################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-05-21 16:30:10 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-05-21 16:30:10", "1817025", "https://thu.fbvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 16:30:08", "1817023", "https://thu.adasm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 14:54:44", "1816968", "https://awalitsystems.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/awalitsystems.com", "ClickFix", "0", "CarsonWilliams" "2026-05-21 14:54:43", "1816970", "https://wp.dildobegins.ink/gscqgqdendiivnpvnw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/wp.dildobegins.ink", "ClickFix", "0", "CarsonWilliams" "2026-05-21 14:54:41", "1816971", "https://aifreeuse.pro/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/aifreeuse.pro", "ClickFix", "0", "CarsonWilliams" "2026-05-21 14:00:09", "1816979", "https://tee.fbvendas.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 14:00:08", "1816977", "https://tee.adasm188.top/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 11:55:36", "1816863", "http://198.135.51.79/08189bc59f5e44a0979b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:02:49", "100", "False", "None", "1905,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-21 08:00:11", "1816889", "https://ori.fazvende.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 08:00:09", "1816887", "https://ori.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-21 07:06:47", "1816866", "https://62.238.11.129/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-21 07:06:47", "1816867", "https://178.105.113.226/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-21 06:46:12", "1816853", "http://trailblazehealth.com/curl/6e2d25066bc1db68a10d55189c7c0bae6443d5178fd4310808270e261236ce30", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "ClickFix,MacSync", "0", "effy" "2026-05-21 06:46:11", "1816854", "https://api-metrics-5453.com/curl/3e97b0eddfddb28e10008f9348381b2665e1ad12476315b24a64808696c3347b", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "ClickFix,MacSync", "0", "effy" "2026-05-21 05:40:42", "1816828", "http://198.135.51.79", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/5c807ad6b96d051a1db40918015541d35f6b6a82c9541823b413409b61ef08cc/", "stealc", "0", "abuse_ch" "2026-05-21 05:01:13", "1816761", "https://pafu.eco.to/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/pafu.eco.to", "ClickFix", "0", "CarsonWilliams" "2026-05-21 05:00:55", "1816808", "https://gardeninfrastructurecore.garden/80ad8f13-a651-414f-8be5-0252e6fd5ad0/ggl.bsc", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "85", "False", "None", "clearfake,clickfix,rundll32,webdav", "0", "Lenny_3BO" "2026-05-21 04:59:58", "1816706", "http://aulinked.org/infos.php?fronts=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "clickfix,fingerfix,ironpython,winhttp", "0", "Lenny_3BO" "2026-05-21 04:59:57", "1816707", "https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t9", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "clickfix,fingerfix,ironpython,winhttp", "0", "Lenny_3BO" "2026-05-21 04:59:53", "1816703", "https://ackerkann.lol/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 04:10:01", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:53", "1816704", "https://ackerkann.lol/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 04:10:04", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:51", "1816701", "https://ackerkann.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 04:09:59", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:50", "1816699", "https://lolfler.lol/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 03:11:16", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:50", "1816700", "https://lolfler.lol/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 03:11:17", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:48", "1816697", "https://lolfler.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-21 03:11:14", "100", "True", "None", "KongTuke", "0", "monitorsg" "2026-05-21 04:59:46", "1816694", "https://platecrumbs.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/platecrumbs.com", "ClickFix", "0", "CarsonWilliams" "2026-05-21 04:59:30", "1816656", "https://www.dunebuggydubai.ae/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.dunebuggydubai.ae", "ClickFix", "0", "CarsonWilliams" "2026-05-20 22:00:10", "1816772", "https://spl.fazvende.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 22:00:09", "1816770", "https://spl.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 17:30:09", "1816693", "https://zpr.fazvende.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 17:30:08", "1816691", "https://zpr.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 16:12:55", "1816666", "https://136.243.232.229/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:55", "1816667", "https://136.243.232.227/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816660", "https://136.243.232.230/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816661", "https://95.216.103.174/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816662", "https://46.4.70.79/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816663", "https://136.243.232.225/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816664", "https://136.243.232.231/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:54", "1816665", "https://136.243.232.228/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 16:12:53", "1816659", "https://136.243.232.224/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-05-20 15:39:04", "1816620", "https://cbs-tv.com.skysports1.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/cbs-tv.com.skysports1.com", "ClickFix", "0", "CarsonWilliams" "2026-05-20 15:39:00", "1816635", "https://recaptcha.boit.cloud/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/recaptcha.boit.cloud", "ClickFix", "0", "CarsonWilliams" "2026-05-20 15:38:59", "1816636", "https://smackit.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/smackit.lat", "ClickFix", "0", "CarsonWilliams" "2026-05-20 15:38:57", "1816645", "http://31.56.209.88/c1d59c10e8d343a09790.