################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-04-01 22:35:46 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-04-01 22:35:46", "1780254", "t7bs6h40.apexharvestor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 22:35:38", "1780253", "q55at0cm.apexharvestor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-01 22:34:44", "1780252", "fr0ippml.covenantventure.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 22:00:05", "1780250", "e70839572.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260401-zse1xsbx6z", "Remcos", "0", "dyingbreeds_" "2026-04-01 22:00:05", "1780251", "e70839572bk.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260401-zse1xsbx6z", "Remcos", "0", "dyingbreeds_" "2026-04-01 20:26:52", "1780226", "https://greekcs.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/decba410c0c17f481c6ec5d3c4b8b75d568e1ac4fad0508e5d320dc9d1a5ec61/", "lumma", "0", "abuse_ch" "2026-04-01 20:20:21", "1780225", "ui2rn7ei.apexharvestor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-01 20:20:04", "1780224", "lh6tecuu.apexharvestor.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 20:17:21", "1780223", "force-field.infodynamics.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 20:18:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 20:11:43", "1780222", "range-extend.signalvector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 20:14:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 20:00:30", "1780220", "wave-form.signalvector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 20:02:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 19:55:03", "1780219", "tower-sync.signalvector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:58:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:49:26", "1780218", "radio-freq.signalvector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:54:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:43:21", "1780217", "beam-target.signalvector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:46:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:37:50", "1780216", "raster-api.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:42:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:32:25", "1780215", "draw-logic.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:33:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:26:43", "1780214", "frame-buffer.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:26:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:21:27", "1780213", "color-map.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:23:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:15:51", "1780212", "image-proc.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:18:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:10:07", "1780211", "render-job.pixelengine.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:14:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 19:04:20", "1780210", "drift-core.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:04:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:59:01", "1780208", "pulse-svc.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 19:00:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:53:34", "1780207", "fast-track.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:55:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 18:47:23", "1780206", "small-packet.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:51:13", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 18:42:00", "1780205", "rapid-io.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:45:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:36:30", "1780204", "micro-bit.nanostream.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:40:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 18:25:15", "1780202", "link-vault.cyberlattice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:25:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:19:34", "1780200", "net-fiber.cyberlattice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:21:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:13:55", "1780198", "shield-base.cyberlattice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:16:25", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 18:08:19", "1780196", "grid-secure.cyberlattice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:11:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:04:33", "1780194", "pbucz.sa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-wmax8sey5l", "quasar", "0", "dyingbreeds_" "2026-04-01 18:04:33", "1780195", "powercare.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 18:04:33", "100", "False", "https://tria.ge/260401-wmax8sey5l", "quasar", "0", "dyingbreeds_" "2026-04-01 18:03:27", "1780193", "154.36.188.162:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260401-q4qr5acz9p", "AS979,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-04-01 18:02:20", "1780192", "mesh-gate.cyberlattice.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:05:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 18:00:57", "1780191", "114.207.112.13:2007", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260401-tsahjsht2t", "AS9318,C2,triage,xworm", "0", "DonPasci" "2026-04-01 18:00:22", "1780190", "imya.gb.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-sbvlqagx3w", "quasar", "0", "dyingbreeds_" "2026-04-01 17:57:54", "1780189", "pool-manager.datacascade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 18:00:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 17:45:37", "1780186", "tier-access.datacascade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:46:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:39:54", "1780185", "bulk-logic.datacascade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:41:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:34:38", "1780184", "stream-view.datacascade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:36:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 17:30:29", "1780183", "cdnst.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/0794add65a271388acc6ab87a0dc2fe47373b40921f22dec12c02f74fbe6b154/", "xworm", "0", "abuse_ch" "2026-04-01 17:28:55", "1780182", "flow-drop.datacascade.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:29:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:23:37", "1780181", "vector-node.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:23:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:17:42", "1780180", "trace-sync.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:18:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:12:23", "1780178", "route-api.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:17:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 17:12:23", "1780179", "route-api.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 17:09:40", "1780177", "https://merengagoi.bond/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-01 17:09:14", "1780176", "https://merengagoi.bond/log.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-01 17:08:31", "1780175", "https://merengagoi.bond/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-01 19:30:23", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-01 17:08:17", "1780174", "merengagoi.bond", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-01 17:06:18", "1780173", "data-relay.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:07:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 17:01:07", "1780169", "path-finder.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 17:02:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:55:32", "1780168", "info-point.infovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:58:00", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 16:49:55", "1780167", "dlnhov4.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:51:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:43:48", "1780158", "daem-gate.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:48:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:38:21", "1780157", "wildcircuit.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:43:26", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 16:32:40", "1780156", "rnonito-watch.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:34:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:27:21", "1780155", "hyper-14b.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:29:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:21:53", "1780154", "dqkgif.granulatetouch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:24:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:15:51", "1780153", "cast-spar.coddlcaught.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:19:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 16:10:45", "1780152", "snapshotgeyser.coddlcaught.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:14:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 15:57:50", "1780150", "shie1d-leaf.coddlcaught.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 16:00:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:51:29", "1780149", "24zog.coddlcaught.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:51:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:44:42", "1780148", "foredeliv.coddlcaught.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:44:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:43:11", "1780128", "9lftebnr.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:17:24", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 15:43:11", "1780129", "js-slide.gcforkcg.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116329858417879861", "SocGholish", "0", "monitorsg" "2026-04-01 15:43:10", "1780132", "https://ostrowskistyl.pl/2026/03/28/leovegas-wikipedia/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ostrowskistyl.pl", "ClickFix", "0", "CarsonWilliams" "2026-04-01 15:43:09", "1780134", "vrr80sq.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:44:17", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 15:43:08", "1780143", "93.152.217.97:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS215540,ClickFix,EV-signed,trojanized-installer", "0", "Lenny_3BO" "2026-04-01 15:43:07", "1780144", "https://events.ms709.com/run/XYaR5gFi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "ClickFix,trojanized-installer,UA-gated", "0", "Lenny_3BO" "2026-04-01 15:38:25", "1780147", "storagefreig.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:40:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:31:26", "1780146", "zwjk9ew.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:35:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:29:27", "1780145", "solstice-line-drift.pro", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/97b9baa6e486c6515f4eff4e625dcec79907d785255c40c070a53cb98f13fa35/", "DeerStealer", "0", "abuse_ch" "2026-04-01 15:24:56", "1780142", "secure-spool.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:30:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:18:23", "1780141", "matri-insp.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:21:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:14:52", "1780140", "stajestetice.top", "domain", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/3f76d2b5fec17cdd478e94f0293fe26dcfa5863a0b1633ecdeb336b2cadc15f1/", "ConnectWise,RMM,ScreenConnect", "0", "abuse_ch" "2026-04-01 15:11:22", "1780139", "proto-voy4.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:15:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 15:04:53", "1780138", "7kutx52w.glassterrible.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:11:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:58:37", "1780137", "datarea.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 15:00:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:51:38", "1780136", "ijnjw.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:55:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 14:45:04", "1780135", "qnde.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:49:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:32:01", "1780133", "threaopti.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:36:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:25:10", "1780131", "dr1v5-frame.dropaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:28:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:18:23", "1780130", "5hsg8.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:22:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 14:05:29", "1780127", "geo-d4ta.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:06:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:59:15", "1780126", "creditchickens.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-04-01 13:58:28", "1780125", "nbjc.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 14:00:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:52:10", "1780124", "finalvault.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:53:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:51:19", "1780122", "d3pl-lab.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:44:30", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 13:45:22", "1780123", "lumline0al.sewdarken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:49:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:32:16", "1780120", "hfx03k.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:33:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:25:32", "1780119", "sp4rk3-trace.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:27:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:18:51", "1780118", "arn3i.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:19:10", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 13:12:28", "1780117", "fvbtyoj.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:15:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:05:36", "1780116", "relay-chain.movementsheptun.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:10:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 13:00:54", "1780107", "https://srmvcas.org/", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "2026-04-01 15:30:26", "100", "True", "", "ClickFix", "0", "ineffyble" "2026-04-01 13:00:54", "1780113", "138.124.5.193:8080", "ip:port", "botnet_cc", "py.amnesia_rat", "None", "Amnesia RAT", "", "50", "False", "", "None", "0", "ineffyble" "2026-04-01 13:00:53", "1780115", "https://fptinternet.info/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/fptinternet.info", "ClickFix", "0", "CarsonWilliams" "2026-04-01 12:59:15", "1780114", "9sis.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 13:05:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:52:16", "1780112", "jjczes4.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:54:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:45:59", "1780111", "m15t7-sync.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:49:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:38:57", "1780110", "binaryassay.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:43:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:32:46", "1780109", "talforgeal2.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:33:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:26:10", "1780108", "dynfluxal.demolishtunis.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:26:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:19:23", "1780106", "lo98.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:22:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:18:32", "1779989", "grain-store.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:22:18", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 12:18:32", "1779996", "shlyapadulina.space", "domain", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "None", "0", "ineffyble" "2026-04-01 12:18:32", "1780015", "soft-glob.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:30:28", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 12:18:31", "1780074", "https://wexlunto.top/session/version-header.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116329134250426228", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:31", "1780075", "wexlunto.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-01 11:09:06", "100", "True", "https://infosec.exchange/@monitorsg/116329134250426228", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:30", "1780076", "https://wexlunto.top/session/realm-response.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116329134250426228", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:30", "1780077", "https://wexlunto.top/session/login-stylesheet.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116329134250426228", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:29", "1780078", "https://pelgiron.com/v1/user/py", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-01 12:08:59", "100", "True", "https://infosec.exchange/@monitorsg/116329134250426228", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:29", "1780084", "lumnexen7.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:31:00", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 12:18:29", "1780086", "https://willowbrooktownhouse.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/willowbrooktownhouse.com", "ClickFix", "0", "CarsonWilliams" "2026-04-01 12:18:28", "1780089", "ballieballerson.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "None", "0", "The_Tea_Drinker" "2026-04-01 12:18:27", "1780091", "calmion.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:57:24", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 12:18:26", "1780101", "https://tirqavem.top/session/realm-response.