################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-10-19 22:19:10 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-10-19 22:19:10", "1618045", "https://dn721508.ca.archive.org/0/items/optimized_msi_20251017_0233/optimized_MSI.png", "url", "payload_delivery", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "", "dropper,Remcos", "0", "nickkuechel" "2025-10-19 09:18:50", "1617846", "https://tk0001.jiayoutiktok.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199fbc3-b287-72f9-b891-b0f99e795e08", "c2,spynote,urlscan", "0", "juroots" "2025-10-19 06:45:07", "1617811", "http://940942cm.nyash.es/UpdatemultiSqlUniversalTrack.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-10-19 06:40:35", "1617809", "http://tsrv4.ws/23.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "phorpiex", "0", "juroots" "2025-10-19 06:39:08", "1617767", "https://178.22.24.253:58888/gateway/18bv48hp.ve6up", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://app.any.run/tasks/a150ca79-daa7-4de4-87b0-0682c0fc9cec", "Rhadamanthys", "0", "mazznrz" "2025-10-19 06:39:07", "1617763", "http://167.172.107.164:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-10-19 09:18:53", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2025-10-19 06:37:38", "1617798", "https://facai16.liucaiyun88.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlquery.net/report/e650b816-e416-4930-b88e-a64896f9e168", "c2,spynote,urlquery", "0", "juroots" "2025-10-19 06:37:37", "1617797", "https://ele07.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlquery.net/report/69072bcf-79ca-4546-b865-9a7ffe24d173", "c2,spynote,urlquery", "0", "juroots" "2025-10-19 06:36:20", "1617796", "https://wrat.in/sa1at/programfiles(x86)eprocessor_revision", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlquery.net/report/159c789b-28ae-4585-82be-d3608c164553", "c2,salatstealer,urlquery", "0", "juroots" "2025-10-19 06:36:20", "1617795", "https://wrat.in/sa1at/https:/wrat.in/sa1at/https:/wrat.in/sa1at/https:/wrat.in/sa1at/dns.googleht", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlquery.net/report/d4fa2d7b-f55e-46f0-8f5c-9ead44e6b6d2", "c2,salatstealer,urlquery", "0", "juroots" "2025-10-19 06:35:32", "1617793", "https://server11.cdneurop.cloud/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/56366b63-6815-48bc-87a0-2c23a1cc5cf5", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:32", "1617792", "https://server10.rentalhousezz.net/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/38fbf03a-3b56-4baf-becd-ee5aecd42522", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:32", "1617791", "https://server3.ninhaine.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/303953ca-6c87-4272-9f25-9a8760afdd17", "c2,glupteba,urlquery", "0", "juroots" "2025-10-19 06:35:28", "1617790", "https://107.173.152.144:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/f302275f-e220-4eda-9d96-0ace04c74144", "c2,supershell,urlquery", "0", "juroots" "2025-10-19 06:24:15", "1617787", "https://www.official-website.usdep-osha-portal.help-and-resources.osha-gov.status-drive.top/OSHA-Portal/?ID=gxyPuPq3SU4JEVWS", "url", "payload_delivery", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/aadf012c-2013-4254-a1d7-4a8a1029fab3", "fakecaptcha,urlquery,xworm", "0", "juroots" "2025-10-19 06:24:14", "1617786", "http://94.159.113.37/ssd.png", "url", "payload_delivery", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/9b747a48-b27c-47fc-bc99-d56c2818695a", "fakecaptcha,urlquery,xworm", "0", "juroots" "2025-10-19 06:05:56", "1617782", "http://2979.my.to/obinna/king.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2025-10-19 06:39:25", "100", "https://tria.ge/251019-cbc4nsypf1", "C2,loki,lokibot,triage", "0", "DonPasci" "2025-10-18 15:38:57", "1617522", "http://196.251.114.38/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS401116,Nybula LLC,unam", "0", "antiphishorg" "2025-10-18 15:38:56", "1617600", "http://103.77.241.42/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-10-18 12:44:25", "1617574", "https://pastebin.com/raw/Fxzr3jeT", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "https://app.any.run/tasks/b5496615-c506-4f1f-b823-40c290e0d91b", "c2,xworm", "0", "juroots" "2025-10-18 07:51:04", "1617498", "https://106.52.154.100:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/b2bbbda7-68c7-4090-bcef-57c00da730e6", "c2,supershell,urlquery", "0", "juroots" "2025-10-18 07:49:28", "1617497", "https://sec0de.cc/user.php?page=login", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlscan.io/result/0199f64b-8230-74f8-9e72-cd4a5ece8b47", "c2,raptor,urlscan", "0", "juroots" "2025-10-18 07:48:57", "1617496", "http://196.251.114.38/pages/login.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64b-08a5-751e-8751-2a7bc192e36e", "c2,unam,urlscan", "0", "juroots" "2025-10-18 07:48:39", "1617495", "http://79.137.196.144/", "url", "payload_delivery", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0199f64a-c391-775e-aa4d-6da76cd2a4ff", "c2,hookbot,urlscan", "0", "juroots" "2025-10-18 07:48:21", "1617494", "http://45.134.26.131/kaWt2QXfpPueNM/Login.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-7f3a-759c-bfe3-60744c1dedb1", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:20", "1617493", "http://91.92.242.27/kaWt2QXfpPueNM/Header.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-7c85-702a-95fd-1f459be1df65", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:20", "1617492", "https://185.208.156.252/u9dvjmfd/index.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-78c3-77d1-a813-6507684da186", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:48:19", "1617491", "https://191.96.225.126/appstore/index.php", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/0199f64a-74c6-75f8-b361-fe40d1a0c9a8", "amadey,c2,urlscan", "0", "juroots" "2025-10-18 07:47:54", "1617489", "http://47.236.166.45:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-136d-74df-b3aa-bcf34acceb72", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:53", "1617488", "http://107.174.64.180:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-0f9e-73c9-be40-4d2e5927c719", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:52", "1617487", "http://106.52.154.100:8888/supershell/login", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0199f64a-0c0e-708b-ae1d-816513cbf0b4", "c2,supershell,urlscan", "0", "juroots" "2025-10-18 07:47:48", "1617486", "https://doudouni18.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-fdda-77e1-8344-2a8816090068", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:47", "1617485", "https://doudouni15.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-f7cd-7399-b337-7f2f11c21b38", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:45", "1617484", "https://doudouni13.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-f088-749e-b0f4-66c40e4c1118", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:43", "1617483", "https://doudouni12.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-e7fc-77dc-9024-22a1887edc8d", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:40", "1617482", "https://doudouni01.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-df0e-755b-98fe-5468bd49c0c3", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:38", "1617481", "https://sea0123.malaysiatiktok.top/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-d7ec-71b6-8d31-7969ccbe1b3f", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:37", "1617480", "https://ustr.nouz.cn/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-d3c6-725a-8807-69cdd55f5ec9", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 07:47:36", "1617479", "https://xmg102.wxlmail.com/", "url", "payload_delivery", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/0199f649-cf9f-70ad-9bfc-b4e5a738c89e", "c2,spynote,urlscan", "0", "juroots" "2025-10-18 05:48:24", "1617299", "https://lh24h7tp-5500.euw.devtunnels.ms/checker/1.pdb", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://tria.ge/251017-p7v1ksdr8y/behavioral1", "DCRat,RAT", "0", "burger" # Number of entries: 40