################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-08-23 20:55:02 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-08-23 20:55:02", "1573343", "http://infouploads.com/zagala/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-08-23 18:16:17", "1573128", "https://t.me/vssvdsvsdv", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/74d762a3112f9e279d9e44fb54d3e50fe54d22efcfde448374bcb66593fee09c/", "lumma", "0", "abuse_ch" "2025-08-23 18:16:09", "1573127", "https://ironcrt.top/zdka", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/74d762a3112f9e279d9e44fb54d3e50fe54d22efcfde448374bcb66593fee09c/", "lumma", "0", "abuse_ch" "2025-08-23 18:09:35", "1573126", "http://79.137.206.68/blob/had3am.7zb2", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://tria.ge/250823-r7pvnsen8z", "AS210644,C2,rhadamanthys,stealer,triage", "0", "DonPasci" "2025-08-23 18:09:30", "1573125", "http://www.mirka-sg.com/basstools/clue/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "https://tria.ge/250823-twj66awxfs", "C2,loki,lokibot,triage", "0", "DonPasci" "2025-08-23 18:01:40", "1573124", "https://toplyws.top/xkdg", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250823-sccsaswsf1", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-23 18:00:29", "1573119", "https://raw.githubusercontent.com/srap18/ddoss/main/hosts:4444", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250823-rbqgbsvyfv", "C2,triage,xworm", "0", "DonPasci" "2025-08-23 14:10:22", "1573070", "https://lm.p.socialsalesnaija.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-23 22:10:29", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-23 09:46:16", "1573036", "https://t.me/romafgfg", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c9f48c755baef832933c65ffb834979bfa06c6924122698205495b1c5213bbcc/", "lumma", "0", "abuse_ch" "2025-08-23 09:17:38", "1572968", "https://momuus.com/seo1/verify.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds" "2025-08-23 09:14:27", "1572969", "https://appates.com/seo1/curly", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds" "2025-08-23 06:50:11", "1572960", "http://a1160945.xsph.ru/4ecf5632.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-23 06:19:11", "1572956", "https://momuus.com/google2/verify.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds" "2025-08-23 06:19:11", "1572957", "https://uytghkhl.sbs/fit", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds" "2025-08-23 06:19:10", "1572959", "https://appates.com/google2/curly", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,m1m1c", "0", "HuntYethHounds" "2025-08-23 06:10:47", "1572955", "https://195.201.254.191", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-23 21:10:21", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-23 06:08:42", "1572801", "http://170.64.217.39:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2025-08-23 06:03:13", "1572950", "https://connbkg.top/zwiq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250823-a6zvta1jv7", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-23 05:40:12", "1572946", "http://83.166.244.118/ImagepipepythonRequestgenerator.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-23 02:05:10", "1572890", "http://a1161183.xsph.ru/2bd939b4.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-22 20:10:22", "1572849", "https://in.p.socialsalesnaija.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-23 13:10:21", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-22 18:15:07", "1572799", "http://cf39442.tw1.ru/e4c710f3.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-22 14:41:31", "1572616", "https://lumberbrother.xyz/mxi.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-08-22 14:35:58", "1572613", "http://roofspade.info/fou.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-08-22 12:31:37", "1572581", "http://85.158.108.135:5050/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS59711,castle,HZ Hosting Ltd", "0", "antiphishorg" "2025-08-22 12:31:35", "1572583", "http://64.52.80.44:9999/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS399629,BL Networks,castle", "0", "antiphishorg" "2025-08-22 11:18:12", "1572552", "https://tok-info.com/captcha", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "burger" "2025-08-22 11:18:11", "1572553", "https://tok-info.com/I?I=I", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "burger" "2025-08-22 11:18:10", "1572560", "https://94.154.35.99:1888/gateway/3buhk023.sdphc", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://app.any.run/tasks/e9f56d72-029a-4bce-881e-50c5471afb33?malconf=true", "None", "0", "burger" "2025-08-22 11:18:10", "1572561", "https://nexus-cloud-360.com:1888/gateway/3buhk023.sdphc", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://app.any.run/tasks/e9f56d72-029a-4bce-881e-50c5471afb33?malconf=true", "None", "0", "burger" "2025-08-22 10:10:21", "1572555", "https://116.202.177.39", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-23 05:10:22", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-22 10:10:21", "1572556", "https://out.p.socialsalesnaija.com", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-08-22 19:10:22", "75", "None", "reeqc,Vidar", "0", "abuse_ch" "2025-08-22 09:59:25", "1572551", "https://frozi.cc/Stb/Retev.php?bl=SlJURzJSSLqCMDTxDoLCW013.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/97ef57eb5cec408a41786318d997ebf6ea608923408a7e6744f9dfe68a9f143f/", "None", "0", "burger" "2025-08-22 09:40:05", "1572550", "http://a1160130.xsph.ru/d6cd641e.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-08-22 06:02:32", "1572511", "https://oldergunne.ru/xowu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/250822-gnvxgacn3s", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-08-22 05:45:40", "1572494", "http://103.207.224.126:42410/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:39", "1572491", "http://36.255.6.142:55752/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:38", "1572490", "http://36.255.6.227:47178/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:37", "1572493", "http://222.88.238.235:48854/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:37", "1572492", "http://39.69.32.255:42236/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:36", "1572495", "http://123.9.74.197:38604/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:36", "1572498", "http://115.48.162.180:43297/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:34", "1572496", "http://103.158.239.229:32848/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:34", "1572497", "http://117.231.155.127:51171/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:33", "1572499", "http://192.168.1.1:8088/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:33", "1572500", "http://103.152.159.251:44903/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "", "None", "0", "hb_n4l" "2025-08-22 05:45:32", "1572502", "http://117.206.19.245:42137/Mozi.a", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "100", "", "None", "0", "hb_n4l" "2025-08-22 05:45:16", "1572395", "https://nexus-cloud-360.com:1888/gateway/9xrretqm.e33ds", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:15", "1572401", "https://nexus-cloud-360.com:1888/gateway/7yu2mndw.5ypfm", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:14", "1572402", "https://185.141.216.120:1888/gateway/7yu2mndw.5ypfm", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:13", "1572394", "https://94.154.35.99:1888/gateway/9xrretqm.e33ds", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:12", "1572386", "http://196.251.84.253/misc.telnet.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-08-22 05:45:11", "1572368", "https://193.233.126.43/gateway/amwv5fbr.pxue8", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:11", "1572369", "https://193.23.216.48/gateway/amwv5fbr.pxue8", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:10", "1572360", "http://185.208.159.143/kqkuWULun.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/277e2a14e0391a77efa3e327dd14d6fb2995642b5e69a8a67bd644c90ff6fd3f/", "None", "0", "burger" "2025-08-22 05:45:08", "1572346", "http://89.213.44.123/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-08-21 17:40:16", "75", "https://greedybear.honeynet.org", "honeypot", "0", "BobDobalina" "2025-08-22 05:45:07", "1572345", "https://91.154.35.99:1888/gateway/fc43v2og.zla4t", "url", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "None", "0", "burger" "2025-08-22 05:45:00", "1572336", "http://suspendedclash.shop/19b574f278f94a33.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-08-21 18:01:40", "100", "", "None", "0", "pitachu" "2025-08-21 23:45:06", "1572440", "http://cg22156.tw1.ru/81224329.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" # Number of entries: 59