################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-01-20 20:52:08 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-01-20 20:52:08", "1390167", "https://irp.cdn-website.com/45d8c6e0/files/uploaded/32.ps1", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "lumma,ps1", "0", "juroots" "2025-01-20 20:36:52", "1390141", "https://pastebin.com/raw/cyX7R6Kt", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-01-20 20:35:22", "1390140", "http://81.161.229.110/htdocs/xmzgzwlkoaynncy.exe", "url", "payload_delivery", "win.masslogger", "None", "MASS Logger", "", "50", "https://urlscan.io/result/4a7e492e-10c6-498e-ab5c-b83408d4999a", "exe,masslogger,urlscan", "0", "juroots" "2025-01-20 20:35:21", "1390139", "http://81.161.229.110/htdocs/ncwtdprdytqedkj.exe", "url", "payload_delivery", "win.masslogger", "None", "MASS Logger", "", "50", "https://urlscan.io/result/6090e78c-aca2-43c0-b041-957ebcddd50f", "exe,masslogger,urlscan", "0", "juroots" "2025-01-20 20:34:39", "1390138", "http://66.63.187.214/263ff79562167f22/vcruntime140.dll", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/12ab67e4-4354-4428-a5c4-9356878185a5", "dll,stealc,urlscan", "0", "juroots" "2025-01-20 20:34:38", "1390137", "http://45.131.215.139/c262c2557c712ca5/vcruntime140.dll", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/7a87d6b2-b54d-435f-951c-5025e49609ac", "dll,stealc,urlscan", "0", "juroots" "2025-01-20 20:33:37", "1390136", "https://kentuckymentalhealth.com/up/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/b218adec-f4b7-4a6b-8860-3c818d98cf48", "clickfix,fakecaptcha,urlscan", "0", "juroots" "2025-01-20 20:13:01", "1390121", "https://rewardtide.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390122", "https://rollaritheju.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390123", "https://rainy-lamep.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390124", "https://moonehobno.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390125", "https://reliedevopoi.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390126", "https://carfeuspitt.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:01", "1390127", "https://elfinyamen.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:00", "1390119", "https://swallowsowwe.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 20:13:00", "1390120", "https://encirelk.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 17:38:17", "1389064", "http://rewiesbadcheked.com/", "url", "payload_delivery", "win.amadey", "None", "Amadey", "", "100", "https://urlhaus.abuse.ch/url/3407134/", "Amadey,booking.com,ClickFix,FakeCaptcha", "0", "abuse_ch" "2025-01-20 14:17:31", "1388954", "http://traktortany.org/c", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "", "TrickMo", "0", "abuse_ch" "2025-01-20 14:17:31", "1388955", "http://skyfrostweb.cn.com/c", "url", "botnet_cc", "apk.trickmo", "None", "TrickMo", "", "100", "", "TrickMo", "0", "abuse_ch" "2025-01-20 14:15:04", "1388947", "https://dsdpx.top/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113861075911812888", "SmartApeSG", "0", "monitorsg" "2025-01-20 14:15:03", "1388949", "https://dsdpx.top/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113861075911812888", "SmartApeSG", "0", "monitorsg" "2025-01-20 14:15:03", "1388950", "https://dsdpx.top/work/help.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113861075911812888", "SmartApeSG", "0", "monitorsg" "2025-01-20 14:15:02", "1388951", "https://mffaccessories.com/file.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113861075911812888", "SmartApeSG", "0", "monitorsg" "2025-01-20 14:15:02", "1388952", "https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php", "url", "botnet_cc", "win.matanbuchus", "None", "Matanbuchus", "", "100", "None", "None", "0", "Bitsight" "2025-01-20 14:05:15", "1388946", "http://cl85533.tw1.ru/ea6e4ea0.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2025-01-20 10:28:47", "1388822", "https://cowertbabei.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:47", "1388823", "https://learnyprocce.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:46", "1388817", "https://celeryddepende.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:46", "1388818", "https://shapeguidecaz.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:46", "1388819", "https://abaft-taboo.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:46", "1388820", "https://conquemappe.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:46", "1388821", "https://noxiuos-utopi.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:45", "1388813", "https://joyoushammen.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:45", "1388814", "https://keenrustiz.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:45", "1388815", "https://mushyomittel.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 10:28:45", "1388816", "https://politicafausx.