################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-12-04 21:10:24 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-12-04 21:10:24", "1667791", "http://193.37.69.43:96/ZPqB", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/f5c7faca5b5563e4740a6d2196acfb3626ecbcd38da4d690dc23e13e7ecf747c/", "cobaltstrike", "0", "abuse_ch" "2025-12-04 20:23:16", "1667747", "https://nimbsjoa.com/ttt/tww.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:13", "1667749", "https://nimbsjoa.com/ttt/tee.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:12", "1667750", "https://nimbsjoa.com/ttt/trr.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:12", "1667751", "https://canrtsem.com/blue", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:11", "1667752", "https://deregulatedenergy.com/fdg2.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 19:42:33", "1667760", "http://111.253.220.24/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/019aeae3-3fb5-7365-9da3-d310e4e71a83", "c2,hookbot,urlscan", "0", "juroots" "2025-12-04 19:41:55", "1667759", "https://reftec.sbs/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/019aeae2-abe1-7697-960e-b1633daf496f", "c2,spynote,urlscan", "0", "juroots" "2025-12-04 18:02:52", "1667727", "http://89.169.53.244", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/251204-qf647ssrek", "AS210644,C2,stealc,stealer,triage", "0", "DonPasci" "2025-12-04 15:14:27", "1667693", "https://booksbypatriciaschultz.com/liner.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:20", "1667692", "http://193.111.117.194/tet.jpeg", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:19", "1667694", "https://fsdtiototoitweot.com/ofofo.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:09:04", "1667665", "https://garanti-sans-virus.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/garanti-sans-virus.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 15:09:03", "1667667", "https://mahleinc.com/8u8u.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:03", "1667669", "https://mahleinc.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:02", "1667670", "http://199.217.99.42/m", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:01", "1667685", "https://vqjhg08j-5500.euw.devtunnels.ms/checker/1.pdb", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "dcrat", "0", "burger" "2025-12-04 15:09:00", "1667687", "https://vqjhg08j-5500.euw.devtunnels.ms/jovial/64th%20Services.exe", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "dcrat", "0", "burger" "2025-12-04 14:25:12", "1667673", "https://d4d.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:12", "1667674", "https://d4d.aqarhoosh.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 12:47:01", "1667643", "https://new.borealis-soft.ch/wp-content/plugins/background-image-cropper/ulgfpl.php?us=5yb8t352", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-12-04 11:43:19", "1667638", "http://teleta.top/agrybirdsgamerept", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "", "c2,raccoon", "0", "juroots" "2025-12-04 11:43:19", "1667639", "http://teletop.top/agrybirdsgamerept", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "", "c2,raccoon", "0", "juroots" "2025-12-04 11:42:32", "1667637", "https://hktecentnet.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/019ae92b-c5c7-72bf-ab04-4f7ca9e40370", "c2,spynote,urlscan", "0", "juroots" "2025-12-04 11:41:59", "1667636", "https://www.test.my-video-live.cloud/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae92b-474b-742d-8d60-ecc1a5a319e2", "urlscan", "0", "juroots" "2025-12-04 11:41:56", "1667635", "https://mail.geo-home.rw/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae92b-3c77-74fb-8d52-7037423e8705", "urlscan", "0", "juroots" "2025-12-04 11:41:54", "1667634", "https://103.150.186.125/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-05 00:00:42", "50", "https://urlscan.io/result/019ae92b-329a-73b8-b5c2-e01b916247e1", "urlscan", "0", "juroots" "2025-12-04 10:02:50", "1667595", "https://www21.googlecrash.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-8246-71c3-b572-831f8ae0ba67", "urlscan", "0", "juroots" "2025-12-04 10:02:49", "1667594", "https://www22.googlecrash.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7e44-705b-90ba-bb0e9f2bc84f", "urlscan", "0", "juroots" "2025-12-04 10:02:48", "1667593", "https://18plus.tiktok.market.google.tetherwallet.online/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7961-723d-b1d8-68fc6e66ca5f", "urlscan", "0", "juroots" "2025-12-04 10:02:47", "1667592", "https://pro.market.tocdep.site/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7428-71ca-8c09-516ec86a634a", "urlscan", "0", "juroots" "2025-12-04 10:02:45", "1667591", "https://18plus.tiktok.market.google.mobilboss.website/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6ea8-72b3-bf27-a76282a34c74", "urlscan", "0", "juroots" "2025-12-04 10:02:44", "1667590", "https://www.evn-epointt.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6a07-765c-aa75-5ee99deb19b4", "urlscan", "0", "juroots" "2025-12-04 10:02:43", "1667589", "https://pro.market.pennaluminum.site/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-65e3-717d-8ba7-87f2d607c464", "urlscan", "0", "juroots" "2025-12-04 10:02:42", "1667588", "https://18plus.tiktok.market.google.midcap.top/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6005-75cf-ae77-201ef03f83d4", "urlscan", "0", "juroots" "2025-12-04 09:16:32", "1667577", "http://103.150.186.125", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 09:16:32", "1667578", "http://103.150.186.125/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:13", "1667549", "https://www.test.my-video-live.cloud", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 19:41:21", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:13", "1667557", "http://www.test.my-video-live.cloud/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:26:01", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:12", "1667564", "http://mail.geo-home.rw/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:12", "1667566", "https://mail.geo-home.rw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 23:30:31", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:11", "1667569", "https://update.giooga.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:10", "1667567", "https://meet.giooga.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:21:00", "1667550", "https://xrt.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667551", "https://xrt.