################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2025-05-08 15:20:12 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-05-08 15:20:12", "1518439", "http://92.63.102.85/2ProvidertemporaryPrivate/HttpApitemporary6/4PublicSecureauth/lowWindows/9/lowJsVoiddb/Temporaryproton/videojavascripthttpserverProtectflowerGeneratortrafficuploadsdownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 14:55:31", "1518437", "https://ggrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:55:30", "1518436", "https://finsidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:55:19", "1518435", "https://8stuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/820e40285429a78a439c4f2fd7b89e463adc156be8617bf49cf7712b698d2e41/", "lumma", "0", "abuse_ch" "2025-05-08 14:51:01", "1518434", "https://voznessxyy.life/bnaz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:52", "1518433", "https://tclatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:37", "1518432", "https://ninepicchf.bet/lznd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:19", "1518431", "https://clatteqrpq.digital/kljz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8232a11066fe5a6f552302da37f9b4e42f313bbeaf51f86c61fbf84bd95b1ca9/", "lumma", "0", "abuse_ch" "2025-05-08 14:50:14", "1518430", "https://3homewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9b416d495be3632084094ef0c50ef47009a1d63256859023038436c5bb3e5a99/", "lumma", "0", "abuse_ch" "2025-05-08 14:18:43", "1518428", "https://wishspy.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 13:35:10", "1518424", "https://www.thefertilemine.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-05-08 13:13:35", "1518411", "https://motocyclenews.top/jse/minjs.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:35", "1518413", "https://motocyclenews.top/jse/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:34", "1518409", "https://johnoton.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114472368542616723", "KongTuke", "0", "monitorsg" "2025-05-08 13:13:32", "1518414", "https://motocyclenews.top/jse/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 13:13:31", "1518415", "https://territoirespaysagistes.com/buts.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114472374283059996", "SmartApeSG", "0", "monitorsg" "2025-05-08 12:47:52", "1518405", "https://taskrunp.run/xnzbd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "https://www.joesandbox.com/analysis/1684313/0/html", "None", "0", "tmechen_" "2025-05-08 11:19:25", "1518383", "https://colliel.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114471670175374600", "KongTuke", "0", "monitorsg" "2025-05-08 08:00:15", "1518353", "http://kruasanpcs.mywebcommunity.org/providerjavascriptupdategamebigloaddblinux.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 07:55:32", "1518352", "http://103.74.101.88/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0196aee4-7bed-775d-bf44-107eb2386c44", "c2,hookbot,urlscan", "0", "juroots" "2025-05-08 07:55:31", "1518351", "http://85.192.48.2:50555/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0196aee4-779f-710c-9885-ce2535475cfd", "c2,hookbot,urlscan", "0", "juroots" "2025-05-08 07:30:38", "1518336", "https://mstuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/175dc09d98178b10ba5c1649e61513a13cbd207d9665a94c116fb951993dba6e/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:33", "1518335", "https://joctalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/175dc09d98178b10ba5c1649e61513a13cbd207d9665a94c116fb951993dba6e/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:17", "1518332", "https://3k0monemiltxny.shop/tqiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/795fc149a846a08473ec9f574aab38b91730908ea1db607713a6fcac714cf333/", "lumma", "0", "abuse_ch" "2025-05-08 07:30:17", "1518333", "https://3yoctalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/aa7166092d9839013f346d3210845f9e1e38ad07396b5d9075e9546695ec8098/", "lumma", "0", "abuse_ch" "2025-05-08 06:46:06", "1518318", "http://51.195.229.85/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS16276,OVH SAS,unam", "0", "antiphishorg" "2025-05-08 06:40:28", "1518329", "https://ohomewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/724f8b236a4a8b3d11c697e746d79876c952a92ed47ae872883c0af77db6fe22/", "lumma", "0", "abuse_ch" "2025-05-08 06:40:25", "1518328", "https://mariosefqcu.shop/wrqo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/21bfbc7ad27302a1b12edc842d257ec522b48ccb7079925c76f686beb9772bd1/", "lumma", "0", "abuse_ch" "2025-05-08 