################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2024-12-21 12:25:24 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2024-12-21 12:25:24", "1358935", "http://195.10.205.157/Public/Pollauth8/TestLocalapi/1Base/Temp/Todumpprovider/7Eternal/game/63multi/29Dump/5/multiHttp0Request/_securebigload.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-12-21 12:20:14", "1358934", "https://stem-mellows.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/36ae8fda3c54b17e1a0609c07aab00a27c435244e19990d45327e21b16455718/", "lumma", "0", "abuse_ch"
"2024-12-21 11:12:53", "1358928", "https://95.216.183.108/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2024-12-21 11:12:50", "1358927", "https://toptek.sbs/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2024-12-21 11:05:27", "1358926", "http://inglesxyz.shop/index.php", "url", "botnet_cc", "win.azorult", "PuffStealer,Rultazo", "Azorult", "", "100", "None", "AZORult", "0", "abuse_ch"
"2024-12-21 10:05:26", "1358923", "http://895157cm.nyashteam.ru/videogeoflowertestuniversaldleLocalCentral.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-12-21 09:30:26", "1358922", "http://212.193.31.8/3ofn3jf3e2ljk2/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "None", "Amadey", "0", "abuse_ch"
"2024-12-21 09:05:19", "1358921", "http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-12-21 08:55:15", "1358920", "http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-12-21 07:32:37", "1358873", "https://premiumprotectiondis.org/webpanel/Panel/login.php", "url", "botnet_cc", "win.gomorrah_stealer", "None", "Gomorrah stealer", "", "100", "None", "AS26619,Epik LLC,gomorrah,GTD COLOMBIA S.A.S", "0", "antiphishorg"
"2024-12-21 06:40:07", "1358916", "http://103.199.180.105:40951/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-12-21 06:40:05", "1358915", "http://117.215.129.210:59952/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-12-20 21:50:14", "1358863", "http://185.219.81.132/c3d039fb36c40339.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "None", "Stealc", "0", "abuse_ch"
"2024-12-20 20:15:12", "1358861", "http://703648cm.renyash.top/provider_cpugame.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-12-20 18:40:07", "1358851", "http://59.97.125.78:44272/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-12-20 18:40:04", "1358850", "http://175.107.0.178:57273/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-12-20 16:25:05", "1358844", "http://185.219.81.132/1089481c07d09d21.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "None", "Stealc", "0", "abuse_ch"
"2024-12-20 16:01:48", "1358840", "http://ohunhebzhbu3.top/1.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113685785819659005", "KongTuke", "0", "monitorsg"
"2024-12-20 14:36:08", "1358834", "https://hamptoninnbelton.com/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 14:36:06", "1358837", "https://incms.biz/work/mmmm.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113685643684963784", "SmartApeSG", "0", "monitorsg"
"2024-12-20 14:36:06", "1358836", "https://hamptoninnbelton.com/work/download.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 14:36:06", "1358835", "https://hamptoninnbelton.com/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 12:42:46", "1358830", "https://hdtele.com/6yq3.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113685073415457827", "KongTuke", "0", "monitorsg"
"2024-12-20 12:42:44", "1358832", "https://hdtele.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113685073415457827", "KongTuke", "0", "monitorsg"
"2024-12-20 07:17:20", "1358799", "https://95.217.29.164/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x"
"2024-12-20 06:57:44", "1358790", "https://wrathful-jammy.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7"
"2024-12-20 06:57:44", "1358789", "https://awake-weaves.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7"
"2024-12-20 06:57:44", "1358788", "https://sordid-snaked.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "lontze7"
"2024-12-20 06:57:42", "1358793", "https://frostman.shop/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2024-12-20 07:17:21", "100", "", "None", "0", "lontze7"
"2024-12-20 06:56:48", "1358657", "https://odziezrobocza.biz/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 06:56:47", "1358658", "https://odziezrobocza.biz/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 06:56:46", "1358659", "https://odziezrobocza.biz/work/download.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds"
"2024-12-20 06:56:43", "1358683", "https://116.203.12.114", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "c2,vidar", "0", "Lars"
"2024-12-19 17:33:00", "1358607", "https://gwcomics.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113679412628778023", "KongTuke", "0", "monitorsg"
"2024-12-19 17:32:59", "1358608", "http://sdubvlbbuz3vzzz.top/1.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113679412628778023", "KongTuke", "0", "monitorsg"
"2024-12-19 17:32:58", "1358611", "http://185.11.61.104/7jbBdsS/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "", "amadey,c2", "0", "Swipes"
"2024-12-19 17:32:56", "1358612", "https://incms.biz/work/zzzz.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113679771419385027", "SmartApeSG", "0", "monitorsg"
"2024-12-19 17:32:55", "1358622", "https://lehoetrb6j1h6.online/N2Y5ZmU3OTI5ZDky/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:55", "1358621", "https://jery2helly4now.site/N2Y5ZmU3OTI5ZDky/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:54", "1358623", "https://venndzy75hjeklr.top/N2Y5ZmU3OTI5ZDky/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:53", "1358624", "https://koleitgehndhe782hr.online/YWFiM2VkMmFmNWFh/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:51", "1358627", "https://lfoi45frhre4frjhyfrh.online/YWFiM2VkMmFmNWFh/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:50", "1358625", "https://agenoikleiocbgr54.life/YWFiM2VkMmFmNWFh/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 17:32:49", "1358626", "https://juiruhf5be6743yhyjdj.xyz/YWFiM2VkMmFmNWFh/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1"
"2024-12-19 16:10:12", "1358628", "http://185.219.81.135/7ea00b0801a6fd7e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "None", "Stealc", "0", "abuse_ch"
# Number of entries: 45