################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2025-07-24 12:21:13 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-07-24 12:21:13", "1560320", "http://206.82.6.166/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS963,N963 PTE. LTD.,supershell", "0", "antiphishorg"
"2025-07-24 09:20:11", "1560314", "http://ce12403.tw1.ru/b17cb5bf.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-07-24 08:40:06", "1560269", "http://196.251.81.176/dF30Hn4m/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "Amadey", "0", "abuse_ch"
"2025-07-24 06:37:36", "1560244", "https://viadeo.best/stream.pdf", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "Lumma Stealer,malware", "0", "Chamindu_X"
"2025-07-24 06:29:24", "1560220", "http://43.160.252.15:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 06:39:49", "100", "None", "AS132203,supershell,Tencent Building  Kejizhongyi Avenue", "0", "antiphishorg"
"2025-07-24 06:28:48", "1560184", "http://kurama.network/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Nosviak", "1", "BlinkzSec"
"2025-07-24 06:28:36", "1559838", "http://45.131.64.210/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-07-23 21:50:41", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2025-07-24 06:05:15", "1560226", "http://wranglerjeans.shop", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250724-apj32atmv8", "C2,stealc,stealer,triage", "0", "DonPasci"
"2025-07-24 01:10:29", "1560182", "https://main.db.review.digital", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 12:11:13", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-07-24 01:10:28", "1560181", "https://195.201.251.183", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 12:11:12", "75", "None", "5%563,Vidar", "0", "abuse_ch"
"2025-07-24 00:45:47", "1560180", "https://t.me/dz25gz", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "vidar", "0", "abuse_ch"
"2025-07-24 00:45:43", "1560179", "https://steamcommunity.com/profiles/76561199880530249", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "vidar", "0", "abuse_ch"
"2025-07-24 00:45:42", "1560178", "https://sparklfm.xyz/xoit", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "lumma", "0", "abuse_ch"
"2025-07-24 00:45:31", "1560177", "https://jambnwz.top/gakh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f8e72c4db348eb70ec22401abfc618e8a58f115c41be7acb36fd6732f367c37c/", "lumma", "0", "abuse_ch"
"2025-07-23 17:45:58", "1559852", "https://perfoxd.xyz/xkfj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/98ebb99e3993e8f5546c997371efecacfa5a6edd7796752b923487aafc251a15/", "lumma", "0", "abuse_ch"
"2025-07-23 17:35:57", "1559851", "https://t.me/sadjv23jadjdhjsa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/125edb38ce9edda52a7ccace6d5d7adfd37b7e9ebfd38cf7dd072c16124bc1c3/", "lumma", "0", "abuse_ch"
"2025-07-23 17:10:28", "1559849", "https://api.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 12:11:10", "75", "None", "ixx,Vidar", "0", "abuse_ch"
"2025-07-23 17:10:27", "1559848", "https://116.203.165.217", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-24 12:11:08", "75", "None", "ixx,Vidar", "0", "abuse_ch"
"2025-07-23 15:20:27", "1559821", "https://acetjjxl.top/agjn", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6b715e8feeb3258e7b087ec2f6a49c421cfadc55af15a9cd157a6e6c34186d4d/", "lumma", "0", "abuse_ch"
"2025-07-23 15:18:26", "1559820", "http://172.94.96.95/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS207184,TELCHAK GOLD VENTURES (PRIVATE) LIMITED,unam", "0", "antiphishorg"
"2025-07-23 14:56:43", "1559815", "https://markets.globalequity360.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz"
"2025-07-23 13:45:57", "1559814", "https://stfota.xyz/toxz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6cecb28cd305a419493ab69862a83c610462e1329374986c9e3542e1088206e3/", "lumma", "0", "abuse_ch"
"2025-07-23 13:45:50", "1559813", "https://ondcvxe.top/xkdz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/6cecb28cd305a419493ab69862a83c610462e1329374986c9e3542e1088206e3/", "lumma", "0", "abuse_ch"
"2025-07-23 13:41:38", "1559810", "http://45.84.227.95:8080/", "url", "botnet_cc", "win.chaos", "FakeRyuk,RyukJoke,Yashma", "Chaos", "", "50", "https://urlscan.io/result/01983784-aa86-743e-a90b-b65242a2df6c", "c2,chaos,urlscan", "0", "juroots"
"2025-07-23 13:41:07", "1559809", "https://66.129.66.16/mailgust/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01983784-3089-7788-b85c-8dd23d64bbbe", "amadey,c2,urlscan", "0", "juroots"
"2025-07-23 13:41:06", "1559808", "https://66.129.66.16/maillist/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "https://urlscan.io/result/01983784-2ca3-7689-8961-a81ff24f444d", "amadey,c2,urlscan", "0", "juroots"
"2025-07-23 13:02:00", "1559779", "http://45.131.65.57/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-07-23 13:00:38", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2025-07-23 12:24:09", "1559778", "http://193.233.16.35/api/YTAsODYsODIsOWQsYTEsODgsOTAsOTUsNjUsN2Qs", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "", "SmartLoader", "0", "tcains1"
"2025-07-23 12:06:34", "1559757", "http://43.250.174.240:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-07-24 06:39:50", "100", "None", "AS62468,supershell,VpsQuan L.L.C.", "0", "antiphishorg"
"2025-07-23 12:02:25", "1559773", "https://psycibdz.shop/xlad", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250723-mhsg2sel5w", "C2,lumma,stealer,triage", "0", "DonPasci"
"2025-07-23 11:36:52", "1559749", "https://moruk.xyz/tag/buy.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg"
"2025-07-23 11:36:51", "1559751", "https://moruk.xyz/tag/buffer.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg"
