################################################################ # ThreatFox IOCs: recent domains - CSV format # # Last updated: 2026-04-16 17:38:59 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-04-16 17:38:59", "1792884", "b1rd-panel.lix7morav.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:39:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 17:33:04", "1792883", "fix7-cast.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:34:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 17:27:47", "1792882", "wrwr.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:29:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 17:22:14", "1792879", "targetpasture.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:22:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 17:16:27", "1792878", "keltide4al.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:17:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 17:10:56", "1792866", "tnkjrebh.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:14:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 17:05:07", "1792865", "spli1-watch.zex3piral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:05:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:59:20", "1792864", "bran-build.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 17:01:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:54:10", "1792863", "afrqcy.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:56:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:48:28", "1792862", "ravenpalet.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:48:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:42:34", "1792861", "3776.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:44:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:37:19", "1792860", "genomecomp.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:39:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:31:27", "1792859", "meta-w1ld.concent-shelm.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:33:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:25:39", "1792858", "hidd3n-spark.barankad1sin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:29:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:14:53", "1792855", "assetinvoice.barankad1sin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:15:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:14:48", "1792854", "pir.shurimaster.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 17:16:58", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 16:14:40", "1792852", "pir.blogdospesados.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 17:16:50", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 16:13:58", "1792850", "pir.rapidphonebuyer.co.uk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 17:15:49", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-16 16:09:16", "1792848", "pwlmc.barankad1sin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:14:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 16:03:36", "1792847", "sgwua7.barankad1sin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 16:06:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 15:57:40", "1792846", "s7sb939.barankad1sin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:59:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:52:04", "1792845", "go1d-leaf.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:53:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:46:46", "1792844", "form-plate.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:48:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:40:46", "1792843", "ysrykt.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:45:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:35:22", "1792842", "handlerspool.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:36:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:27:50", "1792840", "dcfn606z.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:29:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:22:28", "1792839", "gran7-lab.inept-tail.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:24:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:16:42", "1792838", "oblg.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:19:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:10:47", "1792837", "nszftsfl.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:13:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 15:05:03", "1792836", "r0uter-sheet.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:07:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:59:53", "1792835", "dyn-markix.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 15:01:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:53:55", "1792833", "zenforgeos2.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:54:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:48:42", "1792831", "glyph-prai.dish2rhumane.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:51:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:42:55", "1792830", "fjzpcljo.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:45:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:37:04", "1792829", "oxrv.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:39:25", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 14:36:55", "1792828", "labelectechnology.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-16 14:31:30", "1792826", "arkmesh0ar.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:34:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:26:05", "1792825", "solvaleet3.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:30:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:20:18", "1792824", "samplehidden.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:20:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 14:14:45", "1792823", "skbeju.agrotekh-home.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:17:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 14:09:07", "1792822", "28lk.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:11:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 14:03:26", "1792821", "st0r3-scope.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 14:06:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:57:49", "1792819", "l0qq.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:58:02", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 13:52:28", "1792812", "ucelrko.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:55:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:52:10", "1792811", "uukk.wec512.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/500f2453771722611010edab168211ad9eca0c0bf97936453855e8638e6d73fd/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-16 13:49:37", "1792808", "fan.biolinks.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-16 13:49:37", "1792809", "wsh.biolinks.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-16 13:47:06", "1792804", "d4wn-hinge.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:49:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:41:11", "1792800", "lettedust.wei8htunconq.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:43:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:35:46", "1792793", "quorvaleis.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:38:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:32:31", "1792789", "bestspend.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044765712481239082", "Mirax", "0", "abuse_ch" "2026-04-16 13:32:31", "1792790", "descarga-smtr.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044765712481239082", "Mirax", "0", "abuse_ch" "2026-04-16 13:32:31", "1792791", "es-descarga-app.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044765712481239082", "Mirax", "0", "abuse_ch" "2026-04-16 13:32:31", "1792792", "maxtwight.info", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044765712481239082", "Mirax", "0", "abuse_ch" "2026-04-16 13:29:53", "1792788", "y3acxztp.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:32:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:24:07", "1792787", "servaleon.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:27:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:18:39", "1792786", "tran5it-array.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:18:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 13:13:48", "1792785", "61rplpi.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:13:57", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 13:07:27", "1792784", "ser-coreen.cloth-guipure.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:10:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 13:01:59", "1792783", "geo-r3por.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:05:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:56:09", "1792780", "tinloos.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 13:00:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:51:27", "1792779", "www.oluwasurreloggzbackup3.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/", "remcos", "0", "abuse_ch" "2026-04-16 12:51:23", "1792778", "www.oluwasurreloggzbackup2.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/", "remcos", "0", "abuse_ch" "2026-04-16 12:51:17", "1792777", "www.oluwasurreloggzbackup1.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/", "remcos", "0", "abuse_ch" "2026-04-16 12:51:13", "1792776", "www.oluwasurreloggz.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/", "remcos", "0", "abuse_ch" "2026-04-16 12:50:44", "1792775", "ueuwt.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:55:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:44:49", "1792774", "bytecolum.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:48:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:39:38", "1792773", "vorven3um.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:39:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:37:28", "1792739", "crypta-wave.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-16 12:08:55", "100", "True", "https://infosec.exchange/@monitorsg/116414303892382227", "SmartApeSG", "0", "monitorsg" "2026-04-16 12:33:44", "1792772", "wild-snaps.lessonp7oceed.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:36:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:28:12", "1792771", "deploy2-vector.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:30:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:22:56", "1792770", "easgold.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:27:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:20:56", "1792769", "w5okah58.ebensen-timent.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:20:54", "1792768", "tw1f5ruc.ebensen-timent.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:22:53", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-16 12:16:59", "1792767", "frkoakq.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:19:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 12:14:52", "1792762", "ukrvarta.online", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:14:52", "1792763", "ukrdopomoga.space", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:14:52", "1792764", "he335f2d353d.publicvm.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:14:52", "1792765", "dsszzi.linkpc.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:14:52", "1792766", "edbo.work.gd", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:11:10", "1792746", "kern-zone.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:13:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 12:10:11", "1792745", "nazk.linkpc.net", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://cert.gov.ua/article/6288271", "AgingFly,APT,geo,UKR", "0", "abuse_ch" "2026-04-16 12:05:41", "1792737", "workerwar.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:07:47", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 12:00:26", "1792736", "18qr.amygdala-fugue.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 12:02:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:54:26", "1792735", "snapshotcrawler.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:57:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:49:03", "1792734", "runvv4y4-reach.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:50:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:44:25", "1792713", "friendlydomain.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/a365d025-2c6f-4ead-b419-e1285fcfcaae", "WeedHack", "0", "burger" "2026-04-16 11:44:19", "1792732", "rapidinc.lol", "domain", "botnet_cc", "win.rapid_stealer", "None", "RapidStealer", "", "100", "False", "https://app.any.run/tasks/3d1280a9-8ba1-4f2e-aab9-213bb9639197", "c2,RapidStealer", "0", "burger" "2026-04-16 11:43:07", "1792733", "buffer4-port.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:46:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:37:47", "1792729", "decoderill.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:40:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:32:22", "1792728", "4cnluiv.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:34:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:26:24", "1792727", "arkspireor.burrowkislyat.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:28:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:16:20", "1792719", "gusto.brothbridge.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 17:17:15", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch" "2026-04-16 11:16:05", "1792717", "tth.shurimaster.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 15:14:20", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 11:15:55", "1792715", "tth.blogdospesados.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 15:14:15", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-16 11:10:36", "1792711", "doome.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:13:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 11:05:50", "1792710", "work-done6.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:08:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:59:58", "1792709", "heavy-pack5.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 11:03:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 10:59:09", "1792702", "solid-base6.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:36:32", "100", "False", "None", "16April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-16 10:54:07", "1792706", "short-word4.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:57:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:48:45", "1792705", "sticky-note3.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:52:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:43:27", "1792704", "direct-send2.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:46:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 10:37:24", "1792703", "express-mail1.crazy-talk.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:41:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:26:24", "1792701", "rain-drop5.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:27:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:20:30", "1792700", "deep-well4.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:23:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:15:27", "1792699", "river-flow3.