This page summarises malicious URLs observed and recorded during the reporting window below. All entries represent malicious URLs identified within the feed during this period.
Window: 26 Apr 2026 00:01 UTC → 27 Apr 2026 00:59 UTC (exclusive end)
Generated: 27 Apr 2026 01:00 UTC
Overview
Online and offline indicate the status of each URL as observed at the time of reporting.
- Total URLs recorded in this window: 1,000
- Online: 583
- Offline: 417
- Window start: 26 Apr 2026 00:01 UTC
- Window end: 27 Apr 2026 00:59 UTC
Most recent URLs
The table below lists the most recently added malicious URLs recorded in the feed during this reporting run.
| ID | Status | Threat type | Bad URL |
|---|---|---|---|
| 3832739 | online | malware_download | https://soft-2.bexis-cloud.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832738 | online | malware_download | http://171.81.102.2:49238/bin.sh |
| 3832737 | online | malware_download | http://42.178.125.25:36319/bin.sh |
| 3832736 | online | malware_download | https://kalt-berg-7.bexis-cloud.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832735 | online | malware_download | https://rouge-4v.bexis-cloud.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832734 | online | malware_download | https://dark-star-1.bexis-cloud.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832733 | online | malware_download | http://31.57.109.131/scripts/xmrig.tar.gz |
| 3832732 | online | malware_download | http://31.57.109.131/scripts/watcher |
| 3832731 | online | malware_download | https://open-9.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832730 | online | malware_download | http://125.43.231.105:37998/bin.sh |
| 3832729 | online | malware_download | http://119.52.131.178:54273/bin.sh |
| 3832728 | online | malware_download | https://holz-baum-4.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832727 | online | malware_download | https://vert-1k.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832726 | online | malware_download | http://42.239.154.170:59243/bin.sh |
| 3832725 | online | malware_download | https://gold-land-8.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832724 | online | malware_download | http://59.88.37.134:35590/i |
| 3832723 | online | malware_download | https://noir-5.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832722 | online | malware_download | http://221.203.123.44:60683/i |
| 3832721 | online | malware_download | https://fast-zeit-2.vortex-node.in.net/cdk-msdn-3457325-null/load-file0dsdf567.chk |
| 3832720 | online | malware_download | http://113.236.222.42:44409/i |
| 3832719 | online | malware_download | http://221.203.123.44:60683/bin.sh |
| 3832718 | online | malware_download | http://176.65.139.177/iran.sparc |
| 3832716 | online | malware_download | http://176.65.139.177/iran.aarch64 |
| 3832710 | online | malware_download | http://176.65.139.177/iran.armv6l |
| 3832717 | online | malware_download | http://176.65.139.177/iran.armv7l |
Top hosts
The hosts below appeared most frequently across all malicious URLs recorded during this reporting window, ranked by URL count.
| Host | Count |
|---|---|
| 194.163.151.12 | 48 |
| happytugsbakery.com | 26 |
| 176.65.139.141 | 18 |
| 176.65.132.197 | 17 |
| 83.168.95.185 | 17 |
| 140.233.190.47 | 16 |
| 144.172.98.94 | 15 |
| 62.171.142.33 | 15 |
| 176.65.139.177 | 14 |
| gamecheap.store | 14 |
Top threat types
All 1,000 URLs recorded during this window carry a single threat classification: malware_download.
| Threat type | Count |
|---|---|
| malware_download | 1000 |
Top tags
Tags reflect additional classification attributes associated with the malicious URLs in this window; a single URL may carry more than one tag.
| Tag | Count |
|---|---|
| elf | 558 |
| ua-wget | 392 |
| mirai | 366 |
| Mozi | 309 |
| 32-bit | 230 |
| ClearFake | 190 |
| mips | 184 |
| arm | 63 |
| botnetdomain | 58 |
| 194-163-151-12 | 48 |
This page is updated daily.