################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-06-13 12:15:03 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-06-13 12:15:03", "1831756", "https://galaxygraphicsprints.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-06-13 03:00:05", "1831663", "http://abscete.info/ret/two/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "False", "None", "Loki", "0", "abuse_ch" "2026-06-13 00:25:40", "1831651", "http://mottla.shop:4190", "url", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/5a5ed89ce1dfdc342f2da873166bd095037f30e76b7fd29d300cb3c2eb7eb5a4/", "remus", "0", "abuse_ch" "2026-06-12 16:12:18", "1831584", "https://secure-code.lol/o", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116738002173093611", "KongTuke", "0", "monitorsg" "2026-06-12 16:12:17", "1831586", "https://bronzepavilion.top/signin/auth-json", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116738004104101398", "SmartApeSG", "0", "monitorsg" "2026-06-12 16:12:17", "1831588", "https://bronzepavilion.top/signin/route-script.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116738004104101398", "SmartApeSG", "0", "monitorsg" "2026-06-12 16:04:55", "1830952", "https://oliveiaa.icu/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116737701740565223", "KongTuke", "0", "monitorsg" "2026-06-12 16:04:52", "1831576", "https://slivkishow.asia/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/slivkishow.asia", "ClickFix", "0", "CarsonWilliams" "2026-06-12 15:24:53", "1831573", "https://ggt.glamisrent.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:24:42", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch" "2026-06-12 15:24:41", "1831571", "https://ggt.gerbongsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:24:30", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch" "2026-06-12 14:02:04", "1830947", "https://misterslivker.asia/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/misterslivker.asia", "ClickFix", "0", "CarsonWilliams" "2026-06-12 12:49:19", "1830881", "https://oliveiaa.icu/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 12:49:18", "1830885", "https://linenvoyage.top/signin/profile-parser.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116737060356279737", "SmartApeSG", "0", "monitorsg" "2026-06-12 12:49:17", "1830883", "https://oliveiaa.icu/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 12:49:17", "1830884", "https://oliveiaa.icu/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 12:49:15", "1830887", "https://linenvoyage.top/signin/auth-json", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116737060356279737", "SmartApeSG", "0", "monitorsg" "2026-06-12 12:49:15", "1830888", "https://linenvoyage.top/signin/route-script.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116737060356279737", "SmartApeSG", "0", "monitorsg" "2026-06-12 11:00:50", "1830868", "https://puz.glamisrent.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-12 14:24:48", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-12 11:00:49", "1830866", "https://puz.gerbongsm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-12 14:24:37", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-12 10:56:03", "1830828", "http://94.183.232.247/Ciabins.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-12 09:20:50", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2026-06-12 10:35:45", "1830861", "http://nostrendezvous.com:5789", "url", "botnet_cc", "win.remus", "None", "Remus", "", "75", "False", "https://bazaar.abuse.ch/sample/c6dc62c4bad1c383518470c3156b4f38126b991450f050fb656d82db72d5c5a8/", "remus", "0", "abuse_ch" "2026-06-12 08:48:41", "1830526", "https://riverbreezeintl.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/riverbreezeintl.com", "ClickFix", "0", "CarsonWilliams" "2026-06-12 08:24:41", "1830673", "https://178.105.226.167/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830666", "https://167.233.40.16/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830667", "https://46.224.173.3/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830668", "https://65.21.96.132/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830669", "https://65.21.96.134/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830670", "https://167.233.39.81/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830671", "https://167.233.60.161/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:40", "1830672", "https://178.105.87.41/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 08:24:39", "1830665", "https://135.181.224.78/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-06-12 06:11:32", "1830370", "https://sartora.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:31", "1830372", "https://sartora.lol/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:31", "1830406", "https://jiminej.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-11 21:06:02", "100", "True", "https://infosec.exchange/@monitorsg/116733276177032639", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:30", "1830373", "https://sartora.lol/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:29", "1830408", "https://jiminej.lol/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-11 21:06:03", "100", "True", "https://infosec.exchange/@monitorsg/116733276177032639", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:28", "1830409", "https://jiminej.lol/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-06-11 21:06:04", "100", "True", "https://infosec.exchange/@monitorsg/116733276177032639", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:28", "1830410", "https://jiminej.lol/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116733276177032639", "KongTuke", "0", "monitorsg" "2026-06-12 06:11:24", "1830505", "http://5.83.134.26/z.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-06-12 05:50:33", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2026-06-11 21:00:49", "1830420", "https://srv.gasturbo88.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-12 10:24:44", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-11 21:00:49", "1830422", "https://srv.glamisdunesrentals.