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:18:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:09:21", "1792698", "ocean-blue2.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:13:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 10:03:46", "1792697", "clear-water1.overgr0wnsaval.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 10:08:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 09:58:30", "1792696", "group-join6.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:59:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:52:53", "1792695", "brief-meet5.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:54:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:47:10", "1792694", "simple-form4.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:48:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:42:38", "1792684", "ismemcs.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792685", "moma-cdn.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792686", "pakistanpower.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792687", "pakpower.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792688", "pakserver.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792689", "pkenergy.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792690", "pkfileserver.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792691", "pkserver.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792692", "psca-gop.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:42:38", "1792693", "energy.pakpower.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/500mk500/status/2044440829859643849", "APT,Patchwork", "0", "abuse_ch" "2026-04-16 09:41:16", "1792683", "phone-call3.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:42:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:35:41", "1792681", "senior-staff2.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:30:07", "1792680", "small-team1.aim-national.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:34:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:24:40", "1792679", "brand-mark6.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:28:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:19:10", "1792678", "quick-cash5.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:24:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:13:20", "1792677", "info-desk4.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:18:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 09:07:43", "1792676", "empty-cart3.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:09:16", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 09:02:13", "1792675", "summer-sale2.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:02:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:56:35", "1792674", "fresh-food1.guy5mist.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 09:00:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:51:16", "1792673", "active-job6.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:55:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:48:06", "1792669", "daily-bonus2.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:33:37", "100", "False", "None", "16April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-16 08:45:17", "1792672", "short-plan5.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:45:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 08:39:48", "1792671", "promo-card4.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:40:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:34:04", "1792670", "extra-coin3.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:34:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 08:23:09", "1792668", "lucky-gift1.empirical-tuna.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:25:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:17:06", "1792667", "front-gate6.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:22:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:11:41", "1792666", "user-profile5.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:15:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:06:47", "1792665", "full-table4.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:10:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 08:01:08", "1792664", "prime-list3.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 08:01:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 07:54:49", "1792663", "smart-point2.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:56:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:49:14", "1792662", "best-choice1.benomkin5.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:50:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:43:45", "1792661", "open-source6.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:45:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:37:48", "1792659", "travel-blog5.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:42:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:32:24", "1792658", "small-map4.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:34:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:27:00", "1792657", "latest-news3.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:27:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:23:48", "1792655", "bootstrup-cdn-ns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:22:57", "1792653", "fontawesome-js-cdn.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:22:06", "1792651", "bbdsnssserver.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:21:26", "1792649", "scenic-spot2.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:24:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:21:13", "1792648", "lsnsdns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:20:19", "1792646", "fijscdn.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:19:24", "1792644", "bilfojsclod.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:16:26", "1792640", "bigbadwolf.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-16 07:15:58", "1792639", "urban-vision1.acidity-inflame.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:20:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:10:08", "1792638", "global-site6.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:10:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 07:04:41", "1792637", "main-street5.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 07:08:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:58:47", "1792636", "total-summary4.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:59:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:53:19", "1792635", "local-office3.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:57:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:47:51", "1792632", "large-parcel2.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:49:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:41:55", "1792629", "order-status1.rol1erspeeding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:44:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:36:14", "1792628", "home-section6.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:39:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:30:55", "1792627", "public-help5.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:33:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:25:30", "1792626", "item-details4.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:27:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:19:39", "1792625", "media-gallery3.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:22:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:14:01", "1792610", "guest-portal2.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:16:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:09:35", "1792601", "whtempdomain.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-04-16 06:08:36", "1792609", "central-market1.domna-replenish.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:09:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 06:02:37", "1792600", "street-view6.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 06:04:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:57:15", "1792599", "good-luck5.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:58:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:51:22", "1792597", "sunny-day4.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:53:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:45:45", "1792594", "bright-sun3.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:47:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:40:57", "1792593", "ooo.websitearaxa.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756/", "Vidar", "0", "abuse_ch" "2026-04-16 05:40:29", "1792591", "health-care2.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:42:26", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 05:34:32", "1792588", "sweet-home1.kro2vilen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:37:02", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 05:29:12", "1792587", "work-done6.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:31:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:23:48", "1792586", "heavy-pack5.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:26:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:21:59", "1792469", "dl.armour-inc-down.net", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "", "Vidar", "0", "tcains1" "2026-04-16 05:21:58", "1792466", "flagbrother.uk", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/9f9c4d0f6644abe7500325d2e387ff606a1d72f8d033bc164f984deee92d7d65/", "c2,FlagStealer", "0", "burger" "2026-04-16 05:21:57", "1792426", "google-meet-live.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "False", "", "Fake Google Meet", "0", "varysz" "2026-04-16 05:21:50", "1792317", "rave3-layer.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:50:10", "100", "False", "None", "15April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-16 05:21:49", "1792316", "servena.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:45:23", "100", "False", "None", "15April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-16 05:17:39", "1792585", "short-word4.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:20:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 05:12:14", "1792584", "sticky-note3.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:14:27", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 05:06:32", "1792583", "direct-send2.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:08:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 05:00:50", "1792582", "express-mail1.tix9larem.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 05:03:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:55:20", "1792581", "solid-base6.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:58:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:50:05", "1792580", "rain-drop5.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:52:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:44:01", "1792578", "deep-well4.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:46:20", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 04:38:48", "1792577", "river-flow3.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:40:37", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 04:32:47", "1792576", "ocean-blue2.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:34:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:27:51", "1792575", "clear-water1.bex1lorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:30:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:21:41", "1792573", "group-join6.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:24:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 04:16:22", "1792563", "brief-meet5.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:18:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:10:52", "1792555", "simple-form4.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:12:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 04:04:55", "1792554", "phone-call3.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 04:09:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:59:18", "1792553", "senior-staff2.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:59:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:53:50", "1792552", "small-team1.dax6porel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:57:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:48:00", "1792551", "brand-mark6.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:51:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:42:28", "1792550", "quick-cash5.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:45:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:37:12", "1792549", "info-desk4.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:40:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:31:06", "1792548", "empty-cart3.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:34:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:25:44", "1792547", "summer-sale2.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:29:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:20:08", "1792546", "fresh-food1.pyn9sorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:22:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:14:34", "1792545", "active-job6.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:17:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:08:38", "1792544", "short-plan5.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:11:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 03:03:23", "1792543", "promo-card4.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 03:05:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:57:49", "1792541", "extra-coin3.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:59:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:56:15", "1792539", "klaus-schmitt.net", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-16 02:52:18", "1792535", "daily-bonus2.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:55:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:46:20", "1792534", "lucky-gift1.wex4tiral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:48:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:43:47", "1792533", "cdn2.raqeeb.dev", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-16 16:43:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:43:39", "1792532", "bxx2rghe05kng.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-16 16:43:19", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-16 02:40:52", "1792531", "front-gate6.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:43:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:35:33", "1792530", "user-profile5.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:40:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:30:03", "1792529", "full-table4.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:32:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:23:55", "1792528", "prime-list3.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:26:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:18:34", "1792527", "smart-point2.