################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-04-25 14:03:41 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-04-25 14:03:41", "1511415", "http://88.214.50.3/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS50340,JSC Selectel,odyssey", "0", "antiphishorg" "2025-04-25 13:09:18", "1511404", "https://security.guarbcfelare.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:17", "1511406", "https://security.guarbcfelare.com/wordpress", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 13:09:16", "1511407", "https://www.coligeme.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 10:46:22", "1511323", "http://www.zw5m.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511316", "http://www.uponbs3.pro/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511317", "http://www.upport-meta2903.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511318", "http://www.uv3kq5tvbkys.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511319", "http://www.vertdzb.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511320", "http://www.winx6.casino/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511321", "http://www.x39q.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:21", "1511322", "http://www.zev.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511307", "http://www.reta99.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511308", "http://www.rishticodiegfortysix.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511309", "http://www.ritishpanel.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511310", "http://www.rostygust.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511311", "http://www.slarose.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511312", "http://www.ssiduousate.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511313", "http://www.tn67n.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511314", "http://www.uangjiahao.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:20", "1511315", "http://www.uper-bowl-kickoff-time.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511300", "http://www.oftfusion.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511301", "http://www.ogparks.club/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511302", "http://www.omiq.tech/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511303", "http://www.orchers.world/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511304", "http://www.orkshopaicollaborationhub.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511305", "http://www.ovaecho.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:19", "1511306", "http://www.palmsrd.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511292", "http://www.levateballoonco.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511293", "http://www.lobaltravelbookings.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511294", "http://www.mail-marketing-job-62763.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511295", "http://www.marcato.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511296", "http://www.ndimadeahome.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511297", "http://www.nnotechbs.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511298", "http://www.odeatoll.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:18", "1511299", "http://www.odzat.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511284", "http://www.ightmareroad.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511285", "http://www.inancialfreedomclub.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511286", "http://www.ires-72090.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511287", "http://www.ixmy.beauty/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511288", "http://www.khsim.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511289", "http://www.ksp679.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511290", "http://www.lanajoyeria.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:17", "1511291", "http://www.layplus77.vip/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511277", "http://www.bcw1219.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511278", "http://www.ellwish.online/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511279", "http://www.ethil.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511280", "http://www.fp8ch.cfd/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511281", "http://www.hieh33.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511282", "http://www.ideoxxfree.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:16", "1511283", "http://www.igaborgz.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511271", "http://www.ash-paying-jobs-79621.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511272", "http://www.asinocruiseclub.