################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2026-03-29 11:54:39 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-03-29 11:54:39", "1778567", "https://smesharik.bond/log.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 11:53:49", "1778566", "https://smesharik.bond/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 11:52:38", "1778564", "https://smesharik.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 10:16:07", "1778547", "https://files-oss-cdn.oss-ap-southeast-1.aliyuncs.com/readme.gz", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload,VBScript", "0", "HuntYethHounds"
"2026-03-29 10:10:53", "1778545", "https://security-check-291.pages.dev", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-29 09:39:05", "1778533", "https://bot.pay-portal.pro", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-29 11:30:30", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-29 09:09:42", "1778525", "http://46.165.215.116/031.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-29 09:08:57", "1778524", "http://46.165.215.116/032.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-29 09:08:35", "1778523", "https://entreprise-docs-secure.online", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-29 11:30:30", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-29 08:52:23", "1778503", "https://productionmaza.cfd/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 08:51:17", "1778502", "https://productionmaza.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 08:50:07", "1778501", "https://microblob.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 08:40:41", "1778498", "https://betaworkercf.org/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 08:35:47", "1778496", "https://web-security.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-29 06:02:31", "1778464", "http://91.214.78.81", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260329-fp2wqsh15l", "AS215826,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-29 06:02:31", "1778465", "https://pastebin.com/raw/BUKERxVj", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots"
"2026-03-29 06:02:31", "1778466", "http://37.1.213.84", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260329-e6bv7sd19x", "AS29802,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-29 05:57:47", "1778391", "http://elecviews20.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/363d6f1d-96af-4e82-a9c3-23288c58e2de", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-29 05:57:46", "1778389", "http://docviews12.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/062297ed-3cdf-437e-acae-bc24674e59f3", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-29 05:57:46", "1778390", "http://fetch33s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlquery.net/report/efc0aa33-e830-4bcd-b240-97641af5dbdd", "c2,kimsuky,urlquery", "0", "juroots"
"2026-03-29 05:57:25", "1778388", "http://31.57.216.126/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlquery.net/report/52f29f29-07e2-4964-baf5-8c48a6a1899b", "c2,hookbot,urlquery", "0", "juroots"
"2026-03-29 05:56:57", "1778387", "https://actisolution.com/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://urlscan.io/result/019d382a-b6c1-718f-984a-ec3de8f441e8", "c2,QuantumRouteRedirect,urlscan", "0", "juroots"
"2026-03-29 05:55:52", "1778386", "https://cgf.facturastbs.shop/a/08/150822/au/gerapdf/blqs1", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-03-29 05:55:53", "50", "False", "https://urlscan.io/result/019d3829-b8ef-722a-8930-70b804aad344", "c2,horabot,urlscan", "0", "juroots"
"2026-03-29 05:55:51", "1778385", "https://cgf.facturastbs.shop/a/08/150822/au/gerauto.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "2026-03-29 05:55:55", "50", "False", "https://urlscan.io/result/019d3829-b442-75f1-8da4-8eeb7994dd64", "c2,horabot,urlscan", "0", "juroots"
"2026-03-29 05:55:32", "1778384", "http://638808714689308402.dublin-shledrc-acba.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-6c66-7399-b46d-29f3b47f113d", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:31", "1778383", "http://638808983049892586.birjand-shledrc-acba.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-66ea-7550-8b29-19559912505d", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:29", "1778382", "http://638810089169181655.shiraz-shledrc-acbc.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-615d-7508-b97e-01ec9811cb35", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:28", "1778381", "http://638798250265338711.kerman-shledrc-acak.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-5c1d-752e-8a23-942d69138043", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:27", "1778380", "http://638809712977746654.athens-shledrc-acbc.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-5765-72b6-8ab3-adadf9bec401", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:26", "1778379", "http://638798112751129792.warsaw-shledrc-acak.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-5426-7189-8ec8-ae6cebffa58a", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:25", "1778378", "http://638809434544857586.dublin-shledrc-acbb.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-4edb-74d2-a322-82442438500f", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:23", "1778377", "http://638800616981987041.dublin-shledrc-acao.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-49e9-74b5-8ea2-07b9c048fe79", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:22", "1778376", "http://638799976464357707.lahijan-shledrc-acan.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-44f6-74fa-9470-d09da56d3714", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:21", "1778375", "http://638808279286809264.malayer-shledrc-acaz.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-4023-7649-9f06-5444027845da", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:20", "1778374", "http://638799693262986204.madrid-shledrc-acan.