################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-04-27 22:51:04 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-04-27 22:51:04", "1801283", "unitkaltwind.qivorpaknode.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 22:48:29", "1801281", "unificandoelser.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 22:45:12", "1801280", "noirmondsite4.qivorpaknode.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 22:15:05", "1801274", "https://studio.mascaf-production.infobymika.fr/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 22:13:30", "1801272", "bleuzeit8zone.dexisnetflow.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 22:13:57", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 22:00:26", "1801267", "https://nde.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:12:57", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 22:00:25", "1801265", "https://nde.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:13:03", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 22:00:25", "1801266", "nde.imoveisavendaemaraxa.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:12:59", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 22:00:24", "1801264", "nde.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:13:04", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 21:48:37", "1801261", "darkstarcore.dexisnetflow.garden", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:49:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 21:44:26", "1801260", "petit-fire-5.dexis-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:44:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 21:32:46", "1801255", "dark-land-8b.dexis-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:36:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 21:20:00", "1801253", "holz-baum-7k.mivon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:24:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 21:15:05", "1801251", "https://staging.online-paystub.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 21:15:05", "1801252", "https://mimidavid.arellabs.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 21:09:59", "1801250", "vert-4.mivon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:10:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 21:04:28", "1801247", "gold-mond-2.mivon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 21:05:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:58:52", "1801244", "noir-9.mivon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:59:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:53:03", "1801242", "fast-star-5x.mivon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:53:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:42:30", "1801239", "kalt-5.novis-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:44:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:38:46", "1801238", "soft-land-1.novis-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:40:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:26:35", "1801235", "haus-2x.sylix-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:16:46", "1801231", "bleu-9.sylix-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:17:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 20:11:32", "1801229", "holz-berg-5.sylix-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:11:51", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 20:08:04", "1801228", "kanoulasdrive.gr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 20:05:37", "1801226", "vert-1.sylix-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 20:06:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 19:54:28", "1801223", "open-6.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:55:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:48:56", "1801221", "gold-land-4m.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:51:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:43:22", "1801220", "noir-2.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:47:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:39:05", "1801218", "fast-fire-9.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:39:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:30:10", "1801216", "zeit-5.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:30:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:21:52", "1801215", "blue-mond-3k.raxos-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:22:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:15:09", "1801214", "gold-star-5s.qen9vital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:15:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:09:40", "1801213", "fast-2.syr2moxel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:09:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 19:04:06", "1801209", "wald-baum-9.syr2moxel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 19:04:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 18:56:38", "1801208", "bleu-3k.syr2moxel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 18:56:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 18:50:43", "1801207", "zeit-land-7.syr2moxel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 18:51:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 18:29:21", "1801204", "iron-6.vok7laren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 18:21:40", "1801200", "petit-mond-1.vok7laren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 18:21:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 18:00:06", "1801189", "rouge-9v.vok7laren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 18:00:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 17:56:42", "1801188", "dark-star-4.vok7laren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:57:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 17:50:02", "1801182", "zeroclipstudiophotography.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 17:43:43", "1801179", "vert-2k.tal4miren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:44:02", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 17:38:14", "1801178", "gold-land-3.tal4miren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:38:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 17:34:50", "1801177", "noir-8.tal4miren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:35:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 17:25:30", "1801174", "c3da-glow.pax4moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:28:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 17:17:39", "1801168", "rpa.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 21:13:13", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 17:17:35", "1801167", "https://rpa.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 21:13:11", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 17:17:29", "1801166", "rpa.imoveisavendaemaraxa.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 21:13:09", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 17:17:26", "1801165", "https://rpa.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 21:13:07", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 17:08:56", "1801154", "agjlskc.pax4moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:09:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 17:03:24", "1801152", "hputcl37.pax4moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:05:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:59:41", "1801150", "qncd.nol7sirex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 17:02:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:50:47", "1801147", "pil0t1-mesh.nol7sirex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:50:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 16:46:44", "1801145", "culqxa.nol7sirex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:47:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:43:21", "1801143", "cine2-path.nol7sirex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:43:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:34:35", "1801141", "bz110bs.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:36:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:30:26", "1801138", "cort4-node.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:33:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:26:35", "1801136", "lumvaleum3.