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:08:45", "100", "False", "None", "c2,loader,medik,StealC,stealer", "0", "Bitsight" "2026-05-20 15:38:55", "1816649", "https://worldopportunitiesfund.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/worldopportunitiesfund.com", "ClickFix", "0", "CarsonWilliams" "2026-05-20 11:51:37", "1816616", "http://212.43.149.35/index.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "abuse_ch" "2026-05-20 11:42:40", "1816612", "https://176.125.242.155/admin", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "SilentStealer", "0", "varysz" "2026-05-20 11:42:39", "1816611", "https://food-family.icu/admin", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "SilentStealer", "0", "varysz" "2026-05-20 11:19:41", "1816588", "https://fucktermedfir.st/files/jar/component", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:40", "1816589", "https://fucktermedfir.st/files/jar/RuntimeBroker.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:40", "1816590", "https://fucktermedfir.st/files/jar/module2", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:39", "1816591", "https://fucktermedfir.st/files/jar/Pjibf.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:39", "1816593", "https://fucktermedfir.st/files/jar/elevator", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:38", "1816592", "https://fucktermedfir.st/files/jar/security", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:37", "1816594", "https://fucktermedfir.st/files/jar/module", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-20 11:19:29", "1816605", "https://176.125.242.155/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "SilentStealer", "0", "varysz" "2026-05-20 09:15:04", "1816575", "https://lands-end-coastguard.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-20 08:54:38", "1816518", "https://littlewonderseeds.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/littlewonderseeds.com", "ClickFix", "0", "CarsonWilliams" "2026-05-20 08:03:56", "1816567", "https://91.92.240.197/download3/payload-reflective-installer-frank", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d334056829c10a82b87ea760f536a0047c3c77718adc2cbbb861a3586af4f29b/", "None", "0", "abuse_ch" "2026-05-20 07:00:10", "1816547", "https://bom.fazvende.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 07:00:09", "1816545", "https://bom.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-20 05:55:16", "1816524", "https://dev-tokyotechie.com/de-ch/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:55:16", "1816525", "https://readadobe-document.click/support/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:55:16", "1816526", "https://documents-abacus.click/up/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:55:15", "1816521", "https://dev-tokyotechie.com/notification/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:55:15", "1816522", "https://dev-tokyotechie.com/de/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:55:15", "1816523", "https://dev-tokyotechie.com/ch/", "url", "payload_delivery", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/2004144f6c630e44f975c24fa311c41edf228213a958b5cf4fca2140d0341a7f/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-05-20 05:25:33", "1816384", "https://keneedy.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116602117784339646", "KongTuke", "0", "monitorsg" "2026-05-20 05:25:32", "1816386", "https://keneedy.lol/api/v1/session", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116602117784339646", "KongTuke", "0", "monitorsg" "2026-05-20 05:25:32", "1816387", "https://keneedy.lol/api/v1/verify", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116602117784339646", "KongTuke", "0", "monitorsg" "2026-05-20 05:25:31", "1816388", "https://keneedy.lol/api/v1/status", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116602117784339646", "KongTuke", "0", "monitorsg" "2026-05-20 05:25:29", "1816392", "http://178.16.55.153/JeffreyEpstein.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "clickfix,eyepyramid,pineapple,pyramid", "0", "Lenny_3BO" "2026-05-20 05:25:24", "1816404", "https://bumblebeejaspercentre.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/bumblebeejaspercentre.org", "ClickFix", "0", "CarsonWilliams" "2026-05-20 05:25:15", "1816441", "http://linkedby.org/infos.php?fronts=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "clickfix,fingerfix,ironpython", "0", "Lenny_3BO" "2026-05-20 05:25:14", "1816442", "https://namlongland.net/ebd417db-979c-51f8-aedf-88a2bf8aa6c3/t10", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "clickfix,fingerfix,ironpython", "0", "Lenny_3BO" "2026-05-20 05:25:11", "1816458", "https://mjwildlife.ca/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/mjwildlife.ca", "ClickFix", "0", "CarsonWilliams" "2026-05-20 05:10:33", "1816517", "https://pantofr.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/eaf7fcd3b858888826a15098c2ebe50f71503d42883009964f0312c8b6e86ff9/", "lumma", "0", "abuse_ch" "2026-05-19 21:50:40", "1816457", "https://brownhc.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/d4e9e7d1176b0c13f19b21e1af40d41e7049e8d000c568987709321c62a34291/", "lumma", "0", "abuse_ch" "2026-05-19 21:30:09", "1816454", "https://wed.fazvende.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-19 21:30:08", "1816452", "https://wed.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-19 19:00:09", "1816418", "https://rpi.fazvende.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-19 19:00:08", "1816416", "https://rpi.tristans-tea.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-05-18 11:28:09", "1815943", "http://144.31.203.24/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-21 18:18:06", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-18 11:28:05", "1815913", "http://144.31.203.12/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-21 17:17:54", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-18 11:27:58", "1815866", "http://144.31.158.255/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-21 16:17:40", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-05-17 05:52:27", "1815332", "http://144.31.57.65/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:30:40", "100", "False", "None", "c2,loader,os,StealC,stealer", "0", "Bitsight" "2026-05-12 14:48:59", "1811440", "http://cdntestconnect.com/ed54b97a570943999715.