################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2026-04-27 17:17:35 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-04-27 17:17:35", "1801167", "https://rpa.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 20:16:48", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 17:17:26", "1801165", "https://rpa.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 20:16:39", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 16:01:59", "1801124", "http://92.63.102.121/Lowbase.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 16:01:24", "1801123", "http://cc011590.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 15:38:45", "1801103", "https://v-panel.buzz/auth/login?ddosprotected=1", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "c2,vidar", "0", "Kenas" "2026-04-27 15:15:09", "1801099", "https://homeecosavingsideas.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:09", "1801082", "https://bookshelfculture.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:09", "1801083", "https://icebath.org.il/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:09", "1801084", "https://petloverspalace.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:08", "1801080", "https://bayviewgourmet.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:08", "1801081", "https://ecocolours.in/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:07", "1801079", "https://aspirefitnessclub.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:00:54", "1801074", "https://ser.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:05", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 14:00:40", "1801072", "https://ser.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:15", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 13:36:33", "1801057", "https://linked-on.com/leyts.php?Npier=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:32", "1801059", "https://mtg-life.net/95126aeb-4120-56b1-8c9e-63fdf0c0b6f9/scr7", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:29:06", "1801021", "https://sigmatauethifarma.com/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801023", "https://sigmatauethifarma.com/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801024", "https://sigmatauethifarma.com/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:23", "1801001", "https://bcaccount.co.th/?u=fwjxxjdhc4fkhntp263ah3a", "url", "payload_delivery", "win.emmenhtal", "IDATDropper,PEAKLIGHT", "Emmenhtal", "", "50", "True", "None", "html-smuggling,spamtrap", "0", "jahlives" "2026-04-27 13:28:10", "1801025", "https://sigmatauethifarma.com/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:09", "1801026", "https://cj06y9v4xab.com/d", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:15:17", "1801049", "https://linkinsightnews.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801045", "https://thelifestyleelf.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801046", "https://bridgeportnews.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801047", "https://sullivancounty.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801048", "https://burchcom.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801042", "https://accelhost.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801043", "https://earthvillageeducation.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801044", "https://remodelingmagazine.co/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801039", "https://nutleyrealestatehomes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801040", "https://feelgoodanyway.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801041", "https://pouronprince.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801035", "https://legalnewsletter.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801036", "https://thedirtdoctors.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801037", "https://new-era-homes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801038", "https://mytravelbackpack.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801032", "https://growhealthyvending.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801033", "https://healthadvicenow.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801034", "https://homeinspectorpotomac.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801029", "https://jrubyconf.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801030", "https://claremontportside.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801031", "https://familyreading.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 11:27:17", "1800987", "http://94.156.155.42", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/2cd3507909391d0a8cbea8300ffc5d77805a3f475e9991c43a105913095725ae/", "stealc", "0", "abuse_ch" "2026-04-27 11:15:08", "1800982", "https://juactive.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 09:18:28", "1800942", "https://vek.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:22:08", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:15", "1800940", "https://vek.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:51", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 08:26:48", "1800909", "https://136.243.87.132/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800910", "https://136.243.87.128/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800911", "https://136.243.87.139/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800912", "https://136.243.87.141/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800913", "https://136.243.87.133/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800914", "https://136.243.87.138/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800905", "https://136.243.87.134/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800906", "https://136.243.87.129/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800907", "https://136.243.87.131/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800908", "https://136.243.87.140/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800882", "https://gon.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800883", "https://psy.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800884", "https://178.104.213.150/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800885", "https://74.0.42.54/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800879", "https://bom.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800880", "https://bca.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800881", "https://tsc.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:22", "1800878", "https://steamcommunity.com/profiles/76561198709529056", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:52:17", "1800876", "https://pillow.riverbridge.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:52:07", "1800875", "https://bbs.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:41", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 06:22:33", "1800856", "https://packetswitchings.com.ng/wp-blog-footer.php?data=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:21:41", "1800854", "https://packetswitchings.com.ng/wp-blog-footer.php?fp=1", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:12:23", "1800848", "https://mdasnmitrot.com/ooaoll.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:11:36", "1800846", "https://marketsnows.com/9cG0Kh", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:05:27", "1800839", "https://awesomeisojs.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 06:04:17", "1800836", "https://ns-claude-js.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 04:43:14", "1800662", "http://196.199.55.26:7777/b367c5ea.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 04:42:02", "1800659", "http://kingspy.dynv6.net:797/Vre", "url", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "False", "None", "Vjw0rm", "0", "abuse_ch" "2026-04-26 21:01:03", "1800556", "https://bbs.