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511273", "http://www.astertechhub.info/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511274", "http://www.atizenairdrop.bet/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511275", "http://www.audace.shop/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:15", "1511276", "http://www.avino.website/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511264", "http://www.8j3tfb2djzoo.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511265", "http://www.9o8yd.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511266", "http://www.alisisi.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511267", "http://www.andygirls.biz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511268", "http://www.arisasuestalvey.net/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511269", "http://www.arka.group/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:14", "1511270", "http://www.aser-eye-surgery-3291.bond/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511259", "http://www.1198.pet/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511260", "http://www.4260621.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511261", "http://www.4260686.xyz/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511262", "http://www.488ns.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 10:46:13", "1511263", "http://www.8ekcmt.top/an20/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-04-25 09:36:10", "1511255", "https://vlongitudde.digital/wizu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/30810c2fa79e24d7835cb4faac6470885530491cbb2410e938e5a073b3c9baef/", "lumma", "0", "abuse_ch" "2025-04-25 09:17:00", "1511252", "https://core.keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 09:01:14", "1511248", "https://qfybiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f2793aaf5a9a67e134a2aa9690c463617ddf119a9135b384e5fa6ba397b06018/", "lumma", "0", "abuse_ch" "2025-04-25 09:00:49", "1511247", "https://eclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f2793aaf5a9a67e134a2aa9690c463617ddf119a9135b384e5fa6ba397b06018/", "lumma", "0", "abuse_ch" "2025-04-25 09:00:25", "1511246", "https://bclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c433a36183d269a58ebe8c9945e6bf396e14eb5e73aa27e919b8f595cca569e2/", "lumma", "0", "abuse_ch" "2025-04-25 08:56:12", "1511245", "http://79.124.78.173/incongruousness.php", "url", "botnet_cc", "win.koistealer", "None", "Koi Stealer", "", "100", "https://bazaar.abuse.ch/sample/f87cf2f67dbbbe69e14dc40cca510ec19034f1787b6c4167c1fae078f3fe5aed/", "KoiStealer", "0", "abuse_ch" "2025-04-25 08:56:00", "1511244", "https://lbiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:55:39", "1511243", "https://ciwoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:55:25", "1511242", "https://avigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/81af75f048244359a5fc356540fdd2a08f18f71db0996867959f6de4857c035a/", "lumma", "0", "abuse_ch" "2025-04-25 08:40:57", "1511239", "https://ywoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:40:52", "1511238", "https://ufclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:40:21", "1511237", "https://3cartograhphy.top/ixau", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fe7ac05c15c4cb2f7d2c9091f471b6285bdb24c3196eaa19b14500f7d7a0a21a/", "lumma", "0", "abuse_ch" "2025-04-25 08:23:05", "1511219", "https://pastebin.com/raw/4jmDMm15", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:05", "1511220", "https://pastebin.com/raw/rnBKQG1E", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:05", "1511221", "https://pastebin.com/raw/s21LHj8E", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-25 08:23:00", "1511169", "https://www.keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 08:18:07", "1511200", "https://chaintraderx.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966c06-7dab-700c-9870-893688401eb4", "fakecaptcha,urlscan", "0", "juroots" "2025-04-25 08:18:06", "1511199", "https://we-will.servegame.com/Verify/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966c06-794b-721c-ad45-0d8d5143e733", "fakecaptcha,urlscan", "0", "juroots" "2025-04-25 08:14:53", "1511198", "http://185.147.124.116/M0XmDru/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01966c03-85c6-73de-bb25-fac224753acc", "amadey,c2,urlscan", "0", "juroots" "2025-04-25 08:14:39", "1511197", "http://147.45.44.116/c60d76a15a1d4de5.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01966c03-507b-736c-a578-aca2b8ce91d4", "c2,stealc,urlscan", "0", "juroots" "2025-04-25 06:14:46", "1511152", "https://core.keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 