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116329370267468381", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:26", "1780102", "tirqavem.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-04-01 12:08:56", "100", "True", "https://infosec.exchange/@monitorsg/116329370267468381", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:18:26", "1780103", "https://tirqavem.top/session/login-stylesheet.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116329370267468381", "SmartApeSG", "0", "monitorsg" "2026-04-01 12:12:28", "1780105", "sprucethorn.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:17:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:10:44", "1780104", "http://202.56.160.190:80/HRQr", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "https://bazaar.abuse.ch/sample/482d134402fb33d4ded42657dd3473240fccdedb25cee3c3af5de8e4783886e3/", "cobaltstrike", "0", "abuse_ch" "2026-04-01 12:05:51", "1780100", "h4rb-loop.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:07:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 12:04:46", "1780099", "aiscore.it.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:46", "100", "False", "https://tria.ge/260401-nbd7hsbz6m", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:39", "1780098", "mahjongtiles.it.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:43", "100", "False", "https://tria.ge/260401-ne55eaex2t", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:34", "1780097", "skk.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:39", "100", "False", "https://tria.ge/260401-nh9l1ab12n", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:26", "1780096", "charlotte.eu.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:36", "100", "False", "https://tria.ge/260401-nmn6vsex6w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:19", "1780095", "greek.gb.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:31", "100", "False", "https://tria.ge/260401-nr7h1aex9t", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:12", "1780094", "proveritas.eu.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:23", "100", "False", "https://tria.ge/260401-n5m2hscs4l", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 12:04:03", "1780093", "lotusstudiopr.us.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-04-01 14:00:26", "100", "False", "https://tria.ge/260401-nz7tqsb19n", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-04-01 11:59:17", "1780092", "crirn4-point.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 12:02:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 11:46:19", "1780090", "qobavx3.barondecont.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:46:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 11:39:26", "1780088", "neo-d3v.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:42:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 11:32:38", "1780087", "norvenix2.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:38:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 11:29:14", "1780085", "https://iopv.net/register", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,powershell", "0", "HuntYethHounds" "2026-04-01 11:25:59", "1780083", "https://iopv.net/init", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,User-Agent Check", "0", "HuntYethHounds" "2026-04-01 11:25:35", "1780082", "iopv.net", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,User-Agent Check", "0", "HuntYethHounds" "2026-04-01 11:19:39", "1780081", "6jamieya.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:22:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 11:12:41", "1780080", "solcresten2.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:18:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 11:11:55", "1780079", "https://t.me/xerkoper", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/e268324d79d6ef3f04370fbb06ce26a8b3db7a34b92731a0c5582a0fe800547a/", "vidar", "0", "abuse_ch" "2026-04-01 11:06:17", "1780073", "wild-mount.vivatwoman.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 11:06:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 10:59:37", "1780072", "kxep42pp.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:59:43", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 10:53:25", "1780071", "brighterlib.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots" "2026-04-01 10:53:07", "1780070", "choru5-hinge.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:55:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:52:38", "1780068", "v2.xoilacvi.co", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-04-01 10:52:38", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-04-01 10:52:38", "1780069", "v3.xoilacvi.co", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-04-01 10:52:06", "1780066", "https://api.telegram.org/bot8271047137:AAEexDI10mt9IUeumEpriGOSFf1ITlCIW-0/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "False", "", "agenttesla,c2", "0", "juroots" "2026-04-01 10:52:06", "1780067", "https://api.telegram.org/bot8565137147:AAE7jjjsdR6xpVh7Pt_AHuEJ8UDtF-iSSYw/", "url", "botnet_cc", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "50", "False", "", "agenttesla,c2", "0", "juroots" "2026-04-01 10:50:48", "1780065", "https://der04.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d48aa-cb21-755a-9d17-2e29ca9da938", "c2,spynote,urlscan", "0", "juroots" "2026-04-01 10:50:44", "1780064", "https://taozi.win/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019d48aa-bc86-7183-8962-4ec3e0339f57", "c2,spynote,urlscan", "0", "juroots" "2026-04-01 10:49:26", "1780063", "https://77.91.97.162/g93kdwj3s/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "False", "https://urlscan.io/result/019d48a9-8e1a-763f-8f1b-0e61a1c3e8f0", "amadey,c2,urlscan", "0", "juroots" "2026-04-01 10:48:46", "1780062", "https://elecviews39.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-f3a4-71d4-98bd-f6db9acd07c9", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:44", "1780061", "https://nids19.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-eab2-72db-a44a-a57ff83c5348", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:42", "1780060", "https://docviews71.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-e298-75fa-bdef-c072bc293d2d", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:40", "1780059", "https://elecviews40.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-d984-73de-8667-8b45d66c3aaf", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:37", "1780058", "https://edocview7.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-d03c-702e-a8aa-308aa49095c9", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:35", "1780057", "https://note4.dns.army/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-c896-71ce-ac64-5de31039890d", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:33", "1780056", "https://elecviews49.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-c09f-72ac-8629-01df77a6d251", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:31", "1780055", "https://docviews8.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-b818-713b-8730-97b99f89be3f", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:29", "1780054", "https://nids58.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-b13f-7224-84e6-2a9d2722a3b4", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:27", "1780053", "http://docviews56.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-a903-73a2-bf40-0b7b6c27e8d5", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:25", "1780052", "https://join39s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-a021-711d-a110-53f3962ccf12", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:23", "1780051", "https://docviews35.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-9770-76da-aecf-59940db8206e", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:21", "1780050", "https://docviews65.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-8f6b-709a-a07f-9970d743432b", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:18", "1780049", "https://docviews40.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-8533-73be-8d53-33cc54c50e4f", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:16", "1780048", "https://search20s.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-7e1b-71fd-b953-07ad29a97c38", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:14", "1780047", "https://docviews5.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-7648-7164-8b6e-7349ba4d335d", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:12", "1780046", "https://elecviews87.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-6b39-774e-900e-567af6797082", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:09", "1780045", "https://docviews59.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-61c7-70ac-9307-62a206dcf00c", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:06", "1780044", "https://elecviews55.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-5739-7003-a516-729c3a82a5bb", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:04", "1780043", "https://docviews24.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-4d54-7059-9474-d5851bb96a7f", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:48:02", "1780042", "https://docviews43.dynv6.net/", "url", "botnet_cc", "win.kimsuky", "None", "Kimsuky", "", "50", "False", "https://urlscan.io/result/019d48a8-4236-77ba-9892-85f86fd772b0", "c2,kimsuky,urlscan", "0", "juroots" "2026-04-01 10:47:14", "1780041", "89.169.54.130:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/89.169.54.130#7443", "c2,mythic,shodan", "0", "juroots" "2026-04-01 10:47:01", "1780040", "144.172.88.60:4443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/144.172.88.60#4443", "c2,shodan,villain", "0", "juroots" "2026-04-01 10:46:31", "1780039", "compilpow.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:51:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:46:27", "1780038", "192.227.239.42:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "50", "False", "https://www.shodan.io/host/192.227.239.42#8443", "adaptixc2,c2,shodan", "0", "juroots" "2026-04-01 10:45:34", "1780037", "164.92.67.70:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "False", "https://www.shodan.io/host/164.92.67.70#443", "c2,havoc,shodan", "0", "juroots" "2026-04-01 10:45:18", "1780036", "165.245.130.101:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/165.245.130.101#31337", "c2,shodan,sliver", "0", "juroots" "2026-04-01 10:45:16", "1780035", "77.90.185.69:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/77.90.185.69#31337", "c2,shodan,sliver", "0", "juroots" "2026-04-01 10:45:14", "1780034", "147.45.45.79:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/147.45.45.79#31337", "c2,shodan,sliver", "0", "juroots" "2026-04-01 10:44:59", "1780033", "189.56.104.221:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/189.56.104.221#8443", "c2,powersploit,shodan", "0", "juroots" "2026-04-01 10:44:58", "1780032", "54.157.76.50:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/54.157.76.50#443", "c2,powersploit,shodan", "0", "juroots" "2026-04-01 10:44:56", "1780031", "178.104.45.253:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/178.104.45.253#8080", "c2,powersploit,shodan", "0", "juroots" "2026-04-01 10:44:50", "1780030", "139.59.106.165:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/139.59.106.165#8443", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:49", "1780029", "5.129.194.137:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/5.129.194.137#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:46", "1780028", "141.95.160.129:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/141.95.160.129#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:44", "1780027", "108.162.67.124:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/108.162.67.124#443", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:39", "1780026", "46.225.174.26:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/46.225.174.26#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:38", "1780025", "5.226.191.169:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/5.226.191.169#4433", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:34", "1780024", "161.97.139.204:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/161.97.139.204#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-04-01 10:44:06", "1780023", "113.45.65.232:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/113.45.65.232#443", "c2,panda,shodan", "0", "juroots" "2026-04-01 10:44:03", "1780022", "103.40.253.162:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/103.40.253.162#443", "c2,panda,shodan", "0", "juroots" "2026-04-01 10:43:43", "1780021", "104.168.149.226:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/104.168.149.226#443", "c2,cobaltstrike,shodan", "0", "juroots" "2026-04-01 10:43:42", "1780020", "43.230.161.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/43.230.161.81#443", "c2,cobaltstrike,shodan", "0", "juroots" "2026-04-01 10:43:25", "1780019", "152.136.43.210:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-01 10:43:39", "50", "False", "https://www.shodan.io/host/152.136.43.210#8083", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2026-04-01 10:43:03", "1780018", "45.221.118.180:111", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-01 10:43:40", "50", "False", "https://www.shodan.io/host/45.221.118.180#111", "c2,cobaltstrike,cs-watermark-987654321,shodan", "0", "juroots" "2026-04-01 10:40:09", "1780017", "nppw50at.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:44:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:33:22", "1780016", "wzovragk.driveaway.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:38:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:20:07", "1780014", "185.38.142.5:5003", "ip:port", "botnet_cc", "jar.strrat", "None", "STRRAT", "", "100", "False", "None", "STRRAT", "0", "abuse_ch" "2026-04-01 10:19:53", "1780013", "loud-cloud.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:20:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 10:13:18", "1780012", "wind-flow.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:13:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:06:27", "1780011", "alert-svc.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:07:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 10:00:24", "1780010", "signal-box.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 10:04:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:53:21", "1780009", "tune-api.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:57:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:46:55", "1780008", "high-note.brillwhistleb.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:51:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:41:17", "1780007", "yield-hub.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:45:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:35:35", "1780006", "yuosryb6o.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-04-01 10:00:08", "75", "False", "https://bazaar.abuse.ch/sample/45dec334575199a17f733f0001e315d55e9836fdc9508f8983fbfb2d20e739c1/", "remcos", "0", "abuse_ch" "2026-04-01 09:35:29", "1780005", "yuosryb6o.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-04-01 10:00:08", "75", "False", "https://bazaar.abuse.ch/sample/45dec334575199a17f733f0001e315d55e9836fdc9508f8983fbfb2d20e739c1/", "remcos", "0", "abuse_ch" "2026-04-01 09:35:24", "1780004", "crop-trace.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:38:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:30:56", "1780000", "http://65.109.103.93/api/upload-data", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:56", "1780001", "http://212.162.150.121/api/upload-data", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:56", "1780002", "http://65.109.103.93/ws/client", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:56", "1780003", "http://212.162.150.121/ws/client", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:53", "1779998", "65.109.103.93:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:53", "1779999", "212.162.150.121:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/d937c5e462f41b5db3954ac322236b8356f6a03385a5daf112a4ac014a86e9d9/", "None", "0", "abuse_ch" "2026-04-01 09:30:14", "1779997", "field-scan.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:34:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 09:25:06", "1779995", "91.202.233.67:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/084274fb033411a03b996c1b17f10cc3780e65effe52de2bed3fd76b6138d99f/", "None", "0", "abuse_ch" "2026-04-01 09:24:29", "1779994", "harvest-api.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:26:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:23:57", "1779993", "http://5.180.24.16/ws/client", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/fc803f15ac92a8d7642999722ade1a02cfe8c9529ec593bd1c8d0cd366e6ebb5/", "None", "0", "abuse_ch" "2026-04-01 09:23:56", "1779992", "http://5.180.24.16/api/upload-data", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/fc803f15ac92a8d7642999722ade1a02cfe8c9529ec593bd1c8d0cd366e6ebb5/", "None", "0", "abuse_ch" "2026-04-01 09:23:18", "1779991", "5.180.24.16:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/fc803f15ac92a8d7642999722ade1a02cfe8c9529ec593bd1c8d0cd366e6ebb5/", "None", "0", "abuse_ch" "2026-04-01 09:20:44", "1779990", "https://centegn.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/bbdd32373a701742689d1b34d1597d6c4347758d91bea4e9cb4aa875237cd07c/", "lumma", "0", "abuse_ch" "2026-04-01 09:17:42", "1779942", "spider-net.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:28:20", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:42", "1779944", "factory-io.