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-12 10:24:56", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-11 16:42:29", "1830313", "https://saffronarchivehub.top/role/policy-sessionstore.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-11 16:08:46", "100", "True", "https://infosec.exchange/@monitorsg/116731873205080120", "SmartApeSG", "0", "monitorsg" "2026-06-11 16:42:28", "1830315", "https://saffronarchivehub.top/role/health-json", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-11 16:08:47", "100", "True", "https://infosec.exchange/@monitorsg/116731873205080120", "SmartApeSG", "0", "monitorsg" "2026-06-11 16:42:27", "1830316", "https://saffronarchivehub.top/role/redirect-html.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-06-11 16:08:48", "100", "True", "https://infosec.exchange/@monitorsg/116731873205080120", "SmartApeSG", "0", "monitorsg" "2026-06-11 16:42:22", "1830328", "http://104.234.18.91:3001/api/internal/log", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.vmray.com/analyses/_mb/9e514a2edc36/report/network.html", "c2", "0", "burger" "2026-06-11 16:42:21", "1830327", "http://104.234.18.91:3001/ws", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.vmray.com/analyses/_mb/9e514a2edc36/report/network.html", "c2", "0", "burger" "2026-06-11 16:42:20", "1830329", "http://104.234.18.91:3001/api/upload", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.vmray.com/analyses/_mb/9e514a2edc36/report/network.html", "c2", "0", "burger" "2026-06-11 16:24:51", "1830351", "https://ox3.gasturbo88.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-11 20:24:46", "75", "False", "None", "gr0u4,Vidar", "0", "abuse_ch" "2026-06-11 16:00:52", "1830350", "https://ox3.glamisdunesrentals.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-11 20:24:57", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-11 14:20:49", "1830322", "https://spasopro.at/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "75", "False", "https://bazaar.abuse.ch/sample/fbb697f6ff25ac3ea01c7536945ec053406f2fdd30e802350a2c28fcb19672dd/", "smokeloader", "0", "abuse_ch" "2026-06-11 14:20:47", "1830321", "http://spasopro.at/index.php", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "75", "False", "https://bazaar.abuse.ch/sample/fbb697f6ff25ac3ea01c7536945ec053406f2fdd30e802350a2c28fcb19672dd/", "smokeloader", "0", "abuse_ch" "2026-06-11 12:00:49", "1830198", "https://ffe.gasturbo88.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-11 15:24:40", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-11 12:00:49", "1830200", "https://ffe.glamisdunesrentals.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-11 15:24:51", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-11 05:25:55", "1829974", "http://151.243.18.28/4940cc4b5ddb4a2bb8f8.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:08:10", "100", "False", "None", "c2,dark,loader,StealC,stealer", "0", "Bitsight" "2026-06-09 18:18:02", "1825569", "http://spasopro.at/Lsge63sd3/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-12 15:45:36", "100", "False", "None", "amadey,c2,e7b4fe", "0", "Bitsight" "2026-06-07 16:19:12", "1824406", "http://94.26.83.133/4940cc4b5ddb4a2bb8f8.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:16:46", "100", "False", "None", "ataka0506,c2,loader,StealC,stealer", "0", "Bitsight" "2026-06-06 06:00:16", "1822872", "http://196.251.107.104/Psd8eZaW/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-13 11:53:58", "100", "False", "None", "282234,amadey,c2", "0", "Bitsight" "2026-06-06 05:24:31", "1823853", "https://pas.sm188star.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:23:59", "75", "False", "None", "ar3k0,Vidar", "0", "abuse_ch" "2026-06-05 14:00:31", "1822844", "https://pas.canamrent.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-12 14:24:15", "100", "True", "None", "vidar", "0", "crep1x" "2026-06-03 18:58:52", "1821983", "http://178.16.54.109/sodola", "url", "payload_delivery", "win.phorpiex", "Tldr,Trik,TwizT,phorphiex", "Phorpiex", "2026-06-13 01:03:45", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-05-29 15:30:50", "1819843", "https://mub.depansm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 12:23:41", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-27 07:09:05", "1818897", "http://158.94.210.59/25e3868686d747678e3b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:24:19", "100", "False", "None", "888,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-23 22:00:09", "1817758", "https://cyy.turbo88ml.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 12:23:19", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-15 16:00:12", "1815074", "https://pgo.fatherchrismas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:22:56", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-12 14:48:59", "1811440", "http://cdntestconnect.com/ed54b97a570943999715.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:32:55", "100", "False", "None", "c2,first,loader,StealC,stealer", "0", "Bitsight" "2026-05-11 23:00:12", "1811188", "https://mpd.pegasus-77.biz.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:22:35", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-06 20:53:25", "1807882", "http://178.16.55.25/bcbb13c7c8984290857b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:33:36", "100", "False", "None", "c2,FFF0506,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 17:17:43", "1807073", "http://5.252.177.67/bb7f17919d0a4d0aaf22.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:25:25", "100", "False", "None", "c2,loader,StealC,stealer,win20", "0", "Bitsight" "2026-05-05 13:58:25", "1807037", "http://213.165.47.49/480bee37986b4097bc20.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 12:44:43", "100", "False", "None", "c2,loader,StealC,stealer,test", "0", "Bitsight" "2026-05-05 13:58:14", "1807059", "http://89.46.38.100/c0b30d15260a4d8888dc.