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-20 09:40:13", "1388710", "https://crystaltreasures.shop/get-going-forward.html", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:12", "1388711", "http://inforta.org/677f7cc1f8daa9ec66ec2bdb", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:12", "1388712", "http://centralpointvi.live/6788b6e57199479121372d2f", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:12", "1388713", "http://beastviguyt.shop/6787779e36c5731a2f92b56a", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:11", "1388714", "https://kangshart.shop/loading-take-time-pathv1.html", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:10", "1388715", "https://gustavu.shop/path0forwarding-stepv2.html", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:09", "1388716", "http://generatorauc.pro/676532b046cfbdecfd800dbf", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:09", "1388717", "http://centralpointvi.live/6788c43e3daf0b9bc9af5af2", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:03", "1388719", "http://sos-ch-dk-2.exo.io/lets-start-file/bot-verification-check-r6.html", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 09:40:00", "1388718", "http://trafonyx.com/675ad6f75bb4cd3916e7cad5", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7" "2025-01-20 08:40:27", "1388720", "https://eskate.cfd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-01-20 08:22:37", "1388703", "http://5.188.86.231/0b6451de14750b6f.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "lontze7" "2025-01-20 08:22:37", "1388704", "https://176.124.198.17/1da263bff25c8346.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "lontze7" "2025-01-20 06:50:26", "1388667", "https://keysoftgroup.net/up/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/989cbd4f-0089-4a5a-bc58-cc55477aec69", "clickfix,fakecaptcha,urlscan", "0", "juroots" "2025-01-20 06:48:52", "1388666", "http://107.174.102.173:8888/supershell/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/b4c45053-bc92-4630-9c81-b1e4ed6af480", "c2,supershell,urlscan", "0", "juroots" "2025-01-20 06:21:20", "1388635", "http://radium.lol:42069/v2/3e728hd782dbyu12veyu2gd872fdg235jgg432fg/0/getupdates", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-token-theft-and-backdoor", "pypi", "0", "juroots" "2025-01-20 06:20:44", "1388550", "http://1.14.104.62:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2025-01-20 06:20:44", "1388551", "http://120.79.86.98:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2025-01-20 06:20:42", "1388397", "https://admarkam1.com/ZjQ2Njg0MWJjNGE0/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2025-01-20 06:20:41", "1388396", "https://pildirmarkam.com/ZjQ2Njg0MWJjNGE0/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2025-01-20 06:19:09", "1388191", "https://solve.hhxe.org/awjsx.captcha", "url", "payload_delivery", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "", "clearfake,clickfix", "1", "ttakvam" "2025-01-19 23:50:19", "1388395", "http://a1073401.xsph.ru/4e2c0615.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2025-01-19 23:15:18", "1388339", "http://cd38713.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2025-01-19 21:00:18", "1388279", "http://eternitysystems.online/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2025-01-19 20:20:17", "1388254", "http://45.91.201.142/e344542ca4922af9.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "None", "Stealc", "0", "abuse_ch" "2025-01-19 18:05:03", "1388189", "https://avoidspaderik.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/7902e87ab677a55e32d8d354a1b225c67c89c871cdd711771dc5399f57fd6aef/", "lumma", "0", "abuse_ch" "2025-01-19 16:58:10", "1388169", "http://opal.wtf/bm6X", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "", "c2,cobaltstrike", "0", "juroots" "2025-01-19 16:54:50", "1388166", "https://pastebin.com/raw/ay20NBKe", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-01-19 16:52:06", "1388165", "https://raiffeisen.pw/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/23053f1f-a517-4f47-83bf-fa1d65f66bcc", "clickfix,fakecaptcha,urlscan", "0", "juroots" "2025-01-19 16:09:28", "1388133", "https://trickyobseel.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 16:09:27", "1388134", "https://steelysacckz.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 16:09:27", "1388135", "https://mshyhennyk.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 16:09:27", "1388136", "https://quitgirlek.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 16:09:26", "1388137", "https://curved-goose.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 16:09:26", "1388138", "https://futfilcreat.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "None", "19January2025,iocbottest", "0", "Gi7w0rm" "2025-01-19 12:19:44", "1388047", "http://5.8.18.7/filezzz.php", "url", "botnet_cc", "js.gootloader", "SLOWPOUR", "GootLoader", "", "50", "https://github.com/sophoslabs/IoCs/blob/master/IOC-sheet_gootloader2025.csv", "c2,gootloader", "0", "juroots" "2025-01-19 12:19:44", "1388048", "http://5.8.18.7/filesst.php", "url", "botnet_cc", "js.gootloader", "SLOWPOUR", "GootLoader", "", "50", "https://github.com/sophoslabs/IoCs/blob/master/IOC-sheet_gootloader2025.csv", "c2,gootloader", "0", "juroots" "2025-01-19 10:13:36", "1387982", "https://skistarteriz.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:36", "1387983", "https://yndo-pepper.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387975", "https://joinresperct.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387976", "https://imperialmaru.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387977", "https://coattoystreet.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387978", "https://kidimprinyj.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387979", "https://weardawwerz.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387980", "https://permussiduebuz.