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:30:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:24:53", "1801132", "queuedirect.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:11:06", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 16:24:52", "1801112", "publshi.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:56:13", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 16:24:52", "1801134", "cour1e-core.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:17:21", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 16:24:51", "1801135", "bay6-beam.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:20:51", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 16:11:47", "1801133", "ezyunbs.kyr1vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:14:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:08:08", "1801131", "wakanda33.it.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d3d317ac08701a460899c96845ab9327a897dcfccad944ce9f93a297d3d7bd47/", "nanocore", "0", "abuse_ch" "2026-04-27 16:07:50", "1801130", "snet88.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0108f3118daa6d62a313608ee54c71edc7ded853ba29719715fdcfce4c271fe2/", "nanocore", "0", "abuse_ch" "2026-04-27 16:07:39", "1801129", "nnzn.sa.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2c14151d8f546aed480a7eda9be556bd37831020a3ab6d40eb993c260c9ee26b/", "nanocore", "0", "abuse_ch" "2026-04-27 16:06:47", "1801128", "fb88.dfwf.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/aeb53bfd9ebe9a1a39cc513bec19f42782b69653f1d282ce5e6778e833fddb67/", "nanocore", "0", "abuse_ch" "2026-04-27 16:06:32", "1801127", "dfwf.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/aeb53bfd9ebe9a1a39cc513bec19f42782b69653f1d282ce5e6778e833fddb67/", "nanocore", "0", "abuse_ch" "2026-04-27 16:06:20", "1801126", "devtourandtrevels.in.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d994e7f8a554bd4a991f36e5d1659fff8e27f9a544a3d6d421261878f451b599/", "nanocore", "0", "abuse_ch" "2026-04-27 16:04:49", "1801125", "vmbspptn.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:07:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 16:01:59", "1801124", "http://92.63.102.121/Lowbase.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 16:01:24", "1801123", "http://cc011590.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 16:00:45", "1801122", "161.35.110.36:22", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch" "2026-04-27 15:59:30", "1801121", "172.67.187.211:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 15:59:01", "1801119", "tal-lithix.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 16:04:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:56:51", "1801114", "104.21.88.251:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 15:56:05", "1801113", "172.67.155.48:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 15:50:16", "1801111", "6lzo5xl.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:50:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:44:19", "1801110", "norcore2ix.tov6larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:44:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:41:47", "1801107", "platform.exathomeswebuyarizona.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "None", "SocGholish", "0", "monitorsg" "2026-04-27 15:40:44", "1801108", "parfsdp.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:41:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:38:46", "1801098", "vortideum.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:10:36", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:38:45", "1801103", "https://v-panel.buzz/auth/login?ddosprotected=1", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "c2,vidar", "0", "Kenas" "2026-04-27 15:37:05", "1801106", "htusgm8k.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:37:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:33:34", "1801105", "fhgcivkk.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:34:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:28:12", "1801104", "brand-vau.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:28:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:24:26", "1801102", "vbl60o.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:26:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:21:02", "1801101", "alt-enc0.sydo9marel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:23:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:15:33", "1801100", "cultu3-array.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 15:15:09", "1801099", "https://homeecosavingsideas.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 15:06:26", "1801097", "booey.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:07:05", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:05:06", "1801085", "nubebdn.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:20:19", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:05:06", "1801088", "meta-5umm.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:30:56", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:05:05", "1801067", "cin3m2-frame.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:54:29", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:05:02", "1801095", "arkmarkix.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:57:52", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 15:05:02", "1801096", "h4rbor-phase.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 15:01:16", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 14:53:02", "1801094", "sercresta4.rax2liven.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:49:24", "1801093", "kel-fluxor.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:43:18", "1801092", "syntarepo.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:44:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:39:49", "1801091", "ioszf.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:41:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:36:05", "1801089", "cedthe.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:39:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:26:52", "1801087", "birchpayload.qim8vorel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:27:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 14:23:04", "1801086", "shield-sile.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:23:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:15:09", "1801082", "https://bookshelfculture.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:09", "1801083", "https://icebath.org.il/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:09", "1801084", "https://petloverspalace.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:08", "1801080", "https://bayviewgourmet.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:08", "1801081", "https://ecocolours.in/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:15:07", "1801079", "https://aspirefitnessclub.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 14:14:13", "1801078", "1r72in.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:15:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:10:37", "1801077", "vorlith8on.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:11:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:07:07", "1801076", "rn3tric-grid.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:07:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:03:41", "1801075", "4hs7joli.sokla3ren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:04:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 14:00:54", "1801074", "https://ser.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:05", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 14:00:47", "1801073", "ser.imoveisavendaemaraxa.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:09", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 14:00:40", "1801072", "https://ser.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:15", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 14:00:32", "1801071", "ser.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 16:17:19", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 14:00:00", "1801070", "rydr.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 14:00:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:56:25", "1801069", "m35h1-loop.