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:19:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:13:05", "1792526", "best-choice1.tix7marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:15:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:07:01", "1792525", "open-source6.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:10:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 02:01:34", "1792524", "travel-blog5.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 02:04:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:56:05", "1792523", "small-map4.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:56:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:50:28", "1792522", "latest-news3.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:52:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:44:51", "1792521", "scenic-spot2.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:47:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:39:11", "1792520", "urban-vision1.vyr3solen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:41:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 01:33:53", "1792519", "global-site6.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:36:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:28:48", "1792518", "main-street5.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:30:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:22:11", "1792517", "total-summary4.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:27:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:16:49", "1792516", "local-office3.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:19:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 01:10:59", "1792515", "large-parcel2.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:13:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 01:05:44", "1792514", "order-status1.lax8dorim.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:10:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:59:46", "1792513", "home-section6.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 01:01:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:54:35", "1792511", "public-help5.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:56:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:48:29", "1792510", "item-details4.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:50:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 00:43:24", "1792509", "media-gallery3.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:45:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:37:20", "1792508", "guest-portal2.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:39:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 00:32:13", "1792507", "central-market1.zom5pirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:32:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:26:11", "1792506", "tri-fluxon.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:28:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:20:40", "1792505", "authsnapshot.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:21:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-16 00:14:48", "1792504", "gutyx.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:17:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:09:33", "1792503", "87phs.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:12:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-16 00:04:13", "1792502", "vscoj.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:06:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:58:15", "1792501", "11q31v.invert-manner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-16 00:00:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:52:35", "1792500", "p14sm-grid.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:54:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:47:07", "1792499", "9adl.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:48:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:41:10", "1792498", "specapi.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:43:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:35:56", "1792497", "b1oo9-hold.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:38:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:30:24", "1792496", "ovumpg.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:32:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:24:28", "1792495", "iijbe.racersta7ving.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:26:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:18:55", "1792494", "npmx.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:20:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:13:25", "1792493", "sol-tidea.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:15:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:07:50", "1792492", "fbhi02d.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:10:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 23:02:15", "1792491", "queu-crest.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 23:03:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:56:32", "1792490", "4cti-pulse.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:58:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:50:52", "1792484", "povv3r3-sheet.photot-sudok.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:52:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:45:24", "1792483", "74vjq.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:47:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:39:38", "1792482", "rqwhul1.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:41:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 22:34:28", "1792481", "ridgetempo.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:35:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:28:46", "1792480", "solcorea8.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:30:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:22:41", "1792479", "op3n-cast.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:24:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:17:11", "1792478", "hfjivor0.go0duntenable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:20:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:11:36", "1792477", "ser-lineor.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:14:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:06:24", "1792474", "xuymf0.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:06:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 22:00:45", "1792473", "tshev.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 22:02:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:54:40", "1792472", "312pl.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:56:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:49:01", "1792471", "f1nal-wave.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:50:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:43:26", "1792470", "zzx2x3.quant-splashes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:46:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:37:55", "1792468", "servenum7.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:42:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:32:19", "1792467", "notifycrystal.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:34:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:26:51", "1792465", "zenvale0um.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:28:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:21:07", "1792464", "5and-stack.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:21:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:15:39", "1792463", "talcore4is.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:18:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:10:01", "1792429", "ejwrfoig.marinmort8ager.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:12:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 21:04:27", "1792428", "mpjim.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:06:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:58:53", "1792427", "driftvoic.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 21:01:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:53:18", "1792425", "m0ti9-route.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:55:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:47:45", "1792424", "civi1-flow.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:49:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:43:32", "1792423", "un1oad-sync.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:44:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 20:37:08", "1792421", "eydfdx4.parchm-susyuka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:41:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 20:30:43", "1792420", "mer-crestal.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:32:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:25:26", "1792417", "oassyn.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:27:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:19:31", "1792416", "brave-sens.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:21:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:16:13", "1792415", "bgo.sequareeus.online", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:36", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-15 20:16:03", "1792413", "bgo.biolinks.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:36", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-15 20:13:42", "1792324", "euwt.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:14:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:09:20", "1792323", "xcmw.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:09:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 20:02:55", "1792322", "glashado.imperturbs1av.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 20:05:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:57:12", "1792321", "partn4-bridge.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:59:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:51:31", "1792320", "wnokm63.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:54:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 19:38:06", "1792315", "2cpd365m.plaque5tucco.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-15 19:37:25", "1792314", "wsxrcpse.plaque5tucco.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:42:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:34:58", "1792313", "geo-dec0d.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:35:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:29:08", "1792312", "dyndraex.expect-runes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:32:02", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 19:23:24", "1792310", "69cy8114.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:26:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:17:56", "1792309", "invoicecel.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:22:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:12:19", "1792301", "nv7cx.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:16:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:06:38", "1792300", "39rd.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:11:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 19:01:17", "1792299", "hibcn.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 19:04:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:55:26", "1792298", "dispgua.factpre5ent.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:56:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:50:06", "1792297", "solmeshos.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:51:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:44:16", "1792296", "s0ck-spool.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:48:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 18:39:57", "1792294", "pub-8393efc92b0a4fd198729ebb0d6f7b67.r2.dev", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:38:45", "1792292", "duskparce.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:42:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:34:47", "1792286", "zoorning.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:33:00", "1792283", "subtcav.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:37:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:31:52", "1792280", "painel.guintter.com.br", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:27:23", "1792273", "meet.google.debacssa.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-15 18:27:22", "1792272", "unitecres.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:31:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:22:27", "1792267", "invite.fonoon.ae", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:21:45", "1792266", "planslow.qen8lorix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:26:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:18:44", "1792166", "cpch.us.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "kongtuke", "1", "tanner" "2026-04-15 18:18:34", "1792190", "telemetrydata.to", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/14118a6070f89baafd5f2aeaf2df7535a8053f99944453584f0d1efeb6501ac3/", "c2,PureHVNC", "0", "burger" "2026-04-15 18:18:28", "1792226", "z3nbyte.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-15 18:08:47", "100", "True", "https://infosec.exchange/@monitorsg/116410056030488409", "SmartApeSG", "0", "monitorsg" "2026-04-15 18:18:20", "1792261", "take.ameliaflick.xyz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:15:58", "1792260", "vel-spireex.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:18:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:10:52", "1792231", "t1ny-point.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:15:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:09:41", "1792229", "googlejoininvite.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-15 18:06:10", "1792221", "vbhgv.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Zoom", "0", "HuntYethHounds" "2026-04-15 18:05:04", "1792220", "tal-forgear.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:05:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 18:04:11", "1792217", "meetingwthgooglemeet.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-15 18:02:06", "1792214", "join-nw09web.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-15 17:59:11", "1792212", "qhbvndc7.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 18:01:16", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 17:53:33", "1792211", "2ffmg.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:56:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:48:19", "1792210", "ioncove.bri4talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:50:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:42:27", "1792209", "shallo-uni.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:45:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:36:40", "1792206", "ihrydwg.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:37:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:31:17", "1792205", "011kep.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:33:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:28:12", "1792203", "irgufhdur.space", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Amnesia Panel", "0", "HuntYethHounds" "2026-04-15 17:25:56", "1792202", "fr0st-branch.