06:15:20", "1518320", "https://ctortoisgfe.top/paxk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/412d297dee67e80c141da310ecbe4a58f3d4c3e62243dff7341d42595960a02d/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:48", "1518312", "https://tremelzxiy.live/atok", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8d30a02b63faa25db2310612bebdd8db66dcda85f676ca016e1c21fc4167af61/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:38", "1518311", "https://oorijinalecza.net/kazd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/60bc96bd8c684e5d6ff85364f7403fb56ef72fa93668ea2591635177664820e7/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:28", "1518310", "https://grizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/45f4eab50d96810f5e3046d61721127d9b9d1aa35be5b8a8d468b9b4935e70bb/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:26", "1518309", "https://egrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8d30a02b63faa25db2310612bebdd8db66dcda85f676ca016e1c21fc4167af61/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:21", "1518308", "https://apronsxrum.digital/pwq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/28d8ba77930a7fdb5d6f7fd77b7f3d9be8a638976f563598e247fbec54574809/", "lumma", "0", "abuse_ch" "2025-05-08 05:45:20", "1518307", "https://9octalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/45f4eab50d96810f5e3046d61721127d9b9d1aa35be5b8a8d468b9b4935e70bb/", "lumma", "0", "abuse_ch" "2025-05-08 05:19:17", "1518303", "https://brotherreligion.xyz/art.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 05:19:17", "1518304", "http://troublesisters.xyz/oils.php", "url", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-05-08 05:02:33", "1518300", "http://baleturn.com/front.php", "url", "botnet_cc", "win.satacom", "CurlyGate,LegionLoader,RobotDropper", "Satacom", "", "100", "https://bazaar.abuse.ch/sample/885268e2da486a7c3473e76c11a1a51595efe389c33af5ece150a44166cee80d/", "LegionLoader,Satacom", "0", "abuse_ch" "2025-05-08 05:02:33", "1518301", "https://fmecoutsm.com/diagnostics.php", "url", "botnet_cc", "win.satacom", "CurlyGate,LegionLoader,RobotDropper", "Satacom", "", "100", "https://bazaar.abuse.ch/sample/885268e2da486a7c3473e76c11a1a51595efe389c33af5ece150a44166cee80d/", "LegionLoader,Satacom", "0", "abuse_ch" "2025-05-08 04:50:10", "1518296", "http://a1106686.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-08 04:28:51", "1518237", "http://137.184.35.179:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2025-05-08 07:55:25", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2025-05-08 04:28:50", "1518238", "https://rocketlump.com/hdz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2025-05-08 01:19:07", "50", "https://www.virustotal.com/gui/file/2155840186f85307c2b1789f05f3a343870ed964e8378bdf2622dd44e8c4c36c/behavior", "None", "1", "pitachu" "2025-05-08 04:28:49", "1518239", "https://fanpuy.com/zxod", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:48", "1518240", "https://medikalbitkisel.org/pek", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:47", "1518241", "https://victoreqs.run/xapw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:46", "1518242", "https://viridisw.top/qwed", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:45", "1518243", "https://toptalentw.top/qena", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:45", "1518244", "https://crocodilefg.top/qeji", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:43", "1518245", "https://wolverineas.top/xadw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:42", "1518246", "https://steamcommunity.com/profiles/76561199845513035", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "None", "0", "pitachu" "2025-05-08 04:28:40", "1518247", "https://t.me/kubasex", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://www.virustotal.com/gui/file/a19e224ea94067509bb9723c684cc7d9b63dbbb892e62d0d64480dff20cf2162/behavior", "None", "0", "pitachu" "2025-05-08 04:27:56", "1518108", "https://aimpes.com/js.php", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:55", "1518109", "https://tchmitt.live/log/in", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 04:27:51", "1518106", "https://aimpes.com/6t4g.js", "url", "payload_delivery", "js.kongtuke", "None", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/114468130743188269", "KongTuke", "0", "monitorsg" "2025-05-08 03:10:21", "1518262", "https://insidegrah.run/ieop", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 03:10:16", "1518261", "https://agrizzlqzuk.live/qhbu", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 03:10:15", "1518260", "https://2vecturar.top/zsia", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/50024331ee5446199550aeee0e77fa75d2f971ab1b1188ebb780467cf73ce360/", "lumma", "0", "abuse_ch" "2025-05-08 02:15:12", "1518254", "http://chongmei33.myddns.rocks:7046/is-ready", "url", "botnet_cc", "win.houdini", "Hworm,Jenxcus,Kognito,Njw0rm,WSHRAT,dinihou,dunihi", "Houdini", "", "100", "None", "RAT,WSHRAT", "0", "abuse_ch" "2025-05-08 00:05:12", "1518232", "http://23.27.48.113:443/jquery-3.3.2.slim.