################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-07-12 06:01:40 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-07-12 06:01:40", "1556158", "http://193.169.105.242", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250712-fm6rxawxev", "AS211381,C2,stealc,stealer,triage", "0", "DonPasci" "2025-07-12 05:40:07", "1556048", "http://62.233.53.75/393589217af146c5.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/bc6b5b21-e714-4261-9ee9-f1fa7d4da1c3", "None", "0", "pitachu" "2025-07-12 05:40:07", "1556045", "http://176.46.157.32/files/7234551096/HZhaduP.exe", "url", "payload_delivery", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "https://app.any.run/tasks/237209eb-af1a-47e5-a2d4-76012f2f33f0", "None", "0", "pitachu" "2025-07-12 05:40:06", "1556047", "http://176.46.157.32/files/5296057416/i8kSMr9.exe", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/bc6b5b21-e714-4261-9ee9-f1fa7d4da1c3", "None", "0", "pitachu" "2025-07-12 05:40:03", "1556050", "http://66.63.187.164/v999f8.exe", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/a19d5243-c659-448b-9a78-fc6a67c32dd7", "None", "0", "pitachu" "2025-07-12 05:40:01", "1556055", "http://45.141.233.187/7d1ca61c169b4862.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-12 05:40:00", "1556057", "http://176.46.157.32/testmine/random.exe", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/8d39b276-c6fe-4aa5-b339-49d8f086daef", "None", "0", "pitachu" "2025-07-12 05:39:55", "1556093", "https://smithenv.com/5r22q.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-07-12 05:39:54", "1556104", "http://91.84.109.91/sign-in", "url", "botnet_cc", "win.amatera", "None", "Amatera", "", "100", "None", "amatera,AS216071,SERVERS TECH FZCO", "0", "antiphishorg" "2025-07-12 04:45:24", "1556151", "https://josyfs.shop/zpad", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/eda475cc10ad662a99c2c52fd63f638343ff3afdba8863c4272b530e8b8234af/", "lumma", "0", "abuse_ch" "2025-07-12 04:10:14", "1556150", "http://239024cm.nyash.es/jslow.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-12 04:00:10", "1556109", "http://841333cm.nyash.es/imagevideo_PacketProtectBaseLinuxuniversal.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-12 01:30:10", "1556105", "http://144403cm.nyash.es/externalJavascriptmultiWp.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-11 15:57:31", "1556023", "http://176.46.157.50/tu3d2rom/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-11 15:57:29", "1556020", "http://176.46.157.32/test/exe/random1.exe", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/315bc97f-69e0-4346-9f68-973f46961f9c", "None", "0", "pitachu" "2025-07-11 15:57:28", "1556025", "http://45.74.16.175/90fb44c9cd424e4f.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/a6fc58f1-9f02-4063-a129-af68d056943c", "None", "0", "pitachu" "2025-07-11 15:57:28", "1556024", "http://176.46.157.32/files/565211651/y9fTHYG.exe", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "100", "https://app.any.run/tasks/a6fc58f1-9f02-4063-a129-af68d056943c", "None", "0", "pitachu" "2025-07-11 15:57:25", "1555977", "https://buyedmeds.top/wws/buf.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 15:57:24", "1555978", "https://buyedmeds.top/wws/index.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 15:57:23", "1555981", "https://accountsitte.com/wws/index.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 15:57:23", "1555980", "https://accountsitte.com/wws/buf.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 13:40:05", "1555975", "http://cl07667.tw1.ru/6858c6fe.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-11 13:30:08", "1555974", "http://exteriumsiteofficial.atwebpages.com/378d5408.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-07-11 13:22:00", "1555970", "https://ai-dev.overscaleconsulting.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-11 12:01:43", "1555963", "http://45.74.16.175", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250711-mhlphacm6x", "AS207184,C2,stealc,stealer,triage", "0", "DonPasci" "2025-07-11 12:01:42", "1555962", "http://62.233.53.75", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250711-mkad9acm8v", "AS211381,C2,stealc,stealer,triage", "0", "DonPasci" "2025-07-11 09:46:39", "1555939", "http://196.251.81.62/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0197f8e1-3802-7381-99cf-9d8e1b7f077d", "c2,hookbot,urlscan", "0", "juroots" "2025-07-11 09:46:19", "1555938", "http://38.207.178.172:8002/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/0197f8e0-e977-7538-9310-e672fc9ea876", "c2,chaos,urlscan", "0", "juroots" "2025-07-11 07:30:22", "1555901", "https://crocfz.shop/tnby", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8e76152f58ac299437a5617de4059bcade94794849c7390daab6270bc22d4fb1/", "lumma", "0", "abuse_ch" "2025-07-11 06:33:42", "1555858", "http://38.12.25.18:8877/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-11 09:48:06", "100", "None", "AROSSCLOUD INC.,AS400619,supershell", "0", "antiphishorg" "2025-07-11 06:33:42", "1555816", "http://45.136.15.217:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-11 09:48:08", "100", "None", "AS139659,LUCIDACLOUD LIMITED,supershell", "0", "antiphishorg" "2025-07-11 06:33:40", "1555813", "https://discoveronline.top/kll/index.