################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-09-03 04:36:02 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-09-03 04:36:02", "1581048", "https://starexs.bet/tskx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/02f7c016d7ea160bc1f997a7d5a94505be26de9853bd44457d2adb99e08539e4/", "lumma", "0", "abuse_ch" "2025-09-03 04:10:41", "1581046", "https://laevuun.top/pqoe", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/28935c2d473fd73a307b70be48b5be81f5a25a9c636841e5e60b981f26ded3cd/", "lumma", "0", "abuse_ch" "2025-09-02 21:05:06", "1580755", "http://newhousepanel.info/too/five/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-09-02 18:39:17", "1580719", "http://45.153.34.30/dad3a40e52e74806.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250902-qa6lgswsfs", "c2,stealc,stealer,triage", "0", "DonPasci" "2025-09-02 18:05:17", "1580716", "http://a1163876.xsph.ru/588d5684.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 18:01:59", "1580714", "http://45.153.34.30", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250902-qa6lgswsfs", "AS51396,C2,stealc,stealer,triage", "0", "DonPasci" "2025-09-02 17:10:26", "1580703", "https://load.granivit.hu", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-03 05:10:26", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-02 16:35:20", "1580698", "http://a1165370.xsph.ru/ee3f5b4f.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 13:57:20", "1580592", "https://vcsinfo.com/4r6y.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-09-02 13:10:58", "100", "https://infosec.exchange/@monitorsg/115134623718155960", "KongTuke", "0", "monitorsg" "2025-09-02 13:57:19", "1580594", "https://vcsinfo.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-09-02 13:11:00", "100", "https://infosec.exchange/@monitorsg/115134623718155960", "KongTuke", "0", "monitorsg" "2025-09-02 13:57:19", "1580595", "https://info-2go.com/ajax/pixi.min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:18", "1580597", "https://wood-simple.com/res/dampthere", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:18", "1580599", "https://wood-simple.com/drip.sym", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:16", "1580600", "https://wood-simple.com/assets/img/1957b95c3.res", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115134631148960678", "SmartApeSG", "0", "monitorsg" "2025-09-02 13:57:13", "1580666", "https://samples.salondeguitaredemontreal.com/pixel.png", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-09-02 11:10:26", "1580578", "https://5.75.210.161", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-03 05:10:25", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-02 10:42:46", "1580576", "http://185.102.115.69/48e.lim", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://app.any.run/tasks/8e6338c7-ab3d-4b9d-ad25-5ec7c209e24b", "Lumma,Lumma Stealer,ps1", "0", "eternal" "2025-09-02 07:20:17", "1580553", "http://a1164019.xsph.ru/61a9212d.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-02 06:23:27", "1580546", "https://wesyjzn.top/zalr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://www.virustotal.com/gui/file/dcb67a252b7105fd233ee8226cb611e38edbc5bf6794eb7f824662f94f1e7fc1", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-09-02 05:58:49", "1580527", "https://pastebin.com/raw/QPQ6iFbN", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:58:49", "1580528", "https://raw.githubusercontent.com/Igor65afk/text/refs/heads/main/text.txt", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-02 05:57:17", "1580522", "http://forums.lolapps.com/includes/cron/response.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "c2,pony", "0", "juroots" "2025-09-02 05:56:17", "1580449", "http://www.vahaca.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580450", "http://www.wn6do.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580451", "http://www.ye6cvdg.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580452", "http://www.ystems2beyond.tech/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580453", "http://www.zborderfree.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:17", "1580454", "http://www.0632.club/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580441", "http://www.povamu.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580442", "http://www.rownandcleatco.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580443", "http://www.s667788.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580444", "http://www.sy644.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580445", "http://www.sy897.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580446", "http://www.tudygym.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580447", "http://www.udness.art/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:16", "1580448", "http://www.utihslote.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580432", "http://www.olikujyh990.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580433", "http://www.omeradar.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580434", "http://www.oofwaterproofing462.