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/78dcd1d9992452237c2e749471e2900f243f9c702be055f4e8bb8451145a4b3e/", "cobaltstrike", "0", "abuse_ch" "2025-05-07 19:46:15", "1518114", "https://xtortoisgfe.top/paxk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44dea6cce05e1463dbbf7d2de52e5f8731c3fe2682875a93614666f952c86301/", "lumma", "0", "abuse_ch" "2025-05-07 19:45:35", "1518113", "https://albizzcdlv.digital/gmk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/44dea6cce05e1463dbbf7d2de52e5f8731c3fe2682875a93614666f952c86301/", "lumma", "0", "abuse_ch" "2025-05-07 19:40:40", "1518112", "https://forjinalecza.net/lxaz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/ef20391593fc572876a57ab4a9b2af239ccc3715839c7ee8a48baad97fe934dc/", "lumma", "0", "abuse_ch" "2025-05-07 18:40:04", "1518105", "http://117.209.42.48:45419/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-05-07 18:25:41", "1518103", "https://gstarfiswh.live/omiga", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/fee56dc0ab93a524135acb699cf6119845f91d5438d6ac9f6d3c5658da28d162/", "lumma", "0", "abuse_ch" "2025-05-07 18:20:54", "1518102", "https://sidebyafzy.digital/iut", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/9d153a59f7a0c6d457f71d0643fef5e3c60984c2da3564e9236fe6df834f1b60/", "lumma", "0", "abuse_ch" "2025-05-07 18:20:12", "1518101", "http://997758cm.nyashk.ru/imageLinegeomultidefaultuniversalWordpresswp.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-07 18:05:46", "1518076", "https://jerseysus.top/jse/minjs.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114467433438471456", "SmartApeSG", "0", "monitorsg" "2025-05-07 18:05:46", "1518078", "https://jerseysus.top/jse/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114467433438471456", "SmartApeSG", "0", "monitorsg" "2025-05-07 18:05:42", "1518079", "https://jerseysus.top/jse/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114467433438471456", "SmartApeSG", "0", "monitorsg" "2025-05-07 18:05:41", "1518080", "https://scf.com/cole.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114467433438471456", "SmartApeSG", "0", "monitorsg" "2025-05-07 15:50:23", "1518062", "http://91.220.8.106/c8PD9mEo5MnhlJi1/gate.php", "url", "botnet_cc", "win.kpot_stealer", "Khalesi,Kpot", "KPOT Stealer", "", "100", "https://x.com/500mk500/status/1920077799206924592", "KPOTStealer", "0", "abuse_ch" "2025-05-07 15:48:06", "1518057", "http://first.pokerstarus.kro.kr/image/index.php", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "100", "https://x.com/SecAI_AI/status/1920129746244981095", "APT,Kimsuky", "0", "abuse_ch" "2025-05-07 15:45:59", "1518056", "https://pdescenrugb.bet/woap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8efe9353b5564c4163786dfeae5278f195b07f1b3a1d7cfe4f8ae75a0e404993/", "lumma", "0", "abuse_ch" "2025-05-07 15:45:50", "1518055", "https://mhomewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8efe9353b5564c4163786dfeae5278f195b07f1b3a1d7cfe4f8ae75a0e404993/", "lumma", "0", "abuse_ch" "2025-05-07 15:45:46", "1518054", "https://istuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/8efe9353b5564c4163786dfeae5278f195b07f1b3a1d7cfe4f8ae75a0e404993/", "lumma", "0", "abuse_ch" "2025-05-07 14:03:08", "1518030", "https://charity.cafedantorels.com/profileLayout", "url", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "fakeupdates,SocGholish", "0", "pancak3lullz" "2025-05-07 13:55:51", "1518029", "https://therefsphn.run/goap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/bc5053925ef7f902d2c64857597f09a299463da7f4880c10d18280d23609eda1/", "lumma", "0", "abuse_ch" "2025-05-07 13:55:47", "1518028", "https://romulusy.digital/tqtr", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/119625d933112080625fdb40809e611476d5572d4bbe375fec56926c4427a8cc/", "lumma", "0", "abuse_ch" "2025-05-07 12:40:04", "1518019", "http://102.98.39.246:44172/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2025-05-07 11:25:25", "1518001", "http://blesblochem.com/two/gates1/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://bazaar.abuse.ch/sample/a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683/", "lokibot", "0", "abuse_ch" "2025-05-07 10:56:59", "1517753", "https://gchindia.com/lib/pdf/Blackout-Rehearsal-Plan/wins/", "url", "payload_delivery", "win.curlback", "None", "CurlBack RAT", "", "100", "https://x.com/PrakkiSathwik/status/1919722443628806514", "APT,CurlBackRAT,RAT,SideCopy", "0", "abuse_ch" "2025-05-07 10:20:23", "1517748", "http://149.104.28.130:8080/jquery-3.3.2.slim.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/2d3ec8e1f2d23c917f3eac3064ff1e5a571c8b750693bca04fc292226bb88aa9/", "cobaltstrike", "0", "abuse_ch" "2025-05-07 10:18:25", "1517746", "https://tiffanyearringforwomen.top/ifh/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114466002473212677", "SmartApeSG", "0", "monitorsg" "2025-05-07 10:18:24", "1517744", "https://tiffanyearringforwomen.top/ifh/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114466002473212677", "SmartApeSG", "0", "monitorsg" "2025-05-07 09:56:49", "1517734", "https://pastebin.com/raw/DrdJUVjT", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-05-07 09:55:41", "1517733", "http://izoa.netsons.org/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/c3a784d3-5349-450b-bfec-839318fc4b89", "c2,unam,urlquery", "0", "juroots" "2025-05-07 09:55:04", "1517732", "http://45.144.53.255/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/0196aa2b-8da8-7756-bda9-a43b7af863e6", "c2,hookbot,urlscan", "0", "juroots" "2025-05-07 