################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-02-27 18:45:19 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-02-27 18:45:19", "1755487", "http://82.25.63.1/9f53354de2964d8b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-02-27 16:21:24", "1755356", "https://arcanepanel.cc/api/upload/mardell", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/eaf774319a523aa423c0a1edc693f060ad108d9570495a38549efd0c16953af4", "ArcaneStealer,c2", "0", "burger" "2026-02-27 16:21:20", "1755375", "http://213.176.73.162/api/NTE3YjdjNWU1NjYzNjU2YTA1N2Y=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "True", "", "SmartLoader", "0", "tcains1" "2026-02-27 16:21:13", "1755449", "https://nicorica.com/8g5f.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116143217637249745", "KongTuke", "0", "monitorsg" "2026-02-27 16:21:11", "1755452", "https://nonserest.top/proxy/permission-script.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116143220506359837", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:11", "1755451", "https://nicorica.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116143217637249745", "KongTuke", "0", "monitorsg" "2026-02-27 16:21:10", "1755455", "https://clipwirt.com/flare", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-27 16:07:55", "100", "True", "https://infosec.exchange/@monitorsg/116143220506359837", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:10", "1755454", "https://nonserest.top/proxy/reset-server.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116143220506359837", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:09", "1755456", "https://193.111.208.209/bobby", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-27 16:07:57", "100", "True", "https://infosec.exchange/@monitorsg/116143220506359837", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:03", "1755465", "https://xerexoret.top/proxy/permission-script.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116143453563528676", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:03", "1755463", "https://xerexoret.top/proxy/handler-ajax.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116143453563528676", "SmartApeSG", "0", "monitorsg" "2026-02-27 16:21:01", "1755466", "https://xerexoret.top/proxy/reset-server.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116143453563528676", "SmartApeSG", "0", "monitorsg" "2026-02-27 12:35:06", "1755417", "http://77.90.185.66:6677/IRemotePanel", "url", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "None", "RedLine Stealer", "0", "abuse_ch" "2026-02-27 10:27:14", "1755394", "https://pastebin.com/raw/guvRQaLJ", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-02-27 10:18:14", "1755377", "https://nids13.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/0ce02199-05e9-4af6-b34a-3b935ebefa1b", "c2,kimsuky,urlquery", "0", "juroots" "2026-02-27 10:17:48", "1755376", "https://www.1tqbo.mecanicasanjuan.com/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://urlscan.io/result/019c9e9a-bdbb-70f5-bb76-730aa3be45be", "c2,QuantumRouteRedirect,urlscan", "0", "juroots" "2026-02-27 07:20:12", "1755313", "http://ck929350.tw1.ru/aad8356b.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-02-27 07:10:09", "1755215", "https://verify-slack.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/verify-slack.com", "ClickFix", "0", "CarsonWilliams" "2026-02-27 07:10:05", "1755219", "https://goansgsr.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/goansgsr.shop", "ClickFix", "0", "CarsonWilliams" "2026-02-27 07:09:58", "1755257", "https://inheritance-claims-portal-32792.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/inheritance-claims-portal-32792.com", "ClickFix", "0", "CarsonWilliams" "2026-02-27 07:09:40", "1755096", "https://wuliaox.com/2g5a.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-02-27 05:06:45", "100", "True", "https://infosec.exchange/@monitorsg/116137794261027748", "KongTuke", "0", "monitorsg" "2026-02-27 07:09:38", "1755098", "https://wuliaox.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-02-27 05:06:48", "100", "True", "https://infosec.exchange/@monitorsg/116137794261027748", "KongTuke", "0", "monitorsg" "2026-02-27 07:09:37", "1755099", "https://eshleytrei.top/api/api-theme.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-26 21:10:20", "100", "True", "https://infosec.exchange/@monitorsg/116137800209589871", "SmartApeSG", "0", "monitorsg" "2026-02-27 07:09:34", "1755101", "https://eshleytrei.top/api/private-compiler.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-26 21:10:25", "100", "True", "https://infosec.exchange/@monitorsg/116137800209589871", "SmartApeSG", "0", "monitorsg" "2026-02-27 07:09:32", "1755102", "https://freuterby.com/angle", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-26 21:10:29", "100", "True", "https://infosec.exchange/@monitorsg/116137800209589871", "SmartApeSG", "0", "monitorsg" "2026-02-27 07:09:31", "1755103", "https://89.46.38.121/concise", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-02-26 21:10:32", "100", "True", "https://infosec.exchange/@monitorsg/116137800209589871", "SmartApeSG", "0", "monitorsg" "2026-02-26 18:00:23", "1755121", "http://a0934652.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-02-26 15:27:20", "1755083", "http://49.51.202.217/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlscan.io/result/019c9a8f-ae9b-7488-9aa9-5a4aca730002", "c2,hookbot,urlscan", "0", "juroots" "2026-02-26 15:26:51", "1755082", "https://159.198.75.187/d076201aa1664664.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019c9a8f-3e0b-7053-b940-c6e59b3f1c99", "c2,stealc,urlscan", "0", "juroots" "2026-02-26 10:29:52", "1755028", "https://cms.cardiffphysio.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:52", "1755027", "https://cms.it-bd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:52", "1755026", "https://kur.cardiffphysio.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:52", "1755025", "https://kur.it-bd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:52", "1755024", "https://74.0.48.48/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:51", "1755023", "https://46.225.57.98/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:51", "1755022", "https://188.34.207.58/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:51", "1755021", "https://46.224.192.164/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 10:29:51", "1755020", "https://95.216.251.50/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-26 09:32:49", "1755008", "http://oficialrem.duckdns.org:5000", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://app.any.run/tasks/e7968dc1-77f0-4bda-8d04-cbc8780155b1?malconf=true", "None", "0", "BlinkzSec" "2026-02-26 06:22:01", "1754868", "https://socheaphost.com/SSA_GOV/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/socheaphost.com", "ClickFix", "0", "CarsonWilliams" "2026-02-26 06:21:52", "1754927", "http://89.169.12.235/api/NTE3YjdjNWU1NjYzNjU2YTA1N2Y=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "False", "", "SmartLoader", "0", "tcains1" "2026-02-26 06:21:51", "1754928", "http://213.176.73.159/api/NTE3YjdjNWU1NjYzNjU2YTA1N2Y=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "False", "", "SmartLoader", "0", "tcains1" "2026-02-26 06:21:50", "1754936", "http://213.176.73.151/api/NTE3YjdjNWU1NjYzNjU2YTA1N2Y=", "url", "botnet_cc", "win.smartloader", "None", "SmartLoader", "", "75", "True", "", "SmartLoader", "0", "tcains1" # Number of entries: 43