Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top

📖 Overview
A domain-based indicator has been identified linked to command-and-control infrastructure for Lumma Stealer. The domain, presenting a Russian-language login portal, is confirmed with high confidence as part of active Lumma C2 operations.


📌 Key Details

FieldInformation
TypeDomain
Indicatorlarpfxs[.]top
Threat TypeBotnet C2
Malwarewin.lumma
Confidence100%
Date31 Aug 2025 – 20:26:53 UTC
Tagsc2, domain, Lumma, stealer
ReporterDonPasci

🔎 URLScan Result
Page Title: Вход
Screenshot: https://urlscan.io/screenshots/0198fd5b-0763-7058-8bf4-5a8a755b9cfe.png
Result: https://urlscan.io/result/0198fd5b-0763-7058-8bf4-5a8a755b9cfe/


📡 Related Intelligence
WHOIS Record: https://who.is/whois/larpfxs.top
VirusTotal Report: https://www.virustotal.com/gui/domain/larpfxs.top


🛡️ Defensive Guidance

  • Block larpfxs[.]top at DNS, proxy, and endpoint layers.
  • Monitor for Lumma Stealer callbacks and credential exfiltration attempts.
  • Hunt for stealer payloads and persistence mechanisms in endpoint telemetry.
  • Review DNS and proxy logs for suspicious outbound requests to this domain.

Latest