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:15:05", "100", "False", "None", "c2,loader,M1,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:27", "1806983", "http://196.251.107.130/16b022998f754137b60a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:32:54", "100", "False", "None", "c2,loader,RUN,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:20", "1806998", "http://213.165.47.174/0cddd9346bd3479aab11.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:32:05", "100", "False", "None", "c2,loader,steal,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:16", "1807013", "http://193.111.117.51/94a5dbd165044e85b88e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-06-13 13:21:33", "100", "False", "None", "c2,loader,neverhigh,StealC,stealer", "0", "Bitsight" "2026-05-02 05:24:17", "1803956", "https://arsimonopa.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:22:39", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-02 05:24:15", "1803960", "https://lemonimonakio.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:30:41", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-01 14:30:24", "1803671", "https://frr.ambil-disini.web.id/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:22:14", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:21:53", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-13 13:32:56", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-24 15:18:01", "1797247", "https://psy.flise-mesteren.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:21:31", "75", "False", "None", "r88vry,Vidar", "0", "abuse_ch" "2026-04-23 04:45:34", "1796426", "http://196.251.107.248/kont2rt/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-06-13 13:30:46", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-04-22 11:17:09", "1796067", "http://wrath.bottlevacuum.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:21:42", "75", "False", "None", "opiusra,Vidar", "0", "abuse_ch" "2026-04-19 18:25:29", "1794638", "http://213.5.130.87", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-17 18:15:06", "1793645", "http://213.5.130.147", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-17 17:13:25", "1793616", "https://ask.shurimaster.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:20:47", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 16:13:56", "1792849", "https://pir.rapidphonebuyer.co.uk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:18:29", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-16 11:16:17", "1792718", "http://gusto.brothbridge.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:21:10", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch" "2026-04-15 11:43:19", "1791747", "http://107.189.24.190:80", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:15:46", "75", "False", "None", "gr00n1,Vidar", "0", "abuse_ch" "2026-04-15 08:15:13", "1791687", "http://venom.summertunnel.shop", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:20:58", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch" "2026-04-14 18:35:26", "1790897", "http://185.183.35.120", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-14 16:03:10", "1790857", "https://lts.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:12:55", "75", "False", "None", "ho0r1,Vidar", "0", "abuse_ch" "2026-04-14 14:11:18", "1790170", "http://dzodu.sparklingideas.space", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:20:15", "75", "False", "None", "odzdkzo,Vidar", "0", "abuse_ch" "2026-04-14 14:10:11", "1790169", "http://kdije.weirdthings.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:17:25", "75", "False", "None", "okfueh,Vidar", "0", "abuse_ch" "2026-04-14 11:32:51", "1787027", "https://cannabis-dna.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-06-13 13:15:02", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 06:06:10", "1785529", "http://185.183.35.206", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-13 07:46:34", "1785049", "https://pre.hifive.net.au/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:19:54", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-11 07:06:31", "1783849", "https://cdn.mensualgeneratr.com/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-13 12:21:25", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-04-07 07:43:55", "1782152", "http://dzdi.serendipityhub.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:19:43", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-03 16:12:59", "1780716", "https://hor.kaitorinihon.jp/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:18:51", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777601", "https://pn2.skfilmsint.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:17:36", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777603", "https://gre.syslicense.net/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:17:02", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-27 21:24:17", "1777605", "http://fefeo.iknowthat.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:17:57", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-23 08:01:55", "1774200", "https://msi.swadeshcomputer.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:16:28", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-20 13:59:49", "1772370", "https://pr2.codetohaven.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:16:17", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-19 13:11:20", "1771455", "https://dhzuadd.hellothere.sbs", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:16:51", "75", "False", "None", "drkfiz,Vidar", "0", "abuse_ch" "2026-03-16 10:41:19", "1767951", "http://82.38.71.155/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-06-13 13:30:57", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-03-13 15:05:58", "1765442", "https://pan.paihost.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:15:36", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-09 09:29:17", "1762131", "https://ooe.myserver.com.