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-3c88-7625-9f5c-179235225ec0", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:19", "1778373", "http://638800814946931618.berlin-shledrc-acap.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-3751-76db-9542-1203be9ae1aa", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:17", "1778372", "http://638808705259632794.budapest-shledrc-acba.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-3223-77fc-93f0-c5f6c633d787", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:55:16", "1778371", "http://638807774991052514.athens-shledrc-acaz.info/login", "url", "botnet_cc", "osx.odyssey_stealer", "None", "Odyssey Stealer", "", "50", "False", "https://urlscan.io/result/019d3829-2c7c-74fd-bb3d-ae6c230e11ff", "c2,odyssey,urlscan", "0", "juroots"
"2026-03-29 05:54:27", "1778370", "https://fetch81s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-6e72-73e3-948a-3b9c46ba27f6", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:26", "1778369", "https://nids10.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-6904-7669-8ec3-8bb8899ea081", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:25", "1778368", "https://elecviews51.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-64b6-7569-8c39-1335022817dd", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:24", "1778367", "https://edocview20.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-606f-7081-afc4-44a1e093b86d", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:23", "1778366", "https://police84s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-5c1e-768e-848e-8e3ebe43f389", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:21", "1778365", "https://nids7.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-5861-706d-9438-485eef0a712a", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:20", "1778364", "https://elecviews37.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-5488-755f-a25c-5c7aeafbadf1", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:19", "1778363", "https://elecviews33.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-4f71-708e-a0ee-ebe5fc754b8a", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:17", "1778362", "https://myblog57s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-447b-70d3-aa55-b17ff90f815d", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:15", "1778361", "https://elecviews21.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-3ed0-76fc-9a4d-8fc6c66e8f6b", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:14", "1778360", "https://join54s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-39bd-77e8-ac0d-1905fa2780d6", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:12", "1778359", "https://nids59.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-34b8-731d-a3a1-bc85277d5deb", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:11", "1778358", "https://elecviews44.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-2fbc-72b9-82ef-03be47e9c1d8", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:09", "1778357", "https://kakao.com-login.dns.army/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-25dd-750e-8e7a-1038e6bfc08a", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:07", "1778356", "https://com-login.dns.army/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-21c2-7531-b706-01b84b72b6f3", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:06", "1778355", "https://elecviews23.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "2026-03-29 05:54:10", "50", "False", "https://urlscan.io/result/019d3828-1c72-733a-8ba3-0801ce12ceee", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:05", "1778354", "https://edocview14.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-15c1-735b-96d8-166414bb3df1", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:03", "1778353", "https://search38s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "2026-03-29 05:54:18", "50", "False", "https://urlscan.io/result/019d3828-10a6-72ee-9f4a-7a10356f505e", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:02", "1778352", "https://edocview15.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-0b5c-7208-a947-e4bd9b6ad883", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:54:00", "1778351", "https://elecviews92.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-05f4-7700-963b-105748805f6c", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:59", "1778350", "https://myblog87s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3828-01da-7348-a9a9-f2e6f9b34259", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:58", "1778349", "https://nids30.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-fd17-7719-9051-beba2b79cea2", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:57", "1778348", "https://elecviews43.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-f72d-772b-8b51-67c6650c6904", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:56", "1778347", "https://nids33.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-f3dc-720d-8135-ad2dfe527819", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:55", "1778346", "https://elecviews67.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-ef8d-769a-8d41-17775e9baa6e", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:53", "1778345", "https://elecviews69.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-ea84-733a-9eb7-99f30a00a127", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:52", "1778344", "https://elecviews90.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-e539-73ee-a89f-cd05ee67c60d", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:51", "1778343", "https://nids67.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-e04e-755c-95cc-cbb2324c3cb6", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:50", "1778342", "https://docviews37.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-db5a-76db-89e9-cd9c5d222691", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:48", "1778341", "https://nids25.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-d5e0-773b-8ad7-74939da175fe", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:47", "1778340", "https://elecviews56.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-d09f-756d-be0e-6def2a0f84bb", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:45", "1778339", "https://docviews34.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d3827-cac2-74da-94e6-32ac4ce3c4b4", "c2,kimsuky,urlscan", "0", "juroots"