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:28:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:20:22", "1792201", "trimarket.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:22:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:16:00", "1792200", "alt.sequareeus.online", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-15 17:15:50", "1792198", "alt.biolinks.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-15 17:14:37", "1792196", "jjfcpkvh.dru6moxin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:16:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:08:46", "1792195", "tlnsb.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:11:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 17:03:00", "1792194", "lps08.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 17:05:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:57:43", "1792188", "proxyeas.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:59:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:52:19", "1792182", "h4rve5-loop.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:54:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:46:22", "1792180", "bm1rtmr.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:49:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:45:59", "1792179", "kaspar-studio.ru", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-15 16:40:44", "1792178", "xxvxsk4x.zor2laven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:43:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:35:25", "1792177", "mervaleon1.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:37:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:29:36", "1792174", "vialstr.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:34:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:24:03", "1792172", "lnrjp.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:24:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:18:27", "1792171", "par5e-array.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:20:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:12:43", "1792170", "arrayshore.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:14:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 16:07:39", "1792169", "nnid.prax9vitor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:09:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 16:01:34", "1792168", "freshstorage.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:05:37", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:57:06", "1792167", "neo-tok3.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 16:02:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:50:52", "1792165", "proto-dynam1.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:58:57", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:44:53", "1792164", "massivespectra.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:53:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:40:18", "1792163", "solnex0ex.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:47:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:34:32", "1792162", "registryfaithful.kry3qelin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:42:45", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:28:32", "1792161", "wilpol.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:39:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:23:26", "1792160", "birdout.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:36:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:17:15", "1792159", "queryguard.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:27:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:12:06", "1792158", "bay-banne.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:15:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 15:06:58", "1792157", "sercore2or.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 15:09:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:58:13", "1792156", "5ync-lab.tul7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:59:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:51:54", "1792155", "encodersensor.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:54:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:50:04", "1792153", "arrayhouse.org", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/045d995dee9b3fba080415be55c932f245582c44d70243fc3fbf0174fd3495bd/", "APT,Patchwork", "0", "abuse_ch" "2026-04-15 14:48:50", "1792152", "psca-gop.org", "domain", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/045d995dee9b3fba080415be55c932f245582c44d70243fc3fbf0174fd3495bd/", "Patchwork,RAT", "0", "abuse_ch" "2026-04-15 14:46:14", "1792151", "shiftcascade.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:48:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:41:41", "1792150", "flovv-chain.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:42:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:35:05", "1792149", "ychgg.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:37:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:30:22", "1792148", "streambreeze.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:34:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:28:14", "1792143", "byte-shard.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-15 14:08:54", "100", "True", "https://infosec.exchange/@monitorsg/116409113642006782", "SmartApeSG", "0", "monitorsg" "2026-04-15 14:24:03", "1792147", "velline0os.vex1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:26:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:18:34", "1792146", "zdjine7o.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:20:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:13:03", "1792145", "syxnh65t.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:13:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:07:28", "1792141", "talfluxen3.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:10:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 14:01:30", "1792140", "sketchneuron.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 14:03:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:56:07", "1792139", "fi3rce7-watch.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:58:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:50:37", "1792138", "valleydispatcher.nor8tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:52:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:44:48", "1792137", "t0mbk.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:47:30", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 13:39:16", "1792136", "vor-coreum.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:40:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:33:39", "1792135", "motmolecu.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:35:06", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 13:31:37", "1792134", "pb64.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/a9162085e46a67728e0f4a05a1adaeb4221ccffb0954b1ec80e976250307450a/", "remcos", "0", "abuse_ch" "2026-04-15 13:28:06", "1792133", "fundoasis.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:29:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:22:13", "1792132", "ice-mark.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:24:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:20:08", "1792131", "dwkch.ru", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d18f44233eedff915615c7d618a50c3fefbd571d0b70e83b4e01339097d208ea/", "MeshAgent,RMM", "0", "abuse_ch" "2026-04-15 13:17:54", "1792130", "c-pdf1.ddns.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/JAMESWT_WT/status/2044400047303819382", "None", "0", "abuse_ch" "2026-04-15 13:16:53", "1792129", "dynflux6al.xel5navin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:18:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:14:02", "1792119", "next.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:15:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:07:59", "1792118", "vera.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:09:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:07:51", "1792115", "nvoaagent.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/brkalbyrk7/status/2044139560318165073", "MacSync", "0", "abuse_ch" "2026-04-15 13:07:51", "1792116", "vastbets.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/brkalbyrk7/status/2044139560318165073", "MacSync", "0", "abuse_ch" "2026-04-15 13:07:51", "1792117", "mrakagent.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/brkalbyrk7/status/2044139560318165073", "MacSync", "0", "abuse_ch" "2026-04-15 13:04:48", "1792112", "saqo.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 13:05:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 13:01:44", "1792105", "flwoagent.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://gist.github.com/brkalbyrk/d8c136921e15e5a2a07ecf459506ffae", "Clickfix,MacSync", "0", "abuse_ch" "2026-04-15 12:59:15", "1792074", "rostov-uga.com", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:15", "1792075", "alpha-centavr.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:15", "1792076", "urugvai.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:14", "1792077", "krd-ugpromt.com", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:14", "1792079", "files-storage.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:13", "1792078", "azure-s3-bucket.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:12", "1792080", "airdefence.gl", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:11", "1792081", "s3-microservice-updatehub.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:11", "1792082", "network-defender.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:11", "1792083", "deluxe.gl", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:10", "1792084", "explorer.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:09", "1792085", "github-repository.gl", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:09", "1792086", "vless-proto.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:08", "1792087", "ros-tele.com", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:08", "1792088", "webdrive-select.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:07", "1792089", "ccleaner.gl", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:07", "1792090", "system-monitor.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:06", "1792091", "parent-control.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:06", "1792092", "holiday-forever.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:06", "1792093", "hosting-control.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:05", "1792094", "fileless-market.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:04", "1792096", "captcha-verification.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:03", "1792095", "immortal-service.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:02", "1792097", "webdriver-terminal.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:02", "1792098", "firefox.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:01", "1792099", "police-center.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:00", "1792100", "venom-flagman.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:59:00", "1792101", "ug-network.com", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:58:59", "1792102", "command-center.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:58:59", "1792103", "offshore-storage.cc", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:58:58", "1792104", "fileshare.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "75", "False", "", "None", "0", "whoamix302" "2026-04-15 12:54:41", "1792073", "isgsofgey.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://x.com/JAMESWT_WT/status/2044309528376672366", "NetSupport,RAT", "0", "abuse_ch" "2026-04-15 12:53:46", "1792072", "isabellathordsen.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:53:54", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:53:33", "1792071", "idev101.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:53:44", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:53:26", "1792070", "hyggelig-news.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:53:32", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:53:16", "1792068", "lkhpihf.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://x.com/JAMESWT_WT/status/2044309528376672366", "NetSupport,RAT", "0", "abuse_ch" "2026-04-15 12:53:16", "1792069", "lkboasprqw.com", "domain", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://x.com/JAMESWT_WT/status/2044309528376672366", "NetSupport,RAT", "0", "abuse_ch" "2026-04-15 12:53:11", "1792067", "hondavaughan.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:53:24", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:52:52", "1792066", "hondathornhill.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:53:08", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:52:36", "1792065", "hondathornhill.ca", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:52:50", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:52:19", "1792064", "hondaofvaughan.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:52:33", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:52:00", "1792063", "hondaoftoronto.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:52:17", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:51:45", "1792062", "hondaofthornill.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:51:57", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:51:29", "1792061", "hondaofnorthtoronto.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:51:42", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:51:09", "1792059", "hondaofnorthtoronto.ca", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:51:27", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:50:50", "1792058", "hondaoffnorthtoronto.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:51:06", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:50:35", "1792057", "hondanorthtoronto.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:50:48", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:50:18", "1792053", "hondanorthtoronto.ca", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:50:33", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:49:58", "1792052", "hokusetsu-ikimono.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:50:16", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:49:42", "1792051", "friendsoffortmacon.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:49:55", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:49:26", "1792050", "festra.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:49:40", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:49:09", "1792048", "esteticauab.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:49:24", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:48:51", "1792047", "elmotahedaclean.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:49:07", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:48:35", "1792045", "elcronistadiario.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:48:48", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:48:18", "1792043", "edwardmermelstein.