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:40:24", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:41", "1779953", "http://fortlauderdalelemonlaw.com/curl/6e94eaa0bb819eb49d74473da0a4c4afb8df11080d512813d135ce1cc8dcf403", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/whoamix302/status/2039242449395335192?s=20", "Stealer", "0", "whoamix302" "2026-04-01 09:17:40", "1779955", "https://www.motip.com/uploads_motip/verification.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.motip.com", "ClickFix", "0", "CarsonWilliams" "2026-04-01 09:17:40", "1779957", "5577857d4b69217b12f59c8fd58b8e8ce57645ff19097c00693733bca86abb63", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/whoamix302/status/2039242449395335192?s=20", "MacSync,Stealer", "0", "whoamix302" "2026-04-01 09:17:39", "1779959", "110.43.68.89:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Rat,Xtreme RAT", "0", "whoamix302" "2026-04-01 09:17:38", "1779960", "52.81.200.103:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Rat,Xtreme RAT", "0", "whoamix302" "2026-04-01 09:17:38", "1779961", "151.59.152.232:8080", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "", "Rat,SectopRAT", "0", "whoamix302" "2026-04-01 09:17:37", "1779962", "2.143.111.26:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "NetSupport,NetSupportManager RAT,RAT", "0", "whoamix302" "2026-04-01 09:17:36", "1779963", "110.36.65.23:57788", "ip:port", "botnet_cc", "elf.mozi", "None", "Mozi", "", "100", "False", "", "Mozi", "0", "whoamix302" "2026-04-01 09:17:36", "1779965", "178.16.54.14:80", "ip:port", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "ProxyBox,Socks5", "0", "whoamix302" "2026-04-01 09:17:35", "1779966", "45.155.250.126:80", "ip:port", "botnet_cc", "win.socks5_systemz", "ProxyBox", "Socks5 Systemz", "", "100", "False", "", "ProxyBox,Socks5", "0", "whoamix302" "2026-04-01 09:17:35", "1779967", "secure-hit.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:52:25", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:34", "1779969", "def-system.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:03:47", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:33", "1779971", "bass-boost.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:15:14", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:32", "1779973", "noise-gate.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:25:51", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:31", "1779976", "qpo.smoothfacing.cfd", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer,AmateraStealer", "0", "aachum" "2026-04-01 09:17:30", "1779977", "foot.trxzidan.icu", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/browse/tag/ACRStealer/", "ACRStealer,AmateraStealer", "0", "aachum" "2026-04-01 09:17:29", "1779981", "cell-logic.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:53:39", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 09:17:11", "1779988", "38.22.91.131:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-01 09:17:09", "1779987", "159.75.76.236:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-01 09:14:13", "1779986", "3.69.49.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-01 09:13:13", "1779985", "farm-logic.combinekabisia.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:15:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 09:07:25", "1779984", "root-source.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:12:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 09:02:01", "1779983", "health-node.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 09:05:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:56:20", "1779982", "organ-sync.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:59:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:45:31", "1779980", "http://cz762927.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-01 08:45:20", "1779979", "life-cycle.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:47:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 08:39:39", "1779978", "bio-record.maknothplacenta.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:44:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:33:59", "1779975", "wave-form.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:38:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:28:17", "1779974", "audio-path.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:32:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:16:46", "1779972", "echo-relay.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:18:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 08:05:41", "1779970", "sound-check.lohsmacknon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 08:07:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:54:42", "1779968", "target-api.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:56:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:43:16", "1779964", "catch-node.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:45:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:37:37", "1779958", "cage-match.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:41:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:32:19", "1779956", "action-log.fighttrapper.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:37:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:26:34", "1779954", "video-drop.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:31:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:20:56", "1779952", "blend-master.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:25:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:15:25", "1779951", "color-mix.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:17:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:09:30", "1779950", "style-sync.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:14:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 07:04:15", "1779949", "art-portal.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:06:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:58:23", "1779948", "small-frame.cameoinfusion.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 07:03:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:53:10", "1779947", "silk-route.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:55:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:47:24", "1779946", "venom-dev.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:52:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:41:40", "1779945", "heavy-link.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:44:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:30:29", "1779943", "web-crawl.industtarant.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:31:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:19:09", "1779941", "skin-proxy.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:20:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:13:38", "1779940", "rotate-node.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:17:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:09:19", "1779939", "217.60.248.91:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e54d1745cf9b6690642c4eccb7720c21468c4cd8bc73d5c4f542b6db69970ef0/", "DarkWatchman", "0", "abuse_ch" "2026-04-01 06:08:48", "1779938", "http://a2b5caf8.buzz/2/index.php", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/e54d1745cf9b6690642c4eccb7720c21468c4cd8bc73d5c4f542b6db69970ef0/", "DarkWatchman", "0", "abuse_ch" "2026-04-01 06:07:48", "1779937", "core-wrap.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:13:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:06:25", "1779936", "199.217.99.119:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0a4ac8f45a51ed772a35a667c8dd318c2da8f47ea0c92bf814f183de459ddd3f/", "DarkWatchMan", "0", "abuse_ch" "2026-04-01 06:05:39", "1779934", "http://e732a5ae.xyz/index.php", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/0a4ac8f45a51ed772a35a667c8dd318c2da8f47ea0c92bf814f183de459ddd3f/", "DarkWatchman", "0", "abuse_ch" "2026-04-01 06:05:39", "1779935", "http://e732a5ae.top/index.php", "url", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/0a4ac8f45a51ed772a35a667c8dd318c2da8f47ea0c92bf814f183de459ddd3f/", "DarkWatchman", "0", "abuse_ch" "2026-04-01 06:03:48", "1779933", "39.109.116.103:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260401-e2s9pagv5m", "AS142403,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-04-01 06:02:12", "1779932", "outer-shell.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:05:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 06:00:58", "1779931", "138.201.106.62:7004", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-04-01 06:01:44", "100", "False", "https://tria.ge/260401-e2j11sbw9v", "AS24940,C2,triage,xworm", "0", "DonPasci" "2026-04-01 06:00:44", "1779930", "https://204.168.220.27", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/03d2a635141e85d29fcf435c457ed8037acac91181f3f1844e8cc6249de178f3/", "vidar", "0", "abuse_ch" "2026-04-01 06:00:27", "1779928", "shtnsn.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 06:00:27", "1779929", "silverseeker.sa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 06:00:26", "1779924", "digitaloptionslznpz.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 06:00:26", "1779925", "elevoji.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 06:00:26", "1779926", "guide-school.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 06:00:26", "1779927", "hitsed.ru.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-ez314sgv4l", "quasar", "0", "dyingbreeds_" "2026-04-01 05:56:34", "1779923", "layer-check.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 06:01:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:55:31", "1779922", "swimrest.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-04-01 05:54:41", "1779921", "cyrsite.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "ConnectWise,RMM,ScreenConnect", "0", "abuse_ch" "2026-04-01 05:51:07", "1779920", "spin-cycle.dervishpeel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:53:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:50:25", "1779919", "https://204.168.172.164", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/6d56f099ff02a11ccd233f8a9f5531d9a459fcbb2541551134fa9e435bfd177f/", "vidar", "0", "abuse_ch" "2026-04-01 05:45:32", "1779918", "source-log.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:50:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:40:31", "1779913", "31.57.216.28:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:31", "1779914", "204.76.203.165:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:31", "1779915", "130.12.180.119:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:31", "1779916", "31.57.216.27:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:31", "1779917", "46.151.182.19:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:30", "1779911", "130.12.182.175:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:40:30", "1779912", "46.151.182.245:424", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-04-01 05:39:51", "1779910", "hydro-svc.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:42:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:34:17", "1779909", "pump-ctrl.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:38:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:28:52", "1779908", "well-point.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:33:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:23:10", "1779907", "liquid-api.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:23:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:22:03", "1779906", "43.198.45.195:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c709ed855b596e46c4df8eb3ff6d50ca55869ae9deb59e04a49fd2df31f77c71/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-01 05:21:31", "1779905", "fbmtingttk.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/c709ed855b596e46c4df8eb3ff6d50ca55869ae9deb59e04a49fd2df31f77c71/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-01 05:18:19", "1779904", "95.40.168.23:670", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/a1a0f35f0ac483a6c5649f6fa338952c2d2c457d2cb1b2fcef16bdc96fdfdb8b/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-01 05:17:44", "1779903", "soemyidcbiue.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/a1a0f35f0ac483a6c5649f6fa338952c2d2c457d2cb1b2fcef16bdc96fdfdb8b/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-01 05:17:22", "1779902", "water-flow.needwatka.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:19:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:11:58", "1779901", "site-connect.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:16:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:06:17", "1779900", "fence-logic.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:09:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 05:01:45", "1779735", "bsmaopm.duckdns.org", "domain", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.derp.ca", "ClickFix,DuckDNS,PureHVNC,SERPENTINE", "0", "kirkderp" "2026-04-01 05:01:44", "1779736", "12.202.180.133:6757", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "False", "https://www.derp.ca", "ClickFix,PureHVNC,SERPENTINE", "0", "kirkderp" "2026-04-01 05:01:44", "1779737", "star-map.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:36:43", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:42", "1779742", "https://thebusinessaccelerator.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/thebusinessaccelerator.com", "ClickFix", "0", "CarsonWilliams" "2026-04-01 05:01:42", "1779748", "synapse-net.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:34:14", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:40", "1779750", "api.permanentothertheorist.com", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "50", "False", "", "None", "0", "varysz" "2026-04-01 05:01:39", "1779753", "nerve-center.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:50:48", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:37", "1779755", "bio-sensor.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:01:00", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:36", "1779757", "https://discord.com/api/webhooks/960954050583613549/YAkGomn5eYtrPChuOPz87pIkS7WK2XpB5Y3ozZQXaAho2VCBN99g7k9oqSAPJ9Ji7bTr", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "botnet,discord-c2", "0", "isaac1" "2026-04-01 05:01:33", "1779758", "mesh-proxy.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:12:05", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:32", "1779760", "49.51.134.147:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Rat,Xtreme RAT", "0", "whoamix302" "2026-04-01 05:01:31", "1779761", "50.39.155.159:54984", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "", "Nancrat,NanoCore,Nanocore RAT", "0", "whoamix302" "2026-04-01 05:01:31", "1779762", "secure-vault.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:22:45", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:28", "1779770", "217.69.2.135:5000", "ip:port", "botnet_cc", "js.glassworm", "None", "GlassWorm", "", "100", "False", "https://codeberg.org/tip-o-deincognito/glassworm-writeup", "chrome-extension,glassworm,Wave3", "0", "tipo_deincognito" "2026-04-01 05:01:28", "1779771", "enc-tunnel.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:34:56", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:26", "1779794", "range-extend.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:31:20", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:25", "1779809", "precision-io.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:16:26", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:23", "1779820", "https://bemqorli.top/logout/admin-worker.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116326307475137610", "SmartApeSG", "0", "monitorsg" "2026-04-01 05:01:22", "1779823", "maochikomajf.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "50", "False", "", "None", "0", "varysz" "2026-04-01 05:01:21", "1779829", "150.241.65.94:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.virustotal.com/gui/file/6e4d9463179932d9306ac5558beb4f88c273351a75b05b52c45db714883788eb", "blackout,botnet,c2,ddos,go,linux", "0", "Lenny_3BO" "2026-04-01 05:01:21", "1779830", "150.241.65.94:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://www.virustotal.com/gui/file/6e4d9463179932d9306ac5558beb4f88c273351a75b05b52c45db714883788eb", "blackout,c2,express,nodejs,panel", "0", "Lenny_3BO" "2026-04-01 05:01:19", "1779831", "http://150.241.65.94/sc32", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "https://www.virustotal.com/gui/file/6e4d9463179932d9306ac5558beb4f88c273351a75b05b52c45db714883788eb", "blackout,ddos,download,go,payload", "0", "Lenny_3BO" "2026-04-01 05:01:19", "1779833", "volt-check.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:02:46", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:18", "1779838", "secret-api.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:26:59", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:17", "1779850", "eco-monitor.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:33:41", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:16", "1779853", "outer-shell.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:54:14", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:16", "1779861", "brain-scan.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:23:10", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:14", "1779868", "fast-track.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:52:41", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:14", "1779870", "light-logic.