"2026-03-29 05:53:15", "1778338", "https://shitongyao.site/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:43", "50", "False", "https://urlscan.io/result/019d3827-5637-727e-b20b-7c8b621461dc", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:13", "1778337", "https://47.239.244.75/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:41", "50", "False", "https://urlscan.io/result/019d3827-4c44-7536-aed6-27df4b067893", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:12", "1778336", "https://2.56.255.159/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:39", "50", "False", "https://urlscan.io/result/019d3827-47a5-741c-b757-4c02cfb38ac8", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:09", "1778335", "https://decorator.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:38", "50", "False", "https://urlscan.io/result/019d3827-3df6-72ca-9e6c-c059510ed43c", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:07", "1778334", "https://47.83.208.201/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:08", "50", "False", "https://urlscan.io/result/019d3827-3373-71ff-8666-769f64f49475", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:05", "1778333", "https://47.243.157.77/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3827-2def-74a5-8e74-c8d6fdc3e1f5", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:04", "1778332", "https://mecurry.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:34", "50", "False", "https://urlscan.io/result/019d3827-289a-7511-a864-a46bd2a25c9d", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:53:02", "1778331", "https://liux16.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3827-231a-757e-a73b-ef5182d24dbb", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:59", "1778330", "https://host.vasslli.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:33", "50", "False", "https://urlscan.io/result/019d3827-16d3-74b9-ac71-b7b884992857", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:58", "1778329", "https://luanluan821.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:32", "50", "False", "https://urlscan.io/result/019d3827-1175-748a-a2b0-5b01150cc9ab", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:55", "1778328", "https://jrv.gaga3.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:31", "50", "False", "https://urlscan.io/result/019d3827-05f5-70e0-bc2b-0cf093e86af3", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:49", "1778327", "https://104.233.246.210/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:28", "50", "False", "https://urlscan.io/result/019d3826-ef57-713e-a773-70284c366bef", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:47", "1778326", "https://47.242.179.21/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:22", "50", "False", "https://urlscan.io/result/019d3826-e5b4-77b8-ae47-cb1500afa27d", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:45", "1778325", "https://47.242.207.99/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:26", "50", "False", "https://urlscan.io/result/019d3826-e0a9-776a-885c-ab84dd93cc4c", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:44", "1778324", "https://104.168.148.210/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-db99-7247-9274-65af7d0691f5", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:42", "1778323", "https://47.83.238.253/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:52:43", "50", "False", "https://urlscan.io/result/019d3826-d284-75cd-9eb6-1cd31a4c187c", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:39", "1778322", "https://47.242.218.25/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:52:40", "50", "False", "https://urlscan.io/result/019d3826-c932-70af-af26-90bb60e3f172", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:37", "1778321", "https://47.243.154.43/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:52:38", "50", "False", "https://urlscan.io/result/019d3826-bfff-771e-8cef-efa8ae77604a", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:36", "1778320", "https://8.218.245.128/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-bb40-75fd-98ea-158c78d08062", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:34", "1778318", "https://67.209.176.243/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:18", "50", "False", "https://urlscan.io/result/019d3826-b2d1-7380-871f-9bd9ef9955aa", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:34", "1778319", "https://64.188.30.169/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:19", "50", "False", "https://urlscan.io/result/019d3826-b60c-7678-a636-de37b5481b32", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:32", "1778317", "https://134.122.194.187/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-03-29 05:53:17", "50", "False", "https://urlscan.io/result/019d3826-ad93-744d-8e9a-37d1a41fb23a", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:31", "1778316", "https://8.217.163.200/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-a935-725c-ae36-a9378c4c0351", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:30", "1778315", "https://47.243.157.232/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-a399-72cd-b67d-8d44aaa6ac38", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:28", "1778314", "https://ppio10.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-9e28-76cb-a423-48b50951d523", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:27", "1778313", "https://ysp06.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-9745-75ee-831e-dc7f93b6caa1", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:24", "1778312", "https://kke03.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-8d0c-727e-9b32-a5745cf4c0bb", "c2,spynote,urlscan", "0", "juroots"