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:35", "1387981", "https://voyageprivato.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:34", "1387970", "https://writerendangez.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:34", "1387971", "https://smootycomper.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:34", "1387972", "https://givecuubys.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:34", "1387973", "https://imitiatcarvvh.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:34", "1387974", "https://steepfright.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:33", "1387965", "https://bellgoodysu.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:33", "1387966", "https://purringsawwyuz.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:33", "1387967", "https://aggresiwevommen.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:33", "1387968", "https://clammyrobiny.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:13:33", "1387969", "https://glibvisitiru.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,lumma,stealer,virustotal", "0", "DonPasci" "2025-01-19 10:00:14", "1387933", "http://185.196.8.37/Gd85kkjf/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "Amadey", "0", "abuse_ch" "2025-01-19 09:18:01", "1387902", "https://pitchseed.com/tmp/dtnnbtndj1-uhmy8s5e-29082/", "url", "payload_delivery", "win.emotet", "Geodo,Heodo", "Emotet", "", "50", "https://www.virustotal.com/gui/file/7d833c12911a22f6aa9e8bdb229975da90724526e2f4e93afa1d089db80a0491/detection", "emotet", "0", "juroots" "2025-01-19 09:18:01", "1387903", "https://www.mamajscakes.com/ytoawkr/gclxi-04u8tr-022249/", "url", "payload_delivery", "win.emotet", "Geodo,Heodo", "Emotet", "", "50", "https://www.virustotal.com/gui/file/7d833c12911a22f6aa9e8bdb229975da90724526e2f4e93afa1d089db80a0491/detection", "emotet", "0", "juroots" "2025-01-19 09:18:00", "1387899", "http://jacobsondevelopers.com/wp-content/m9yufwg62-ivbak8-8431/", "url", "payload_delivery", "win.emotet", "Geodo,Heodo", "Emotet", "", "50", "https://www.virustotal.com/gui/file/7d833c12911a22f6aa9e8bdb229975da90724526e2f4e93afa1d089db80a0491/detection", "emotet", "0", "juroots" "2025-01-19 09:18:00", "1387900", "http://www.shakeraleighbeauty.com/subscription/9qtkw7-57djmwa46x-074306828/", "url", "payload_delivery", "win.emotet", "Geodo,Heodo", "Emotet", "", "50", "https://www.virustotal.com/gui/file/7d833c12911a22f6aa9e8bdb229975da90724526e2f4e93afa1d089db80a0491/detection", "emotet", "0", "juroots" "2025-01-19 09:18:00", "1387901", "http://zabesholidays.me/api.mud/oyokx-xih3-8811/", "url", "payload_delivery", "win.emotet", "Geodo,Heodo", "Emotet", "", "50", "https://www.virustotal.com/gui/file/7d833c12911a22f6aa9e8bdb229975da90724526e2f4e93afa1d089db80a0491/detection", "emotet", "0", "juroots" "2025-01-19 09:04:29", "1387887", "http://194.59.31.82/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/77dbdf39-782b-4b34-8695-4bc8690971ae", "c2,hookbot,urlscan", "0", "juroots" "2025-01-19 09:03:58", "1387886", "http://37.139.129.142/htdocs/nnccyqnzfjhwokk.exe", "url", "payload_delivery", "win.masslogger", "None", "MASS Logger", "", "50", "https://urlscan.io/result/3946fdb6-459a-41f0-af0f-c2317528d32f", "exe,masslogger,urlscan", "0", "juroots" "2025-01-19 09:03:27", "1387885", "http://66.63.187.214/263ff79562167f22/mozglue.dll", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/83d9a274-7b68-406b-84c2-afa1b1fce2d5", "dll,stealc,urlscan", "0", "juroots" "2025-01-19 09:02:18", "1387884", "https://stewkickyuope.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "https://urlscan.io/result/530da88f-8275-48ae-bc24-57a2888eb999", "c2,lumma,urlscan", "0", "juroots" "2025-01-19 09:01:35", "1387883", "https://176.124.198.17/1da263bff25c8346.php", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/ceb5c36d-af42-4207-a0ae-fa64b0b4135c", "stealc,urlscan", "0", "juroots" "2025-01-19 09:01:34", "1387882", "http://5.188.86.231/0b6451de14750b6f.php", "url", "payload_delivery", "win.stealc", "None", "Stealc", "", "50", "https://urlscan.io/result/ecde3864-b787-452e-9c0f-8d84eb9f4832", "stealc,urlscan", "0", "juroots" "2025-01-19 07:50:07", "1387845", "http://452399cm.renyash.ru/_bigloadsqlbaseUniversalUploads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2025-01-19 07:23:04", "1387825", "https://deedcompetlk.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-01-19 07:15:01", "1387823", "http://fnnkcnemajnnaja.top/1.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/06d1c58ef9eaaabb7c036a635807916a60844785ce7be17e54ef9d6418f42206/", "KongTuke", "0", "abuse_ch" "2025-01-19 06:54:40", "1387818", "https://confidespill.top/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-01-19 06:54:40", "1387819", "https://vladimir-ulyanov.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-01-19 06:54:40", "1387820", "https://post-to-me.com/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-01-19 06:54:40", "1387821", "https://jammy-crusher.bond/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "LummaStealer", "0", "abuse_ch" "2025-01-19 06:35:30", "1387631", "https://kandercibebeler24.xyz/Y2VkNDY3OTIxNjc0/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2025-01-19 03:30:04", "1387705", "http://185.246.65.175/d5b9b560.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" # Number of entries: 113