################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-09-27 20:30:04 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-09-27 20:30:04", "1602880", "http://a1164989.xsph.ru/46a6a560.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-27 12:01:29", "1602760", "http://91.92.240.18", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250927-lv6prsyrt2", "C2,stealc,stealer,triage", "0", "DonPasci" "2025-09-27 03:35:47", "1602623", "http://47.122.63.148:45981/a3Zo", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/ed8f995184e5d9e36f6ed292aa08f28a361aaf906a0346f0325be7d29556708f/", "cobaltstrike", "0", "abuse_ch" "2025-09-26 16:57:25", "1602302", "http://176.46.152.47/diamo/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS214351,diamotrix,FEMO IT SOLUTIONS LIMITED", "0", "antiphishorg" "2025-09-26 16:57:23", "1602303", "http://158.94.208.102/diamo/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS209800,diamotrix,metaspinner net GmbH", "0", "antiphishorg" "2025-09-26 13:13:46", "1602292", "http://198.1.195.210:3000/download/panel", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/44d8a2d4450ffbbec0c4dfba3a0bafa48ad9e2d43bf04c2ffea554ba884c6d4b/", "infostealer", "0", "burger" "2025-09-26 13:10:44", "1602294", "https://fx.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:10:44", "1602293", "https://fx.alexandraparasca.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 07:35:34", "1602229", "https://pastebin.com/raw/Jj4NE9Pz", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:35:34", "1602228", "https://dpaste.com/HEHDCEANU", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:35:34", "1602227", "https://dpaste.com/9QZBY8BGW", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 06:56:04", "1601905", "https://sisadfriolkdle.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0f1dc290dc20f3eefb0f6cb4d965e437f207484151f57d0fe3b58b33565e99bc/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:56:03", "1601904", "https://lilikutliputsdf.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0a0b5a41127b8a33da8142b9fe055caa42634247501d7157c9432cce612f7392/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:56:01", "1601903", "https://kwestgidokudiojek.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0f1dc290dc20f3eefb0f6cb4d965e437f207484151f57d0fe3b58b33565e99bc/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:49:09", "1601893", "https://sfr.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601892", "https://d0.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601891", "https://icc.konebras.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601890", "https://sfr.konebras.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601889", "https://d0.alexandraparasca.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:40:47", "1601888", "https://sistoronykastadro.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/d535cf3ad3fa5d18bf485cc86d4671b9febad7074c904be0290b41ba0a430dd8/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:45", "1601887", "https://dorevilokpadjghs.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/74b34fd58b8927a025dbba176442e079637049fe9b66fa80beed989e8939015e/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:44", "1601886", "https://dasrilkosdirosado.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/d535cf3ad3fa5d18bf485cc86d4671b9febad7074c904be0290b41ba0a430dd8/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:42", "1601885", "https://ariokliasklfdnok.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/74b34fd58b8927a025dbba176442e079637049fe9b66fa80beed989e8939015e/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:00:58", "1601881", "https://klonfcrtyseaflow.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/dc25dd8cc1ce53da33777c82b6acfb820ede522e894093386349538e0b58d86c/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:00:56", "1601880", "https://daestfestifalkrlon.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/dc25dd8cc1ce53da33777c82b6acfb820ede522e894093386349538e0b58d86c/", "latrodectus", "0", "abuse_ch" "2025-09-26 05:56:48", "1601520", "https://nickbush24.com/reg", "url", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "75", "https://app.any.run/tasks/1e0101a3-d609-44bf-af64-e795ac1524a0", "None", "0", "tanner" "2025-09-26 00:05:12", "1601818", "http://towerbingobongoboom.com:8080/updater?for=E0CD6A53D52A08539A9787E388FF1D3B", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" # Number of entries: 27