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667552", "https://69.5.189.154/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667553", "https://23.88.62.111/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667554", "https://78.47.232.226/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667555", "https://185.207.139.114/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:14:46", "1667545", "https://teamsinvitemeeting.vip/teamsfinal/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:46", "1667546", "https://teamsupdatesfornnicrosoft.sbs/teamsfinal/teamss/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:46", "1667547", "https://bcly.info/zoomplugin_update_V16.8.bat", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667541", "https://teaminvitemeeting.vip/teamsfinal/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667542", "http://contactnowsupport.org/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667543", "https://contactnowsupport.org/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667544", "https://bvas.site/Zooom/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:18", "1667538", "https://tacko.pages.dev/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-24aa-7438-9665-774fdf272410", "urlscan", "0", "juroots" "2025-12-04 08:14:17", "1667537", "https://www.zoom.donittech.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-1e8c-702d-a863-d2503c9e8d04", "urlscan", "0", "juroots" "2025-12-04 08:14:15", "1667536", "https://myzoomlive.netlify.app/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-17b2-71e8-9f38-036d9f0865e8", "urlscan", "0", "juroots" "2025-12-04 08:14:00", "1667535", "https://id3basketball.com/zoom/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86c-da50-76eb-8c46-4c2d939cc8f0", "urlscan", "0", "juroots" "2025-12-04 08:13:54", "1667534", "https://99d04a7a-345a-48sc-8ea3-a9a626aa773e-00-3qpe7ieitscyb.live/vzob/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:45", "50", "https://urlscan.io/result/019ae86c-c23b-70ee-9d3f-09d7891d3514", "urlscan", "0", "juroots" "2025-12-04 06:09:57", "1667157", "https://qexmz.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/qexmz.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:09:56", "1667158", "https://etpur.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/etpur.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:09:44", "1667426", "http://217.156.64.221/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 06:10:46", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-04 06:09:42", "1667434", "https://alsaqrdelivery.online/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/alsaqrdelivery.online", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:03:54", "1667476", "https://hobmjoi.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251204-flte7azmfs", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-12-04 00:15:18", "1667185", "http://towerbingobongoboom.com:8080/updater?for=76262F4263B30A25BB81956EA98986ED", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" "2025-12-03 19:40:16", "1667098", "https://www.appirockyinn.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/www.appirockyinn.com", "ClickFix", "0", "CarsonWilliams" "2025-12-03 19:05:34", "1667086", "https://handpaw.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a61dddb469f669b6cc0520593ac23c9f54761070cf700dbe5c694cf34215538a/", "lumma", "0", "abuse_ch" "2025-12-03 16:44:50", "1667051", "https://kalongo.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:44:50", "1667053", "http://194.87.55.247/danko.odd", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:44:49", "1667054", "https://kalongo.ru/lend.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:31:26", "1667049", "http://178.17.59.148/4a1b933c03e9461a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-03 18:03:05", "100", "https://tria.ge/251203-tv7wts1lcs", "c2,stealc", "0", "burger" "2025-12-03 16:07:59", "1667046", "https://fanspicy.com/insights/where-is-fansly-based/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/4394d8c1-e487-4ca9-a326-d846a91bbf49", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 16:07:58", "1667045", "https://www.serv-in.fr/shopdetail/discount/115264129", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/4cc65427-40b4-4ee0-a246-7827653c3bc5", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 16:07:57", "1667044", "https://tennis-bandol.fr", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 17:00:23", "50", "https://urlquery.net/report/ac241448-5604-4848-8ac3-bc77fb1b482c", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 15:45:36", "1667010", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/6v0tazc5mboxujs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:57", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667011", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ejk52zwt2js16ro", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:57", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667012", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/q38dyv0te345uf4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:58", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667013", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/q7cherolivolejk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:58", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:34", "1667015", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/2vk56j8h27whyzg", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:32", "1667016", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/6v4de3o1yz0du7k", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:32", "1667018", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ej492vsdeb4h27g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:31", "1667017", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/a7k56jotufo5ab4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:30", "1667019", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/iro9a3cp6zsd230", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:30", "1667020", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/m3o1azkhufs1enk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:29", "1667021", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/qj0tqbk5qno9qz8", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:29", "1667022", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ufcx6bc1ef45e7g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667023", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ujgti3g12f45y74", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667024", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/y74habwtyvsxarw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667025", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/yfw9qbsdezwxmzs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:26", "1667026", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/yzc5yj81yv0h2fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:05:57", "1666989", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ejk52zwt2js16ro", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666990", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/q7cherolivolejk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666991", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/qvcxirkxen0hiv0", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666992", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/q38dyv0te345uf4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:55", "1666993", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/iro9a3cp6zsd230", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:55", "1666994", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/y74habwtyvsxarw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:54", "1666995", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ej492vsdeb4h27g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:54", "1666996", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/6v4de3o1yz0du7k", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:53", "1666997", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yzc5yj81yv0h2fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:53", "1666998", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/a7k56jotufo5ab4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:52", "1667000", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/m3o1azkhufs1enk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:51", "1666999", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ijclyfwd2nsl6fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:51", "1667001", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yj41avk5qvkdmvo", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:50", "1667002", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ufcx6bc1ef45e7g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:50", "1667005", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/2vk56j8h27whyzg", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:49", "1667003", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ybs5y70xab4dez4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:48", "1667004", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yfw9qbsdezwxmzs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:04:13", "1666984", "https://steamcommunity.com/profiles/76561198775809889/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 15:04:13", "1666985", "https://www.chess.com/member/bvzxw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 15:04:12", "1666986", "https://t.me/xtelegram_xstar_bot", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 14:56:02", "1666980", "https://wew.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:01", "1666979", "https://wew.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:51:59", "1666971", "http://95.181.173.156/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-03 18:03:03", "100", "https://app.any.run/tasks/7ee3876e-2029-47ee-930c-bf0fc177312a", "c2,stealc", "0", "burger" "2025-12-03 14:51:57", "1666976", "https://5.135.69.40/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/3f751527-848e-49b2-a161-6522f72932ca", "c2,vidar", "0", "burger" "2025-12-03 14:15:14", "1666957", "http://65.38.120.109/m", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115656015480888657", "KongTuke", "0", "monitorsg" "2025-12-03 14:15:14", "1666960", "https://vqjhg08j-5500.euw.devtunnels.ms/temp.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 14:15:14", "1666961", "https://vqjhg08j-5500.euw.devtunnels.ms/clean.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 14:15:13", "1666962", "https://vqjhg08j-5500.euw.devtunnels.ms/cheat.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 12:31:08", "1666939", "https://185.196.10.238/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/83acd598-b05c-46f1-8098-262725d6246d", "stealer,vidar", "0", "burger" "2025-12-03 12:02:53", "1666933", "https://mattykp.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251203-kk6rcahj9z", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-12-03 10:31:37", "1666872", "http://77.90.14.84/kla.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 10:30:30", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 10:31:36", "1666887", "https://dsourceva.com/7h7h.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 10:31:35", "1666888", "https://dsourceva.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 08:32:54", "1666838", "https://skt.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-12-03 12:29:44", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666839", "https://49.13.35.182/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666840", "https://195.201.255.161/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666841", "https://116.202.187.51/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666842", "https://116.203.71.61/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666843", "https://49.13.38.230/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666834", "https://steamcommunity.com/profiles/76561198763098204", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666835", "https://telegram.me/mjn11a", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666836", "https://skt.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666837", "https://sk.ti.milkos.gr/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 07:58:56", "1666804", "https://unncap.com/energenia/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:58:55", "1666805", "https://unncap.com/gbainc/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:58:55", "1666807", "https://adobereader.pdfautoview.com/reader/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:14:28", "1666451", "http://156.226.175.32/bins.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 07:14:27", "1666455", "http://156.226.175.32/ssh.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 03:50:34", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 07:14:26", "1666468", "https://delix.misecretaria.com.ar/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/delix.misecretaria.com.ar", "ClickFix", "0", "CarsonWilliams" "2025-12-03 07:14:22", "1666221", "https://spark-news.xyz/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-02 22:55:34", "90", "https://clickfix.carsonww.com/domains/spark-news.xyz", "ClickFix", "0", "CarsonWilliams" "2025-12-03 07:00:33", "1666745", "https://pastebin.com/raw/1VZ2u0jx", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:11", "1666744", "https://fcm1sx3iteasdfyn2ewds.zip", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/366d3542-97ca-4282-b50d-fa1fd1e7e463", "c2,unam,urlquery", "0", "juroots" "2025-12-03 06:02:49", "1666729", "https://profyfk.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251203-antk3szlbv", "C2,lumma,stealer,triage", "0", "DonPasci" # Number of entries: 145