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:15:25", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-05 06:17:58", "1758456", "http://213.5.130.197", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:57", "1758457", "http://213.5.130.154", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:56", "1758458", "http://213.5.130.200", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:55", "1758459", "http://213.5.130.131", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758460", "http://213.5.130.179", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758461", "http://213.5.130.189", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-02 09:30:33", "1756622", "https://ctl.it-bd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:14:53", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-23 10:06:47", "1753432", "https://glo.gadgetwalabd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:14:21", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-13 14:01:02", "1747538", "https://gor.emiraride.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:13:59", "100", "False", "", "Vidar", "0", "crep1x" "2026-02-09 11:13:23", "1743622", "https://opa.dokantrack.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:13:38", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-26 13:57:13", "1737664", "https://fluraresto.me/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:24:56", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 13:57:13", "1737665", "https://mastralakkot.live/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:33:58", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-23 09:14:26", "1736049", "https://lat.sodstreams.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:13:27", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-16 15:02:50", "1733587", "https://poc.sekershuk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:12:01", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 10:06:49", "1691482", "https://hov.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:11:40", "100", "False", "", "Vidar", "0", "crep1x" "2025-12-01 14:57:52", "1665523", "http://213.5.130.104", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:52", "1665524", "http://213.5.130.180", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:50", "1665525", "http://213.5.130.106", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665526", "http://213.5.130.102", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665527", "http://213.5.130.152", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665528", "http://213.5.130.107", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665529", "http://213.5.130.153", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665530", "http://213.5.130.100", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-12 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665531", "http://213.5.130.182", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:47", "1665532", "http://213.5.130.181", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:37", "1649775", "http://213.5.130.84", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-12 18:02:09", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649776", "http://213.5.130.96", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-12 18:02:10", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649777", "http://213.5.130.98", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:35", "1649778", "http://213.5.130.160", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:17", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:24", "1624166", "http://213.5.130.75", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:19", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:23", "1624167", "http://213.5.130.10", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624169", "http://213.5.130.90", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624170", "http://213.5.130.89", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-06-13 06:02:18", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-05-11 05:00:17", "1519450", "https://topguningit.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:28:32", "100", "False", "", "None", "0", "Rony" "2025-02-06 13:54:51", "1405307", "https://apworsindos.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:20:16", "100", "False", "", "None", "0", "Rony" "2025-02-06 13:54:51", "1405308", "https://reminasolirol.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:28:18", "100", "False", "", "None", "0", "Rony" "2025-01-18 16:10:00", "1386236", "https://135.181.31.18", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:10:58", "100", "False", "", "None", "0", "Gi7w0rm" "2024-10-22 13:56:41", "1338675", "https://stripplasst.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:24:30", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:39", "1338673", "https://skinnyjeanso.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:19:29", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:34", "1338670", "https://coolarition.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:34:31", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-09-19 14:07:51", "1326051", "https://isomicrotich.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:29:04", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-19 14:07:50", "1326052", "https://rilomenifis.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:19:02", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-08-30 07:05:10", "1317376", "https://pikchestop.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:28:20", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-30 07:05:10", "1317377", "https://indepahote.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-06-13 13:20:17", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-05-27 16:13:21", "1276244", "https://65.108.55.55:9000/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:10:27", "100", "False", "", "Vidar", "0", "crep1x" "2024-03-22 19:47:18", "1248363", "https://titnovacrion.top/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2026-06-13 13:29:31", "100", "False", "", "None", "0", "Cryptolaemus1" "2024-01-16 08:13:32", "1230963", "https://65.21.187.53/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-06-13 13:10:15", "100", "False", "", "Vidar", "0", "crep1x" # Number of entries: 158