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:02:09", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:12", "1779873", "12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "sha256_hash", "payload", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,Go,gopher", "0", "Lenny_3BO" "2026-04-01 05:01:11", "1779874", "a4ccfa85bf0faf1caad12a410342ce977418f50a14094d045e2c9e861bd2f934", "sha256_hash", "payload", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,Go,gopher", "0", "Lenny_3BO" "2026-04-01 05:01:11", "1779875", "929e28c42c72fc0de845fa3e77a9aed790b74249cf0700026ee89b1db6eabe25", "sha256_hash", "payload", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,Go,gopher", "0", "Lenny_3BO" "2026-04-01 05:01:10", "1779876", "abac8cd80711555a39d73e5aeab4919af37de95d057038778b737071dc35bb88", "sha256_hash", "payload", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,Go,gopher", "0", "Lenny_3BO" "2026-04-01 05:01:09", "1779877", "4b467906789b3abaeeaab4483efc9a8b6b6dda044520fdd07526e71cb160b614", "sha256_hash", "payload", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,Go,gopher", "0", "Lenny_3BO" "2026-04-01 05:01:08", "1779878", "45.153.34.120:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,c2", "0", "Lenny_3BO" "2026-04-01 05:01:08", "1779879", "kitty-guard.buzz", "domain", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://www.virustotal.com/gui/file/12a8b0903c176cb6478b4f0bfcf8a621025c37faf83941125c803ccc3e0913e6", "AdaptixC2,c2", "0", "Lenny_3BO" "2026-04-01 05:01:06", "1779887", "wing-span.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:56:47", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:01:05", "1779898", "land-mark.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:58:29", "100", "False", "None", "1April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-01 05:00:45", "1779899", "soil-monitor.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 05:01:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:49:42", "1779897", "area-scanner.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:52:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:44:01", "1779896", "border-gate.fetterland.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:48:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:38:06", "1779895", "robot-api.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:38:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:32:38", "1779894", "steel-core.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:34:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:27:08", "1779893", "auto-build.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:27:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:21:25", "1779892", "power-plant.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:21:26", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 04:15:46", "1779891", "iron-works.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:18:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:10:22", "1779890", "heavy-duty.mechaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:14:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 04:05:09", "1779889", "pilot-svc.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 04:07:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:58:55", "1779888", "alt-logic.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:59:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:47:50", "1779886", "sky-route.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:49:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:42:07", "1779885", "air-traffic.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:46:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:36:35", "1779884", "flight-path.aerovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:38:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:30:59", "1779883", "point-edge.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:35:30", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 03:25:29", "1779882", "static-cdn.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:26:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:19:49", "1779881", "web-portal.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:21:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 03:14:27", "1779880", "info-orbit.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:17:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:08:47", "1779872", "cloud-ring.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:12:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 03:02:59", "1779871", "data-field.digisphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 03:07:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 02:55:22", "1779869", "wwww.pqpicc.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-04-01 06:00:05", "75", "False", "https://bazaar.abuse.ch/sample/d50e189d3306616047d9b438999ffd2810967341e2bf8251b073f631939dc3c0/", "remcos", "0", "abuse_ch" "2026-04-01 02:50:24", "1779867", "192.227.219.95:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-04-01 02:46:22", "1779866", "qubit-sync.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:47:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 02:40:26", "1779865", "packet-flow.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:42:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 02:35:18", "1779864", "speed-test.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:35:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 02:29:46", "1779863", "bit-stream.quantacircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:32:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 02:23:34", "1779862", "mind-node.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:27:47", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 02:12:16", "1779860", "thought-hub.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:13:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 02:06:43", "1779859", "impulse-api.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:08:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 02:01:40", "1779858", "AnderDingus.aamothership.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260401-a1cs4aax9w", "XWorm", "0", "dyingbreeds_" "2026-04-01 02:01:00", "1779857", "nerve-center.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 02:03:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 02:00:26", "1779856", "mihorror2005.redirectme.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260401-acx45ae14k", "quasar", "0", "dyingbreeds_" "2026-04-01 02:00:04", "1779855", "172.245.4.226:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-3es76sh13s", "Remcos", "0", "dyingbreeds_" "2026-04-01 01:55:54", "1779854", "synapse-log.neurovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:56:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:44:30", "1779852", "meta-layer.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:45:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:39:25", "1779851", "world-view.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:40:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:27:56", "1779849", "urban-hub.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:28:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:22:22", "1779848", "global-net.technosphere.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:23:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:16:42", "1779847", "brain-base.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:18:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:11:02", "1779846", "decision-svc.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:12:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 01:05:17", "1779845", "process-io.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:07:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 00:59:49", "1779844", "truth-table.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 01:00:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:54:22", "1779843", "rule-engine.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:56:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:48:37", "1779842", "main-frame.logicmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:51:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:42:47", "1779841", "enc-tunnel.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:46:48", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-01 00:37:26", "1779840", "hash-store.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:39:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:31:38", "1779839", "anon-auth.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:37:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:20:31", "1779837", "lock-box.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:21:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:15:03", "1779836", "secure-key.cryptovault.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:16:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:09:28", "1779835", "chip-set.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:11:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-01 00:04:04", "1779834", "board-mgr.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-01 00:08:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:52:19", "1779832", "bus-bridge.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:54:20", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 23:46:53", "1779828", "wire-sync.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:48:10", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 23:41:18", "1779827", "logic-gate.infocircuit.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:43:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:35:34", "1779826", "broad-cast.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:40:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:29:45", "1779825", "ping-gate.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:33:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:24:13", "1779824", "tower-sync.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:28:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:18:35", "1779822", "beam-relay.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:22:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:13:20", "1779821", "wave-form.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:17:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:07:39", "1779819", "radio-freq.signalforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:07:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 23:01:33", "1779818", "raster-node.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 23:02:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:56:27", "1779817", "display-svc.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:57:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:50:44", "1779816", "video-buffer.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:52:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:44:53", "1779815", "image-stack.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:44:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 22:39:16", "1779814", "render-grid.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:42:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:33:50", "1779813", "color-bit.pixelmatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:37:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 22:28:17", "1779812", "scan-core.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:29:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:22:24", "1779811", "particle-api.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:26:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:17:10", "1779810", "small-unit.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:17:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 22:05:47", "1779808", "atom-trace.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:07:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 22:01:35", "1779807", "voidbebr-48949.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260331-xf6xrsdt6r", "XWorm", "0", "dyingbreeds_" "2026-03-31 22:00:25", "1779806", "oke.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-wx49tscx8l", "quasar", "0", "dyingbreeds_" "2026-03-31 22:00:24", "1779805", "blogs.mex.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-wx49tscx8l", "quasar", "0", "dyingbreeds_" "2026-03-31 22:00:21", "1779804", "193.233.19.233:1177", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-1qd7aahx5v", "quasar", "0", "dyingbreeds_" "2026-03-31 22:00:02", "1779803", "micro-scale.nanovector.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 22:04:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 21:44:47", "1779802", "https://audipoint.cz/downloads/Burst.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 21:42:42", "1779801", "https://audipoint.cz/downloads/info.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "C Sharp,ClickFix,powershell", "0", "HuntYethHounds" "2026-03-31 21:38:32", "1779800", "https://audipoint.cz/downloads/kontakt.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 21:38:11", "1779799", "ping-gate.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:59:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 21:37:48", "1779798", "https://audipoint.cz", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 21:37:31", "1779797", "audipoint.cz", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 21:35:18", "1779796", "69.5.189.12:5222", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-03-31 21:32:49", "1779795", "broad-cast.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:35:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 21:21:25", "1779793", "tower-sync.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:22:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 21:20:33", "1779792", "143.47.53.106:5895", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-03-31 21:15:43", "1779791", "radio-freq.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:16:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 21:09:58", "1779790", "wave-crest.signalcrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:13:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 21:04:23", "1779789", "meta-stack.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 21:05:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 20:59:37", "1779788", "https://krylox.club/send_tg.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 20:59:02", "1779787", "base-record.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:59:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:57:29", "1779786", "https://krylox.club/verify.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 20:57:08", "1779785", "https://krylox.club/112.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 20:56:54", "1779784", "krylox.club", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 20:53:19", "1779783", "info-summit.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:56:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:48:22", "1779782", "iopajkflorta.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "ClickFix,IClickFix,NetSupport RAT", "0", "HuntYethHounds" "2026-03-31 20:47:49", "1779781", "bulk-export.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:49:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:43:29", "1779780", "zarnoflidfgvv.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "", "ClickFix,IClickFix,NetSupport RAT", "0", "HuntYethHounds" "2026-03-31 20:41:58", "1779779", "archive-top.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:47:11", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:37:43", "1779778", "high-ridge.datacrest.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:42:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:36:31", "1779777", "176.65.144.108:80", "ip:port", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:35:49", "1779776", "http://176.65.144.108/i88.txt", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:35:12", "1779775", "https://asiaverses.com", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:34:44", "1779774", "asiaverses.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:34:05", "1779773", "https://abulrob.com/wp-blog-footer.php?page=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "2026-03-31 21:30:28", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:31:46", "1779772", "https://djasdajnsdnjgjg.com/sdkfgi.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 20:27:00", "1779769", "https://diddyparty.click/log.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:26:27", "1779768", "https://diddyparty.click/api/index.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:25:27", "1779767", "https://diddyparty.click/cf.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-03-31 21:30:28", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:25:13", "1779766", "diddyparty.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:25:09", "1779765", "anon-relay.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:31:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 20:22:57", "1779764", "https://cgfuryclaud.shop/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:22:42", "1779763", "cgfuryclaud.shop", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 20:13:57", "1779759", "threat-log.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:19:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 20:03:09", "1779756", "ghost-shell.cyberhaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 20:04:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:51:38", "1779754", "pulse-logic.