"2025-07-23 11:36:50", "1559754", "https://eveloungeyyc.com/bezs.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg"
"2025-07-23 11:36:49", "1559752", "https://eveloungeyyc.com/lal1.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114902246390735094", "SmartApeSG", "0", "monitorsg"
"2025-07-23 11:10:37", "1559748", "https://t.me/pawpawasc", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9be4bae7dcdb65306f2d9705080781961011570a6e114b7d21f1b39099993a5b/", "lumma", "0", "abuse_ch"
"2025-07-23 09:40:11", "1559742", "http://cj46418.tw1.ru/5fefa906.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-07-23 07:55:07", "1559714", "http://oby2349.giize.com:5067/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch"
"2025-07-23 07:47:57", "1559712", "https://icebushes.xyz/bin.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-07-23 07:32:34", "1559708", "http://www.chrome-update.pro/morph.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "APK,fakeupdates", "0", "HuntYethHounds"
"2025-07-23 06:23:38", "1559540", "https://jfbd.com/f/c", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-07-23 06:23:38", "1559541", "https://www.jfbd.com/f/f", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds"
"2025-07-23 06:00:56", "1559686", "https://securemega.xyz", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250723-gaptasvjv8", "C2,stealc,stealer,triage", "0", "DonPasci"
"2025-07-23 06:00:51", "1559685", "https://stranzv.pics/xlao", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250723-fpclvasxgw", "C2,lumma,stealer,triage", "0", "DonPasci"
"2025-07-23 05:10:25", "1559681", "https://dev.ip.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 16:10:28", "75", "None", "ixx,Vidar", "0", "abuse_ch"
"2025-07-23 03:25:43", "1559622", "https://glassma.live/alpz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/89b87ee6778b2c3349c1a18d6f4e75b8c29031695460d452fb4fbe5add6f3902/", "lumma", "0", "abuse_ch"
"2025-07-23 03:25:33", "1559621", "https://eartheea.life/itiz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/89b87ee6778b2c3349c1a18d6f4e75b8c29031695460d452fb4fbe5add6f3902/", "lumma", "0", "abuse_ch"
"2025-07-23 03:15:08", "1559620", "http://a0595798.xsph.ru/asynccdn.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-07-23 00:06:53", "1559617", "http://logickplatformsystems.boats:8080/updater?for=5120D3FEDD36EAC912DB54C863CE59BB", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch"
"2025-07-22 18:00:57", "1559559", "https://pennkavs.top/toox", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-vpbrwaymw8", "C2,lumma,stealer,triage", "0", "DonPasci"
"2025-07-22 18:00:56", "1559558", "https://restauun.top/algk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250722-vqlcpsej5t", "C2,lumma,stealer,triage", "0", "DonPasci"
"2025-07-22 17:10:27", "1559543", "https://test.www.organica.tv", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-07-23 07:20:30", "75", "None", "ixx,Vidar", "0", "abuse_ch"
"2025-07-22 16:00:13", "1559505", "https://mordpdv.xyz/rgfx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:13", "1559506", "https://adviykk.top/bmnd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:13", "1559507", "https://imphybg.top/djur", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:12", "1559508", "https://comstmo.digital/pal", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:11", "1559511", "https://fradpf.top/taiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:11", "1559510", "https://myozyi.lat/aplx", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:11", "1559509", "https://t.me/asdasdasdsds12", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:10", "1559513", "https://pinepx.pics/xplh", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:10", "1559512", "https://astrotg.world/lOAksj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:09", "1559514", "https://t.me/yrtysfg", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:08", "1559515", "https://t.me/my_flowers_my", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 16:00:08", "1559516", "https://t.me/sdkfkkflls", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "22July2025,iocbottest", "0", "Gi7w0rm"
"2025-07-22 15:20:31", "1559504", "https://genusuvk.xyz/mngs", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/02dca612bb625739eae13396c7f54088671b2be19bb7e0eb6441a233fffffdbf/", "lumma", "0", "abuse_ch"
"2025-07-22 13:31:02", "1559342", "https://t.me/gafagd4", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch"
"2025-07-22 13:31:00", "1559341", "https://t.me/asgfdgha4", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bccf2951c42b748568df470bdd739f93fb1a0c95540806cd042dc18a92572007/", "lumma", "0", "abuse_ch"
"2025-07-22 13:30:51", "1559340", "https://porzxgnw.lat/twoi", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bccf2951c42b748568df470bdd739f93fb1a0c95540806cd042dc18a92572007/", "lumma", "0", "abuse_ch"
"2025-07-22 13:30:48", "1559339", "https://nageiaju.pics/vkah", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch"
"2025-07-22 13:30:46", "1559338", "https://mosaicia.top/zlap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch"
"2025-07-22 13:30:43", "1559337", "https://keepnody.top/tiow", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch"
"2025-07-22 13:30:38", "1559336", "https://familkqo.xyz/xlak", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/2144207c1a122498f32c574d7f7be0238a2a5424188443bd5e980ed7097b6176/", "lumma", "0", "abuse_ch"
"2025-07-22 13:27:24", "1559333", "https://calc.diversifieddebtsolutions.com/viewDashboard", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz"
# Number of entries: 72