"2026-03-29 05:52:22", "1778311", "https://der03.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d3826-8567-70df-96b7-c1fa201a4a26", "c2,spynote,urlscan", "0", "juroots"
"2026-03-28 18:01:38", "1778054", "https://slenjzj.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://tria.ge/260328-rsmrrsbx5s", "C2,lumma,stealer,triage", "0", "DonPasci"
"2026-03-28 15:51:55", "1777902", "https://wh.betway071.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/wh.betway071.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 15:51:55", "1777991", "https://ataquecomoswaldo.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ataquecomoswaldo.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 14:30:26", "1777977", "http://evetesttech.net", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/0ba68de391c48c9ef283dd8438b68a93ea6b69fddf987e32b16976b0bc0836ef/", "lumma", "0", "abuse_ch"
"2026-03-28 12:45:43", "1777957", "https://telegram.me/g1n3sss", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/4a1b4250bf2910202f2ad0c446999df30aaf6d35eb502b971339e605f374c0e9/", "vidar", "0", "abuse_ch"
"2026-03-28 12:45:38", "1777956", "https://steamcommunity.com/profiles/76561198721263282", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/4a1b4250bf2910202f2ad0c446999df30aaf6d35eb502b971339e605f374c0e9/", "vidar", "0", "abuse_ch"
"2026-03-28 11:26:18", "1777937", "https://saturn-mepo.com/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-28 10:35:18", "1777915", "http://cy327179.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch"
"2026-03-28 08:37:49", "1777888", "https://ii.hammamessaouira.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-28 08:36:52", "1777886", "https://www.intel.startherepage.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-28 08:34:33", "1777883", "https://retainedsite.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-28 09:30:34", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-28 08:09:39", "1777877", "https://lenteam.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-28 08:06:12", "1777874", "https://dncloteam.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-28 06:45:57", "1777839", "https://equilmm.click", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/38044d9c236b3660267e35562af3bf5a45b93daddc49bd53089a49894c2cc96e/", "lumma", "0", "abuse_ch"
"2026-03-28 06:45:02", "1777484", "https://polnexas.com/pp/june", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-27 23:09:47", "100", "True", "https://infosec.exchange/@monitorsg/116302484332100791", "SmartApeSG", "0", "monitorsg"
"2026-03-28 06:45:01", "1777500", "https://autohaus-marku.de/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/autohaus-marku.de", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:45:00", "1777509", "https://beekey.de/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/beekey.de", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:58", "1777721", "https://dreniko.top/private/admin-serializer.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116303656484255001", "SmartApeSG", "0", "monitorsg"
"2026-03-28 06:44:56", "1777723", "https://dreniko.top/private/endpoint-build.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116303656484255001", "SmartApeSG", "0", "monitorsg"
"2026-03-28 06:44:54", "1777730", "https://ftp.massageessaouira.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ftp.massageessaouira.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:52", "1777731", "https://honeymoonersreviewguide.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/honeymoonersreviewguide.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:52", "1777732", "https://megaresellers.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/megaresellers.org", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:52", "1777733", "https://move.bong889.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/move.bong889.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:51", "1777734", "https://startherepage.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/startherepage.net", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:51", "1777735", "https://ubmsindia.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ubmsindia.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:50", "1777736", "https://thaiffp.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/thaiffp.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:49", "1777737", "https://www.msitu.org/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.msitu.org", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:48", "1777738", "https://www.soicaulo24h.soicaulo247.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.soicaulo24h.soicaulo247.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:48", "1777739", "https://dashboard.lordinf.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/dashboard.lordinf.com", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:47", "1777745", "https://conexaologbrasil.com.br/site/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/conexaologbrasil.com.br", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:47", "1777764", "https://hexi-tech.net/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/hexi-tech.net", "ClickFix", "0", "CarsonWilliams"