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:53:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:45:09", "1779752", "193.24.211.242:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-03-31 19:40:40", "1779751", "thought-api.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:41:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:35:08", "1779749", "brain-scan.neurobloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:36:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 19:23:27", "1779747", "bit-stream.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:26:53", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 19:18:00", "1779746", "packet-flow.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:23:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:12:12", "1779745", "speed-test.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:15:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:06:44", "1779744", "logic-gate.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:11:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 19:01:10", "1779743", "atom-split.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:03:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:55:34", "1779741", "micro-pulse.quantaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 19:00:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:49:45", "1779740", "pilot-auth.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:52:46", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 18:44:10", "1779739", "void-storage.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:49:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:38:45", "1779738", "cosmic-link.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:43:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:27:43", "1779734", "deep-sky.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:27:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:21:59", "1779733", "safe-ship.astrahaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:23:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:16:20", "1779732", "launch-pad.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:19:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 18:14:24", "1779707", "glow-portal.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:46:24", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 18:14:24", "1779715", "y57kdsa.duckdns.org", "domain", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-03-31 18:10:25", "100", "False", "https://www.derp.ca", "ClickFix,DuckDNS,SERPENTINE", "0", "kirkderp" "2026-03-31 18:14:23", "1779716", "vivogrouplink.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://www.derp.ca", "ClickFix,DuckDNS,SERPENTINE,Violet", "0", "kirkderp" "2026-03-31 18:14:23", "1779721", "https://bankopenhours.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/bankopenhours.com", "ClickFix", "0", "CarsonWilliams" "2026-03-31 18:14:22", "1779723", "edward-fwd-vacuum-changelog.trycloudflare.com", "domain", "payload_delivery", "win.venom", "None", "Venom RAT", "", "100", "False", "https://www.derp.ca", "ClickFix,Cloudflare-Tunnel,SERPENTINE,WebDAV", "0", "kirkderp" "2026-03-31 18:14:22", "1779724", "handed-mines-abc-intensity.trycloudflare.com", "domain", "payload_delivery", "win.venom", "None", "Venom RAT", "", "100", "False", "https://www.derp.ca", "ClickFix,Cloudflare-Tunnel,SERPENTINE,WebDAV", "0", "kirkderp" "2026-03-31 18:14:21", "1779725", "rover-earlier-baseline-karen.trycloudflare.com", "domain", "payload_delivery", "win.venom", "None", "Venom RAT", "", "100", "False", "https://www.derp.ca", "ClickFix,Cloudflare-Tunnel,SERPENTINE,WebDAV", "0", "kirkderp" "2026-03-31 18:14:20", "1779726", "represents-causes-conflicts-silver.trycloudflare.com", "domain", "payload_delivery", "win.venom", "None", "Venom RAT", "", "100", "False", "https://www.derp.ca", "ClickFix,Cloudflare-Tunnel,SERPENTINE,WebDAV", "0", "kirkderp" "2026-03-31 18:10:28", "1779731", "gravity-io.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:10:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 18:05:17", "1779730", "spin-control.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:07:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 18:02:42", "1779729", "103.215.77.17:4499", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260331-rmkefses7x", "AS400619,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-03-31 18:00:56", "1779728", "81.159.116.2:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-31 18:01:52", "100", "False", "https://tria.ge/260331-v9ts7afv9v", "AS2856,C2,triage,xworm", "0", "DonPasci" "2026-03-31 18:00:55", "1779727", "qqxylozz-56474.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-31 18:01:49", "100", "False", "https://tria.ge/260331-wafb7afw3s", "C2,domain,triage,xworm", "0", "DonPasci" "2026-03-31 18:00:37", "1779722", "147.185.221.31:38645", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-trbzzsbz2q", "quasar", "0", "dyingbreeds_" "2026-03-31 18:00:31", "1779718", "sagestream.sa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-vcj8gsfs6s", "quasar", "0", "dyingbreeds_" "2026-03-31 18:00:31", "1779719", "sc88882.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-vcj8gsfs6s", "quasar", "0", "dyingbreeds_" "2026-03-31 18:00:31", "1779720", "xn--3kqw74a81mpni5rau92aqo3c.jpn.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-vcj8gsfs6s", "quasar", "0", "dyingbreeds_" "2026-03-31 18:00:13", "1779714", "catoma11.accesscam.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-sttgdabw8l", "Remcos", "0", "dyingbreeds_" "2026-03-31 18:00:08", "1779713", "194.59.30.128:2021", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-s79qhsez21", "Remcos", "0", "dyingbreeds_" "2026-03-31 17:59:17", "1779712", "round-trip.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 18:04:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 17:53:55", "1779711", "cycle-monitor.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:55:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 17:48:22", "1779710", "path-finder.orbitforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:51:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 17:42:59", "1779709", "conectividadeprime.site", "domain", "botnet_cc", "win.venon", "None", "VENON", "", "100", "False", "https://bazaar.abuse.ch/sample/530e501f3e0aa8a5e3a41a06b0ba4e159ea6cea258b71c644c0578b856aebddb/", "RAT,VENON", "0", "abuse_ch" "2026-03-31 17:42:58", "1779708", "plataformadireta.one", "domain", "botnet_cc", "win.venon", "None", "VENON", "", "100", "False", "https://bazaar.abuse.ch/sample/530e501f3e0aa8a5e3a41a06b0ba4e159ea6cea258b71c644c0578b856aebddb/", "RAT,VENON", "0", "abuse_ch" "2026-03-31 17:37:01", "1779706", "light-trace.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:39:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:31:26", "1779705", "photo-sync.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:34:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:31:10", "1779657", "89.110.72.206:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:09", "1779640", "static-img.thenycmeeting.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116324178722626395", "SocGholish", "0", "monitorsg" "2026-03-31 17:31:09", "1779650", "kvvfusu.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:52:29", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:31:08", "1779652", "mer-lithen.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:03:27", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:31:08", "1779656", "xxhq.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:26:32", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:31:07", "1779654", "value9-mesh.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:14:42", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:31:05", "1779658", "5.35.36.198:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:05", "1779659", "91.84.97.64:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:04", "1779660", "212.34.147.16:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:03", "1779661", "91.84.99.78:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:03", "1779662", "91.84.99.148:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:03", "1779663", "91.84.99.190:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:31:02", "1779664", "5.35.38.118:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:58", "1779665", "5.35.37.101:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:57", "1779666", "5.35.37.76:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:57", "1779667", "89.110.114.39:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:56", "1779668", "194.164.34.65:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:56", "1779670", "212.34.147.146:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:55", "1779669", "89.110.79.21:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "AS216071,bot-manager,botnet,panel,vdsina", "0", "Lenny_3BO" "2026-03-31 17:30:54", "1779671", "173.212.194.210:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "bot-manager,botnet,panel", "0", "Lenny_3BO" "2026-03-31 17:30:54", "1779672", "173.212.246.200:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "bot-manager,botnet,panel", "0", "Lenny_3BO" "2026-03-31 17:30:53", "1779673", "128.199.19.192:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "bot-manager,botnet,panel", "0", "Lenny_3BO" "2026-03-31 17:30:53", "1779674", "85.217.170.136:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "bot-manager,botnet,panel", "0", "Lenny_3BO" "2026-03-31 17:30:52", "1779680", "vgtp5o.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:53:35", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:30:51", "1779682", "vale-gra.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:05:15", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:30:50", "1779675", "103.138.96.157:5002", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "bot-manager,botnet,panel", "0", "Lenny_3BO" "2026-03-31 17:30:48", "1779685", "growth-engine.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:16:26", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 17:30:48", "1779694", "http://8.216.26.169:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,AS45102,supershell", "0", "antiphishorg" "2026-03-31 17:30:48", "1779697", "https://bemqorli.top/logout/route-sessionstore.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116324889994689906", "SmartApeSG", "0", "monitorsg" "2026-03-31 17:30:47", "1779698", "bemqorli.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-31 17:09:28", "100", "True", "https://infosec.exchange/@monitorsg/116324889994689906", "SmartApeSG", "0", "monitorsg" "2026-03-31 17:30:47", "1779699", "https://bemqorli.top/logout/signup-sandbox.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116324889994689906", "SmartApeSG", "0", "monitorsg" "2026-03-31 17:25:50", "1779704", "optic-hub.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:30:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:25:20", "1779703", "uejrhnfq.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-03-31 18:00:19", "75", "False", "https://bazaar.abuse.ch/sample/4bb4a303b8e4873401be1cea68d50bdaa454471685dc30ad61e9ef746181aa29/", "asyncrat", "0", "abuse_ch" "2026-03-31 17:25:04", "1779702", "12.202.180.133:6745", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2026-03-31 17:19:51", "1779701", "wave-length.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:23:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:14:18", "1779700", "bright-beam.luminflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:16:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:08:46", "1779696", "smelt-logic.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:12:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 17:03:10", "1779695", "plasma-node.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:08:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:57:48", "1779693", "blast-zone.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 17:00:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 16:52:15", "1779692", "heavy-metal.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:57:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:46:26", "1779691", "fusion-core.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:49:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:41:21", "1779690", "star-build.novaforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:41:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 16:35:06", "1779689", "polygon-svc.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:38:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:29:26", "1779688", "top-level.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:34:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:23:50", "1779687", "spatial-api.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:23:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 16:18:24", "1779686", "render-farm.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:20:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 16:08:55", "1779684", "deminestryuid.info", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "booking,ClickFix", "0", "threatcat_ch" "2026-03-31 16:07:06", "1779683", "peak-point.vertexbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 16:09:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 15:55:43", "1779681", "devsig.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:57:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 15:44:45", "1779679", "qz65lmfc.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:45:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 15:39:02", "1779678", "formalpod.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:41:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 15:33:22", "1779677", "vaulvoc.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:38:11", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 15:28:06", "1779676", "cata1og-forge.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:30:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 15:16:33", "1779655", "partnerrelay.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:18:14", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 15:05:28", "1779653", "lum-markal.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 15:07:14", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 14:54:32", "1779651", "load-spark.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:56:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:43:09", "1779649", "voicefjo.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:44:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:37:33", "1779648", "honestsort.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:37:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:37:29", "1779647", "192.238.180.62:5050", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/709de7963a5ab386547882f31f113f7dd42e94bcd723a65db007d3f13dfef45f/", "valleyrat_s2", "0", "abuse_ch" "2026-03-31 14:31:44", "1779646", "rne4d7-zone.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:33:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 14:26:13", "1779645", "loosesnow.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:30:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:20:48", "1779644", "st4b1l-span.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:25:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:15:23", "1779643", "bundstar.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:18:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:12:14", "1779642", "94.103.1.28:56001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/7a2cb732e58e653ebc09553930861bc08d76875cb8d2d1b0c87565282e74eaa5/", "None", "0", "abuse_ch" "2026-03-31 14:09:13", "1779641", "yfjgi.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:09:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 14:05:17", "1779631", "j30k.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:50:59", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 14:04:03", "1779639", "scarlet-tra.cuffsorbsky.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:06:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 14:01:39", "1779638", "194.156.79.140:9019", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260331-pbtgwahz3j", "XWorm", "0", "dyingbreeds_" "2026-03-31 14:00:26", "1779637", "udayachal.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-p6934sdx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 14:00:25", "1779635", "converso.it.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-p6934sdx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 14:00:25", "1779636", "eoa.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-p6934sdx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 14:00:04", "1779634", "longislandpremium.4nmn.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-q279dsdz8x", "Remcos", "0", "dyingbreeds_" "2026-03-31 13:58:04", "1779633", "plantrav.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 14:02:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:52:19", "1779632", "gentle5-crest.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:54:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:45:46", "1779630", "https://65.108.55.35", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "75", "False", "https://bazaar.abuse.ch/sample/3fc853c206881f278a245e00d27e8d4c3fd3f9a94967513ca7e02f639f8c150a/", "vidar", "0", "abuse_ch" "2026-03-31 13:41:05", "1779629", "theor-spool.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:43:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:35:57", "1779628", "sp0o-forge.