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580435", "http://www.orytharothis.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580436", "http://www.ososo.tech/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580437", "http://www.osteam.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580438", "http://www.oticiasdamanha.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580439", "http://www.ove678i.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:15", "1580440", "http://www.oviesnn.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580424", "http://www.livinski.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580425", "http://www.lossbossclean.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580426", "http://www.lphageek.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580427", "http://www.mvv34z.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580428", "http://www.ngimg.vip/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580429", "http://www.ockscrm.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580430", "http://www.ogw159.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:14", "1580431", "http://www.oisturizee.shop/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580416", "http://www.ghhfy.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580417", "http://www.hysicians-to-women.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580418", "http://www.ian485.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580419", "http://www.itaslotk.cfd/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580420", "http://www.iveroad.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580421", "http://www.ivn.website/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580422", "http://www.jc169.app/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:13", "1580423", "http://www.lhet.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580407", "http://www.eet-new-people-21453.bond/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580408", "http://www.eetmoonbuggy.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580409", "http://www.ellgreensportseducation.info/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580410", "http://www.eople-search-65430.bond/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580411", "http://www.etchelpgovtw.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580412", "http://www.etnow.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580413", "http://www.etworkmodel.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580414", "http://www.excol.vip/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:12", "1580415", "http://www.g-899b9.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580398", "http://www.astplay.click/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580399", "http://www.atchbox.exchange/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580400", "http://www.attoosbymatt.studio/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580401", "http://www.c0824.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580402", "http://www.c1302.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580403", "http://www.c2751.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580404", "http://www.c4589.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580405", "http://www.dfsewq.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:11", "1580406", "http://www.earches.dev/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580390", "http://www.0llhs.sbs/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580391", "http://www.1tnsf.top/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580392", "http://www.77-matraca777.win/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580393", "http://www.ablu.pro/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580394", "http://www.alloffameopen1.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580395", "http://www.anktl.net/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580396", "http://www.apital-a.group/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:56:10", "1580397", "http://www.arewajan.xyz/fa27/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "50", "", "c2,formbook", "0", "juroots" "2025-09-02 05:54:37", "1580388", "https://api.telegram.org/bot7968139020:AAHz3SN_Tjts4yOHRR6feYYwCQX7wzZ3Nbw/sendMessage?chat_id=7406080547", "url", "botnet_cc", "win.prynt_stealer", "None", "Prynt Stealer", "", "50", "https://urlquery.net/report/d414a078-50cc-403b-8ffc-7f8112433150", "c2,Prynt,urlquery", "0", "juroots" "2025-09-02 05:51:33", "1580387", "https://47.116.64.160:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/8c971090-1c00-4657-a79e-b17ff3123cc7", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:32", "1580385", "https://134.122.207.42:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/8959caff-2cd7-4801-a147-7fa4e22de7ff", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:32", "1580386", "https://103.147.14.89:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/2355689f-bb59-4904-b369-8bd5e566d429", "c2,supershell,urlquery", "0", "juroots" "2025-09-02 