Lumma Stealer - Distribution Methods
File types, delivery vectors, and hosting infrastructure used to distribute Lumma Stealer.
Last updated: 2026-04-18
Understanding how Lumma Stealer reaches victims is critical for prevention. This page breaks down the file types used in distribution, the hosting infrastructure serving malicious payloads, and URLs tracked by URLhaus. Data is updated daily.
What Distribution Data Tells You
Shifts in file type distribution often signal changes in delivery tactics. For example, a move from .exe to .msi files may indicate operators adapting to Windows SmartScreen or email gateway filtering. A surge in .js or .vbs files suggests script-based delivery through phishing emails. Monitoring these patterns helps you tune your email security gateway rules and endpoint protection policies to block the current delivery method before it reaches end users.
Hosting Infrastructure
The hosting data below shows which domains and servers are actively distributing Lumma Stealer payloads. Add these to your DNS blocklists, web proxy deny rules, and firewall policies. Hosting infrastructure tends to rotate frequently as takedowns occur, so check this page regularly. All URL data is sourced from URLhaus. For hash-based indicators, see the IOC page. For sample details, see Lumma Stealer samples.
Malicious Distribution URLs (50)
https://baraltransportes.com/20khgc26oiwefoibfuww.php https://versaclean.com.br/wp-content/BocAvenue.exe http://185.76.243.96/itgf/qjgd.odd http://185.76.243.96/frlb.odg https://nexoramods.net/nexora.zip https://windefender.best/?campaignid=45628&groupid=130392846921&targetid=kwd-10005570 http://178.17.58.0x31/tujg.mkv https://185.102.115.69/48e.lim http://213.111.153.40/lf7n/ihbs.odd http://213.111.153.0x28/lf7n/ihbs.odd https://anondrop.net/1408852323941224540 https://anondrop.net/1408851068389163010 https://anondrop.net/1408850362915361032 http://88.99.145.13:444/?anondrop.net_scampage https://anondrop.net/1408850668046913618 https://anondrop.net/1408851906733805629 https://anondrop.net/1408851485831336028 https://streamcache.site/balc.jpg https://t0urist.cv/CrL.ini https://www.dropbox.com/t/7YKNV6Ccksm2FD3v https://download2329.mediafire.com/3002yurx4tpgfrBLM-UDFT16u8yZv6CVhIubNpMWpAe1kHlU-QuiPrlnHheh84nrhHbOLw8MrZK5K9n10pn1iPh1ekQU35MuqgNT4jwpkuRrcQgzO4-kYf41GwhkeEt4vnj9pTnqG4TGrTg7t3wwB7pfzivEquO1WiDr24uAQ6R4QQ/9mp872akp80s4ui/L4%D0%B0nchXPr%D0%BE_Win64_%5Bv3.1.1%5D_P%D0%BErtX_x64.zip https://download2334.mediafire.com/omztunjkjrwglwYHUdOb47TJdgZoEhdNvCsN5ooze0wRn6IVOd-DynniCuJNOhpjuXiimznygygNgOJtSA-n76tge2OCmFfEXpHT1e4fN3U2kBUkbp7alcd6nLSzeXOlNrSck8ECKhxEQkwohSAoukUiy8Y_hlEOjujQICsNH0wVjg/flpp764nam459g2/GalaxyPr00j33ct2.67v.zip https://mega.nz/file/K5RyiQ4L#Qv-iCXbW-PtH-wvnQq8gRHNj75H5CvxV1ssoBFBMxRQ http://185.156.72.196/ycl https://github.com/legendary99999/legend11/releases/download/legend1/legend1.exe https://github.com/legendary99999/rgsfdgsfg/releases/download/grdfvgvsfd/Faceit.TITAN.ver.4.562.exe https://github.com/legendary99999/rdfgsdgadfg/releases/download/fadbsgfbgasb/alex12312.exe https://github.com/legendary99999/legend2/releases/download/legend2/legend2.exe https://12.innospark.cloud/vpnmcg.txt https://pub-d4469a7a24f7423989c5026116ada945.r2.dev/vpncmgr.exe https://directxapps.shop/NILdR0uHd0xf2wKhJXsaGal67PZbxnPg https://undo.sg/file.exe https://www.dropbox.com/scl/fi/xfme3jj5rgt6u5ig7he70/CapCut-Pro.rar?rlkey=ndad0985or8n5rokxmb0pz5k0&st=wcorhwhg&dl=1 https://sites.google.com/view/robloxfree2025/roblox-free-hack https://drive.google.com/file/d/11SRBeq-5b2C7gf5Z24SzNiSxCTSHONLJ/view https://app.mediafire.com/nv3tqmek5l0sy https://github.com/Fortnite-Wallhacks-2025/.github/releases/tag/files https://github.com/RaquelG18/Luna-Executor/releases https://www.transfernow.net/dl/20250411w2aAKIJy?67f972e914fe6_67f972e914fe8&sdm=1a251d0c7deda496a1d5a90a395bcc4866d974b7 https://mega.nz/folder/SQ4BWbBB#fAN-0OThrJOUdQL-8mb7TA https://www.transfernow.net/en/bld?utm_source=20250407VJA0tBzl https://mega.nz/file/rFdUmQRR#Tt2_tJ3TBN_M0D_-KLrOZkuxU72Y_c_SpNpTde5ESMY/trmr/472c53960a4c2dccd5 https://www.mediafire.com/folder/1a2yiirfpq4zo/d https://www.mediafire.com/folder/pwsem69dw0f2v/Global%D0%A1h%D0%B5%D0%B0ts https://sites.google.com/view/drcheats6 https://github.com/AkhtarAriq/krnl-latest-update/releases/tag/2025 https://g3.uueui.shop/d1196e3e1b76ca8658b7d6b95ee5a559513873ea9cdb7bbf.bmp https://zetrax.shop/firsthookup.mp3 https://a.uueui.shop/700815a50547b01b29cf3a1ca55d7a7e3058e7d911072018.html https://h1.yyoiy.shop/750413b4e6897a671bc759e04597952a0be747830189873b.xlsm
Source: URLhaus (abuse.ch). Updated: 2026-04-18
Hosting Infrastructure
| Host | URLs |
|---|---|
| github.com | 7 |
| anondrop.net | 6 |
| mega.nz | 3 |
| 185.76.243.96 | 2 |
| 213.111.153.40 | 2 |
| www.dropbox.com | 2 |
| sites.google.com | 2 |
| www.transfernow.net | 2 |
| www.mediafire.com | 2 |
| baraltransportes.com | 1 |
| versaclean.com.br | 1 |
| nexoramods.net | 1 |
| windefender.best | 1 |
| 178.17.58.49 | 1 |
| 185.102.115.69 | 1 |
| 88.99.145.13 | 1 |
| streamcache.site | 1 |
| t0urist.cv | 1 |
| download2329.mediafire.com | 1 |
| download2334.mediafire.com | 1 |