################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-08-05 03:40:13 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-08-05 03:40:13", "1564371", "http://pavlovski3.temp.swtest.ru/b067f351.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 20:04:08", "1564342", "https://62.60.227.98/g8jejfC38/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/36252f63-e363-41fd-9144-72e55e7d1c70", "amadey,c2,urlquery", "0", "juroots" "2025-08-04 20:04:07", "1564341", "https://196.251.85.220/E3jv8fS9b/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/ba4044c9-64e2-4737-b65c-11d2e40ccbd5", "amadey,c2,urlquery", "0", "juroots" "2025-08-04 20:03:36", "1564340", "http://91.241.93.244:4000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019876ae-ad58-75c4-91e9-d16f3858a33b", "c2,evilginx,urlscan", "0", "juroots" "2025-08-04 19:50:51", "1564287", "https://meadotdk.qpon/iutr/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2e13d573b457b30b459d7597c46dd2e69e0288fdb08b0e392e6ad3bbe38f9112/", "lumma", "0", "abuse_ch" "2025-08-04 19:20:10", "1564284", "http://boxyong.ydns.eu:6144/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 19:04:38", "1564281", "http://23.146.184.21/x86.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-04 18:11:08", "1564279", "https://in.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-05 06:10:41", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 18:01:24", "1564275", "https://ilamaxmi.beer/toaw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250804-qhzg5stjy4", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-04 17:10:14", "1564257", "http://149.154.69.131/Uploads/SqlUploads7/ServercdnAuthPython/TrafficPoll/Provider/ToPipeTrack9/Processor/7imageDbprocess/linuxSecureimage/jsLowProcessBigloadserverMultiTest.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 17:05:18", "1564256", "https://fillettx.xin/otiq/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/70ba2e676c814e7e85442f312aa3a7a0e28bce15607e90849fa627b8c3399af2/", "lumma", "0", "abuse_ch" "2025-08-04 14:20:53", "1564240", "https://t.me/privetroot", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/31ba8080813690f32ff5cb3ad9c09a20129f81f0f4f11ed99d6cac35cb1d7c4d/", "lumma", "0", "abuse_ch" "2025-08-04 14:19:54", "1564233", "https://docs.nynovation.com/doLogout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-04 13:40:18", "1564225", "https://bouncystardust.run/", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "", "ClearFake", "0", "threatcat_ch" "2025-08-04 13:10:28", "1564231", "https://rx.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 17:10:29", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 11:25:12", "1564193", "http://027894cm.nyash.es/imageTojavascriptlocalpublic.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 11:18:03", "1564185", "http://124.221.221.58:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:26", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564186", "http://120.78.121.146:8035/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:25", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564187", "http://49.113.77.155:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:24", "100", "None", "AS4134,CHINANET-BACKBONE,supershell", "0", "antiphishorg" "2025-08-04 11:18:02", "1564188", "http://139.159.238.207:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:23", "100", "None", "AS55990,Huawei Cloud Service data center,supershell", "0", "antiphishorg" "2025-08-04 11:18:01", "1564189", "http://47.110.51.222:18088/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:22", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 11:18:01", "1564190", "http://118.195.157.204:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:22", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-08-04 11:10:31", "1564191", "https://mx.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 12:11:04", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-04 10:45:10", "1564182", "http://cw56267.tw1.ru/289ad6e1.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-04 10:20:11", "1564180", "http://dollarman101.hopto.org:6633/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 08:19:31", "1564097", "http://www.yperswapai.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564086", "http://www.remium5.tokyo/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564087", "http://www.sotonic.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564088", "http://www.sy739.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564089", "http://www.sy907.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564090", "http://www.tokia.cloud/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564091", "http://www.umss.qpon/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564092", "http://www.uputamadre.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564093", "http://www.us82.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564094", "http://www.utfinpost.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564095", "http://www.wdiks.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:30", "1564096", "http://www.yhyqoeziut.pro/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564076", "http://www.nayasa.tech/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564077", "http://www.odesigngurulabs.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564078", "http://www.ompira.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564079", "http://www.orven.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564080", "http://www.ow50p.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564081", "http://www.oyukj.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564082", "http://www.pace-capsule-house.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564083", "http://www.qpi.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564084", "http://www.r-ing.tech/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:29", "1564085", "http://www.raftdistillery.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564066", "http://www.h123.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564067", "http://www.heryl866.forum/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564068", "http://www.i1.live/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564069", "http://www.ic-staking.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564070", "http://www.ightspotin.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564071", "http://www.ijnbedrijfskleding.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564072", "http://www.irstcarepartners.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564073", "http://www.lujjq.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564074", "http://www.lvfun.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:28", "1564075", "http://www.m155.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564055", "http://www.eebot.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564056", "http://www.eet-new-people-69853.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564057", "http://www.ellowapp.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564058", "http://www.encilzanybetazoom.sbs/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564059", "http://www.ental-implants-22908.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564060", "http://www.eshai.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564061", "http://www.etlemonlightsite.cfd/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564062", "http://www.etr3water.click/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564063", "http://www.g51-lzal1646.vip/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564064", "http://www.gdyej.