05:51:08", "1580384", "https://128.199.113.162/panel/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/19754f3e-70f2-47b8-ba9a-4ed65148e99a", "amadey,c2,urlquery", "0", "juroots" "2025-09-02 05:50:53", "1580383", "https://uhcprovider.com.content-provider.temp-perform.top/", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "https://urlquery.net/report/256171af-5366-4527-9d69-d3d5f304c5e4", "c2,urlquery,xworm", "0", "juroots" "2025-09-02 05:47:36", "1580382", "https://cyber-v10getcyber.live/webpanel/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/defa675e2d0b7fc74fc38e774133766de90462c185242a75149dcd5d14036ea2/", "CyberStealer", "0", "abuse_ch" "2025-09-02 05:25:57", "1579931", "http://85.209.129.105:2020/test112", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-02 05:25:56", "1579933", "http://188.245.167.86/second.html", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-02 05:25:50", "1580187", "http://134.122.207.42:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 05:48:36", "100", "None", "AS152194,CTG Server Limited,supershell", "0", "antiphishorg" "2025-09-02 05:25:49", "1580238", "https://ph.safofoe5.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "dappydap" "2025-09-02 05:25:49", "1580239", "https://avast.cucy.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "dappydap" "2025-09-02 02:55:05", "1580186", "http://www.kitchenaria.com/modules/gateway2/Protx/response.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "100", "None", "Pony", "0", "abuse_ch" "2025-09-02 02:50:03", "1580183", "http://coffeinoffice.xyz/cup/wish.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-09-02 00:00:22", "1580165", "http://discord.com/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-09-01 23:45:06", "1580162", "http://fuckyou.com:443/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-09-01 21:10:27", "1579963", "https://pr.es.grantech.hu", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 15:10:28", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 20:10:38", "1579958", "https://pr.es.hombresg.net", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 07:05:11", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 16:15:11", "1579926", "https://hatstart.xyz/mok.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-09-01 16:15:11", "1579927", "https://harmonycrib.xyz/mok.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-09-01 15:07:07", "1579671", "https://parabcn.top/wqkd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d76b73fe5dcfbf71a21208815558b7ed0415b586f13967e77cc0e37591fd7665/", "lumma", "0", "abuse_ch" "2025-09-01 14:49:34", "1579640", "http://85.209.129.105:2020/19", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115129442152451561", "KongTuke", "0", "monitorsg" "2025-09-01 14:45:14", "1579669", "http://a1164274.xsph.ru/6377807f.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 13:40:16", "1579637", "http://a1164361.xsph.ru/09599eb9.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 13:30:20", "1579636", "http://109.172.6.232/todb/line4/PythonDle57/PipeDbTemp/Pipesecure/LinuxCpuEternalprocess/Http/Generator/2/Track7Asynccentral/universal7mariadbphp/ExternalPipeBigloadflowertestDleCentraluploads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-01 13:10:26", "1579632", "https://dpd.voltexpressdelivery.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 07:05:12", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 13:10:25", "1579631", "https://5.75.211.226", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-09-02 10:10:26", "75", "None", "gtt/9,Vidar", "0", "abuse_ch" "2025-09-01 12:47:54", "1579621", "http://178.57.232.188:53050/.i", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-09-01 12:27:29", "1579615", "https://pastebin.com/raw/qFY21Ftp", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-01 12:26:04", "1579602", "http://pony.gsghost.pro/panel/shit.exe", "url", "payload_delivery", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "pony", "0", "juroots" "2025-09-01 12:25:48", "1579601", "http://pony.gsghost.pro/panel/gate.php", "url", "botnet_cc", "win.pony", "Siplog,Fareit", "Pony", "", "50", "", "c2,pony", "0", "juroots" "2025-09-01 12:25:14", "1579598", "https://cdn.discordapp.com/attachments/859444299618582560/859758307463135242/VirtulAlloc.bin", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "", "guloader", "0", "juroots" "2025-09-01 12:23:24", "1579589", "https://api.telegram.org/bot6999938748:AAG8HM9iKj0Uks7A3Zj_uk_1u1EuLqsP_og/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "", "agenttesla,c2", "0", "juroots" "2025-09-01 12:22:49", "1579588", "https://server14.cdneurops.health/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/546aae43-b274-42fc-a9cf-fdaa643e06f4", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:48", "1579587", "https://server15.mastiakele.ae.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/10d26b34-67ef-474e-92e2-a52d0e8d834d", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:47", "1579586", "https://c402020a-9f15-41b4-b913-e2f3f61e56c5.server1.