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:57:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:48:38", "1801065", "knyo.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:50:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:43:11", "1801064", "hiddenbyt.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:47:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:36:34", "1801054", "bcfapelw.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:33:32", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:36:33", "1801056", "finger.linked-on.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-27 13:33:39", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:33", "1801057", "https://linked-on.com/leyts.php?Npier=1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:33", "1801058", "107.170.45.91:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,finger-lolbas,fingerfix,linkedin-lure,python-embed", "0", "Lenny_3BO" "2026-04-27 13:36:32", "1801059", "https://mtg-life.net/95126aeb-4120-56b1-8c9e-63fdf0c0b6f9/scr7", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:31", "1801060", "173.44.141.222:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:31", "1801061", "mtg-life.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:30", "1801062", "08a474368a2f94f347ad9e1a0a08d4258fcf49c6b9373214f7901bb770bacca4", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "80", "False", "None", "clickfix,fingerfix,python-shellcode-loader", "0", "Lenny_3BO" "2026-04-27 13:36:30", "1801063", "quor-meshis.vex7lurin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:37:13", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:32:10", "1801055", "185.193.126.248:27000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/dd5447b76c2ec3db1ea0c2ffa3070edd05d4858940ed3a51a7c5f561f468e71a/", "None", "0", "abuse_ch" "2026-04-27 13:29:08", "1801010", "fa1thf6-gate.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:38:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:08", "1801013", "gatewa-qua.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:44:36", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:07", "1801014", "sortdynamic.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:47:41", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:07", "1801015", "queryspecimen.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:51:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801018", "banncip.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:00:24", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801020", "lumlithex.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:07:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:29:06", "1801021", "https://sigmatauethifarma.com/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:05", "1801022", "sigmatauethifarma.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801023", "https://sigmatauethifarma.com/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:29:03", "1801024", "https://sigmatauethifarma.com/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:23", "1800988", "23ofcfv.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:35:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800989", "93f5qz.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:39:20", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800990", "tal-draet.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:44:01", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1800992", "arkcoreix.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:50:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 13:28:23", "1801001", "https://bcaccount.co.th/?u=fwjxxjdhc4fkhntp263ah3a", "url", "payload_delivery", "win.emmenhtal", "IDATDropper,PEAKLIGHT", "Emmenhtal", "", "50", "True", "None", "html-smuggling,spamtrap", "0", "jahlives" "2026-04-27 13:28:10", "1801025", "https://sigmatauethifarma.com/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:09", "1801026", "https://cj06y9v4xab.com/d", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:09", "1801027", "cj06y9v4xab.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/116476827450908735", "KongTuke", "0", "monitorsg" "2026-04-27 13:28:05", "1801053", "vitalpalette.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:28:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:26:12", "1801052", "54.255.15.131:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "75", "False", "", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-04-27 13:24:02", "1801051", "206.238.199.22:10086", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "75", "False", "", "Gh0stRAT,RAT", "0", "abuse_ch" "2026-04-27 13:16:01", "1801050", "subtledust.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:19:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:15:17", "1801049", "https://linkinsightnews.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801045", "https://thelifestyleelf.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801046", "https://bridgeportnews.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801047", "https://sullivancounty.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:16", "1801048", "https://burchcom.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801042", "https://accelhost.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801043", "https://earthvillageeducation.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:15", "1801044", "https://remodelingmagazine.co/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801039", "https://nutleyrealestatehomes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801040", "https://feelgoodanyway.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:14", "1801041", "https://pouronprince.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801035", "https://legalnewsletter.org/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801036", "https://thedirtdoctors.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801037", "https://new-era-homes.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:13", "1801038", "https://mytravelbackpack.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801032", "https://growhealthyvending.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801033", "https://healthadvicenow.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:12", "1801034", "https://homeinspectorpotomac.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801029", "https://jrubyconf.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801030", "https://claremontportside.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:15:11", "1801031", "https://familyreading.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 13:12:27", "1801028", "sche9-track.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:16:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 13:03:17", "1801019", "clif7-bridge.mer4talon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 13:04:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:54:20", "1801017", "sterilebundle.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:55:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:39:37", "1801011", "xrcbdu11.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:41:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:31:59", "1801009", "5urvey-spark.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:35:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:26:07", "1801007", "lzukd.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:26:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:22:48", "1801006", "schem-mark.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:24:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:19:05", "1801004", "palbind.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:19:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:11:41", "1801000", "eswcaywn.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:11:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:05:56", "1800998", "columdee.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:06:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 12:00:01", "1800996", "genomeobserver.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 12:01:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:54:48", "1800995", "nor-lithix.judges-spire.