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:31", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 19:14:36", "1800523", "http://91.92.242.236/oPvjr94jfe/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "None", "amadey,AS202412,Omegatech LTD", "0", "antiphishorg" "2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 20:16:30", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800507", "https://t.me/periotival", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:23", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800508", "https://telegram.me/b8bz11", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:22", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:11:31", "1800110", "https://nxbrew.me/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "False", "https://app.any.run/tasks/6d1ebc90-3f8e-4320-9471-15fa92f5fdb6", "RenPyLoader,Vidar", "0", "rifteyy" "2026-04-26 18:11:30", "1800165", "http://62.60.226.159/xvzpjyddlu/login.php", "url", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "", "100", "False", "None", "AS214351,FEMO IT SOLUTIONS LIMITED,tinyloader", "0", "antiphishorg" "2026-04-26 18:11:13", "1800359", "http://199.68.217.18:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS979,NetLab Global,supershell", "0", "antiphishorg" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-27 20:19:54", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-26 18:10:21", "1800502", "https://tabbysbakescodes.ws/mnlinmwv/insirs.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:10:20", "1800501", "https://tommysbakescodes.ws/mnlinmwv/insris.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:01:03", "1800492", "https://bom.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 20:13:57", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 15:42:58", "1800467", "https://ntsnsdns.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 13:01:02", "1800413", "https://bca.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 11:39:32", "1800395", "https://scalarview.shop/t.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:35:34", "1800393", "https://scalarview.shop/ext.0ff2555835d3.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:35:09", "1800392", "https://scalarview.shop/ext-b.58316c304236.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:33:55", "1800391", "https://scalarview.shop/t.188cfd3975db.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:12:37", "1800382", "https://ra7tel.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-26 10:29:39", "1800370", "http://pixeldrain.com/api/file/HDAhDKwK", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 10:28:38", "1800369", "https://pixeldrain.com/api/file/FQiVU7kw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:28:11", "1800368", "https://updatedata.us/msoft/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:27:10", "1800367", "https://pixeldrain.com/api/file/Xb8wt515", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:26:48", "1800366", "https://updatedata.us/cloud/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:25:26", "1800365", "https://updatedata.us/acrobat/windows/adobe.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 09:59:05", "1800358", "https://livemeetinggatgoogllemeet.top/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:58:42", "1800357", "https://livemeetinggatgoogllemeet.top/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:55:02", "1800354", "https://googlemetingninviit.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:54:39", "1800353", "https://googlemetingninviit.click/meet/567/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:44:00", "1800349", "https://googlemeet.meeting-live.site/update/GoogleMeetInstaller.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:31", "1800348", "https://meeting-live.site/googlemeet/process.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:04", "1800347", "https://meeting-live.site/googlemeet/update.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:42:40", "1800346", "https://meeting-live.site/googlemeet/meeting.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:47", "1800344", "https://googlemeeettinvitee.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-26 09:39:07", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:26", "1800343", "https://googlemeeettinvitee.click/meet/567/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:16", "1800341", "https://gooogglemeets.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:01", "1800340", "https://gooogglemeets.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:17", "1800337", "https://goooggle.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:04", "1800336", "https://goooggle.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:27:51", "1800334", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/install-guide.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:27:02", "1800333", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:25:17", "1800331", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/ms-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:57", "1800330", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:24", "1800328", "https://quantumsignaturecertificationgatewayhub.top/D/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:00", "1800327", "https://quantumsignaturecertificationgatewayhub.top/D/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:23:36", "1800326", "https://quantumsignaturecertificationgatewayhub.top/12/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:22:55", "1800324", "https://quantumsignaturecertificationgatewayhub.top/12/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:16:39", "1800322", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:16:07", "1800321", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 00:31:03", "1800208", "https://tsc.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-25 21:44:27", "1800175", "https://pulsegraph.xyz/t.188cfd3975db.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:43:41", "1800174", "https://pulsegraph.xyz/ext.0ff2555835d3.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:43:11", "1800173", "https://pulsegraph.xyz/ext-b.58316c304236.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:42:18", "1800171", "https://pulsegraph.xyz/t.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-25 21:33:38", "1800168", "https://connectweb.chat/Secure.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 21:33:09", "1800167", "https://connectweb.chat/verify.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-25 21:08:07", "1800161", "https://quilborne.org/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:07:50", "1800160", "https://quilborne.org/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:07:22", "1800159", "https://quilborne.org/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 21:06:55", "1800158", "https://quilborne.org/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "", "ClickFix,KongTuke", "0", "HuntYethHounds" "2026-04-25 20:47:17", "1800152", "https://ivangay.bond/log.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:46:30", "1800150", "https://ivangay.bond/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:45:57", "1800149", "https://ivangay.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-25 20:41:38", "1800147", "https://quickbase-assist.com/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:41:00", "1800146", "https://quickbase-assist.com/Windows/viewpdf.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:40:19", "1800145", "https://quickbase-assist.com/Windows/statement.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,SSA", "0", "HuntYethHounds" "2026-04-25 20:36:33", "1800142", "http://zoommcall.com/Windows/install-guide.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:36:04", "1800141", "http://zoommcall.com/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:35:20", "1800140", "http://zoommcall.com/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:34:19", "1800139", "https://zoommcall.com/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:32:43", "1800136", "http://pixeldrain.com/api/file/TV7mrYpe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:31:53", "1800135", "https://zoomlive.us/Windows/ZoomWorkspace.bat", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:30:58", "1800134", "https://zoomlive.us/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-25 20:27:42", "1800132", "https://meetingisliveatgooglemeett.top/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-25 20:27:12", "1800131", "https://meetingisliveatgooglemeett.top/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-25 20:21:17", "1800128", "https://www.docusign.my.googlejoininvite.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-25 20:20:23", "1800126", "https://www.docusign.my.googlejoininvite.click/e-sign.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" # Number of entries: 152