b 2024-12-16
URL https://startingdestine.com/go/ad3b65a2-9255-4017-a1e1-087bcca4e2ef 2024-12-16
URL https://stephighs.com/go/34073388-1d3a-4671-804e-036143ad82e5 2024-12-16
URL https://stephighs.com/go/4be1a5d1-14ab-44ae-bea7-d55de09afac0 2024-12-16
URL https://stephighs.com/go/a8e78df0-c0cb-4d55-b4e9-48ed33fd2a6e 2024-12-16
URL https://stephighs.com/go/ce1c3e68-e155-4e87-992c-b66f1485aef9 2024-12-16
URL https://streamingsplays.com/go/1c406539-b787-4493-a61b-f4ea31ffbd56 2024-12-16
URL https://streamingsplays.com/go/6754805d-41c5-46b7-929f-6655b02fce2c 2024-12-16
URL https://streamingsplays.com/go/b11f973d-01d4-4a5b-8af3-139daaa5443f 2024-12-16
URL https://streamingszone.com/go/b3ddd860-89c0-448c-937d-acf02f7a766f 2024-12-16
URL https://tagsflare.com/go/0c3c343a-abfa-4467-b52d-0c20711b2d7e 2024-12-16
URL https://taketheright.com/go/ee8430f6-c0db-4d47-95db-3fdcf5941225 2024-12-16
URL https://techstalone.com/go/2bf025b9-52c0-4587-bf7f-9a8cdd459851 2024-12-16
URL https://techstalone.com/go/9626641b-871b-45e1-b360-84e2767326cc 2024-12-16
URL https://techstalone.com/go/d3aa1081-e2fd-4bc5-b168-5502eae928f1 2024-12-16
URL https://tracksvista.com/go/b67f38ca-952b-44e3-b463-126a325e85c6 2024-12-16
URL https://trailsift.com/go/5c881316-6dd0-46cb-b9aa-2d72b614d026 2024-12-16
URL https://tunneloid.com/go/520c3874-eeb8-4f5c-bc79-849759f17715 2024-12-16
URL https://vanshitref.com/go/e594bfab-e401-456c-a4fc-63d70055ff5b 2024-12-16
URL https://verticbuzz.com/go/ca526b93-0797-4fd6-b107-fdf823a5badb 2024-12-16
URL https://westreamdaily.com/go/2912600c-ec64-47fd-93cd-d7172bc29206 2024-12-16
URL https://yourtruelover.com/go/76c79b3b-c3bd-409a-9f9d-d25f984b6ac5 2024-12-16
URL https://yourtruelover.com/go/d05741b5-5782-4882-b0d0-d5cbf5c14f58 2024-12-16
domain addonclicks.com 2024-12-16
domain adstrails.com 2024-12-16
domain alphatron.tv 2024-12-16
domain asuracomic.net 2024-12-16
domain boltsreach.com 2024-12-16
domain camplytic.com 2024-12-16
domain cdn-downloads-now.xyz 2024-12-16
domain cinego.tv 2024-12-16
domain clickzstreamer.com 2024-12-16
domain cloud-checked.com 2024-12-16
domain clovixo.com 2024-12-16
domain coinpriceline.com 2024-12-16
domain dramacool.bg 2024-12-16
domain e123movieswatch.com 2024-12-16
domain editorcoms.com 2024-12-16
domain fiare-activity.com 2024-12-16
domain filecrypt.co 2024-12-16
domain fineclouding.com 2024-12-16
domain fingerboarding.com 2024-12-16
domain foodrailway.cfd 2024-12-16
domain freeofapps.com 2024-12-16
domain gamebalri.com 2024-12-16
domain gawanjaneto.com 2024-12-16
domain getcodavbiz.com 2024-12-16
domain glidronix.com 2024-12-16
domain godagichi.com 2024-12-16
domain gomovies.sx 2024-12-16
domain helpmemoverand.com 2024-12-16
domain hurawatch.cc 2024-12-16
domain hydrahd.cc 2024-12-16
domain impressflow.com 2024-12-16
domain insigelo.com 2024-12-16
domain kisskh.co 2024-12-16
domain latestgadet.com 2024-12-16
domain linkspans.com 2024-12-16
domain mangabuddy.com 2024-12-16
domain mangakakalot.com 2024-12-16
domain mangaread.org 2024-12-16
domain manhuaus.com 2024-12-16
domain manhwaclan.com 2024-12-16
domain marimarbahamas.me 2024-12-16
domain mediamanagerverif.com 2024-12-16
domain megadb.net 2024-12-16
domain movies2watch.tv 2024-12-16
domain moviesjoy.is 2024-12-16
domain mytecbiz.org 2024-12-16
domain nettrilo.com 2024-12-16
domain nowuseemi.com 2024-12-16
domain offerzforu.com 2024-12-16
domain offerztodayforu.com 2024-12-16
domain privatemeld.com 2024-12-16
domain privatox.com 2024-12-16
domain provenhandshakecap.com 2024-12-16
domain purnimaali.com 2024-12-16
domain reachorax.com 2024-12-16
domain readcomiconline.li 2024-12-16
domain regsigara.com 2024-12-16
domain restoindia.me 2024-12-16
domain satisfiedweb.com 2024-12-16
domain scrutinycheck.cash 2024-12-16
domain searchmegood.com 2024-12-16
domain secureporter.com 2024-12-16
domain servinglane.com 2024-12-16
domain sheenglathora.com 2024-12-16
domain smartlinkoffer.com 2024-12-16
domain sportshub.stream 2024-12-16
domain spotconningo.com 2024-12-16
domain startingdestine.com 2024-12-16
domain steamrip.com 2024-12-16
domain stephighs.com 2024-12-16
domain streameast.best 2024-12-16
domain streamingsplays.com 2024-12-16
domain streamingszone.com 2024-12-16
domain tagsflare.com 2024-12-16
domain taketheright.com 2024-12-16
domain techstalone.com 2024-12-16
domain totalsportek.best 2024-12-16
domain totalsportek.games 2024-12-16
domain tracksvista.com 2024-12-16
domain trailsift.com 2024-12-16
domain travelmiso.com 2024-12-16
domain travelwithandrew.xyz 2024-12-16
domain tubemp4.is 2024-12-16
domain tunneloid.com 2024-12-16
domain vanshitref.com 2024-12-16
domain verticbuzz.com 2024-12-16
domain vipbox.lc 2024-12-16
domain westreamdaily.com 2024-12-16
domain y2meta.tube 2024-12-16
domain yourtruelover.com 2024-12-16
domain z-lib.io 2024-12-16
hostname bmy7etxgksxo.objectstorage.ca-toronto-1.oci.customer-oci.com 2024-12-16
hostname bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com 2024-12-16
hostname sos-ch-gva-2.sos-cdn.net 2024-12-16
hostname xxxx.bmtrck.com 2024-12-16
References (1)
↗ https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6