06:00:56", "1511149", "https://xclarmodq.top/qoxo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/65a435a3b0ace3d07135bc53e436171dfaaea4004227b28a04906d44c3024f8c/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:56", "1511150", "https://ybiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2a1bf01043733257d98ee794940936d2376ccb62a2c487d200dbe11042ef3447/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:45", "1511148", "https://slatitudert.live/teui", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44131bee0c57b89ebd063b5d588bd59855d6dbdad0330072c54747b3632d87a3/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:39", "1511147", "https://nequatorf.run/reiq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44131bee0c57b89ebd063b5d588bd59855d6dbdad0330072c54747b3632d87a3/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:35", "1511146", "https://hnwoodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/65a435a3b0ace3d07135bc53e436171dfaaea4004227b28a04906d44c3024f8c/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:16", "1511145", "https://ahemispherexz.top/xapp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2a1bf01043733257d98ee794940936d2376ccb62a2c487d200dbe11042ef3447/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:15", "1511144", "https://8biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/09dda49859ea290ea2116c64a4bc04daac8855fa11c791f66e1d7866e20dc700/", "lumma", "0", "abuse_ch" "2025-04-25 06:00:13", "1511143", "https://0topographky.top/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/87922c7e74f51e7d7d965c5ea64d881bdad501b05794376155db64a1c555aec8/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:32", "1511142", "https://rlatitudert.live/teui", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e4016d038412ccf966bbac6b07615124b005603e70b100684f59077d91ba1849/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:29", "1511141", "https://mclimatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a8a03108c09e3887d03b3c3609567625b904b63564d7097160726c3adb2616ac/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:26", "1511140", "https://fclarmodq.top/qoxo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a8a03108c09e3887d03b3c3609567625b904b63564d7097160726c3adb2616ac/", "lumma", "0", "abuse_ch" "2025-04-25 05:55:25", "1511139", "https://digilayerx.digital/hmand", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e4016d038412ccf966bbac6b07615124b005603e70b100684f59077d91ba1849/", "lumma", "0", "abuse_ch" "2025-04-25 05:35:43", "1511136", "http://beemorning.icu/apr.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:35:43", "1511137", "http://beemorning.icu/apri.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:35:43", "1511138", "http://birthteeth.xyz/oil.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:34:04", "1511135", "https://fleshplants.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-25 05:24:30", "1511043", "https://analytiwave.com/api/getUrl", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:29", "1511044", "https://goclouder.org/6a1F2b3C4d5E6f7A8b9C0d1E2f3A4b5/", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:28", "1511045", "https://security.cludfgard.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:28", "1511046", "https://security.cludfgard.com/wordpress", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:27", "1511047", "https://www.nemzieo.info/cloudflare.msi", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:27", "1511051", "https://undo.sg/file.exe", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "Lumma", "1", "user35335" "2025-04-25 05:24:24", "1511076", "https://security.flaearegyaard.com/B6c4D1a9F8g3H7e5N6b5A9dE4f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:23", "1511078", "https://security.flaearegyaard.com/wordpress", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:22", "1511079", "https://keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511082", "https://www.keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:21", "1511083", "https://keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:14", "1511085", "https://grrlspace.com/4d2a.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114396169605841949", "KongTuke", "0", "monitorsg" "2025-04-25 05:24:14", "1511087", "https://core.keloimnau.com/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:24:13", "1511086", "https://grrlspace.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114396169605841949", "KongTuke", "0", "monitorsg" "2025-04-25 05:23:46", "1511119", "https://www.keloimnau.info/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 05:23:44", "1511125", "https://keloimnau.org/cloudflare.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "None", "CoreSecThree", "0", "monitorsg" "2025-04-25 00:40:08", "1511081", "http://139.5.1.172:43399/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-04-24 22:50:39", "1511058", "https://netscoute.digital/quwe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dac4d9e2a57318f5f4bbb16315fef0af2a36918e51975d36a47ed49e06249688/", "lumma", "0", "abuse_ch" "2025-04-24 22:50:29", "1511057", "https://4climatologfy.top/kbud", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dac4d9e2a57318f5f4bbb16315fef0af2a36918e51975d36a47ed49e06249688/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:35", "1511056", "https://slliftally.top/xasj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:34", "1511055", "https://rusconfi.run/pokd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:35:24", "1511054", "https://4quilltayle.live/gksi", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/32d070308a2abb8b0da1bdfa84a908fcd8d060e932d18627a0c1baeb5f4d7f17/", "lumma", "0", "abuse_ch" "2025-04-24 22:30:29", "1511053", "https://astarofliught.top/wozd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8123270ff6b69a2aa78ef85eed7b4bf1f9ecd5038e6548dbaeed4695cb1f0cfd/", "lumma", "0", "abuse_ch" "2025-04-24 21:30:58", "1511049", "https://yvigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8dbab5db9d1c394a9a46efd3d7619dcebcdb2131edef1f2db9f6d11d6df48f1b/", "lumma", "0", "abuse_ch" "2025-04-24 18:43:34", "1511003", "https://jsmakert.shop/nlm/sll.