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:48:32", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:47:59", "1792042", "edelamarre.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:48:15", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:47:41", "1792041", "corregidorphilippines.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:47:57", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:47:21", "1792040", "collapsinghorsetheatre.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:47:39", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:46:57", "1792039", "buyahonda.ca", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:47:18", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:46:41", "1792038", "buddyboybrands.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:46:55", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:46:23", "1792037", "bluarmorhelmets.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:46:39", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:46:01", "1792036", "automotoclassicsale.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:46:20", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:45:39", "1792035", "asoprimatologicacolombiana.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:45:58", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:45:22", "1792034", "90phutxvf.cc", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:45:36", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:44:59", "1792033", "90phutxve.cc", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:45:19", "100", "False", "https://tria.ge/260415-je4t5agx8r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:44:50", "1792032", "rophimz.fm", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:44:57", "100", "False", "https://tria.ge/260415-kg5pwacy4v", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:44:39", "1792031", "rophims.vip", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:44:47", "100", "False", "https://tria.ge/260415-kl64hacz5x", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:44:13", "1792030", "xoilacsosa.live", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:44:36", "100", "False", "https://tria.ge/260415-ntg15afx9z", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:44:06", "1792029", "2degvees.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:44:09", "100", "False", "https://tria.ge/260415-mbf6faew6x", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:43:59", "1792028", "open88a.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 12:44:03", "100", "False", "https://tria.ge/260415-mbf6faew6x", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 12:33:42", "1791781", "needle.knavequest.sbs", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 10:16:11", "75", "False", "None", "odiznrio,Vidar", "0", "abuse_ch" "2026-04-15 12:27:42", "1791779", "zsj7xqo.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:30:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 12:22:28", "1791778", "sxbrp.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:24:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 12:16:54", "1791770", "columnapi.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:21:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 12:14:08", "1791768", "cha.rapidphonebuyer.co.uk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 15:13:45", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-15 12:11:06", "1791766", "nimblehon.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:13:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 12:09:21", "1791755", "rivalmods.biz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-15 12:09:19", "1791756", "divinex.at", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-15 12:09:19", "1791763", "weedhack.xyz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/e718cca6-c8cd-4085-af62-d321ebaa3a49", "WeedHack", "0", "burger" "2026-04-15 12:09:18", "1791764", "remotev2.weedhack.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/e718cca6-c8cd-4085-af62-d321ebaa3a49", "c2,WeedHack", "0", "burger" "2026-04-15 12:09:18", "1791765", "remotev3.weedhack.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.virustotal.com/gui/domain/weedhack.xyz/relations", "c2,WeedHack", "0", "burger" "2026-04-15 12:05:17", "1791762", "gp0zfju.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:07:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 12:01:09", "1791761", "zebi.kozow.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-04-15 12:01:15", "100", "False", "https://tria.ge/260415-nl46pacx4m", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-15 12:01:06", "1791760", "zebi.giize.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-04-15 12:01:12", "100", "False", "https://tria.ge/260415-nl46pacx4m", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-15 12:01:03", "1791759", "noajadfylf.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-04-15 12:01:17", "100", "False", "https://tria.ge/260415-jwqntsct2x", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-15 11:59:29", "1791758", "neo-f0rge.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 12:01:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:55:21", "1791757", "routerwago.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:56:16", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 11:48:45", "1791754", "il2l4822.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:51:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 11:44:54", "1791750", "gbg.biolinks.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-15 11:43:51", "1791748", "m0ss5-watch.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:46:46", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 11:37:29", "1791746", "ind3-spool.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:40:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:31:56", "1791745", "dr1ve-trail.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:33:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:26:40", "1791743", "emuwa.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:27:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:24:16", "1791742", "zvdfsddefdfd.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/3ad7da28ef1ba24f7724bf52425bc936f013b94f9e369ad84e1bcb860286f5e9/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-15 11:20:41", "1791740", "normarkis2.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:22:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:14:41", "1791737", "quordraa.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:16:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:13:42", "1791736", "gbg.rapidphonebuyer.co.uk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-15 11:44:08", "75", "False", "None", "d0b0p,Vidar", "0", "abuse_ch" "2026-04-15 11:10:46", "1791734", "jvrsolutions.com.br", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-15 11:09:13", "1791733", "clusterbright.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:11:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 11:04:43", "1791684", "cpanel.theresiliencefactorpodcast.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116407697390820430", "SocGholish", "0", "monitorsg" "2026-04-15 11:03:44", "1791732", "opt13-mesh.qen7tavil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 11:05:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:58:08", "1791728", "zenmark1a.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:59:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:52:29", "1791726", "lumnex7os.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:54:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 10:46:53", "1791725", "zecyxfgt.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:48:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:41:16", "1791724", "k3rne-signal.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:44:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:35:30", "1791723", "1ndex2-gate.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:35:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:30:23", "1791722", "ar2ymo.bri1laxon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:33:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:24:36", "1791721", "tenquarr.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:26:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:18:54", "1791720", "lively-obser.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:20:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:12:58", "1791719", "qu4r9-scope.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:13:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:07:50", "1791718", "g4th2-mount.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:09:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 10:02:06", "1791717", "hpryikjw.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 10:04:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:56:44", "1791716", "hardscript.dru9vexon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:58:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:50:45", "1791715", "xoqairj.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:53:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:45:27", "1791714", "pwmyu.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:47:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 09:39:38", "1791713", "compre-node.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:40:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:33:59", "1791712", "c0rnpute-stream.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:35:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 09:28:29", "1791711", "wygb7.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:30:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:22:42", "1791710", "5pro4-vector.zor4melax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:24:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:17:41", "1791709", "tfovt.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:19:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:11:47", "1791708", "sprbridg.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:16:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:05:48", "1791707", "bridge0-crest.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:07:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 09:00:41", "1791706", "trimark4or.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 09:02:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 08:54:58", "1791705", "observ-phase.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:57:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:50:22", "1791704", "server-vall.prax5litor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:54:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:43:36", "1791700", "vel-markon.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:45:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:37:59", "1791698", "engine-switch.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:40:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:32:22", "1791696", "t1de-vault.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:34:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:26:43", "1791695", "auth7-core.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:29:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:24:20", "1791694", "check.nid-log.com", "domain", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "100", "False", "https://bazaar.abuse.ch/sample/a32e2d400bb7feb63d29738d6a31959228530974fe928b9c48787fadaf17d8a0/", "Kimsuky", "0", "abuse_ch" "2026-04-15 08:21:39", "1791690", "vtdlwy.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:23:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:15:40", "1791689", "geo-r0ut.kry6navex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:18:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:15:17", "1791688", "venom.summertunnel.shop", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 17:17:06", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch" "2026-04-15 08:09:54", "1791685", "inn35-dock.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:14:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 08:03:53", "1791683", "reagent-publ.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:03:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:58:09", "1791680", "yil5.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 08:01:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 07:52:47", "1791679", "njt8hire.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:55:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:50:34", "1791443", "c87x.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:02:29", "100", "False", "None", "15April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-15 07:47:01", "1791678", "lbkonz.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:47:16", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 07:41:43", "1791674", "zencresten5.tul2qorin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:43:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:41:03", "1791672", "signalwarden.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-15 07:37:22", "1791666", "daemonpath.icu", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-15 07:36:03", "1791665", "nky0.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:38:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:30:10", "1791663", "mcfupmvl.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:32:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:24:39", "1791662", "xlknp.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:29:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:19:07", "1791661", "ofhbm4.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:20:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 07:15:51", "1791659", "hazydvs.surf", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "100", "False", "", "Dofoil,Smoke Loader", "0", "abuse_ch" "2026-04-15 07:15:18", "1791658", "xyx.wvxx.dpdns.org", "domain", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/3dc4e6bae0421dbc3bd7c526e0c42e79a396465b2ef9c2c2cac0d59cc1750054/", "RAT,RatonRAT", "0", "abuse_ch" "2026-04-15 07:13:49", "1791626", "holypriest.gl", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/4719eede5ebc81fd2e3d4b7376501e688e48b286111fa0705de1819eaeaf551c/", "LummaStealer", "0", "abuse_ch" "2026-04-15 07:13:10", "1791625", "lcr1.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:15:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:07:35", "1791557", "casualquant.vex8talin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:10:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 07:02:03", "1791556", "sol-draet.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 07:03:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:56:39", "1791555", "globalotter.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:58:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:50:41", "1791554", "serlinear.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:52:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:45:28", "1791553", "b4rk-panel.