################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-05-10 20:20:03 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-05-10 20:20:03", "1810422", "http://marconiliqhting.com/emma/encode.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "False", "None", "Loki", "0", "abuse_ch" "2026-05-10 18:42:29", "1809711", "https://donutsmpcheat.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:27", "1809713", "https://donutsmpcheat.com/downloads/float-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:27", "1809712", "https://donutsmpcheat.com/downloads/kryptonite-cracked.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:26", "1809714", "https://donutsmpcheat.com/downloads/solar-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:25", "1809715", "https://donutsmpcheat.com/downloads/xenon-cracked.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:24", "1809716", "https://donutsmpcheat.com/downloads/meteor-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:00", "1809999", "https://menangmulu.jp.net/", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://tria.ge/260508-es5w5agt7j", "exe,NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:41:59", "1810000", "https://www.menangmulu.jp.net/", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://tria.ge/260508-es5w5agt7j", "exe,NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:41:58", "1810013", "https://transactions-service.fr/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/transactions-service.fr", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:59", "1810066", "http://8.218.254.115:9999/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,AS45102,supershell", "0", "antiphishorg" "2026-05-10 18:40:27", "1810257", "https://abkhajjandumrah.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/abkhajjandumrah.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:26", "1810258", "https://aaml.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/aaml.co.uk", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:24", "1810265", "https://playgamesonline.in.net:54984", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://www.capesandbox.com/analysis/65405/", "NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:40:20", "1810268", "http://144.48.124.90:5000/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:40:17", "1810290", "https://centraldepropaganda.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/centraldepropaganda.com.br", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:16", "1810289", "https://castlebridgeng.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/castlebridgeng.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:15", "1810288", "https://blumennorden.cl/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/blumennorden.cl", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:10", "1810312", "https://engetrina.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/engetrina.com.br", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:09", "1810313", "https://eduagentic.ai/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/eduagentic.ai", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:08", "1810314", "https://drdservices.ca/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/drdservices.ca", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:50", "1810332", "http://43.142.51.69:8002", "url", "botnet_cc", "win.vshell", "None", "VShell", "", "90", "False", "None", "c2,loader,vshell", "0", "Lenny_3BO" "2026-05-10 18:39:47", "1810362", "https://gimarystore.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/gimarystore.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:46", "1810363", "https://forttis-courtage.ch/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/forttis-courtage.ch", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:45", "1810364", "https://www.gmi-industries.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.gmi-industries.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:13", "1809572", "http://108.59.252.214/9290546939c94eebbdb2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-10 23:21:22", "100", "False", "None", "c2,loader,modo,StealC,stealer", "0", "Bitsight" "2026-05-10 18:39:01", "1809523", "https://www.paperrig.store/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:38:52", "1809510", "http://144.48.124.94:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:38:51", "1809508", "http://144.48.124.92:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 17:15:06", "1810355", "https://peoples-bridge.job-bank.co.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-10 19:31:05", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-10 04:15:05", "1810074", "https://eltahdamexploration.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-09 14:00:53", "1809595", "https://milnleny.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/80d0658fe84de7066bd8115804e75c6ac5aa7562fbcd3321e21f6c609a596448/", "lumma", "0", "abuse_ch" "2026-05-09 06:59:21", "1809390", "https://d.tmpfile.link/public/2026-05-09/4614e117-d7bb-46b1-9541-484fbe7315ff/ghhjgr.png", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "date-keyed-uuid,paste-host-abuse,png-masquerade-ps,tmpfile-link,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:17", "1809262", "http://gotextileltd.com/gotextileltd.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:14", "1809271", "https://crackedsoftware.doxbin.cy/windows", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/crackedsoftware.doxbin.cy", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:44", "1809225", "https://steamcommunity.com/profiles/76561198707628078", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:43", "1809226", "https://telegram.me/hgo9tx", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:41", "1809235", "https://servicehstcmon.com/4b1786e5eb1812f6b3b01ac77deca041/hsts_mont.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:40", "1809237", "http://servicehstcmon.com/step1.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:40", "1809236", "http://servicehstcmon.com/step2.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:12", "1809110", "https://chubrik.sbs/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/chubrik.sbs", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:12", "1809109", "https://anakondabob.club/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/anakondabob.club", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:03", "1808940", "https://fontanf.lol/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:23", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808941", "https://fontanf.lol/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:24", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808942", "https://fontanf.lol/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:25", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808952", "https://corppop.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/corppop.shop", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:01", "1808938", "https://fontanf.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 01:08:31", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:15:03", "1809440", "https://allweathercontractorsltd.co.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" # Number of entries: 48