################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2026-02-02 14:33:04 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-02-02 14:33:04", "1739984", "http://109.107.168.147/ws/client", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/d631655ad3ef9e7c854c86ae399a9c830bef784c6a51468d192f65a79bbb7c8b/", "RAT,RemoteX", "0", "abuse_ch"
"2026-02-02 13:56:35", "1739948", "https://smtp.bldg-restoration.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/smtp.bldg-restoration.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 13:30:42", "1739979", "http://150.241.83.5", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/f38a0347e5e7b0723ac8f1327c81ec8c8224aaa6190d53085c2d712db6968bb7/", "stealc", "0", "abuse_ch"
"2026-02-02 11:42:27", "1739958", "https://cdn.jsdelivr.net/gh/www1day7/msdn/fase32", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-02 11:35:45", "1739950", "https://capztoolz.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/capztoolz.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 11:35:45", "1739949", "https://willlog7.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/willlog7.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 10:30:39", "1739952", "http://86.107.168.90/a05dfdb7ef5b43c2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-02 12:02:47", "100", "False", "None", "Steal", "0", "abuse_ch"
"2026-02-02 09:00:32", "1739945", "https://mail.peablueinteriors.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.peablueinteriors.co.uk", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 09:00:32", "1739944", "https://mail.kvmjcleaning.ca/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.kvmjcleaning.ca", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 08:00:31", "1739925", "https://vsure.trumpcode.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/vsure.trumpcode.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 08:00:31", "1739924", "https://webiz-magazine.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/webiz-magazine.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 08:00:31", "1739923", "https://wowlabzstaging.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/wowlabzstaging.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 08:00:31", "1739922", "https://wehouse.au/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/wehouse.au", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:36", "1739917", "https://thietbilanh.cokhiviendong.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/thietbilanh.cokhiviendong.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739913", "https://tileroofinglasvegas.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/tileroofinglasvegas.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739911", "https://thetavernonfourth-com.bubars.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/thetavernonfourth-com.bubars.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739912", "https://theoldschool.sc/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/theoldschool.sc", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739914", "https://visa.ourdubaitravel.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/visa.ourdubaitravel.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739915", "https://tenabl.io/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/tenabl.io", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:35", "1739916", "https://webdisk.karamelsitges.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/webdisk.karamelsitges.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739910", "https://soko-jikara.jp/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/soko-jikara.jp", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739909", "https://tamara.scrappinmonkeys.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/tamara.scrappinmonkeys.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739908", "https://techtotalix.com.topmostfreight.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/techtotalix.com.topmostfreight.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739907", "https://sultanshopee.ninetysix.in/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/sultanshopee.ninetysix.in", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739906", "https://smartpromotions.seanborgmans.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/smartpromotions.seanborgmans.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:34", "1739905", "https://sales.activemedicaresolutions.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/sales.activemedicaresolutions.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:33", "1739904", "https://pgadmin.ddsis.com.mx/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/pgadmin.ddsis.com.mx", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:33", "1739903", "https://orkayacademy.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/orkayacademy.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:33", "1739902", "https://nouralhalaby.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/nouralhalaby.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:33", "1739901", "https://peach.prgss.dev/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/peach.prgss.dev", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:33", "1739900", "https://odva.wbinnova.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/odva.wbinnova.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:32", "1739896", "https://mail.reclaimyourfunds.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.reclaimyourfunds.org", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:32", "1739897", "https://nhahang3.umemarketingagency.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/nhahang3.umemarketingagency.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:32", "1739898", "https://newsite.jacquiejordan.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/newsite.jacquiejordan.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:32", "1739899", "https://obchod.moravskysommelier.cz/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/obchod.moravskysommelier.cz", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:32", "1739895", "https://mail.psicogenealogia.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.psicogenealogia.