09:54:46", "1517731", "https://154.53.165.98/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196aa2b-4868-77ac-98ae-3aadc7625697", "c2,unam,urlscan", "0", "juroots" "2025-05-07 09:53:55", "1517730", "http://87.247.188.45:5090/supershell/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/0196aa2a-833f-702d-9160-2ac3c5427c1f", "c2,supershell,urlscan", "0", "juroots" "2025-05-07 08:50:39", "1517702", "https://umedicalbitkisel.org/mbj", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e1d4a3fe31741f0aa65a6fbad2899080221e047cb05228210153df66fa33f279/", "lumma", "0", "abuse_ch" "2025-05-07 08:50:27", "1517701", "https://lkariosefqcu.shop/wrqo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/1acce89ba4157f84695faab7c3e491b853b914d4f7b05a93699c31f281119580/", "lumma", "0", "abuse_ch" "2025-05-07 08:50:26", "1517700", "https://jonemiltxny.shop/tqiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/1acce89ba4157f84695faab7c3e491b853b914d4f7b05a93699c31f281119580/", "lumma", "0", "abuse_ch" "2025-05-07 08:50:23", "1517699", "https://gariosefqcu.shop/wrqo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c75fcc89a5ff08c2b6b8a70d46f01c988c7d61e345e3f19d16be6d4f731b75bc/", "lumma", "0", "abuse_ch" "2025-05-07 08:50:22", "1517698", "https://dorjinalecza.net/lxaz", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/e1d4a3fe31741f0aa65a6fbad2899080221e047cb05228210153df66fa33f279/", "lumma", "0", "abuse_ch" "2025-05-07 08:50:19", "1517697", "https://3snakejh.top/adsk", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/591c5830b814217b6372a2b9c4bf1426361affe0014423bfe7d975edfbf99eec/", "lumma", "0", "abuse_ch" "2025-05-07 07:25:24", "1517677", "https://ydescenrugb.bet/woap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/c19627c23440868231bd2f86289f25aedebb04eeb67ea715cb97ad75fcea9381/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:24", "1517672", "https://stuffgull.top/qwio", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:23", "1517671", "https://onemiltxny.shop/tqiw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:22", "1517670", "https://octalfbsh.bet/mben", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:21", "1517668", "https://descenrugb.bet/woap", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:21", "1517669", "https://homewappzb.top/tqba", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:45:20", "1517667", "https://ariosefqcu.shop/wrqo", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/dfa1bafd51ce0ae7d24aa6494840a081ea45e6959cd5ca681c20b5d12705aa8a/", "lumma", "0", "abuse_ch" "2025-05-07 06:13:03", "1517575", "https://christianlouboutin2017.top/ifh/min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114463188167529171", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:13:02", "1517577", "https://christianlouboutin2017.top/ifh/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114463188167529171", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:13:01", "1517578", "https://christianlouboutin2017.top/ifh/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114463188167529171", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:13:00", "1517595", "http://154.53.165.98/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS62425,KuzeyDC,unam", "0", "antiphishorg" "2025-05-07 06:12:58", "1517546", "https://watchesbest.top/jse/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462554451754438", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:57", "1517547", "https://lgsdesign.co.uk/testes.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462554451754438", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:54", "1517545", "https://watchesbest.top/jse/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462554451754438", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:53", "1517543", "https://watchesbest.top/jse/minjs.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462554451754438", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:52", "1517539", "https://lgsdesign.co.uk/raszas.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462461080208036", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:48", "1517537", "https://levciavia.top/ifh/select.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462461080208036", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:48", "1517538", "https://levciavia.top/ifh/lll.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462461080208036", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:12:47", "1517535", "https://levciavia.top/ifh/min.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/114462461080208036", "SmartApeSG", "0", "monitorsg" "2025-05-07 06:10:13", "1517665", "http://109.120.152.121/TrackCpu/ProviderCentralPublic/3javascriptpacket/jsTrackbaseVideo/5/To/ProviderPollcpuProcessorDefaulttraffic.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-05-07 03:45:11", "1517596", "http://172.245.123.11/tpm/pin.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2025-05-06 21:05:06", "1517573", "http://cr72811.tw1.ru/260b1b77.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" # Number of entries: 117