################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-01-11 15:30:16 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-01-11 15:30:16", "1700857", "https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/add-48", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 15:24:19", "1700854", "https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/echo", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 15:04:03", "1700852", "https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/ufo", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 14:57:19", "1700839", "http://69.164.242.27:3000/auth", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS19318,Interserver Inc,ltx", "0", "antiphishorg" "2026-01-11 14:10:14", "1700838", "https://cdn.jsdelivr.net/gh/token-issuer-svc/7cdtdbq6uewmq5/tem46", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 13:22:59", "1700836", "https://cdn.jsdelivr.net/gh/token-issuer-svc/7cdtdbq6uewmq5/bn9", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 12:05:58", "1700831", "http://194.164.34.182", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260111-hw73fadt9a", "AS216071,C2,stealc,stealer,triage", "0", "DonPasci" "2026-01-11 10:08:36", "1700813", "https://cdn.jsdelivr.net/gh/browse-via-api/fb-api-keys/keys", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 09:23:56", "1700812", "https://cdn.jsdelivr.net/gh/id-core-rs-com/power2/fast", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 06:33:09", "1700418", "https://iamdavidachom.com/tentrady-confirmation/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/iamdavidachom.com", "ClickFix", "0", "CarsonWilliams" "2026-01-11 05:08:50", "1700777", "https://cdn.jsdelivr.net/gh/token-id-4-api/api50-mint-ok/fl", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 04:41:35", "1700776", "https://cdn.jsdelivr.net/gh/id-core-rs-com/err2/local", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 03:50:13", "1700761", "http://77.110.102.154/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-11 02:19:21", "1700758", "https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/boom", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 01:18:49", "1700757", "https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/back", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 01:06:30", "1700755", "https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/b12", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-11 00:05:19", "1700749", "https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/jhjfjj", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 23:35:03", "1700736", "https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/bmmm", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 22:45:09", "1700725", "http://towerbingobongoboom.com:8080/updater?for=35E0458051D58F59A7469F0DED1C9220", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "GoProxy", "0", "abuse_ch" "2026-01-10 21:59:41", "1700724", "https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/nim5", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 20:27:03", "1700663", "https://fricaec.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "None", "10January2026,iocbottest", "0", "Gi7w0rm" "2026-01-10 20:27:01", "1700662", "https://t.me/sadvdfsadv1v312", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "None", "10January2026,iocbottest", "0", "Gi7w0rm" "2026-01-10 19:01:44", "1700448", "https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/shared", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 18:17:58", "1700431", "https://cdn.jsdelivr.net/gh/token-issuer-svc/s4-p2-df6-s9/pet5", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 18:01:36", "1700427", "https://cdn.jsdelivr.net/gh/token-issuer-svc/int-api50-config90/token", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 17:52:24", "1700426", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/a8-core74/testnet", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 17:25:08", "1700425", "http://89.35.130.82/c8b3175e.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-01-10 16:50:51", "1700424", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/a8-core74/dot40", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 16:30:13", "1700423", "http://towerbingobongoboom.com:8080/updater?for=85A8192051669E4383E3D2041F07FDC6", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "GoProxy", "0", "abuse_ch" "2026-01-10 14:47:27", "1700373", "http://91.214.78.169:5000/send", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/f0bed15538e01b50c19ae3e088d47786654370a1878ee9326ca5f5950ef9bc46/", "c2", "0", "burger" "2026-01-10 14:47:26", "1700374", "http://91.214.78.169:5000/send_photo", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/f0bed15538e01b50c19ae3e088d47786654370a1878ee9326ca5f5950ef9bc46/", "c2", "0", "burger" "2026-01-10 14:47:25", "1700376", "https://msmgt.sbs/direct/Win_Driver_SSL_support_v43.22.209.44.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/f0bed15538e01b50c19ae3e088d47786654370a1878ee9326ca5f5950ef9bc46/", "None", "0", "burger" "2026-01-10 14:47:24", "1700377", "https://msmgt.sbs/direct/Printer_Driver_SSL_support_v43.22.209.99.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/f0bed15538e01b50c19ae3e088d47786654370a1878ee9326ca5f5950ef9bc46/", "None", "0", "burger" "2026-01-10 13:35:40", "1700402", "http://195.201.252.143:80", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/719f762fbc61df4c651dd30e07831c5aee2c7a8b8dac7dbb2ad61d040eeaa79b/", "vidar", "0", "abuse_ch" "2026-01-10 13:20:09", "1700399", "http://91.208.162.22/8c7b4b8ca19f42f3.