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:27", "1564065", "http://www.gmqs5.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564046", "http://www.btreiu.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564047", "http://www.c1365.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564048", "http://www.c4829.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564049", "http://www.c5217.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564050", "http://www.dazi.info/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564051", "http://www.dton.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564052", "http://www.dvansebuisness.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564053", "http://www.eabook.mobi/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:26", "1564054", "http://www.ecruittalentteam.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564035", "http://www.6064.net/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564036", "http://www.9xtver7.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564037", "http://www.aapcommerce.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564038", "http://www.aluechaser.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564039", "http://www.aluxuryrealestate.homes/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564040", "http://www.anzocommunityhub.services/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564041", "http://www.ataract-surgery-15490.bond/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564042", "http://www.atinca.pro/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564043", "http://www.avannah.ventures/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564044", "http://www.aximocastillo.xyz/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:25", "1564045", "http://www.azeti.shop/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:24", "1564033", "http://www.0sao.top/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:19:24", "1564034", "http://www.3779.page/ko23/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-08-04 08:16:39", "1564028", "https://amnesia333.store", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlquery.net/report/14a5ec3d-d6b1-498d-bdaa-c19d8c22346d", "Amnesia,c2,urlquery", "0", "juroots" "2025-08-04 08:15:29", "1564027", "https://server16.filesdumpplace.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/378ac64a-adb5-4629-9f55-5efbcbf1e187", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 08:15:27", "1564026", "https://server5.localstats.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/495a429e-13e3-4d98-916b-1c9fdcceb0ac", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 08:15:26", "1564025", "https://server9.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/c2f217cb-3e2a-411c-84c5-224353007195", "c2,glupteba,urlquery", "0", "juroots" "2025-08-04 06:55:35", "1563904", "https://goethjmr.asia/lkiq/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/66714b3368a2365b0ac7cb6a09bf95dc6fb98989a74bcd2e274971b4237e6df7/", "lumma", "0", "abuse_ch" "2025-08-04 05:50:18", "1563856", "http://47.99.159.237:18088/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:27", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-08-04 05:50:18", "1563862", "https://helloworldcyber.live/webpanel/panel/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS13335,Cloudflare Inc.,cyberstealer,PDR Ltd. d/b/a PublicDomainRegistry.com", "0", "antiphishorg" "2025-08-04 05:50:17", "1563855", "http://116.205.245.113:8029/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:29", "100", "None", "AS55990,Huawei Cloud Service data center,supershell", "0", "antiphishorg" "2025-08-04 05:50:17", "1563863", "http://176.123.2.48/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-05 03:00:31", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-04 05:50:16", "1563834", "http://206.82.6.254:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-08-04 20:03:30", "100", "None", "AS963,N963 PTE. LTD.,supershell", "0", "antiphishorg" "2025-08-04 02:45:03", "1563859", "http://oby2349.giize.com:3049/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-08-04 00:10:58", "1563853", "https://ty.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 10:10:57", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-03 21:15:43", "1563836", "http://59.110.81.93:12121/DcQe", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/3868091a675ee465ba7a7758d73c1aa21610739732f6fb7d4b9e8ffb4b9d8308/", "cobaltstrike", "0", "abuse_ch" "2025-08-03 20:45:55", "1563827", "https://t.me/dhtyjd56uerjty", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/5cc69bda6dc376c62fafeee10fff3e5ed60eadc7f9a4172b91d005b2aa85983c/", "lumma", "0", "abuse_ch" "2025-08-03 20:45:44", "1563826", "https://laplmav.xin/iire/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/5cc69bda6dc376c62fafeee10fff3e5ed60eadc7f9a4172b91d005b2aa85983c/", "lumma", "0", "abuse_ch" "2025-08-03 20:10:36", "1563819", "https://faitnfk.asia/tiwu/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2155f4050a5ed8cabd76f1f0d2a079fc35357d466292b27741181313673fb79f/", "lumma", "0", "abuse_ch" "2025-08-03 18:05:45", "1563798", "http://penpoolux.co.in/eng/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "https://tria.ge/250803-qclzvseq7w", "C2,loki,lokibot,triage", "0", "DonPasci" "2025-08-03 18:04:27", "1563796", "http://zaebaloblya.tk/zae/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "", "100", "https://tria.ge/250803-qwlhfafm6s", "azorult,C2,rat,triage", "0", "DonPasci" "2025-08-03 18:01:04", "1563793", "https://materdvc.beer/xeoi/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250803-rvtcbswnz3", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-03 16:45:06", "1563784", "http://a0931898.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-03 16:10:22", "1563766", "http://weathersouth.shop/45cc90de006049c9.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/07984521-8b82-4efc-b5c5-210c03044588", "None", "0", "pitachu" "2025-08-03 16:10:22", "1563768", "http://64.227.174.215/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-03 20:40:40", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 14:07:49", "1563765", "tftp://46.236.170.199/.i", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 12:00:57", "1563752", "https://ukrposhttem.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250803-jldarayvfz", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-03 11:10:29", "1563742", "https://ww.softlinko.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-04 07:35:24", "75", "None", "5%563,Vidar", "0", "abuse_ch" "2025-08-03 10:25:08", "1563733", "http://cm41241.tw1.ru/7b4a24ad.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-03 07:27:43", "1563710", "https://pastebin.com/raw/JTpCx3rC", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:27:43", "1563711", "https://pastebin.com/raw/gm8AWBZG", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 07:27:43", "1563712", "https://pastebin.com/raw/wD2c8Tx0", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-08-03 06:51:04", "1563647", "http://196.251.115.36/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-03 09:10:29", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-03 06:51:02", "1563537", "https://clients.lamusicana.com/doLogout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-08-03 06:51:00", "1563552", "http://207.244.199.222/wget.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" # Number of entries: 122