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:31:14", "100", "False", "None", "c2,first,loader,StealC,stealer", "0", "Bitsight" "2026-05-10 18:39:13", "1809572", "http://108.59.252.214/9290546939c94eebbdb2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 17:46:08", "100", "False", "None", "c2,loader,modo,StealC,stealer", "0", "Bitsight" "2026-05-08 12:18:54", "1808779", "http://95.85.236.66/cd44fb36ede645bf842e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 11:17:33", "100", "False", "None", "c2,loader,StealC,stealer,w27", "0", "Bitsight" "2026-05-08 08:00:21", "1808423", "http://secure.controlpanel.asia/330311481fe14ab99814.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:09:26", "100", "False", "None", "c2,CDCDCDC,loader,StealC,stealer", "0", "Bitsight" "2026-05-06 20:53:25", "1807882", "http://178.16.55.25/bcbb13c7c8984290857b.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:18:32", "100", "False", "None", "c2,FFF0506,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 17:17:43", "1807073", "http://5.252.177.67/bb7f17919d0a4d0aaf22.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:02:30", "100", "False", "None", "c2,loader,StealC,stealer,win20", "0", "Bitsight" "2026-05-05 13:58:25", "1807037", "http://213.165.47.49/480bee37986b4097bc20.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 17:45:32", "100", "False", "None", "c2,loader,StealC,stealer,test", "0", "Bitsight" "2026-05-05 13:58:14", "1807059", "http://89.46.38.100/c0b30d15260a4d8888dc.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:05:59", "100", "False", "None", "c2,loader,M1,StealC,stealer", "0", "Bitsight" "2026-05-05 13:12:36", "1807027", "http://217.119.129.37/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:32:09", "100", "False", "None", "2,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:27", "1806983", "http://196.251.107.130/16b022998f754137b60a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:31:47", "100", "False", "None", "c2,loader,RUN,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:20", "1806998", "http://213.165.47.174/0cddd9346bd3479aab11.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 17:57:11", "100", "False", "None", "c2,loader,steal,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:19", "1807009", "http://89.169.12.194/2a7400fe251b4b4687fe.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:26:28", "100", "False", "None", "b3,c2,loader,StealC,stealer", "0", "Bitsight" "2026-05-05 12:59:16", "1807013", "http://193.111.117.51/94a5dbd165044e85b88e.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-21 18:14:29", "100", "False", "None", "c2,loader,neverhigh,StealC,stealer", "0", "Bitsight" "2026-05-02 05:24:17", "1803956", "https://arsimonopa.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:21:05", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-05-02 05:24:15", "1803960", "https://lemonimonakio.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:30:26", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-05-21 18:35:04", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-23 04:45:34", "1796426", "http://196.251.107.248/kont2rt/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-05-21 18:01:13", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-04-19 18:25:29", "1794638", "http://213.5.130.87", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-17 18:15:06", "1793645", "http://213.5.130.147", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-14 18:35:26", "1790897", "http://185.183.35.120", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-14 13:15:44", "1789496", "https://panouradiant.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 06:01:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 12:17:49", "1789208", "https://celebritysummits.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 14:00:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 12:17:05", "1789063", "https://movesllc.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 14:00:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 12:16:29", "1788938", "https://vaartamedia.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-21 09:01:00", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:40:17", "1788573", "https://bestsunrisemovers.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 14:00:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:39:52", "1788500", "https://littlepirate.co.il/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 15:00:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:37:53", "1788071", "https://anasbhbh.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 17:00:49", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:36:55", "1787851", "https://americanautotransport.co/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 18:30:49", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:36:52", "1787830", "https://aachenhc.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 19:00:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:36:18", "1787721", "https://reimonstracking.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 19:30:49", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:34:56", "1787430", "https://engelspakistan.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 22:00:49", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:33:52", "1787225", "https://keepyourbalance-coaching.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 23:30:50", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:32:51", "1787027", "https://cannabis-dna.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-21 18:15:02", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 11:32:44", "1786989", "https://newraal.