################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-06-20 14:12:31 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-06-20 14:12:31", "1548043", "https://49.13.32.53/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-06-20 17:15:41", "100", "", "Vidar", "0", "crep1x" "2025-06-20 14:12:31", "1548042", "https://0.0.mastermaths.com.sg/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-06-20 17:15:42", "100", "", "Vidar", "0", "crep1x" "2025-06-20 13:23:19", "1548036", "https://app.symphoniabags.com/ajaxAction", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-20 12:25:34", "1548026", "https://www.googleapi.top/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 12:25:34", "1548025", "https://api.micosoftr.icu/djiowejdf", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://bazaar.abuse.ch/sample/91e851f8cd9a32f9077f9fbbf1a64278e6be460ed5908778e4b45e62e495167e/", "CobaltStrike,cs-watermark-100000000", "0", "abuse_ch" "2025-06-20 07:45:25", "1547969", "http://404830cm.nyashvibe.ru/External_SecureProcessProcessorDle.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-20 07:19:35", "1547947", "https://onedrive.live.com/download?cid=0B476D68A3403083&resid=B476D68A3403083%21227&authkey=ABk0A0LwLOKYhOY", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "", "guloader", "0", "juroots" "2025-06-20 07:18:04", "1547942", "https://pastebin.com/raw/FXNwDeqa", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:18:03", "1547941", "https://pastebin.com/raw/0vnvsaUr", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-06-20 07:16:45", "1547940", "http://45.141.233.187/38a5d6b24dac26be.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/01978c32-6eaf-7208-a7b5-c4a655292d87", "c2,stealc,urlscan", "0", "juroots" "2025-06-20 06:12:46", "1547835", "https://foepsa.com/shield.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,CoreSecThree", "0", "HuntYethHounds" "2025-06-19 22:55:21", "1547852", "http://cd41415.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 20:10:22", "1547809", "http://730294cm.nyashvibe.ru/eternalgeogamesqlPubliccdnDownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 19:34:28", "1547762", "https://verifintcon.com/zk5hTlHc.txt", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "Or1onS3c" "2025-06-19 19:34:28", "1547761", "https://verifintcon.com/1.txt", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "Or1onS3c" "2025-06-19 14:15:42", "1547737", "http://188.208.103.26/bigload8Providertemporary/0update/VoiddbDefaulthttpProcessor/1Secure/apiLongpollexternalImage/ProviderImagephpJsApiDbFlowerPublic.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-06-19 13:19:11", "1547719", "https://www.stirngo.com/ajaxAction", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-06-19 13:16:21", "1547726", "https://spjeo.xyz/axka/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:20", "1547725", "https://skjgx.xyz/riuw/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:19", "1547724", "https://shaeb.xyz/ikxz/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:16", "1547723", "https://ropyi.xyz/zadf/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:04", "1547722", "https://gewgb.xyz/axgh/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 13:16:03", "1547721", "https://firddy.xyz/yhbc/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/d12c6a2dbf618063039432815686e27fa1b8fe2e09f31f72732612397fa838fd/", "lumma", "0", "abuse_ch" "2025-06-19 12:46:59", "1547715", "http://194.38.21.76/diamo/post.php", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://x.com/ShanHolo/status/1935593986535940322", "DiamotrixStealer", "0", "abuse_ch" "2025-06-19 12:18:58", "1547685", "https://172.245.123.11/new/F.exe", "url", "payload_delivery", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "100", "", "None", "0", "pitachu" "2025-06-19 12:18:58", "1547686", "https://172.245.123.11/new/FJF65.zip", "url", "payload_delivery", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "", "None", "0", "pitachu" "2025-06-19 12:18:57", "1547688", "https://172.245.123.11/new/NEWPT.exe", "url", "payload_delivery", "win.stealerium", "None", "Stealerium", "", "100", "", "None", "0", "pitachu" # Number of entries: 27