################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2025-08-19 22:35:55 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-08-19 22:35:55", "1571486", "https://sodipuc.top/xowq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ec87e04e3d33b8d32a4c2b7cfdcf320970b3b3aed19984cc5cb436070b8dea20/", "lumma", "0", "abuse_ch"
"2025-08-19 22:15:14", "1571485", "http://a1161282.xsph.ru/8929ff41.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-19 21:35:09", "1571483", "http://cg97957.tw1.ru/525a795c.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-19 21:10:23", "1571480", "https://wew.shipensburginvestmentgroup.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 03:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-19 18:20:12", "1571295", "http://cz48006.tw1.ru/e8ce020e.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-19 17:47:17", "1571282", "http://212.22.86.82:2020/home", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg"
"2025-08-19 17:47:15", "1571277", "http://microsoft-telemetry.cc/cvdfnaFJBmC0/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "amadey,AS215826,NICENIC INTERNATIONAL GROUP CO.  LIMITED,Partner Hosting LTD", "0", "antiphishorg"
"2025-08-19 17:47:14", "1571278", "http://47.98.216.119:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg"
"2025-08-19 17:47:13", "1571280", "https://ichmidt.com/3dg5.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg"
"2025-08-19 17:47:13", "1571281", "https://ichmidt.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115056530594664027", "KongTuke", "0", "monitorsg"
"2025-08-19 16:10:50", "1571274", "https://13.107.ihireinternationalagency.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-19 20:10:41", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-19 16:10:46", "1571273", "https://116.202.183.85", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-20 03:10:24", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-19 15:50:20", "1571263", "http://microsoft-telemetry.cc/cvdfnaFJBmC0/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "Amadey", "0", "abuse_ch"
"2025-08-19 14:46:20", "1571244", "https://tiltyufaz.ru/tlxa", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:16", "1571243", "https://shagkeg.ru/xkzd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:14", "1571242", "https://semipervaz.ru/xued", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:12", "1571241", "https://runmgov.ru/tixd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:09", "1571240", "https://retrofik.ru/jgur", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:03", "1571239", "https://cursilibim.ru/zajd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:46:00", "1571238", "https://copulardi.ru/xhza", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:45:58", "1571237", "https://capitalior.ru/akts", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/4a6f6df6942d41b1e9ae60a661ea7fb828563638dedf57af3c26720d99c49ed1/", "lumma", "0", "abuse_ch"
"2025-08-19 14:28:40", "1571236", "https://beliefdress.xyz/mxi.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch"
"2025-08-19 14:25:05", "1571234", "http://41.216.188.199/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS211138,Private-Hosting di Cipriano oscar,unam", "0", "antiphishorg"
"2025-08-19 10:51:43", "1571158", "http://134.122.207.55:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS152194,CTG Server Limited,supershell", "0", "antiphishorg"
"2025-08-19 06:02:57", "1571157", "http://91.196.34.1", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250819-c9e1xszkx8", "AS207957,C2,stealc,stealer,triage", "0", "DonPasci"
"2025-08-19 05:00:40", "1571146", "https://historydress.xyz/mxi.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "https://bazaar.abuse.ch/sample/5a49835be382bce0aefe1476a4bda212335f1e9f8b49c4d9026435d4e776304f/", "OffLoader", "0", "abuse_ch"
"2025-08-19 04:18:23", "1571091", "https://falconmx.top/wwwap/sunnyday", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwppbf3d622c", "ClickFix,SmartApeSG", "0", "iceberg"
"2025-08-19 04:18:23", "1571092", "https://revise-akmo.com/ajax/pixi.min.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwppdx6gkc2c", "ClickFix,SmartApeSG", "0", "iceberg"
"2025-08-19 04:18:22", "1571093", "https://wi2ns.com/res/ratefeature", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bsky.app/profile/andychaobal.bsky.social/post/3lwppdx6gkc2c", "ClickFix,SmartApeSG", "0", "iceberg"
"2025-08-19 04:18:20", "1571110", "https://www.epifonica.com/wp-content/plugins/wp-containment-means/?r=bd1odhrwczovl2rxcmridi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-19 04:18:14", "1570820", "http://196.251.80.130:4565/wget.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-18 22:40:30", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2025-08-19 04:18:12", "1570818", "https://venamst.top/ooaw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu"