"2026-03-28 06:44:45", "1777782", "http://206.189.22.92/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-29 06:20:17", "75", "False", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear"
"2026-03-28 06:44:42", "1777820", "https://5.231.61.68/login", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://x.com/solostalking/status/2037764745730912384?s=20", "None", "0", "solostalking"
"2026-03-27 22:58:57", "1777707", "http://hexi-tech.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:57:55", "1777705", "http://during.bong889.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:56:44", "1777702", "http://dev.betway071.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:55:29", "1777699", "http://dashboard.lordinf.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:53:20", "1777697", "http://www.vpn.startherepage.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:52:31", "1777695", "http://www.staging.startherepage.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:51:52", "1777694", "http://www.ssl.megaresellers.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:50:58", "1777691", "http://www.soicaulo24h.soicaulo247.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:49:24", "1777688", "http://www.msitu.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:48:37", "1777687", "http://www.home.megaresellers.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:47:34", "1777685", "http://www.app.megaresellers.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:46:41", "1777683", "http://word.bong889.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:45:35", "1777680", "http://wh.betway071.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:44:31", "1777678", "http://ubmsindia.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:43:36", "1777676", "http://thaiffp.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:42:26", "1777674", "http://superset.megaresellers.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:40:49", "1777672", "http://startherepage.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:39:08", "1777669", "http://public.bong889.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:37:54", "1777667", "http://move.bong889.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:35:55", "1777665", "http://megaresellers.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:32:57", "1777662", "http://honeymoonersreviewguide.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:31:44", "1777660", "http://ftp.massageessaouira.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:29:49", "1777658", "https://bitwisebeats.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 23:30:56", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:28:51", "1777656", "https://beta.betway071.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 23:30:56", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:27:20", "1777653", "https://acheiverssurest.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 23:30:56", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:18:32", "1777648", "http://verifyhumanbot.com/7z.dll", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:18:13", "1777647", "http://verifyhumanbot.com/7z.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:17:54", "1777646", "http://verifyhumanbot.com/lin.7z", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Password - ilil,payload,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:17:16", "1777644", "http://verifyhumanbot.com/gggs.7z", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "ClickFix,Password - ilil,payload,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:14:47", "1777643", "http://verifyhumanbot.com/dev.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:13:03", "1777642", "https://verifyhumanbot.com/ver", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:11:49", "1777639", "https://hammamessaouira.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-28 00:00:59", "100", "False", "", "ClickFix,Zillow", "0", "HuntYethHounds"
"2026-03-27 22:04:59", "1777634", "https://opsmiskop.com", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 22:04:09", "1777632", "https://oneconsultant.co.uk/wp-blog-footer.php?page=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-03-27 23:30:56", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 22:03:06", "1777631", "https://vdscfvgdfggg.com/totoalla.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 21:57:10", "1777626", "https://misskoslof.com", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 21:56:13", "1777624", "https://posturecarechair.com.au/wp-blog-footer.php?page=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-03-27 23:30:56", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 21:53:17", "1777621", "https://djasdajnsdnjgjg.com/sdfgbbb.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds"
"2026-03-27 21:50:35", "1777620", "http://83.142.209.192", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/de6aa3a1a821b8a321bcbebf0a467166f5433ca2e3c1e50a7d11bcf9663aa09b/", "stealc", "0", "abuse_ch"
"2026-03-27 21:24:18", "1777606", "http://ksidj.wearecharlie.fun/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777601", "https://pn2.skfilmsint.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777602", "https://pn1.skfilmsint.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777603", "https://gre.syslicense.net/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777604", "https://gre.ssffaa4.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:24:17", "1777605", "http://fefeo.iknowthat.space/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 21:11:49", "1777598", "https://victubp.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/57d23d43341a9a717d72fbdd5a58db44e39290f045882582f1c2bebb034a9588/", "lumma", "0", "abuse_ch"