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:47:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:39:53", "1791552", "trailerbinary.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:42:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:35:03", "1791550", "polecy.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "LummaStealer", "0", "abuse_ch" "2026-04-15 06:34:04", "1791549", "padaz.pics", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/b38fbaae45ea452ead61c91e5baae68be445a7e995cf95d44d062c75f9a2880b/", "Dofoil,Smoke Loader", "0", "abuse_ch" "2026-04-15 06:33:56", "1791548", "pebcpxb.nor3liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:36:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:31:40", "1791547", "wobble.graftspore.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "75", "False", "None", "ozpifus,Vidar", "0", "abuse_ch" "2026-04-15 06:28:29", "1791544", "sharpreel.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:30:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:28:19", "1791543", "prism.ravengarden.space", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "100", "False", "https://bazaar.abuse.ch/sample/75d8b1634e25e24e7aab3c6b5b084cbe102e2818da122dbaa717de1d0e05ca17/", "dzajdz,Vidar", "0", "abuse_ch" "2026-04-15 06:22:53", "1791541", "du5t3-forge.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:24:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 06:20:58", "1791540", "unseanb.surf", "domain", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/0f9c97adc250b2ab1c1b19aa2bd99ac0b8f54e07aaccdfdaf347a258a81ef932/", "Dofoil,Smoke Loader", "0", "abuse_ch" "2026-04-15 06:17:14", "1791538", "icematrix.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:19:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 06:13:06", "1791523", "rajhuvuz.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791524", "rcdt1ytgjdgbx3c.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791525", "rrt37xmb4nu9xdy.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791526", "skhap18pdspgyk5.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791527", "syxkv00ly32dytr.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791528", "t611j3fusibizak.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791529", "tgeb9e8zwea6o3o.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791530", "trmrd4mz78xkz0y.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791531", "ud6i76t3myjmzqc.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791532", "uzq917181o6p0gr.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791533", "yj8o0j8w9kct59e.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791534", "yrvye05yeri0ky8.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791535", "yxoy6h0suupq4jz.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791536", "z5tfukf1oayv5zs.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:06", "1791537", "z6pdt39zmx2ebc5.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791502", "h7lof0kdoasxsvr.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791503", "hc02f2tzgfncn43.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791504", "hyls9303v59enui.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791505", "hzs6417zicspfnp.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791506", "i5p9x6fdqkhioba.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791507", "ij5j3588auvgokw.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791508", "jdtql9tmk0qnpr3.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791509", "jr90r8mh5a4lo1p.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791510", "jydhfb1qzqcpphi.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791511", "k6iy3ef0t6luqxb.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791512", "kcichmmdhjgifme.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791513", "kkx89c8vegyrq7w.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791514", "ldmfrht9nltyre4.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791515", "lr2pxfm48v7wqop.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791516", "ma8t9n3yzo0jbi9.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791517", "nna62fgze.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791518", "np38oq8z7vjy2v6.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791519", "nsugzw35.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791520", "pck4vrttfrd0vgc.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791521", "q59cdvf7px87wnj.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:05", "1791522", "qjpmju82a7l4wx5.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791483", "7jsrg87r8w2hdln.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791484", "8chzyct4h2xoesu.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791485", "8qw84bm02cale2g.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791486", "9klgmf8ebi5sf8n.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791487", "9y1pse09wsjqfi9.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791488", "a557ghfiq8rugy1.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791489", "arpxaimn5xdwgpg.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791490", "atmn4a1ylmh2329.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791491", "b8h3jd6ytt1htf7.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791492", "bd9o4ktsln0zgfu.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791493", "bke5sn81f383hvn.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791494", "bnbjzgbz0zkvjs5.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791495", "byteym1w0dm1h59.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791496", "c6yvmpf6utu5il2.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791497", "fggrtewz.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791498", "fifuvhzw2.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791499", "fyyfbzhvw22.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791500", "g5wlryfpmze7moa.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:04", "1791501", "gqgbl0mu1p0amep.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791473", "0yhncp0fxft2660.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791474", "15l40sforv167mt.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791475", "1k1d6q8jc5f47we.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791476", "2dqlovtxlb9a82l.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791477", "2r5uutmt6ln87c7.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791478", "3ku2cy87gqif9je.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791479", "3zabiw1201wd8t0.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791480", "5i60zo5y3a9877p.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791481", "5x0gerazbgtnxkn.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:03", "1791482", "75cia9fvnmojdc1.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:13:02", "1791472", "0cxwintaip6z6gl.top", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:11:46", "1791471", "serlineos8.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:13:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:10:58", "1791469", "thomphon.com", "domain", "botnet_cc", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "False", "https://bazaar.abuse.ch/sample/3f797a639bc855bc6d5471f327924b62d10900ddec49b970eca6604142bbb4be/", "KongTuke", "0", "abuse_ch" "2026-04-15 06:06:19", "1791467", "sailbreeze.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 06:08:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 06:05:51", "1791466", "phishing.achievementschooldistrict.org", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260415-fej8yaez5n", "C2,domain,njrat,triage", "0", "DonPasci" "2026-04-15 06:04:10", "1791465", "c168vip9.online", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 06:04:13", "100", "False", "https://tria.ge/260415-edgkzses5r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:04:04", "1791464", "afrekqno.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-15 06:04:07", "100", "False", "https://tria.ge/260415-edgkzses5r", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:04:01", "1791463", "backdoor.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fesv3sez6l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:58", "1791462", "spyware.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fesv3sez6l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:55", "1791461", "trojan.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fesv3sez6l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:52", "1791460", "coppyright.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fegg2sez5l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:49", "1791459", "coppy.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fegg2sez5l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:46", "1791458", "ncsei.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fegg2sez5l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:44", "1791457", "ransom.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-femn3aez5q", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:41", "1791456", "ddos.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fedq6aat2t", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:38", "1791455", "data.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fedq6aat2t", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:35", "1791454", "malware.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fd3znaas9w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:33", "1791453", "virus.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fd3znaas9w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:32", "1791452", "hacker.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fd3znaas9w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:30", "1791451", "cross.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-gfyndsfv2l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:29", "1791450", "bbos.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-gfyndsfv2l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:27", "1791449", "malicious.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-gfyndsfv2l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:25", "1791448", "sexually.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fde8laas8v", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:23", "1791447", "sexual.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fde8laas8v", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:21", "1791446", "csam.achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fde8laas8v", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 06:03:18", "1791445", "achievementschooldistrict.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260415-fde8laas8v", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-15 05:59:25", "1791149", "cdn1-edge.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 21:49:18", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-15 05:59:25", "1791155", "cfmn.us.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "clearfake,clickfix", "1", "tanner" "2026-04-15 05:59:24", "1791178", "client1-zone.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:16:35", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-15 05:58:24", "1791437", "gift1.daily-bonus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:59:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:52:49", "1791436", "gate6.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:54:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:46:58", "1791435", "user5.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:48:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:41:36", "1791430", "list4.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:42:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:36:00", "1791429", "top3.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:37:26", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 05:30:08", "1791428", "best2.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:31:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:24:36", "1791427", "good1.smartchoice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:26:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:19:16", "1791426", "open6.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:20:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:13:23", "1791416", "news5.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:14:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 05:07:59", "1791415", "map4.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:09:13", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 05:02:40", "1791414", "blog3.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 05:05:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:56:43", "1791413", "spot2.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:58:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:51:20", "1791412", "area1.urbanview.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:52:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:45:23", "1791411", "site6.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:46:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:39:54", "1791410", "city5.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:41:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:34:29", "1791405", "total4.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:36:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:28:27", "1791404", "post3.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:30:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:23:06", "1791393", "box2.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:24:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:17:31", "1791392", "order1.fast-delivery.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:17:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:12:09", "1791362", "main6.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:13:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:06:22", "1791361", "help5.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:08:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 04:00:50", "1791360", "item4.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 04:05:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:54:57", "1791358", "media3.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:56:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:49:18", "1791356", "guest2.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:50:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:43:49", "1791355", "shop1.puremarket.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:45:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:38:18", "1791354", "gate6-link.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:32:52", "1791353", "push5-sync.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:34:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:26:47", "1791352", "file4-path.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:28:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:21:22", "1791351", "sort3-item.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:23:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:15:52", "1791350", "view2-data.