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/c00e24a6-f440-4b9f-a214-39c6c99cf82a", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:46", "1579585", "https://server2.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/7d691f59-e76a-448c-974f-993c9970ec5f", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:45", "1579583", "https://server6.filesdumpplace.org/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/2df2f1a9-b6d1-49e5-85c7-2a4d2b2dc3ab", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:45", "1579584", "https://dfe03de9-5d5d-4ecc-9423-14b8f289583d.server2.nisdably.com/", "url", "botnet_cc", "win.glupteba", "None", "Glupteba", "", "50", "https://urlquery.net/report/7c3c537a-1beb-4505-a4c9-b97a21320bea", "c2,glupteba,urlquery", "0", "juroots" "2025-09-01 12:22:12", "1579582", "https://45.135.194.43:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/c28fe907-30d4-430c-ac95-16b195c7ced4", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:10", "1579580", "https://113.45.238.149:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/3dcb1c20-ce94-47e8-a1e4-028d826eb4af", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:10", "1579581", "https://43.134.9.57:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/958fb5d9-cc30-4958-aaae-f3d1e4ce7e82", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:09", "1579579", "https://8.210.214.111:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/44dd7acf-e66b-4962-8cf8-3b088993a266", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:08", "1579578", "https://160.250.128.197:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/0f4a3179-7176-404e-aee1-685fe22bf2ce", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:07", "1579577", "https://110.41.44.100:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/d53ef265-e38f-4927-b4b7-ace40a34934f", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:22:06", "1579576", "https://1.15.62.170:8888/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/5f8de64a-17d9-472d-b22d-41cf043dae27", "c2,supershell,urlquery", "0", "juroots" "2025-09-01 12:21:37", "1579574", "https://62.60.246.234/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/025031a4-1eb5-4c24-898c-ba6f15a7730e", "c2,unam,urlquery", "0", "juroots" "2025-09-01 12:21:28", "1579573", "https://77.90.153.62/cvdfnaFJBmC0/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/5b4e6d13-cbd0-4161-91e1-429aec248b39", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:27", "1579572", "https://178.16.53.7/cvdfnaFJBmC1/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/52b90ceb-a582-4dad-80d0-e61ed4a32381", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:24", "1579571", "https://196.251.85.220/E3jv8fS9b/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/1c62eb54-a758-48ae-bf69-5144c08210f8", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:19", "1579569", "https://178.16.53.7/cvdfnafjbmc1/login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2025-09-01 12:21:21", "50", "https://urlquery.net/report/fae3e48e-ee82-4cf9-b44a-63cfde76aa46", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:21:19", "1579570", "https://77.90.153.62/cvdfnaFJBmC0/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlquery.net/report/aab27005-76b2-4aa6-81ac-ce1b22321d0d", "amadey,c2,urlquery", "0", "juroots" "2025-09-01 12:20:37", "1579568", "https://68.183.108.129/6259fdc16222e061.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01990538-dc2c-7699-87b1-b416745ec895", "c2,stealc,urlscan", "0", "juroots" "2025-09-01 12:19:48", "1579567", "https://interbk.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:16", "50", "https://urlscan.io/result/01990538-1daa-775b-901e-f71e86d7c8ea", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:47", "1579566", "https://caltpps.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:14", "50", "https://urlscan.io/result/01990538-16bd-751d-b998-222cd337eaa2", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:45", "1579565", "https://comqpru.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:11", "50", "https://urlscan.io/result/01990538-0862-70fc-b109-025129270a7b", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:41", "1579564", "https://ardhpeb.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:07", "50", "https://urlscan.io/result/01990537-f2eb-73d2-a899-f783eabda111", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:35", "1579563", "https://excufoc.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:05", "50", "https://urlscan.io/result/01990537-ecc3-705a-9626-7be81c085b4a", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:34", "1579562", "https://larpfxs.top/login", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 12:20:03", "50", "https://urlscan.io/result/01990537-e74b-740d-9da7-9b4d6c8ad690", "c2,lumma,urlscan", "0", "juroots" "2025-09-01 12:19:08", "1579561", "http://f1096594.xsph.ru/94e3c0ba.