################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-12-14 12:00:38 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-12-14 12:00:38", "1678661", "http://webmail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87/", "cobaltstrike", "0", "abuse_ch" "2025-12-14 12:00:33", "1678660", "http://mail.revitpourtous.com:53/filestreamingservice/files/6ea77424-b4f6-4a77", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/05c944314d0c39b3f389a6ed36b5adc5f2d8521b5a1d9a82d2f36ab1acbbce87/", "cobaltstrike", "0", "abuse_ch" "2025-12-14 11:50:05", "1678653", "http://nightlume.xyz/eternalPythonJavascript_LinuxDownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-12-14 07:46:21", "1678610", "http://w2li.xyz/uploads/09aeb1c5c233f36f.dll", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch" "2025-12-14 07:46:21", "1678609", "http://w2li.xyz/8f42fdde60222ec1.node", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch" "2025-12-14 07:46:20", "1678608", "http://w2li.xyz/conn", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch" "2025-12-14 07:46:20", "1678607", "http://w2li.xyz/health", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/url/3733407/", "ClickFix", "0", "abuse_ch" "2025-12-14 07:38:15", "1678601", "https://steamcommunity.com/profiles/76561199877608270/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/a29828923481108b477df9f34543d24a8f1898e0c96386fcc4b20ed57bd8aff7/", "dropped-by-amadey", "0", "abuse_ch" "2025-12-14 06:59:00", "1678587", "https://romeroaktorpalimpsest.com/16836-NEAR-War-Veteran-Memorial-Park", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/e2754bc0876932908aaeecb3479ee8e8d42a298268e32fc096310c520b0c02ac/", "ClickFix,DeerStealer", "0", "abuse_ch" "2025-12-14 05:26:13", "1678180", "https://exoduwallet.io/exodus.exe", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "", "None", "0", "ninjacatcher" "2025-12-14 05:26:12", "1678455", "https://sotavpn.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/sotavpn.shop", "ClickFix", "0", "CarsonWilliams" "2025-12-14 05:26:05", "1678565", "https://smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/smtp.xn--80adx0bza.xn--80aphgvco4b.xn--p1ai", "ClickFix", "0", "CarsonWilliams" "2025-12-14 05:26:04", "1678566", "https://theinvestworthy.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/theinvestworthy.com", "ClickFix", "0", "CarsonWilliams" "2025-12-14 02:15:07", "1678533", "http://towerbingobongoboom.com:8080/updater?for=72CFA65519C25A05C2556FCC010387FC", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" "2025-12-13 15:44:29", "1677835", "https://simaalborg.dk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/simaalborg.dk", "ClickFix", "0", "CarsonWilliams" "2025-12-13 14:34:28", "1677830", "https://jqueryapihelpers.com/ZRk5hZRslW1-tkY60uruimakLJ1zQfozs9hIZwdPPcb", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-12-13 11:26:28", "1677766", "http://107.174.115.101:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS36352,HostPapa,supershell", "0", "antiphishorg" "2025-12-13 11:26:27", "1677755", "https://travellerschoice.ae/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/travellerschoice.ae", "ClickFix", "0", "CarsonWilliams" "2025-12-13 11:26:26", "1677754", "https://ace-batiment.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/ace-batiment.com", "ClickFix", "0", "CarsonWilliams" "2025-12-13 08:00:51", "1677471", "http://23.95.148.136:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS36352,HostPapa,supershell", "0", "antiphishorg" "2025-12-13 08:00:50", "1677479", "http://77.105.161.133/1ea995999d91ca21.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://bazaar.abuse.ch/sample/8f16da672b72afa99e534d022b945bdc8a4ea1083d09ba7930df2dd163eb3bb8", "c2,stealc,url", "0", "burger" "2025-12-13 08:00:50", "1677475", "http://77.110.114.11/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-13 06:04:07", "100", "https://bazaar.abuse.ch/sample/14703a96c5eb7b454998ee60a5effbedc43436486bf3b70355fcccce92dacc8e/", "c2,stealc", "0", "burger" "2025-12-13 07:51:05", "1676765", "https://193.233.126.16/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://bazaar.abuse.ch/sample/e3d8c94bbd231d89d9c0fce27f25d0c5c9b99722f21305cce9f0fefc845e80a4/", "c2,url,vidar", "0", "burger" "2025-12-13 07:51:04", "1676768", "http://69.5.189.119/ca181e88d271449b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://bazaar.abuse.ch/sample/702252b74d927a5c5ef712dfb1931e2d9093a63950505ca2f887e520eeaef7e2/", "c2,stealc,url", "0", "burger" "2025-12-13 07:51:03", "1676760", "http://91.92.243.254/kelly/five/PvqDq929BSx_A_D_M1n_a.php", "url", "botnet_cc", "apk.lokibot", "None", "LokiBot", "", "100", "None", "AS214943,lokibot,Railnet LLC", "0", "antiphishorg" "2025-12-12 21:30:11", "1677529", "http://towerbingobongoboom.com:8080/updater?for=81D1B730207B50BC16231686B723B33F", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" # Number of entries: 26