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:17:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:10:25", "1791315", "flow1-open.clear-stream-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:11:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 03:04:21", "1791314", "drop6-main.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:06:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:58:44", "1791313", "pack5-unit.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 03:00:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:53:40", "1791311", "load4-byte.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:55:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:47:34", "1791310", "park3-area.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:49:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:42:28", "1791308", "ship2-move.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:44:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:36:30", "1791307", "trip1-road.speed-route-track.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:38:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:30:59", "1791306", "call6-root.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:34:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:25:19", "1791305", "mail5-send.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:26:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:19:49", "1791304", "sign4-icon.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:22:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:14:17", "1791285", "note3-base.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:14:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:08:46", "1791284", "card2-fast.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:10:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 02:02:50", "1791283", "link1-wire.brief-point-sync.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 02:04:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 01:57:09", "1791282", "base6-door.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:59:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:51:37", "1791281", "mark5-logo.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:56:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:46:00", "1791280", "site4-info.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:47:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 01:40:30", "1791279", "zone3-view.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:41:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 01:35:10", "1791278", "area2-find.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:36:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:28:36", "1791277", "city1-spot.local-vision-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:28:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 01:23:11", "1791276", "work6-host.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:24:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:17:33", "1791275", "goal5-list.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:19:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:12:00", "1791227", "term4-text.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:13:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:06:15", "1791225", "plan3-item.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:08:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 01:00:42", "1791223", "step2-flow.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 01:01:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:55:05", "1791221", "task1-core.active-phase-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:56:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:49:37", "1791220", "cover6-link.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:51:16", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 00:44:09", "1791219", "sheet5-view.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:44:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 00:38:30", "1791218", "table4-data.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:39:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:33:14", "1791216", "topic3-base.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:35:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:27:59", "1791215", "event2-log.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:32:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:21:37", "1791214", "news1-wire.daily-report-flow.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:22:13", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-15 00:16:13", "1791212", "front6-gate.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:16:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:10:31", "1791209", "piece5-load.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:13:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-15 00:04:58", "1791208", "layer4-show.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:09:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:58:50", "1791205", "frame3-work.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-15 00:00:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:53:44", "1791202", "part1-head.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:53:40", "1791201", "block2-text.prime-sector-unit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:54:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-14 23:53:29", "1791200", "jobs.maanas.in", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-14 23:47:00", "1791197", "place6-hub.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:48:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:41:20", "1791196", "cycle5-time.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:43:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:35:48", "1791195", "store4-data.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:36:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:30:05", "1791194", "track3-info.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:32:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-14 23:24:15", "1791193", "point2-map.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:25:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:18:46", "1791192", "route1-path.urban-motion-app.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:20:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:13:15", "1791191", "fan.sequareeus.online", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-16 13:49:37", "75", "False", "None", "a10fsw,Vidar", "0", "abuse_ch" "2026-04-14 23:13:06", "1791189", "stage6-main.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:15:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:07:26", "1791188", "brand5-post.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:09:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 23:01:44", "1791187", "total4-view.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 23:03:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:56:18", "1791186", "brief3-form.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:58:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:50:48", "1791185", "stock2-item.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:53:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:45:08", "1791184", "order1-list.global-export-base.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:47:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:39:32", "1791183", "entry6-site.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:44:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:33:57", "1791182", "staff5-help.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:35:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:28:19", "1791181", "media4-file.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:30:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:22:36", "1791180", "index3-page.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:24:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-14 22:16:55", "1791179", "guest2-area.smart-logic-trade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:19:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:09:40", "1791177", "svc5-rule.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 22:04:06", "1791172", "vault4-key.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 22:05:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 21:58:25", "1791157", "host3-peer.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 21:52:40", "1791152", "api2-node.xel7morax.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 21:54:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 21:44:46", "1791148", "host3-link.scanda1visibil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 21:40:52", "1791146", "api2-node.scanda1visibil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 21:42:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 21:36:54", "1791142", "securitynote4458652318.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-04-14 21:35:07", "1791141", "view1-core.scanda1visibil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 21:36:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:58:06", "1791138", "gate6-way.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 20:16:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:56:39", "1790981", "api2-cert.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:36:10", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-14 19:56:38", "1790987", "relay.scryyuiopp.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "connectwise,screenconnect", "1", "tanner" "2026-04-14 19:56:37", "1790988", "svc5-task.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:57:48", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-14 19:56:03", "1791128", "truronnil86.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791129", "trutal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791130", "vadinminpaz.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791131", "vadintum.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791132", "vafil.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791133", "vaguntum.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791134", "vasom.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791135", "vatar.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791136", "vawinmonvaz.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:03", "1791137", "vazinpanpor.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:02", "1791127", "truroncol002.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791103", "strinal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791104", "stripanfincol.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791105", "strisantez.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791106", "stritancil.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791107", "stritez64.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791108", "stritonpaz51.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791109", "stroim75.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791110", "trelannal.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791111", "treronbel.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791112", "treronbenjal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791113", "trevaz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "2026-04-14 19:56:57", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791114", "trexoncal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791115", "trexontunral.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791116", "tricanfel.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791117", "tridengoncol.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791118", "tridenlinmol.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791119", "tridenpaz.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791120", "tridensintal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791121", "trigem8.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791122", "tritonriz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791123", "tritonvaz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791124", "tritum.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791125", "trujanpunbil.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:01", "1791126", "trunanhal.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791077", "scrovinvel.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791078", "sprofil566.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791079", "sprolenfincal48.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791080", "sprominpor.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791081", "sprotil.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791082", "sprovinconrol6.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791083", "sprudor.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791084", "sprumanim.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791085", "sprumannal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791086", "sprusom.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791087", "sprutenim6.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791088", "sprutentum.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791089", "sprutil.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791090", "stacinlhar.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791091", "stakinlhar40.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791092", "stakinransar.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791093", "staval45.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791094", "stazinim.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "2026-04-14 19:56:57", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791095", "stralhar.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791096", "stratenim.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791097", "stravinpanfar.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791098", "stredor.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "2026-04-14 19:56:57", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791099", "strelenmonsal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791100", "stresonlingor.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791101", "stretar7.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "2026-04-14 19:56:57", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:56:00", "1791102", "strilenmonvir75.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791051", "propinmenpal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791052", "proronmenpal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791053", "provaz.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791054", "prudintum.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791055", "prumintil.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791056", "pruninlhar.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791057", "prutendiz.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791058", "prutentonsil.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791059", "pruval.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791060", "pruwintanpaz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791061", "pruzinim.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791062", "pruzinpanpaz.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791063", "scredinlencil.