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:39:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:30:34", "1779627", "http://158.94.209.253", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/e5bbc6227293e31ab70e1ed62467cb87a924e8d23ce0250eead3a5848bf634e6/", "stealc", "0", "abuse_ch" "2026-03-31 13:30:20", "1779626", "c0nvoy5-field.codcomparable.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:35:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:25:16", "1779618", "35.222.188.75:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "SONATA-C2", "0", "Lenny_3BO" "2026-03-31 13:25:16", "1779619", "35.222.188.75:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "None", "SONATA-C2", "0", "Lenny_3BO" "2026-03-31 13:25:15", "1779620", "146.19.213.175:5000", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "75", "False", "None", "Enhanced-Stealer", "0", "Lenny_3BO" "2026-03-31 13:25:15", "1779621", "45.134.173.79:443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "75", "False", "None", "Enhanced-Stealer", "0", "Lenny_3BO" "2026-03-31 13:25:14", "1779622", "91.208.197.9:3389", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "75", "False", "None", "Enhanced-Stealer", "0", "Lenny_3BO" "2026-03-31 13:25:13", "1779623", "63.33.129.31:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "", "GoPhish", "0", "whoamix302" "2026-03-31 13:24:43", "1779625", "py28ionr.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:27:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:18:37", "1779624", "ledge5-switch.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:23:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:13:06", "1779617", "4csbzg.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:16:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:07:58", "1779616", "csbtxwz.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:12:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 13:07:44", "1779599", "https://xartelvu.top/logout/route-sessionstore.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116323714270681917", "SmartApeSG", "0", "monitorsg" "2026-03-31 13:07:44", "1779600", "xartelvu.top", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-03-31 12:10:39", "100", "True", "https://infosec.exchange/@monitorsg/116323714270681917", "SmartApeSG", "0", "monitorsg" "2026-03-31 13:07:43", "1779601", "https://xartelvu.top/logout/signup-sandbox.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116323714270681917", "SmartApeSG", "0", "monitorsg" "2026-03-31 13:07:42", "1779602", "https://nivraxod.com/opo/call", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "", "100", "True", "https://infosec.exchange/@monitorsg/116323714270681917", "SmartApeSG", "0", "monitorsg" "2026-03-31 13:07:42", "1779607", "meta-cu1tur.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:21:04", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 13:07:41", "1779609", "vxfxox7r.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:31:54", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 13:07:39", "1779611", "veobw.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:44:19", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 13:01:53", "1779615", "zenvaleex.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 13:04:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:56:22", "1779614", "lumnexum1.prefixwag.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:57:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:50:49", "1779613", "zennex8ar.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:51:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:45:22", "1779612", "tokcheck.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:47:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:33:47", "1779610", "targettest.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:35:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 12:22:51", "1779608", "b4nn-mount.manchustill.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:27:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:15:15", "1779606", "https://hanzelka-cze.com/downloads/Burst.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 12:13:09", "1779605", "https://hanzelka-cze.com/downloads/inform.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "C sharp,ClickFix,powershell", "0", "HuntYethHounds" "2026-03-31 12:12:43", "1779604", "https://hanzelka-cze.com/downloads/food.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 12:11:28", "1779603", "markpeak.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:12:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 12:08:30", "1779569", "cqnvpcp.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:08:47", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 12:08:28", "1779572", "176.65.139.64:38241", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "None", "Mirai", "0", "elfdigest" "2026-03-31 12:08:27", "1779575", "btkrpap.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:36:27", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 12:08:26", "1779593", "https://hanzelka-cze.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/hanzelka-cze.com", "ClickFix", "0", "CarsonWilliams" "2026-03-31 12:05:45", "1779598", "pu1s-trail.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:07:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 12:00:39", "1779594", "95.217.125.52:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 12:00:39", "1779595", "216.203.20.183:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 12:00:39", "1779596", "31.57.201.163:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 12:00:39", "1779597", "151.247.22.246:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 12:00:23", "1779592", "imagedis.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 12:03:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 11:58:40", "1779590", "age.cargomanbd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:40", "1779591", "age.elythia.ru", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:39", "1779588", "fog.cargomanbd.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:39", "1779589", "fog.elythia.ru", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:11", "1779586", "https://31.57.201.163/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:11", "1779587", "https://151.247.22.246/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779580", "https://age.cargomanbd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779581", "https://age.elythia.ru/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779582", "https://fog.cargomanbd.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779583", "https://fog.elythia.ru/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779584", "https://95.217.125.52/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:58:10", "1779585", "https://216.203.20.183/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-03-31 11:54:42", "1779579", "epkzg.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:58:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:49:21", "1779578", "alt-h0llow.premiumtos.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:50:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:43:22", "1779577", "g38198.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:46:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:38:11", "1779576", "clusterclinic.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:38:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:26:45", "1779574", "canyonfresh.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:28:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:21:13", "1779573", "summitgeyser.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:22:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:15:22", "1779571", "xehramf.batkascript.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:16:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 11:09:51", "1779570", "ahus.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 11:12:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:58:58", "1779568", "11szohw.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:59:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:55:44", "1779510", "hardexte.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:58:07", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 10:55:44", "1779518", "34.116.192.176:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "None", "0", "whoamix302" "2026-03-31 10:55:43", "1779521", "basaltextend.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:31:21", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 10:55:43", "1779522", "https://zebec-io.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/zebec-io.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:42", "1779523", "https://jup.ag-rewards.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/jup.ag-rewards.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:42", "1779524", "https://sahara.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/sahara.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:41", "1779525", "https://dapang.sbs/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/dapang.sbs", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:41", "1779526", "https://the7wanderers.sbs/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/the7wanderers.sbs", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:40", "1779527", "https://hughraccoon.run/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/hughraccoon.run", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:40", "1779528", "https://oneofmillion.life/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/oneofmillion.life", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:39", "1779529", "https://lucialabs.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/lucialabs.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:39", "1779530", "https://paradex.life/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/paradex.life", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:38", "1779532", "https://realbet.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/realbet.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:37", "1779534", "https://natocowards.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/natocowards.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:36", "1779531", "https://momochanonsol.lol/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/momochanonsol.lol", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:36", "1779533", "https://zebec-io.network/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/zebec-io.network", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:35", "1779535", "https://secgov.lol/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/secgov.lol", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:34", "1779536", "https://zebecio.lat/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/zebecio.lat", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:34", "1779537", "https://ugor.world/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/ugor.world", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:33", "1779538", "185.100.157.204:443", "ip:port", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "", "ACR Stealer,POST,Stealer", "0", "whoamix302" "2026-03-31 10:55:32", "1779544", "38.111.162.120:445", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Rat,Xtreme RAT", "0", "whoamix302" "2026-03-31 10:55:31", "1779551", "https://www.teamserviceeditore.it/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.teamserviceeditore.it", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:31", "1779561", "https://zcredit.eu/ge/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/zcredit.eu", "ClickFix", "0", "CarsonWilliams" "2026-03-31 10:55:30", "1779564", "d3nse-gate.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:44:17", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 10:52:53", "1779567", "sterilelan.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:56:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 10:47:26", "1779566", "f4br2-scope.beltfloor.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:51:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 10:43:38", "1779565", "https://dfopetroleum.com/bins/RWBHGSQS.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 10:35:46", "1779563", "https://dfopetroleum.com/bins/binas.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,powershell", "0", "HuntYethHounds" "2026-03-31 10:34:13", "1779562", "carg-man.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:36:57", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 10:27:35", "1779560", "waveque.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:33:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:20:52", "1779559", "verify-invoi.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:23:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:20:45", "1779558", "https://ndigitals.in/payloadvbs.b64", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", ".NET,ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 10:14:14", "1779557", "5ucnd.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:20:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:11:30", "1779556", "https://ndigitals.in/FolderLister_1.4.11.b64", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", ".NET,ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 10:07:24", "1779555", "vn06.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:12:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:01:40", "1779554", "194.116.236.247:1222", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260331-j7vrxsgv7q", "XWorm", "0", "dyingbreeds_" "2026-03-31 10:00:57", "1779553", "https://ndigitals.in/protectversion.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 10:00:46", "1779552", "crawlerstor.radiatebeef.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 10:05:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 10:00:29", "1779550", "shopcoc.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-hzzv8say8w", "quasar", "0", "dyingbreeds_" "2026-03-31 10:00:26", "1779549", "188.217.191.167:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-lmdzsahs4q", "quasar", "0", "dyingbreeds_" "2026-03-31 10:00:06", "1779548", "178.16.53.54:8972", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-lpdrsshs5m", "Remcos", "0", "dyingbreeds_" "2026-03-31 09:54:09", "1779547", "m0on-flow.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:57:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:52:35", "1779546", "https://ndigitals.in/report-proeval.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 09:48:00", "1779545", "taldrais3.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:53:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:41:14", "1779543", "gr0v-hold.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:46:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:39:10", "1779542", "https://ndigitals.in/MyUpdaterApp-1.4.7.b64", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", ".NET,ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 09:37:35", "1779541", "https://ndigitals.in/version.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 09:34:12", "1779540", "protectsup.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:38:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:23:19", "1779520", "https://ndigitals.in/report.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 09:21:12", "1779519", "decode-frame.chernomofnothes.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:24:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:14:36", "1779517", "vorforgeet.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:20:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:07:56", "1779516", "oasitre.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:12:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 09:02:50", "1779515", "https://ndigitals.in/notepad.b64", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", ".NET,ClickFix,payload", "0", "HuntYethHounds" "2026-03-31 09:01:14", "1779514", "dyn-valeal.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 09:05:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:59:22", "1779513", "https://ndigitals.in/verifya.ps1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix,powershell", "0", "HuntYethHounds" "2026-03-31 08:58:09", "1779512", "https://ndigitals.in/reportv.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 08:56:00", "1779511", "https://ndigitals.in/vcapcha.ps1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "True", "", "ClickFix,powershell", "0", "HuntYethHounds" "2026-03-31 08:48:01", "1779509", "l4b-mesh.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:50:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 08:41:36", "1779508", "paui.paleontraglan.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:42:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:34:44", "1779507", "mine-trace.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:40:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:33:11", "1779506", "http://cch-travel.com/Verify.msi", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "AutoHotkey,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:33:00", "1779505", "cch-travel.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-31 08:29:14", "1779504", "cast-iron.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:29:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:23:42", "1779503", "blast-svc.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:26:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:18:38", "1779502", "realbet.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:18:07", "1779501", "smelt-logic.