"2025-08-19 04:18:11", "1570815", "http://americovespucci.shop/45cc90de006049c9.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "pitachu"
"2025-08-19 04:18:05", "1570807", "http://23.146.184.21/adb.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-19 16:50:23", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2025-08-19 04:17:55", "1571103", "http://206.245.167.38:9999/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS136557,Host Universal Pty Ltd,supershell", "0", "antiphishorg"
"2025-08-19 02:10:27", "1571097", "https://b.dev.drakeinternationalagency.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-19 15:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-18 20:55:48", "1570813", "http://113.44.139.80:5006/po9E", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/951f28fa3b1668bdb2b300dac35138c35776d57955f17031d46fc6802ab14fb4/", "cobaltstrike", "0", "abuse_ch"
"2025-08-18 18:30:59", "1570768", "https://epidmov.top/xiwq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/510b589fe7b65c47c9599f18a6d26ff8dbd7d1cb13689948004dba9893b8b89e/", "lumma", "0", "abuse_ch"
"2025-08-18 17:00:24", "1570749", "http://453971cm.nyash.es/eternalimageVideoPipeGameflowerLocalprivateCentral.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-18 16:10:48", "1570748", "https://a.dev.drakeinternationalagency.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-19 01:10:24", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-18 13:46:52", "1570695", "https://certificado.vouserpai.com.br/wp-content/plugins/wp-nasa-registry/index.php?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:51", "1570700", "https://expresssafetyinc.com/wp-content/plugins/wp-software-malware/index.php?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:51", "1570699", "https://escoladeimpressao3d.com.br/wp-content/plugins/wp-legal-cyberinteraction/?r=bD1odHRwczovL2tzYndtay5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:29", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:49", "1570696", "https://www.verdeta.it/wp-content/plugins/wp-open-multinetworked/?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:29", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:48", "1570698", "https://www.imax-host.com/alfinach/wp-content/plugins/wp-res-system/?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:48", "1570697", "https://totalpropertycare.ae/wp-content/plugins/wp-machinery-skeletale/index.php?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:47", "1570701", "https://epifonica.com/wp-content/plugins/wp-containment-means/index.php?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-18 23:37:06", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:46", "1570703", "https://smarttecho.net/wp-content/plugins/wp-water-standards/?r=bD1odHRwczovL2tzYndtay5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:46", "1570702", "https://pim.legrand.pl/wp-content/plugins/wp-control-dragnet/?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:45", "1570704", "https://charlie.yourwebsitedemos.com/webe/Mint-Heights/wp-content/plugins/wp-assemblage-security/index.php?r=bD1odHRwczovL2RxcmRidi5jb20v", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-08-19 23:53:30", "95", "None", "Latrodectus", "0", "pancak3lullz"
"2025-08-18 13:46:44", "1570729", "http://46.161.27.145/paper/websiteofficialnewcock.php", "url", "botnet_cc", "win.treasurehunter", "huntpos", "TreasureHunter", "", "100", "None", "AS43350,NForce Entertainment B.V.,treasurehunter", "0", "antiphishorg"
"2025-08-18 12:10:45", "1570726", "https://116.203.166.184", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-19 14:10:36", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-18 07:10:25", "1570643", "https://t.dev.drakeinternationalagency.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-18 15:10:26", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
"2025-08-18 06:14:13", "1570512", "http://213.209.150.166/g7hen3xxf/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "amadey,AS214943,Railnet LLC", "0", "antiphishorg"
"2025-08-18 06:14:10", "1570591", "http://103.245.231.188/vtubers.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-18 05:20:28", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2025-08-18 05:40:22", "1570628", "http://cu08926.tw1.ru/d777d38d.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-18 05:15:17", "1570626", "http://a1139089.xsph.ru/9bb5ecd9.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch"
"2025-08-18 04:10:38", "1570622", "https://type.plex.name", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-18 06:10:25", "75", "None", "reeqc,Vidar", "0", "abuse_ch"
# Number of entries: 58