"2026-03-27 21:07:08", "1777596", "https://check.first-node.rocks/api/script.js?t=bu_0f9a746f42b7be2fc27c12dfc363", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:07:22", "100", "False", "", "Fake Update", "0", "HuntYethHounds"
"2026-03-27 21:06:31", "1777595", "https://check.first-node.rocks/api/config/bu_0f9a746f42b7be2fc27c12dfc363", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Update", "0", "HuntYethHounds"
"2026-03-27 21:06:11", "1777594", "https://check.first-node.rocks", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Update", "0", "HuntYethHounds"
"2026-03-27 20:40:30", "1777587", "https://rariascientificinstrument.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:31:01", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:39:27", "1777584", "https://rameshminitaj.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:31:00", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:34:14", "1777581", "https://www.dfopetroleum.com/bins/XKUTXYLW.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 20:30:55", "1777580", "https://www.dfopetroleum.com/bins/buin.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:29:29", "1777579", "https://testio.ecartdev.com/bewhqdvaggutiywcmd", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:29:02", "1777578", "https://testio.ecartdev.com/assets/landings/cloudflare2/js/clipboard.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:28:41", "1777577", "https://testio.ecartdev.com/assets/landings/cloudflare2/js/loader.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:22:15", "1777571", "http://85.239.144.185:6600/tqnqpbti/ZVBSTKWT.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:19:08", "1777568", "https://podarokkodny27.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:31:00", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:16:34", "1777565", "https://pathwaysseminars.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:31:00", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:15:12", "1777563", "https://ournameismama.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:59", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:14:06", "1777560", "https://omgmarites.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:59", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:10:21", "1777558", "https://openclaw-ai.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:59", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 20:08:44", "1777556", "https://nobelvista.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:58", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:07:20", "1777554", "https://nineseasdecor.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:58", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:05:51", "1777551", "https://nikkytech.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:58", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:04:55", "1777549", "https://naya.leetodev.me", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:57", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:03:42", "1777547", "https://mentalhelpafrica.org", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:57", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:01:49", "1777545", "https://mark-gwinner.de", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:57", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 20:00:23", "1777542", "https://losangelesdailynews.net", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:56", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:58:18", "1777539", "https://littleblossom.shop", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:55", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:56:36", "1777538", "https://lakshmienterprisesscaffolding.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:56", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:52:17", "1777535", "https://jbpublish.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:56", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:50:31", "1777533", "https://intezar.shop", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:55", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:48:49", "1777530", "https://halllahbol.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:54", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:46:30", "1777528", "https://gourdornaments.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 21:30:55", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:45:29", "1777526", "https://golscorp.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-28 18:00:24", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:44:06", "1777524", "https://goldbuckletravel.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:43:14", "1777521", "https://gerard.johnquery.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:41:47", "1777519", "https://estimapro.io", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:40:06", "1777517", "https://carlosenriqueflores.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:36:56", "1777514", "https://bongoshilposociety.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 19:35:07", "1777512", "https://frozen-bites.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,WebDav", "0", "HuntYethHounds"
"2026-03-27 18:17:07", "1777487", "https://t.me/zididf", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-03-27 21:24:16", "75", "False", "https://bazaar.abuse.ch/sample/727a5adad5f1e298c5aaff0503cd445b93f20d09de08313dd51c072a58ccccc9/", "vidar", "0", "abuse_ch"
"2026-03-27 18:03:05", "1777481", "http://147.45.47.215", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260327-tkg8esdt3m", "C2,stealc,stealer,triage", "0", "DonPasci"
"2026-03-27 17:09:28", "1777450", "https://siteamnsserv.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-27 16:28:43", "1777434", "https://api.api-calculatorscore.com/m/7d8df27d95d9", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "InfinitiStealer,macOS", "0", "HuntYethHounds"