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:34", "1511004", "https://jsmakert.shop/nlm/flex.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:32", "1511002", "https://jsmakert.shop/nlm/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:30", "1511005", "https://umpmfss.top/files/files/AutoLaunch.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-24 18:43:30", "1511010", "http://badnesspandemic.shop/Up/b", "url", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "", "ACRStealer", "0", "threatcat_ch" "2025-04-24 14:40:15", "1510977", "http://93.190.143.101:667/IE9CompatViewList.xml", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/4545af0a8eb4fd527810e8edd444bc18f256a98ea90a9e4c0940c06fece8ac58/", "cobaltstrike", "0", "abuse_ch" "2025-04-24 14:35:19", "1510976", "https://yequatorf.run/reiq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d5c541a2d1300b9b890659310fed17bc2139df0a13f4af7d39a61046c08bb6b7/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:17", "1510975", "https://tropiscbs.live/iuwxx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:14", "1510974", "https://igeographys.run/eirq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:12", "1510973", "https://edumakerb.digital/gffh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4546832db0fb5702317a88bf50c96794a10b75cd73855d3c24904e03ee9fdc88/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:09", "1510971", "https://3biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:09", "1510972", "https://biosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4546832db0fb5702317a88bf50c96794a10b75cd73855d3c24904e03ee9fdc88/", "lumma", "0", "abuse_ch" "2025-04-24 14:35:08", "1510970", "https://2hemispherexz.top/xapp", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/15f8d9d3ca97ead6a579614b4953cb52046dab2895b2c4c4e0a29cbead111a79/", "lumma", "0", "abuse_ch" "2025-04-24 13:57:14", "1510966", "https://promo.kimmwhite.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-24 12:55:25", "1510957", "https://woodpeckersd.run/glsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:23", "1510956", "https://vigorbridgoe.top/banb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:21", "1510955", "https://topographky.top/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:20", "1510954", "https://rbiosphxere.digital/tqoa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:19", "1510953", "https://ltropiscbs.live/iuwxx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:18", "1510952", "https://geographys.run/eirq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 12:55:16", "1510951", "https://cartograhphy.top/ixau", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ee97743cdb423fc71707bb9ccdf5a41b77d97ab0ca8dc51a493f25a6a492717f/", "lumma", "0", "abuse_ch" "2025-04-24 11:21:25", "1510875", "http://94.158.247.5:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS39798,MivoCloud SRL,supershell", "0", "antiphishorg" "2025-04-24 11:21:22", "1510897", "http://152.36.128.18/cgi-bin/p.cgi?r=72&i=13I915O3FG6I2H12", "url", "botnet_cc", "elf.prometei", "None", "Prometei", "", "100", "", "None", "0", "UNP4CK" "2025-04-24 11:21:22", "1510898", "http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQp1YnVudHUyMjA0LWFtZDY0LTIwMjUwMzA3LWVuLTANCg0KMXggQU1EIEVQWUMgUHJvY2Vzc29yDQoyMDExMDcyIGtCDQpRRU1VDQpTdGFuZGFyZCBQQyBfaTQ0MEZYICsgUElJWCwgMTk5Nl8NCg0KDQpVYnVudHUgMjIuMDQuNCBMVFMgJiAyMi4wNC40IExUUyAoSmFtbXkgSmVsbHlmaXNoKSAgJiBib29rd29ybS9zaWQgJiANCg0KL3Vzci9zYmluLw0KIDIwOjI2OjMwIHVwIDIgbWluLCAgMSB1c2VyLCAgbG9hZCBhdmVyYWdlOiAwLjE0LCAwLjA4LCAwLjAzfDE3NDU0Mzk5OTANCkxpbnV4IHVidW50dTIyMDQtYW1kNjQtMjAyNTAzMDctZW4tMCA1LjE1LjAtMTA1LWdlbmVyaWMgIzExNS1VYnVudHUgU01QIE1vbiBBcHIgMTUgMDk6NTI6MDQgVVRDIDIwMjQgeDg2XzY0IHg4Nl82NCB4ODZfNjQgR05VL0xpbnV4DQp9DQo_&i=13I915O3FG6I2H12&h=ubuntu2204-amd64-20250307-en-0&enckey=9LMgclPdcSWKXflCpEd0BzKyR8Cwp2XU6xUe4v4LacK3WFGaJ2IEuZ+lzzu/J4rlz1EhGA0HlARqACLMYsGCwFsDUQJsetapPuVJIy1S8RQAmZ/Waa6ak81fi4PV2Rsc6Tqesyz/bC1tvvBc7tjl/pmR7Jmy4WiZa0MlaosJv2M=", "url", "botnet_cc", "elf.prometei", "None", "Prometei", "", "100", "", "None", "0", "UNP4CK" "2025-04-24 11:21:20", "1510902", "https://qwlpert.com/srv/log", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 11:21:18", "1510901", "https://vickmarine.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/114392379753765453", "KongTuke", "0", "monitorsg" "2025-04-24 07:29:27", "1510869", "https://renkpin.net/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:27", "1510872", "https://santorinotornado5.