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-10 13:15:45", "1700398", "http://91.208.162.22", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/83f96ebb903ce23ef34f3ad69ae98686d69153b3ca58baa197d728d63a14fc27/", "stealc", "0", "abuse_ch" "2026-01-10 12:55:53", "1700366", "https://hurtohjertuihjriotujhrth.com/WULAOEmxtAjF86oQzzNhlqJUL9KlWrp1/NOUJoogreojijoiJlOjiogrejiooijio.png", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "ScarfaceStealer", "0", "burger" "2026-01-10 12:55:52", "1700304", "http://154.222.18.152:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS401701,cognetcloud INC,supershell", "0", "antiphishorg" "2026-01-10 12:55:52", "1700358", "https://138.226.237.187/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/19e90ba9c47ff9422ffd1e1e6b3b53d4c39c9a4809e0de50de8202bb5b3b4cb7/", "c2,vidar", "0", "burger" "2026-01-10 12:55:51", "1700342", "http://130.12.180.85/file/bbc", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2026-01-10 12:55:51", "1700343", "https://commerce-ciao.info/", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/browse/signature/BRAT/", "BRAT,RAT", "0", "burger" "2026-01-10 12:55:50", "1700359", "https://telegra.ph/Endangered-Animals-01-05", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "True", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "c2,ScarfaceStealer", "0", "burger" "2026-01-10 12:55:49", "1700365", "https://hurtohjertuihjriotujhrth.com/WULAOEmxtAjF86oQzzNhlqJUL9KlWrp1/8GVk01wwWXHHto7BJ1pwBajM8YOnUuQf.mp4", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "ScarfaceStealer", "0", "burger" "2026-01-10 12:55:47", "1700363", "https://colorfulglowllc.com/4ba66c65842a03f81b59c01b798915f5/tasks", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "ScarfaceStealer", "0", "burger" "2026-01-10 12:55:47", "1700364", "https://hurtohjertuihjriotujhrth.com/WULAOEmxtAjF86oQzzNhlqJUL9KlWrp1/1BOi0tXTJJWgZS1BzlecvJPgUWQPYe3K.avi", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "ScarfaceStealer", "0", "burger" "2026-01-10 12:55:46", "1700367", "https://hurtohjertuihjriotujhrth.com/WULAOEmxtAjF86oQzzNhlqJUL9KlWrp1/ytZ6TsGsonOO0AP2TMhqDwlDJpn9vTFh.bin", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/2e17c6be77af380ef919edd9c666cc3bd39d876092a2601f9ee21b3782ad354a", "ScarfaceStealer", "0", "burger" "2026-01-10 12:55:46", "1700371", "http://82.221.139.173:49180/wgain.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2026-01-10 11:54:40", "1700368", "https://cdn.jsdelivr.net/gh/id-core-rs-com/core-1d/clock", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 08:18:00", "1700320", "https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id4/stage", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 07:24:54", "1700303", "https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id/fact", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 06:34:28", "1700142", "https://rcmceberio.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/rcmceberio.net", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:28", "1700143", "https://phambilihighschool.co.za/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/phambilihighschool.co.za", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:27", "1700185", "http://154.201.65.97:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS401696,cognetcloud INC,supershell", "0", "antiphishorg" "2026-01-10 06:34:25", "1700198", "https://138.226.237.121/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/741662f285aec6ba7878c4b98b909eae44a94dca60d7dbe9f1479852d11925c8/", "c2,vidar", "0", "burger" "2026-01-10 06:34:24", "1700203", "https://18.202.117.177/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/18.202.117.177", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:23", "1700276", "https://republic-crane-k-s.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/republic-crane-k-s.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:22", "1700277", "https://pakdailyupdate.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/pakdailyupdate.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:21", "1700282", "https://track2studio.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/track2studio.com.br", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:20", "1700283", "https://displaysecurity.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/displaysecurity.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:20", "1700284", "https://turskeserijee-net-qqff.loadserve.dev/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/turskeserijee-net-qqff.loadserve.dev", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:19", "1700288", "https://barnehagemobler.no/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/barnehagemobler.no", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:18", "1700285", "https://controlpcaps.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/controlpcaps.com.br", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:17", "1700286", "https://www.craneworldasia.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.craneworldasia.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:16", "1700287", "https://alpha2omegabh.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/alpha2omegabh.org", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:15", "1700289", "https://divinedirectory.com/author/368betcv-52871/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/divinedirectory.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:14", "1700292", "https://www.durable-coating.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.durable-coating.