How it works? This application monitors the latest ClickFix (which serves LummaC2) infections by scanning blockchain transactions on the BNB (Binance Coin) blockchain. It extracts UUIDs of infected machines to provide real-time infection statistics. The new version of ClickFix stores the identifiers of infected machines in the BNB blockchain.
What is UUID? ClickFix displays a fake captcha that prompts the user to paste a malicious command into the Run window in Windows. The command contains a malicious URL along with a computer ID. Example: https[:]//example.host[.]org/awjsx.captcha?u=ef338b93-4987-4b10-a6fa-72805b6d1ae6 (it's UUID)
Note: For resource efficiency, only the latest 10,000 infection records are shown.
Cheers, fab0
UPDATE May 13th 2026: LummaC2 infrastruture has been seized by FBI in global coordinated disruption targeting Lumma Stealer. ~2300 domains were seized. Read more here and here
LUMMA IS DOWN! There are no new infections since May 14th, so the last day is set for May 14.
| Hash | Timestamp | Machine UUID |
|---|