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:31", "1739894", "https://mail.pvu.gbh.mybluehost.me/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.pvu.gbh.mybluehost.me", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:31", "1739893", "https://mail.rodasaopaulo.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.rodasaopaulo.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:31", "1739892", "https://mail.newday-gt.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.newday-gt.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:31", "1739891", "https://mail.diskopumkm-minahasa.my.id/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.diskopumkm-minahasa.my.id", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:31", "1739890", "https://mail.bennnene.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.bennnene.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:30", "1739886", "https://mail.destinationecuador.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.destinationecuador.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:30", "1739885", "https://mail.genesseevalleygolfcourse.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.genesseevalleygolfcourse.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:30", "1739887", "https://mail.imeldaespinoza.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.imeldaespinoza.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:30", "1739888", "https://mail.istar-vip.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mail.istar-vip.com", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 07:30:30", "1739889", "https://lp.rainhadosconsorcios.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/lp.rainhadosconsorcios.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-02-02 06:02:41", "1739880", "http://138.226.237.35", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260202-cyd99abw4b", "AS214196,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-02-02 03:03:22", "1739867", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/eee12", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 23:12:49", "1739858", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/coolray/mti98", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 22:11:07", "1739853", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/html5/ui", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 20:00:21", "1739840", "http://astrologickeconoablos.cc:8080/updater?for=07AE43EC57B400B48380A0EB83234BF7", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "GoProxy", "0", "abuse_ch"
"2026-02-01 19:55:13", "1739838", "http://158.94.210.74/4d4b240c75954580.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch"
"2026-02-01 19:50:28", "1739837", "http://158.94.210.74", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/64fa7afa4d7f383a26b2d1c5c2490ea06d75ab77d71acea4ebd6b8063f11452f/", "stealc", "0", "abuse_ch"
"2026-02-01 19:42:16", "1739836", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/html5/at", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 17:35:46", "1739734", "http://196.251.107.130/zbuyowgn/data.php", "url", "botnet_cc", "win.svcstealer", "None", "SVCStealer", "", "75", "False", "https://bazaar.abuse.ch/sample/f690fc36d2e6c795b0310cb9af23c0283a8c1ab39322ea8bb6e4f69290c2f14a/", "svcstealer", "0", "abuse_ch"
"2026-02-01 16:44:37", "1739731", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/gog2026/bb24", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 16:28:30", "1739724", "http://62.60.131.230/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "100", "False", "None", "AS208137,Feo Prest SRL,odyssey", "0", "antiphishorg"
"2026-02-01 15:45:06", "1739700", "http://zx.pe/bp.php", "url", "botnet_cc", "win.spybot", "None", "SpyBot", "", "100", "False", "https://bazaar.abuse.ch/sample/d6c191d44a2f3144701c08c3483028966b3f7d0a85f1308f39087c1d90ab44ca/", "spyagent", "0", "Neiki"
"2026-02-01 14:55:49", "1739721", "http://192.168.174.130:80/Kw5f", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "https://bazaar.abuse.ch/sample/7909734378714b00dbf7caa964f20dcfd73aff350f65b24128e50b5cf12c5a56/", "cobaltstrike", "0", "abuse_ch"
"2026-02-01 14:50:15", "1739720", "http://196.251.107.130/cfedbcab777558b8.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-01 18:01:51", "100", "False", "None", "Steal", "0", "abuse_ch"
"2026-02-01 13:07:01", "1739716", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/gog2026/see4", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 13:00:38", "1739715", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/rtt9", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 12:01:53", "1739712", "https://solidolbabrering.shop", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260201-lv7l3agv9b", "C2,stealc,stealer,triage", "0", "DonPasci"
"2026-02-01 07:29:59", "1739670", "https://insomnia.top/api/c2_register.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/31eadb85a13e58678b4b3c4576b7a0ba59b57f9adff72fe8f998313a0f54827a/", "None", "0", "abuse_ch"
"2026-02-01 07:29:59", "1739669", "https://insomnia.top/api/c2_commands.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/31eadb85a13e58678b4b3c4576b7a0ba59b57f9adff72fe8f998313a0f54827a/", "None", "0", "abuse_ch"
"2026-02-01 07:29:59", "1739668", "https://insomnia.top/api/upload_fast.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/31eadb85a13e58678b4b3c4576b7a0ba59b57f9adff72fe8f998313a0f54827a/", "None", "0", "abuse_ch"
"2026-02-01 06:28:20", "1739433", "https://18.217.34.53/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/18.217.34.53", "ClickFix", "0", "CarsonWilliams"
"2026-02-01 06:28:19", "1739445", "https://185.125.91.3/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/185.125.91.3", "ClickFix", "0", "CarsonWilliams"
"2026-02-01 02:50:27", "1739628", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/nm7", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-02-01 01:45:09", "1739446", "http://144.31.166.169/22f497205c838ab3.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-02-01 06:02:40", "100", "False", "None", "Steal", "0", "abuse_ch"
"2026-02-01 00:08:03", "1739444", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/ged13/bb80", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-31 21:55:06", "1739434", "http://212.67.17.63/Javascriptapiwindowsgeneratorwptemp.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch"
# Number of entries: 72