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:24", "1510870", "https://lospallos25.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:23", "1510871", "https://sinagogdahaham1453.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 07:29:23", "1510873", "https://hahohahohoahoa.com/ZDBlMTc4YzkwODk2/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2025-04-24 06:05:12", "1510864", "http://38.60.199.31:5000/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS138915,Kaopu Cloud HK Limited,supershell", "0", "antiphishorg" "2025-04-24 05:55:49", "1510637", "https://3piratetwrath.run/ytus", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-y1yybstkx9/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:47", "1510631", "http://twizt.net", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-yq8psaywcy/behavioral1", "discovery,loader,trojan,worm", "0", "UNP4CK" "2025-04-24 05:55:41", "1510676", "http://grodis.cc/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:40", "1510675", "http://gluerrs.com/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:40", "1510677", "http://kloders.com/init1234", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "parsingstuff" "2025-04-24 05:55:26", "1510604", "https://www.wearerescue.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.wearerescue.com%2Fwp-content%2Fplugins%2Fresads%2Fmfls.php%3Fid%3DqwSPUwLH23Twhnr6FMpI&bp-auth=1&action=bpnoaccess", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:26", "1510605", "https://setecores.com.br/wp-content/plugins/resads/mfls.php?id=z8GvGX523Ii0Amyem9qW", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:25", "1510602", "https://crushingthehairbiz.com/wp-content/plugins/wp-automatic/dwyrnb.php?dpf=1kw5q", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:25", "1510603", "https://emblemat.com/moszna/wp-content/plugins/resads/mfls.php?id=Z3m8aDdGyDQo8TnqIyri", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:24", "1510601", "https://atrandu.lt/wp-content/plugins/wp-automatic/pwlbdv.php?gdqg=q32e", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-04-24 05:55:08", "1510580", "https://bpchangeaie.top/geps", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://tria.ge/250423-w1bfxszm13/behavioral1", "discovery,spyware,stealer", "0", "UNP4CK" "2025-04-24 05:55:07", "1510583", "https://vickmarine.com/3w1s.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:55:06", "1510586", "https://mrdltd.com/5q2g.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-24 05:38:37", "1510854", "https://v98acd.ssafileaccess.ru/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196664e-1abe-76be-bfb5-4c09551552f7", "screenconnect,urlscan", "0", "juroots" "2025-04-23 20:48:14", "1510659", "https://cloudflare.eclassexperts.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01966468-86f1-7178-8180-2a51c4ea1006", "fakecaptcha,urlscan", "0", "juroots" "2025-04-23 18:00:35", "1510570", "https://gstarofliught.top/wozd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d6b23cf9b54604654590dd75326ac07da052dd6cf23e1242b5f4014bf906aae0/", "lumma", "0", "abuse_ch" "2025-04-23 17:53:52", "1510565", "http://factisland.icu/apr.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:53:52", "1510566", "http://factisland.icu/apri.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:53:51", "1510564", "https://guitarcars.icu/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-04-23 17:33:06", "1510549", "https://mtowner.com/5t4r.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:06", "1510551", "https://mtowner.com/4e3r.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:33:05", "1510552", "https://mtowner.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "LandUpdate808", "0", "HuntYethHounds" "2025-04-23 17:23:19", "1510541", "https://soficave.com/nlm/sss.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:15", "1510540", "https://soficave.com/nlm/loop.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:12", "1510530", "https://ayzyw.top/nlm/loop.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:11", "1510534", "https://ayzyw.top/nlm/sss.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:10", "1510533", "https://ayzyw.top/nlm/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2025-04-23 17:23:00", "1510488", "https://www.ishimotors.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-04-23 16:30:52", "1510519", "http://207.244.199.46/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "50", "https://urlquery.net/report/ed239e54-dfe0-4018-a13d-5b96cdee587b", "c2,gremlin,urlquery", "0", "juroots" "2025-04-23 15:44:52", "1510500", "https://pastebin.com/raw/kXhNTSzW", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-04-23 15:44:09", "1510497", "https://api.telegram.org/bot7309095694:AAEXFDt7C83fFTVGyimcrdZyYXx9OkR4Q6g/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "", "agenttesla,c2", "0", "juroots" # Number of entries: 193