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791064", "scregunconriz.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791065", "scregunvir.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791066", "screzinlhar.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791067", "scribil.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791068", "scrigungem.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791069", "scriwingem.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791070", "scroder.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791071", "scrogunim.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791072", "scrotar.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791073", "scrotentanfar.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791074", "scrotentanpor.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791075", "scrotentonriz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:59", "1791076", "scrotentum.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791026", "ploral5.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791027", "plosul.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791028", "prafinbel.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791029", "prafinhenkil.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791030", "prananhal.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791031", "prapaz.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791032", "praronsonbil.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791033", "prepaz.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791034", "prepinfel850.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791035", "presar08.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791036", "presinqual0.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791037", "prial73.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791038", "pribanhennal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791039", "priconvaz742.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791040", "pridenvir.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791041", "prigir.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791042", "prilanfunxil.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791043", "prisonpaz.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791044", "prisonrongor.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791045", "prisonronmol.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791046", "prisonsal.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791047", "pritez607.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791048", "pritez.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791049", "procanjankil0.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:58", "1791050", "procantal82.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791001", "plansonval.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791002", "plasonsil.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791003", "plemindor.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791004", "pleninnal.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791005", "pleninrangir.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791006", "plenongunnal41.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791007", "plenonsandiz4.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791008", "plenonzol4.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791009", "plepal240.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791010", "plikinal.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791011", "plilinlhar.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791012", "plilinvintez.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791013", "plinil33.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791014", "plinindor.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791015", "plininransar.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791016", "pliqual28.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791017", "pliqual.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791018", "pliral5.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791019", "pliral.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791020", "plisul.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791021", "plogunconrol.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791022", "plolintar.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791023", "plomanvel.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791024", "plominsom.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:57", "1791025", "ploral5.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790989", "grugoncinnal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790990", "grugonwinnal.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790991", "grukil33.balancoexpress.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790992", "grunonmanvel.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790993", "grupunzol332.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790994", "grural.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790995", "gruval.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790996", "plalenmonsal675.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790997", "plaminpor.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790998", "planal.contabilsmart.cloud", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1790999", "planbel.contabilfacil.sbs", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:55:56", "1791000", "planmol.contabilidadeonline.top", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/1c436f665f9618e9a01ca3ac1d642defb554c12fa98586d2a744882929cb1182/", "Astaroth,Guildma", "0", "abuse_ch" "2026-04-14 19:47:18", "1790986", "box4-file.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:49:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:46:25", "1790984", "mn.manicottiearring.cfd", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "2026-04-14 19:46:25", "100", "False", "https://bazaar.abuse.ch/sample/59c71bceca62f570b146021b3f51b55d28a5323c4106350ee4d5f5514c4549d9/", "ACRStealer", "0", "abuse_ch" "2026-04-14 19:46:25", "1790985", "cdn-1415.brightcanvas.digital", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "2026-04-14 19:46:25", "100", "False", "https://bazaar.abuse.ch/sample/59c71bceca62f570b146021b3f51b55d28a5323c4106350ee4d5f5514c4549d9/", "ACRStealer", "0", "abuse_ch" "2026-04-14 19:41:20", "1790982", "node3-list.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:46:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:34:04", "1790979", "paymentsv2.mysynology.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/e226ad9057d1241cee7c084f8c80d8f0a83b14444ad5057b916a1a7fd26ba64a/", "None", "0", "abuse_ch" "2026-04-14 19:34:04", "1790980", "pay.hostingshared99.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/e226ad9057d1241cee7c084f8c80d8f0a83b14444ad5057b916a1a7fd26ba64a/", "None", "0", "abuse_ch" "2026-04-14 19:30:32", "1790978", "web1-host.bri7tanon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:30:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:26:58", "1790946", "gate6-zone.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:51:11", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-14 19:26:07", "1790976", "download-version.1-8-3.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://x.com/suyog41/status/2043944154250784858", "None", "0", "abuse_ch" "2026-04-14 19:26:07", "1790977", "jpbassin.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://x.com/suyog41/status/2043944154250784858", "None", "0", "abuse_ch" "2026-04-14 19:25:15", "1790974", "mail-svr.co", "domain", "botnet_cc", "win.sidewinder", "None", "SideWinder", "", "100", "False", "https://x.com/SinghSoodeep/status/2043571382601289736", "SideWinder", "0", "abuse_ch" "2026-04-14 19:25:15", "1790975", "www-unocha-org.mail-svr.co", "domain", "botnet_cc", "win.sidewinder", "None", "SideWinder", "", "100", "False", "https://x.com/SinghSoodeep/status/2043571382601289736", "SideWinder", "0", "abuse_ch" "2026-04-14 19:24:35", "1790973", "gate6-area.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:26:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:20:16", "1790971", "uk176video.live", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://x.com/suyog41/status/2044030629684367478", "SHubStealer", "0", "abuse_ch" "2026-04-14 19:19:15", "1790970", "svc5-edge.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:23:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:13:25", "1790966", "salt4-byte.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:14:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:07:36", "1790951", "node3-view.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:12:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 19:02:20", "1790950", "api2-test.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:06:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:56:35", "1790948", "auth1-user.nor4vexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:57:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:45:21", "1790943", "svc5-info.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:50:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:45:01", "1790942", "palyholy.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:42:58", "1790940", "quietjourney.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:41:31", "1790939", "sakkoscarped.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:39:59", "1790938", "tmp4-root.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:44:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:39:25", "1790937", "yellowsp00n.digital", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:37:29", "1790936", "silverhorizon.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:35:25", "1790930", "api2-stat.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:29:10", "100", "False", "None", "14April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-14 18:34:25", "1790935", "sixthgoods.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:34:12", "1790934", "node3-pack.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:38:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:33:01", "1790933", "sockspaint.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:31:45", "1790932", "olamicgiglio.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:30:18", "1790931", "doucevie.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:27:27", "1790929", "petitmoment.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:23:10", "1790928", "tcp1-join.dru9laxen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 19:01:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:22:10", "1790927", "ic0n1cvalley.com", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:20:59", "1790926", "goldenpromise.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:19:41", "1790925", "sunnygarden.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:17:20", "1790924", "gate6-link.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:21:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:14:49", "1790923", "troyonsatine.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:11:44", "1790922", "mathworks.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:11:36", "1790921", "svc5-base.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:15:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:10:54", "1790920", "calmatelier.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:10:19", "1790919", "simplepleasure.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:09:34", "1790917", "bonnechance.today", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:09:00", "1790916", "gakabie.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:08:19", "1790915", "glaciarhaven.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:07:24", "1790914", "jobs.betastuff.de", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-14 18:06:43", "1790913", "prairequell.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:06:11", "1790912", "git4-repo.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:08:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 18:05:00", "1790908", "heatherquarz.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:04:22", "1790907", "cedar2glanz.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:04:08", "1790906", "lovebackshastri.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:04:14", "100", "False", "https://tria.ge/260414-p7a1eaex6s", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:04:04", "1790905", "jquery.js-library-host.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:04:06", "100", "False", "https://tria.ge/260414-rfbhzacw6k", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:03:56", "1790904", "ceajip.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:04:02", "100", "False", "https://tria.ge/260414-snljkshy4s", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:03:51", "1790903", "trainingmatters.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:03:54", "100", "False", "https://tria.ge/260414-tbvgdsft7k", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:03:46", "1790901", "bookus.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:03:48", "100", "False", "https://tria.ge/260414-vhzkcsgw2p", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:03:44", "1790900", "oakenfjrod.ru", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "Fake Claude", "0", "HuntYethHounds" "2026-04-14 18:03:42", "1790899", "instafashion.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-14 18:03:44", "100", "False", "https://tria.ge/260414-vhzkcsgw2p", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:03:39", "1790898", "fxcm.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260414-wdlclsgz3k", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-14 18:01:47", "1790896", "bunnea.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260414-r7k7gsg15y", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2026-04-14 18:01:35", "1790895", "egym7md-64674.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260414-rt9mxsc18q", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-14 18:01:32", "1790894", "kokymrgy2000.hopto.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260414-r2hjeagy5w", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-14 18:01:29", "1790893", "hacker76413312-39033.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260414-sr3x2ahz5t", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-14 18:01:26", "1790892", "sdlpsajdioasjd-60039.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260414-te451aay61", "C2,domain,triage,xworm", "0", "DonPasci" "2026-04-14 18:00:31", "1790888", "node3-flag.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:05:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 17:55:11", "1790887", "api2-path.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 18:00:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 17:49:04", "1790886", "ops1-view.xel2mavor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 17:51:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-14 17:43:50", "1790885", "gate6-hub.prax6tolin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-14 17:45:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 963