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-21 01:30:52", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 10:39:52", "1785656", "https://mcttt.gov.fj/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-20 06:15:03", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-14 06:06:10", "1785529", "http://185.183.35.206", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-04-11 07:06:31", "1783849", "https://cdn.mensualgeneratr.com/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-21 18:13:42", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-03-16 20:42:13", "1768715", "https://91.92.240.197/logs/sendInfo", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-20 08:03:56", "100", "False", "https://bazaar.abuse.ch/sample/a078ea491822b8d8014821cdcce8bcb450947a9e1c5e0b55d259df864978ee17/", "None", "0", "abuse_ch" "2026-03-16 10:41:19", "1767951", "http://82.38.71.155/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2026-05-21 17:35:44", "100", "False", "None", "c2,SmokeLoader", "0", "Bitsight" "2026-03-05 06:17:58", "1758456", "http://213.5.130.197", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:57", "1758457", "http://213.5.130.154", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:56", "1758458", "http://213.5.130.200", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:55", "1758459", "http://213.5.130.131", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:15", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758460", "http://213.5.130.179", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-20 18:01:29", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-03-05 06:17:54", "1758461", "http://213.5.130.189", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-26 13:57:13", "1737664", "https://fluraresto.me/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:34:08", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-26 13:57:13", "1737665", "https://mastralakkot.live/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:23:24", "100", "False", "None", "c2,Latrodectus", "0", "Bitsight" "2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:15", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:52", "1665523", "http://213.5.130.104", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:52", "1665524", "http://213.5.130.180", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:50", "1665525", "http://213.5.130.106", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665526", "http://213.5.130.102", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665527", "http://213.5.130.152", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665528", "http://213.5.130.107", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:49", "1665529", "http://213.5.130.153", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665530", "http://213.5.130.100", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:48", "1665531", "http://213.5.130.182", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-12-01 14:57:47", "1665532", "http://213.5.130.181", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:37", "1649775", "http://213.5.130.84", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:11", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649776", "http://213.5.130.96", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:14", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:36", "1649777", "http://213.5.130.98", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-25 06:01:35", "1649778", "http://213.5.130.160", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:15", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-11-12 09:18:13", "1639223", "https://telegram.me/tkt1kr", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-05-21 11:15:58", "100", "False", "", "Vidar", "0", "crep1x" "2025-10-21 13:19:24", "1624166", "http://213.5.130.75", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:23", "1624167", "http://213.5.130.10", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624169", "http://213.5.130.90", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:13", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-10-21 13:19:22", "1624170", "http://213.5.130.89", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-21 18:02:12", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2025-05-11 05:00:17", "1519450", "https://topguningit.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:23:06", "100", "False", "", "None", "0", "Rony" "2025-01-30 08:05:06", "1396131", "http://94.156.177.41/alpha/five/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2026-05-20 18:06:06", "75", "False", "https://bazaar.abuse.ch/sample/3374b05b06900819a538deb1b0cb86a5b944f36ccc9dcaa07d82ff169966de0f/", "lokibot", "0", "abuse_ch" "2024-10-22 13:56:41", "1338675", "https://stripplasst.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:26:41", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:39", "1338673", "https://skinnyjeanso.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:19:32", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-10-22 13:56:34", "1338670", "https://coolarition.com/live/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:35:00", "100", "False", "https://www.vmray.com/latrodectus-a-year-in-the-making/", "c2,latrodectus,vmray", "0", "DonPasci" "2024-09-19 14:07:51", "1326051", "https://isomicrotich.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:21:40", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-09-19 14:07:50", "1326052", "https://rilomenifis.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:30:44", "50", "False", "None", "1.7,Alpha", "0", "spamhaus" "2024-08-30 07:05:10", "1317376", "https://pikchestop.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:32:30", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-08-30 07:05:10", "1317377", "https://indepahote.com/test/", "url", "botnet_cc", "win.lactrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2026-05-21 18:24:26", "49", "False", "https://www.netskope.com/jp/blog/latrodectus-rapid-evolution-continues-with-latest-new-payload-features", "None", "0", "johannes" "2024-07-25 16:50:18", "1303634", "http://45.61.136.20/index.php/jlbcyg0q595vs4hef0", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2026-05-21 15:45:50", "100", "False", "None", "Loki", "0", "abuse_ch" "2024-03-22 19:47:18", "1248363", "https://titnovacrion.top/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2026-05-21 18:29:34", "100", "False", "", "None", "0", "Cryptolaemus1" # Number of entries: 167