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:39", "1555812", "https://discoveronline.top/kll/buf.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:38", "1555810", "https://getin.top/kll/buf.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:38", "1555809", "https://getin.top/kll/index.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-07-11 06:33:32", "1555765", "http://216.107.136.27:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-11 09:48:08", "100", "None", "AS396356,Latitude.sh,supershell", "0", "antiphishorg" "2025-07-11 06:33:32", "1555764", "http://20.2.139.87:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-11 09:48:09", "100", "None", "AS8075,Microsoft Corporation,supershell", "0", "antiphishorg" "2025-07-11 06:33:28", "1555738", "https://images.mildecommercialrealestate.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-07-11 06:33:24", "1555590", "http://213.176.73.34/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "", "SmartLoader", "0", "tcains1" "2025-07-11 06:02:08", "1555896", "https://ligwkv.pics/xkjo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250711-bytt9s1r19", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-11 06:02:08", "1555897", "https://raflft.lat/nghy", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250711-bnvzkszydx", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-10 23:25:06", "1555834", "http://185.125.50.64/eb4bef1f7d4940e9.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250710-xn2b9axxgy", "AS215730,c2,H2NEXUS-AS,Stealc,stealer,triage", "0", "DonPasci" "2025-07-10 23:18:06", "1555826", "http://185.125.50.64", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250710-xn2b9axxgy", "AS215730,C2,H2NEXUS-AS,stealc,stealer,triage", "0", "DonPasci" "2025-07-10 23:17:49", "1555825", "https://eyertyn.lat/amjy", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250710-2sh4pabm4t", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-10 18:01:14", "1555771", "https://atlakhv.pics/zpld", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250710-wc2m7sxvdt", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-10 18:00:30", "1555767", "https://qeel.xyz/gaiw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c274185e13298d575107ab0d0ab557e281c968340c1a943911440167753e4516/", "lumma", "0", "abuse_ch" "2025-07-10 17:10:31", "1555766", "https://116.203.165.124", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-12 11:10:30", "75", "None", "f4%a,Vidar", "0", "abuse_ch" "2025-07-10 16:15:16", "1555760", "https://clarazx.shop/aplg", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4495c9de866418582a8a2cea05b9b91254afd98b62d43d9f742128d98ab36347/", "lumma", "0", "abuse_ch" "2025-07-10 12:51:03", "1555674", "http://5.9.30.166/azr_panel_778899/", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:51:03", "1555673", "http://lusecproducts.top/ebuka/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:44", "1555647", "https://t.me/mueratapososata", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:44", "1555646", "https://t.me/heppycathello", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:44", "1555645", "https://marksmaner.live/SAnwiu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:44", "1555644", "https://spliba.xyz/fpsa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:43", "1555643", "https://swigddmb.top/xpal", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:43", "1555642", "https://t.me/lessons2399", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:42", "1555640", "https://t.me/yenndbe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:42", "1555639", "https://ponqcf.top/tauw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:42", "1555641", "https://t.me/sadfgsdfgdfg124", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:41", "1555638", "https://unbelao.live/tiew", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:41", "1555637", "https://mahrox.shop/towq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:40", "1555636", "https://anfdfq.pics/xlad", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:39", "1555635", "https://almzsff.shop/pwoq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:39", "1555634", "https://praimr.xyz/ttrw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:39", "1555633", "https://immkay.xyz/tgbv", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:39", "1555632", "https://gizqt.xyz/kfjs", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:50:38", "1555631", "https://totplh.xyz/gisu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "10July2025,iocbottest", "0", "Gi7w0rm" "2025-07-10 12:01:24", "1555624", "https://deaoee.shop/gokt", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250710-hycz3s1xdv", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-10 12:01:24", "1555623", "https://antszu.top/tiuw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250710-jgja7shk3w", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-07-10 12:01:24", "1555622", "https://ltdvjvr.top/xkai", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250710-mv1deser2w", "C2,lumma,stealer,triage", "0", "DonPasci" # Number of entries: 70