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 06:34:14", "1700295", "https://showtimedetailingservice.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/showtimedetailingservice.com", "ClickFix", "0", "CarsonWilliams" "2026-01-10 05:57:58", "1700291", "https://cdn.jsdelivr.net/gh/id-core-rs-com/browse4/das", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 01:46:49", "1700274", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tbnb-morf", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 01:31:44", "1700273", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tbnb", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 01:15:29", "1700272", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/404", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 01:02:16", "1700271", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/bnb", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 00:54:02", "1700270", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/ghhhhdhhh", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 00:43:30", "1700268", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/fooot", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 00:37:26", "1700267", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/bmn", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 00:17:53", "1700266", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/opal50", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-10 00:04:37", "1700260", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/ino5f", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 23:57:16", "1700254", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/tvtbtn", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 23:37:35", "1700253", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/baa50", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 23:22:49", "1700252", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/x9-auth-mn-rs/momo", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 23:14:15", "1700251", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/123tet", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 23:07:03", "1700250", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/te78", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 22:45:33", "1700210", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/gsdfg654", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 22:32:23", "1700209", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/sdsdsd", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 21:16:22", "1700202", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/opopo", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 21:13:27", "1700200", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/herf54", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 19:33:44", "1700190", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/atom", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 19:30:46", "1700189", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/erg46erh6g54", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 19:20:07", "1700188", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/gsr4rg2444", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 18:08:43", "1700171", "https://reveiley.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260109-t415msay8a", "C2,lumma,stealer,triage", "0", "DonPasci" "2026-01-09 17:53:21", "1700165", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/64gs65th", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 17:47:47", "1700164", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 17:37:37", "1700156", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 17:33:51", "1700148", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 17:26:44", "1700141", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 17:20:14", "1700139", "https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 16:49:58", "1700134", "https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 16:48:53", "1700085", "https://obsidianmidnight.top/endpoint/session-asset.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:52", "1700088", "http://89.46.38.5/micro", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-09 16:08:31", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:51", "1700087", "https://obsidianmidnight.top/endpoint/logout-script.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:51", "1700089", "https://buldiakogroup.com/micro", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-09 16:08:33", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:50", "1700090", "https://89.46.38.5/service", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-09 16:08:34", "100", "True", "https://infosec.exchange/@monitorsg/115865762330577828", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:50", "1700120", "https://pippyheydguide.com/endpoint/session-asset.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115866003434503285", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:50", "1700121", "https://pippyheydguide.com/endpoint/logout-script.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115866003434503285", "SmartApeSG", "0", "monitorsg" "2026-01-09 16:48:50", "1700125", "http://69.164.242.27:3000", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/solostalking/status/2009661039424758056", "None", "0", "solostalking" "2026-01-09 16:45:04", "1700133", "https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 16:41:46", "1700132", "https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-09 16:37:02", "1700131", "https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 108