DESCRIPTION LAST UPDATED: 2024-12-02
DEFAULT SEVERITY LEVEL: CRITICAL
This report identifies URLs that were observed in exploitation attempts in the last 24 hours. They are assumed to contain a malware payload or serve as C2 controllers. If a payload was successfully downloaded in the last 24 hours, it’s SHA256 hash will also be published. The data is primarily sourced from honeypots (in which case they will often be IoT related), but other sources are possible. As always, you only receive information on IPs found on your network/constituency or in the case of a National CSIRT, your country.
Please note it is possible false positives exist in this report if benign URLs were extracted from malicious payloads by our crawler. Please let us know if that was the case.
Track malware URL callbacks on our Dashboard.
You can learn more on the report in our Malware URL Report tutorial.
Severity levels are described here.
You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.
This report was enabled as part of the European Union HaDEA CEF VARIoT project.
Filename: malware_url