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-01 12:19:13", "50", "https://urlscan.io/result/01990537-7225-70df-9934-3c759e23917e", "c2,dcrat,urlscan", "0", "juroots" "2025-09-01 12:18:27", "1579560", "https://193.233.20.25/buh5n004d/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01990536-e1b4-731a-b0e5-99991cd63a3d", "amadey,c2,urlscan", "0", "juroots" "2025-09-01 12:17:43", "1579559", "http://104.234.37.139:4000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/01990536-30d6-7554-9411-6f5e43cee8d3", "c2,evilginx,urlscan", "0", "juroots" "2025-09-01 12:17:07", "1579558", "https://www.krista-tur.ru/login/", "url", "botnet_cc", "win.salatstealer", "None", "SalatStealer", "", "50", "https://urlscan.io/result/01990535-a85f-706d-a4b4-9378370ff1cf", "c2,salat,urlscan", "0", "juroots" "2025-09-01 12:16:28", "1579557", "http://176.46.152.46/T.exe", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "https://urlscan.io/result/01990535-0b5b-7281-8277-b429a1a53a94", "c2,urlscan,xtinyloader", "0", "juroots" "2025-09-01 12:16:25", "1579556", "http://176.46.152.46/4.exe", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "https://urlscan.io/result/01990534-fe9e-722d-a007-2090785bd23e", "c2,urlscan,xtinyloader", "0", "juroots" "2025-09-01 12:13:43", "1579554", "http://93.140.78.180:8080/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/01990532-8be5-76ff-8ad2-e71fedb304ae", "c2,chaos,urlscan", "0", "juroots" "2025-09-01 11:51:07", "1579024", "https://futurenaturallistic.com/res/groceryarm", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:05", "1579022", "https://poertywindow.com/ajax/pixi.min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:04", "1579026", "https://futurenaturallistic.com/bracket.sym", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:51:03", "1579027", "https://futurenaturallistic.com/assets/img/6957b95c3.res", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115128496943673248", "SmartApeSG", "0", "monitorsg" "2025-09-01 11:45:54", "1579034", "http://89.197.167.116:7700/xt89", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/8c3613b51afb7a2410531d5abad8979e77b2f86d07a084453a191291e8517ab0/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 11:45:53", "1579033", "http://192.168.180.11:7700/G7iv", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/83ee74b0415071f81860b3bf9bb3c07fd8a891f84050dc011f897029ce8c1497/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 11:45:51", "1579032", "http://10.0.0.5:443/KEeh", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/fc0d5d4af2961460dcda985611a26b7aac1b6cc1fe075468dc63644388a0069d/", "cobaltstrike", "0", "abuse_ch" "2025-09-01 09:20:52", "1579002", "https://caltpps.top/xaor", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/78097369bab15bc0eb3494020489e5c254d56437415db680a389a184a7366cd7/", "lumma", "0", "abuse_ch" "2025-09-01 09:16:22", "1579001", "https://savoref.top/eotr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-09-01 10:15:33", "75", "https://bazaar.abuse.ch/sample/59dabfc469e8f83335bb8a484864a008829994738f070a64081945e9dc0fd007/", "lumma", "0", "abuse_ch" "2025-09-01 09:09:39", "1578999", "http://62.60.246.234/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS211522,Hypercore Ltd,unam", "0", "antiphishorg" "2025-09-01 08:57:26", "1578996", "https://tmello.com/9y4s.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "KongTuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-01 08:57:25", "1578997", "https://tmello.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-09-01 06:01:05", "1578975", "https://despofe.top/zlai", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250901-dm47zazn19", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-09-01 06:00:58", "1578972", "https://my-paste-app-nine.vercel.app/rawidcaa943ee", "url", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250901-gcvsbswygx", "C2,quasar,rat,triage", "0", "DonPasci" "2025-09-01 05:56:02", "1578818", "http://160.250.128.197:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-02 05:48:36", "100", "None", "AS150895,EZ TECHNOLOGY COMPANY LIMITED,supershell", "0", "antiphishorg" "2025-09-01 05:55:59", "1578824", "http://103.153.69.151/wget.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 18:30:13", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:58", "1578839", "http://103.153.69.151/arm7", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:20", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:58", "1578840", "http://103.153.69.151/mips", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:18", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:58", "1578841", "http://103.153.69.151/arm5", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:17", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:57", "1578843", "http://103.153.69.151/arm6", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:20", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:56", "1578842", "http://103.153.69.151/mpsl", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:19", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-09-01 05:55:56", "1578844", "http://103.153.69.151/x86", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-31 19:20:18", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" # Number of entries: 175