"2026-03-27 16:09:57", "1777427", "https://venom-stealer.com/m/7d8df27d95d9", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "InfinitiStealer,macOS", "0", "HuntYethHounds"
"2026-03-27 16:08:34", "1777426", "https://vault-cracker.com/m/7d8df27d95d9", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 16:26:13", "100", "False", "", "InfinitiStealer,macOS", "0", "HuntYethHounds"
"2026-03-27 16:06:42", "1777424", "https://ivermecstar.zip/m/7d8df27d95d9", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 16:13:25", "100", "False", "", "InfinitiStealer,macOS", "0", "HuntYethHounds"
"2026-03-27 15:36:25", "1777413", "https://78.47.162.8", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/94af2ec26b6c5755bfafbcd037e768e7d398ee8c1c6828cdfd010f72a941d85f/", "vidar", "0", "abuse_ch"
"2026-03-27 15:00:48", "1777399", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/split.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 15:00:09", "1777397", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/monkey.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:59:24", "1777396", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/gatsby.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:58:26", "1777395", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/Toshi2.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:57:30", "1777394", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/Sinobu.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:55:34", "1777392", "https://github.com/babka98/horinis/blob/main/split.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:54:33", "1777391", "https://github.com/babka98/horinis/blob/main/monkey.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:54:09", "1777390", "https://github.com/babka98/horinis/blob/main/gatsby.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:53:43", "1777389", "https://github.com/babka98/horinis/blob/main/Toshi2.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:53:17", "1777388", "https://github.com/babka98/horinis/blob/main/Sinobu.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:50:46", "1777386", "https://raw.githubusercontent.com/babka98/horinis/refs/heads/main/lykis.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 14:50:03", "1777385", "https://cloud-verif.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-27 15:30:25", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 14:37:03", "1777369", "https://clou-dprotect.com/tthlpznvilfquair", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 14:34:57", "1777368", "https://clou-dprotect.com/xjfsquefosciebdh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 14:28:01", "1777365", "https://vsbnsbootstrup.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-27 14:27:02", "1777363", "https://sdnssmdf-js.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-27 14:26:05", "1777361", "https://teamcss.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
"2026-03-27 14:02:40", "1777322", "https://qlorexa.top/private/admin-serializer.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-27 13:25:21", "100", "True", "https://infosec.exchange/@monitorsg/116301306756494257", "SmartApeSG", "0", "monitorsg"
"2026-03-27 14:02:38", "1777325", "https://qlorexa.top/private/endpoint-build.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-27 13:25:37", "100", "True", "https://infosec.exchange/@monitorsg/116301306756494257", "SmartApeSG", "0", "monitorsg"
"2026-03-27 14:02:38", "1777326", "https://polnexas.com/jj/pop", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-27 13:25:51", "100", "True", "https://infosec.exchange/@monitorsg/116301306756494257", "SmartApeSG", "0", "monitorsg"
"2026-03-27 13:40:27", "1777348", "http://safeguardname.com/curl/9a52db44298bf340278cc92a39fb0443161d187daaf69415463db3ac8e6d54c3", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,macOS", "0", "HuntYethHounds"
"2026-03-27 13:38:59", "1777346", "http://validmortgage.com/curl/9a52db44298bf340278cc92a39fb0443161d187daaf69415463db3ac8e6d54c3", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,macOS", "0", "HuntYethHounds"
"2026-03-27 13:36:26", "1777343", "https://hello-brothers777.com/debug/loader.sh?build=1cac736cdcf77d8c5e9e4f89b331f2db", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,macOS", "0", "HuntYethHounds"
"2026-03-27 13:27:18", "1777340", "https://automaticdrafts.com/mao_czin.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 13:26:51", "1777339", "https://automaticdrafts.com/loader.ps1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 13:26:08", "1777336", "https://automaticdrafts.com//get.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 13:25:03", "1777335", "https://newdomainsg.icu/cloude1.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds"
"2026-03-27 13:24:30", "1777334", "https://newdomainsg.icu/loader.ps1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 13:17:45", "1777330", "https://bil.ssffaa4.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 13:17:44", "1777329", "https://bil.syslicense.net/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-03-27 13:12:43", "1777327", "https://newdomainsg.icu//get.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 13:11:40", "1777321", "https://cloudfflareg.com/verify.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds"
"2026-03-27 12:42:39", "1777313", "https://t.me/dizajdi", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-03-27 21:24:16", "75", "False", "https://bazaar.abuse.ch/sample/c5ba01490fc242514ff588e060b79b1afbad2fb5afa8b5bcd5c7d61b65ca35c2/", "vidar", "0", "abuse_ch"
"2026-03-27 12:36:42", "1777311", "https://checkaws.net/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds"
# Number of entries: 255