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:22:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:18:04", "1779500", "ugor.world", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:17:11", "1779499", "zebecio.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:16:27", "1779498", "natocowards.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:12:35", "1779497", "steel-core.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:13:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 08:11:21", "1779496", "secgov.lol", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:06:39", "1779495", "alloy-forge.metallurgiclink.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:11:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 08:05:13", "1779494", "momochanonsol.lol", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:04:34", "1779493", "lucialabs.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 08:01:30", "1779492", "gas-storage.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:03:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:55:21", "1779491", "chilled-link.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 08:00:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:49:44", "1779490", "frost-node.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:52:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:47:15", "1779476", "deep-freeze.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:36:44", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 07:47:14", "1779486", "zero-point.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:48:12", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 07:44:59", "1779489", "superapp.zebec-io.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:44:30", "1779488", "zebec-io.network", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:44:05", "1779487", "paradex.life", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:43:30", "1779485", "oneofmillion.life", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:42:37", "1779484", "dapang.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:41:01", "1779483", "zebec-io.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:39:57", "1779482", "sahara.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:39:25", "1779481", "jup.ag-rewards.lat", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:38:36", "1779480", "nitro-vault.cryogenicbuffer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:40:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:37:46", "1779479", "the7wanderers.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:37:00", "1779478", "hughraccoon.run", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "BadCoin,ClickFix", "0", "HuntYethHounds" "2026-03-31 07:35:29", "1779477", "oswork.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-03-31 10:00:11", "75", "False", "https://bazaar.abuse.ch/sample/bc330757e04b4288f56c156273bf486b4f94c8665f52c4888db8fe63b9df923e/", "remcos", "0", "abuse_ch" "2026-03-31 07:27:26", "1779475", "beam-portal.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:29:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:21:54", "1779474", "alpha-gate.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:25:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:16:14", "1779473", "radiant-log.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:21:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 07:12:44", "1779472", "43.198.29.200:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "", "RAT,ValleyRAT", "0", "abuse_ch" "2026-03-31 07:12:33", "1779471", "167.148.195.30:80", "ip:port", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 07:12:10", "1779470", "qyttqxsdf.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/930084fcddfa8cf8a0db97413e824e5ef0b818ddc0b2af0db298563615bafb10/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-03-31 07:11:34", "1779469", "http://167.148.195.30/ffa.txt", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 07:10:58", "1779468", "206.82.6.182:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/062411e2c171f14687bb9fb47ee01e1bf0576e8634ad426b1b4c242c0a264077/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-03-31 07:10:53", "1779467", "https://vesifolf.com", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 07:10:51", "1779466", "decay-check.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:11:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 07:10:39", "1779465", "vesifolf.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 07:09:52", "1779464", "151.240.151.158:80", "ip:port", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 07:06:13", "1779462", "http://158.94.210.91/g8hrS4f4vh/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "None", "amadey,AS202412,Omegatech LTD", "0", "antiphishorg" "2026-03-31 07:05:04", "1779463", "trace-element.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:09:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 06:59:18", "1779461", "half-life.isotopecleaner.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 07:02:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:59:04", "1779460", "101.35.131.119:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-03-31 06:59:02", "1779459", "42.193.169.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-31 06:58:54", "1779458", "195.177.94.64:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-31 06:58:51", "1779457", "39.100.73.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-03-31 06:57:49", "1779456", "http://151.240.151.158/tta.txt", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 06:57:18", "1779455", "https://losfiros.com", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 06:57:03", "1779454", "losfiros.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-03-31 06:56:16", "1779453", "107.149.123.161:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-31 06:58:46", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-03-31 06:56:14", "1779452", "103.118.247.52:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-03-31 06:58:43", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-03-31 06:55:05", "1779451", "172.96.188.4:4000", "ip:port", "botnet_cc", "win.loda", "LodaRAT,Nymeria", "Loda", "", "100", "False", "None", "Loda", "0", "abuse_ch" "2026-03-31 06:53:40", "1779450", "metal-trace.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:54:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:50:20", "1779449", "machineryde.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-31 10:01:42", "75", "False", "https://bazaar.abuse.ch/sample/66fb626f170a025d139e06a3217b8ac5dd002347395d231b5597a9e15af66949/", "xworm", "0", "abuse_ch" "2026-03-31 06:48:05", "1779448", "reactive-hub.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:51:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:43:13", "1779447", "https://exdanteam.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 06:42:55", "1779446", "exdanteam.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 06:42:26", "1779445", "caustic-api.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:47:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:41:51", "1779444", "https://l3cdnns.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 06:41:35", "1779443", "l3cdnns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-03-31 06:37:15", "1779442", "salt-buffer.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:40:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:36:04", "1779441", "158.94.210.91:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-01 22:36:04", "50", "False", "https://tracker.viriback.com/index.php?q=158.94.210.91", "Amadey,ViriBack", "0", "abuse_ch" "2026-03-31 06:31:11", "1779440", "ph-monitor.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:36:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:26:08", "1779439", "base-level.alkalineelement.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:28:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:19:59", "1779438", "fire-wall.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:24:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:14:32", "1779437", "solid-state.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:16:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:11:46", "1779436", "texturebadge.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-03-31 06:10:53", "1779435", "shiptank.cfd", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-03-31 06:08:54", "1779434", "shield-base.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:09:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:06:32", "1779433", "108.187.43.242:997", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260331-b4mm5sct3j", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-03-31 06:06:29", "1779432", "108.187.43.242:996", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260331-b4mm5sct3j", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-03-31 06:05:11", "1779431", "http://5.10.217.60", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260331-cbcsxaft6y", "AS48753,C2,stealc,stealer,triage", "0", "DonPasci" "2026-03-31 06:03:28", "1779430", "high-heat.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 06:08:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 06:00:57", "1779429", "9vun520l.aamothership.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-31 06:01:58", "100", "False", "https://tria.ge/260331-c69fcscz5q", "C2,domain,triage,xworm", "0", "DonPasci" "2026-03-31 06:00:55", "1779428", "jvuqdwzk.aamothership.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-03-31 06:01:55", "100", "False", "https://tria.ge/260331-dkymeac12r", "C2,domain,triage,xworm", "0", "DonPasci" "2026-03-31 06:00:35", "1779427", "199.68.224.204:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-cfb26sft9x", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:31", "1779426", "rophimz.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-03-31 06:01:59", "100", "False", "https://tria.ge/260331-d4rm7sf18z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:28", "1779424", "dlf.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:28", "1779425", "saatva.us.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:27", "1779420", "789fff.onl", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:27", "1779421", "alo789xanh.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:27", "1779422", "atlantic.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:27", "1779423", "ceeuxg.sa.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-ewqllsgx2z", "quasar", "0", "dyingbreeds_" "2026-03-31 06:00:09", "1779419", "teebro1800.dynamic-dns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-dy731ac18n", "Remcos", "0", "dyingbreeds_" "2026-03-31 06:00:05", "1779418", "rmcnewlistening.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260331-fpljraev2q", "Remcos", "0", "dyingbreeds_" "2026-03-31 05:59:20", "1779407", "killadaayyuzdshwskrnsvh5owzuwa4yj7gs2vbhkcjpfslrplfgwwqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:19", "1779408", "killadaxczzw3wnuaxkygib67lk2qkgnki4gyjqoo76vh53egitoyaqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:18", "1779409", "killadax36r6bbb3md67ekcfv5yasdlnoaklyag66ot4tefa32ywgnyd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:18", "1779410", "killadahaynpqrkppe2m2tgindbruaeiefzr7pm3cp47tzohhhnogwad.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:17", "1779411", "killada7qgdpvzpezjxaa64b47bz47hzbn6oql5aa4lppzzwymnukqqd.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:17", "1779412", "killada5556ahpb4cwmatv5qpzku2qmdlwawshtykpq37cvfva7zjhid.onion", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:16", "1779413", "a8f67ecea56833ef2fcbdbdc941b8354", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Killada%20Ransomware", "killada,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:15", "1779395", "friction-log.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:38:53", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:59:14", "1779403", "85.215.131.70:15367", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "None", "Gafgyt", "0", "elfdigest" "2026-03-31 05:59:13", "1779414", "cf4840ae85d7acba4974d6dd55893d6c", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/ClearWater%20Ransomware", "clearwater,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:12", "1779415", "29145cc1b1400b4b60743a21b075bac7", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/ClearWater%20Ransomware", "clearwater,ransomware", "0", "TheRavenFile" "2026-03-31 05:59:11", "1779416", "a1cc7f562c5c09476849070b0fc928d1", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/ClearWater%20Ransomware", "clearwater,ransomware", "0", "TheRavenFile" "2026-03-31 05:57:35", "1779417", "kiln-control.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:58:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 05:52:26", "1779406", "brick-layer.refractorymatrix.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:56:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:46:51", "1779405", "pump-gate.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:49:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:40:55", "1779404", "density-svc.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:45:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:38:40", "1779401", "31.57.216.28:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:40", "1779402", "204.76.203.165:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:39", "1779396", "130.12.182.175:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:39", "1779397", "46.151.182.19:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:39", "1779398", "130.12.180.119:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:39", "1779399", "31.57.216.27:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:38:39", "1779400", "46.151.182.245:418", "ip:port", "botnet_cc", "win.tofsee", "Gheg", "Tofsee", "", "75", "False", "", "Tofsee", "0", "abuse_ch" "2026-03-31 05:30:01", "1779394", "flow-regulator.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:31:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:23:59", "1779393", "thick-layer.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:24:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 05:20:16", "1779392", "http://158.94.210.91/g8hrS4f4vh/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-01 21:42:50", "100", "False", "None", "Amadey", "0", "abuse_ch" "2026-03-31 05:18:32", "1779391", "fluid-path.viscositycontrol.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:20:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:16:41", "1779355", "104.131.106.42:4443", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:40", "1779356", "104.131.106.42:3333", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:39", "1779357", "45.61.136.190:3333", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:39", "1779358", "64.95.13.174:3333", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:38", "1779359", "23.27.49.106:3333", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:37", "1779360", "64.52.80.3:443", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:34", "1779361", "185.237.230.50:443", "ip:port", "botnet_cc", "win.darkvnc", "None", "DarkVNC", "", "75", "False", "None", "evilginx,hvnc,meshcentral,phishing", "0", "Lenny_3BO" "2026-03-31 05:16:33", "1779368", "batch-report.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:30:35", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:32", "1779372", "covalent-hub.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:52:45", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:31", "1779374", "stable-node.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:03:47", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:30", "1779376", "force-field.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:09:07", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:30", "1779387", "mold-engine.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:05:01", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:27", "1779334", "sun-flare.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:26:48", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:27", "1779340", "power-drive.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:00:13", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:26", "1779348", "spin-relay.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:22:35", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:25", "1779350", "deep-space.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:33:28", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:24", "1779351", "https://voge.pe/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/voge.pe", "ClickFix", "0", "CarsonWilliams" "2026-03-31 05:16:24", "1779353", "void-gate.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:45:25", "100", "False", "None", "31March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:21", "1779329", "https://acn.miseguro.com.co/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/acn.miseguro.com.co", "ClickFix", "0", "CarsonWilliams" "2026-03-31 05:16:20", "1779317", "base-theory.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:56:49", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:19", "1779308", "amir9234321id.sbs", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://www.virustotal.com/gui/ip-address/185.177.239.196", "ACRStealer,ClearFake,stealer", "0", "Lenny_3BO" "2026-03-31 05:16:18", "1779307", "tiktok8291id.sbs", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://www.virustotal.com/gui/ip-address/185.177.239.196", "ACRStealer,ClearFake,stealer", "0", "Lenny_3BO" "2026-03-31 05:16:17", "1779306", "playmatket.sbs", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://www.virustotal.com/gui/ip-address/185.177.239.196", "ACRStealer,ClearFake,stealer", "0", "Lenny_3BO" "2026-03-31 05:16:16", "1779305", "carscanner.life", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "75", "False", "https://www.virustotal.com/gui/ip-address/185.177.239.196", "ACRStealer,ClearFake,stealer", "0", "Lenny_3BO" "2026-03-31 05:16:15", "1779272", "beam-target.stellarflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 22:49:27", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:16:14", "1779269", "concretecapitalconsulting.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "50", "True", "", "None", "0", "varysz" "2026-03-31 05:16:08", "1779247", "ios163.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/ip-address/193.42.24.214", "c2,China,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:07", "1779248", "qn.ios163.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/ip-address/193.42.24.214", "c2,China,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:06", "1779249", "qn666.us", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/ip-address/193.42.24.214", "c2,China,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:05", "1779250", "cvv.qn666.us", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/ip-address/193.42.24.214", "c2,China,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:04", "1779251", "337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:02", "1779252", "4a7ccc02e95280df9f89dabd6f62eb715163a2318409fbb887fecb16bc4e21c3", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:01", "1779253", "434592e3ef8b2b8f549afa71d903d8b4ddb0b7f5849ea1280cfee6d980432b14", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:16:01", "1779254", "27d8449808d99f3ef1fd3e0d1a66ae4c85f29543bb6bb13a07dba0cc266624eb", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:15:59", "1779255", "0026574a5ffe7131bdb6e8940bcf50415e3cf2ad01b84f0613c21516162618b5", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:15:58", "1779256", "a4a8dfb2c339eb26a1b41ce520fa41b9fc4ab96272ee6604dc304720fd892b98", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:15:58", "1779257", "bcdb291bbab81be66bbdae3c9a717e28c83e0db6e7125cefa4292b560b88db77", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://www.virustotal.com/gui/file/337873c8d609b7be91635bae8875859c7a6b5729ca875f01946d5d681dd70dc3", "China,DingTalk,sideload,ValleyRAT", "0", "Lenny_3BO" "2026-03-31 05:15:57", "1779261", "safe-harbor.nexushaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 22:05:39", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:15:56", "1779268", "light-speed.stellarflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 22:38:10", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:15:54", "1779244", "api-endpoint.vectorforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 21:42:38", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:15:53", "1779243", "04a11791a61a8522af2817801860e6f93f487036d936f0287d28fa94b5837c53", "sha256_hash", "payload", "unknown_stealer", "None", "Unknown Stealer", "", "90", "False", "https://www.virustotal.com/gui/file/04a11791a61a8522af2817801860e6f93f487036d936f0287d28fa94b5837c53", "Go,HVNC,Overlord,RAT", "0", "Lenny_3BO" "2026-03-31 05:15:52", "1779242", "sgeek.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "90", "False", "https://www.virustool.com/gui/file/04a11791a61a8522af2817801860e6f93f487036d936f0287d28fa94b5837c53", "Go,HVNC,Overlord,RAT", "0", "Lenny_3BO" "2026-03-31 05:15:51", "1779240", "0da8d4281946ce2ef6765e68e99b00a37af731e73d8cedbf7486a012d0c7be5c", "sha256_hash", "payload", "win.konni", "None", "Konni", "", "100", "False", "None", "aspack,konni", "0", "Lenny_3BO" "2026-03-31 05:15:50", "1779238", "cf48286e6a82f62af6637738a0736e4bbc3eaf52620aa4493f49a5f731d251d4", "sha256_hash", "payload", "win.konni", "None", "Konni", "", "100", "False", "None", "clickfix,konni,nyancat", "0", "Lenny_3BO" "2026-03-31 05:15:50", "1779239", "a91e743f20f236e1d052c42cc40ae9383f88151974782ec400915df3063dec4c", "sha256_hash", "payload", "win.konni", "None", "Konni", "", "100", "False", "None", "clickfix,jeet,konni", "0", "Lenny_3BO" "2026-03-31 05:15:49", "1779237", "misgrapeible.wiki", "domain", "payload_delivery", "win.konni", "None", "Konni", "", "75", "False", "None", "clickfix,jeet,konni", "0", "Lenny_3BO" "2026-03-31 05:15:48", "1779236", "relacks.wiki", "domain", "payload_delivery", "win.konni", "None", "Konni", "", "75", "False", "None", "clickfix,konni", "0", "Lenny_3BO" "2026-03-31 05:15:47", "1779235", "underperformize.com", "domain", "payload_delivery", "win.konni", "None", "Konni", "", "75", "False", "None", "clickfix,konni", "0", "Lenny_3BO" "2026-03-31 05:15:46", "1779234", "185.205.211.217:443", "ip:port", "botnet_cc", "win.konni", "None", "Konni", "", "75", "False", "None", "clickfix,cloudflare,konni", "0", "Lenny_3BO" "2026-03-31 05:15:45", "1779233", "193.37.213.18:80", "ip:port", "botnet_cc", "win.konni", "None", "Konni", "", "75", "False", "None", "aspack,clickfix,konni,nyancat", "0", "Lenny_3BO" "2026-03-31 05:15:44", "1779198", "brokerpasture.mistlatch.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 19:16:40", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:15:43", "1779189", "gatewayraven.skyl1tfern.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 18:48:41", "100", "False", "None", "30March2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-03-31 05:15:18", "1779390", "193.161.193.99:49831", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-03-31 05:12:52", "1779389", "blend-master.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:15:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 05:07:26", "1779388", "elastic-net.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 05:12:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:55:56", "1779386", "plastic-dev.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:58:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:55:10", "1779385", "http://178.208.87.49/bot/regex", "url", "botnet_cc", "win.laplas", "None", "LaplasClipper", "", "100", "False", "None", "LaplasClipper", "0", "abuse_ch" "2026-03-31 04:50:34", "1779384", "fiber-optic.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:54:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 04:44:36", "1779383", "resin-store.syntheticpolymer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:47:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:39:03", "1779382", "range-finder.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:43:43", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 04:33:22", "1779381", "thermal-sync.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:36:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:28:02", "1779380", "temp-archive.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:28:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:22:31", "1779379", "cold-bridge.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:24:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 04:16:43", "1779378", "constant-io.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:21:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 04:11:20", "1779377", "heat-sensor.isothermalmetric.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 04:11:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 04:00:13", "1779375", "167.62.27.10:2005", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch" "2026-03-31 03:54:09", "1779373", "ion-channel.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:56:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 03:43:16", "1779371", "chain-logic.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:45:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 03:37:31", "1779370", "atom-lattice.molecularbonding.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:41:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 03:31:43", "1779369", "agent-proxy.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:34:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 03:21:08", "1779367", "filter-press.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:23:11", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 03:15:09", "1779366", "solvent-vault.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:19:30", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 03:09:51", "1779365", "yield-monitor.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:12:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 03:03:43", "1779364", "reaction-api.catalyticprocess.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:08:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:58:11", "1779363", "orbit-path.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 03:01:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:52:34", "1779362", "dark-matter.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:52:51", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 02:46:52", "1779354", "nova-core.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:50:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:35:43", "1779352", "star-field.cosmoforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:40:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:24:41", "1779349", "fast-trace.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:29:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:13:35", "1779347", "motor-unit.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:15:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 02:07:42", "1779346", "torque-svc.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:11:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 02:02:16", "1779345", "kinetic-io.dynaflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 02:04:00", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 02:01:38", "1779344", "q4k7uphvys.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260331-bnd13ae17z", "XWorm", "0", "dyingbreeds_" "2026-03-31 02:01:35", "1779343", "kdxho645fm.localto.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260331-bqyhgsb14l", "XWorm", "0", "dyingbreeds_" "2026-03-31 02:00:22", "1779342", "45.88.186.163:16262", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260331-b49snsfs5x", "quasar", "0", "dyingbreeds_" "2026-03-31 02:00:06", "1779341", "thacoseafoods.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260330-3g9myaes8z", "Remcos", "0", "dyingbreeds_" "2026-03-31 01:51:09", "1779339", "warm-cache.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:52:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-31 01:45:21", "1779338", "bright-edge.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:48:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:39:55", "1779337", "day-light.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:43:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:34:27", "1779336", "solar-api.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:39:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:28:50", "1779335", "heat-shield.helioshaven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:30:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:17:09", "1779333", "ice-vault.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:19:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:11:34", "1779332", "cold-store.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:15:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:06:10", "1779331", "peak-access.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:11:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 01:00:43", "1779330", "top-render.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 01:05:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:55:19", "1779328", "guide-path.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:56:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:49:40", "1779327", "north-star.polarisbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:51:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:43:30", "1779326", "bus-bridge.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:47:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:38:05", "1779325", "amp-control.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:40:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:32:33", "1779324", "wire-sync.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:35:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:26:46", "1779323", "signal-box.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:31:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:21:13", "1779322", "volt-power.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:24:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:15:35", "1779321", "micro-chip.circuitflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:20:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:10:16", "1779320", "stat-portal.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:13:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-31 00:04:43", "1779319", "math-proc.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:09:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:58:50", "1779318", "main-frame.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-31 00:00:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-30 23:47:43", "1779316", "proof-check.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:49:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:42:04", "1779315", "logic-rule.axiomforge.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:45:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:36:13", "1779314", "leaf-proxy.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:41:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:30:46", "1779313", "root-cluster.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:34:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:25:08", "1779312", "plant-logic.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:25:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-03-30 23:19:28", "1779311", "green-node.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:22:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:14:11", "1779310", "eco-system.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:18:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:08:47", "1779309", "bio-growth.orbitbloom.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:11:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 23:02:50", "1779304", "ion-stream.stellarflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:07:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 22:58:25", "1779303", "https://jnlysj.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:58:04", "1779302", "https://jnlysj.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:57:52", "1779301", "https://jnlysj.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:57:26", "1779300", "https://jnlysj.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:57:16", "1779299", "jnlysj.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:56:57", "1779298", "drift-sensor.stellarflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 23:00:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 22:56:23", "1779297", "https://luthel.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:56:00", "1779296", "https://luthel.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:55:46", "1779295", "https://luthel.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:55:25", "1779294", "https://luthel.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:55:15", "1779293", "luthel.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:54:31", "1779292", "https://heethcote.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:54:08", "1779291", "https://heethcote.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:53:49", "1779290", "https://heethcote.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:53:23", "1779289", "https://heethcote.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:53:06", "1779288", "heethcote.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:52:25", "1779287", "https://zgsjyxzx.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:51:49", "1779286", "https://zgsjyxzx.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:51:38", "1779285", "https://zgsjyxzx.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:51:34", "1779284", "pulse-gate.stellarflux.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-03-30 22:56:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-03-30 22:51:18", "1779283", "https://zgsjyxzx.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:51:07", "1779282", "zgsjyxzx.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:50:24", "1779281", "https://leusceke.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:49:51", "1779280", "https://leusceke.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:49:38", "1779279", "https://leusceke.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:49:15", "1779278", "https://leusceke.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:47:59", "1779277", "https://meharsons.com/c?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:47:05", "1779276", "https://meharsons.com/g", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:46:45", "1779275", "https://meharsons.com/t", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:46:11", "1779274", "https://meharsons.com/file.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:45:50", "1779273", "meharsons.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix", "0", "HuntYethHounds" "2026-03-30 22:40:35", "1779271", "https://leusceke.com/p/deal?tk=", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,payload", "0", "HuntYethHounds" # Number of entries: 965