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:55:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:30:57", "1800985", "daemon-hill.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:26:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 11:27:17", "1800987", "http://94.156.155.42", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/2cd3507909391d0a8cbea8300ffc5d77805a3f475e9991c43a105913095725ae/", "stealc", "0", "abuse_ch" "2026-04-27 11:15:08", "1800982", "https://juactive.net/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-04-27 11:14:29", "1800981", "kelforgeet4.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:14:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:08:40", "1800977", "aq4saw1.khudrukmumb1es.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:09:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:02:54", "1800976", "velcrestos8.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 11:04:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 11:02:18", "1800975", "45.43.59.179:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:50:14", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:57:47", "1800974", "reed8-drive.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:58:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 10:51:57", "1800973", "v0ya1-cast.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:52:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 10:46:10", "1800972", "ns1.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:44:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:46:08", "1800971", "x9xus7.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:47:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 10:43:32", "1800970", "cc.twnic.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:43:15", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-27 10:39:50", "1800938", "keltideal.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:12:55", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:50", "1800945", "sx56boo.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:33:39", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:49", "1800947", "4wyk.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:42:04", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:49", "1800948", "hyperstat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:48", "1800949", "newcheckout.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:47", "1800950", "turbostat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:45", "1800951", "gigatag.info", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:45", "1800952", "tagmanager.guru", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:44", "1800953", "ministat.shop", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 10:39:43", "1800955", "culturebrook.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:48:21", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:43", "1800958", "loose-mount.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:59:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:42", "1800960", "campaigndefen.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:12:22", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:42", "1800961", "tj0x.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:15:56", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:41", "1800962", "ejge.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:22:04", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:41", "1800964", "yaisxm.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:32:00", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:39:40", "1800968", "talnexal2.pares-system.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:40:42", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 10:32:14", "1800967", "lapoire8.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:31:52", "1800966", "lapoire7.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:31:30", "1800965", "lapoire6.hopto.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/536e1f8f46ee0f6cced9da56710b7f6996526da9d48e9cb63c0acb53dff14d5b/", "asyncrat", "0", "abuse_ch" "2026-04-27 10:04:27", "1800959", "frwyaofu.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 10:09:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:56:37", "1800957", "91.92.120.68:1985", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/c03958f4bab9297fdaca6848c6b940002321fde305c3c3d61e0d1714fcdb1cd7/", "xworm", "0", "abuse_ch" "2026-04-27 09:52:54", "1800956", "pb6cs.eggman8eisha.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:54:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:36:30", "1800946", "yj97hpfx.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:37:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:22:34", "1800944", "biomecave.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:24:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:18:34", "1800943", "vek.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:22:16", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:28", "1800942", "https://vek.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:22:08", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:20", "1800941", "vek.imoveisavendaemaraxa.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:58", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:18:15", "1800940", "https://vek.imoveisavendaemaraxa.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 13:21:51", "75", "False", "None", "lv80gzr,Vidar", "0", "abuse_ch" "2026-04-27 09:17:04", "1800939", "2585gqld.incub-teahouse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:17:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 09:10:41", "1800929", "kel-coreex.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:55:11", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 09:10:37", "1800935", "jp4j.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:01:43", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 09:05:47", "1800937", "massivedisco.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 09:06:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 09:04:14", "1800936", "203.202.232.149:2222", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/aaeb85c0cb65e4da3ee3dac33621aaf99fb310f7f43d999d0c45ed5195d1aaa9/", "xworm", "0", "abuse_ch" "2026-04-27 08:49:02", "1800928", "17393sm.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:50:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:43:39", "1800927", "reelfla.asso7tunexpl.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:43:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:37:36", "1800926", "kidjo.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:38:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:32:11", "1800925", "f532v.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:33:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:27:11", "1800922", "136.243.87.141:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:11", "1800923", "136.243.87.133:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:11", "1800924", "136.243.87.138:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800915", "136.243.87.134:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800916", "136.243.87.129:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800917", "136.243.87.131:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800918", "136.243.87.140:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800919", "136.243.87.132:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800920", "136.243.87.128:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:27:10", "1800921", "136.243.87.139:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800909", "https://136.243.87.132/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800910", "https://136.243.87.128/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800911", "https://136.243.87.139/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800912", "https://136.243.87.141/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800913", "https://136.243.87.133/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:48", "1800914", "https://136.243.87.138/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800905", "https://136.243.87.134/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800906", "https://136.243.87.129/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800907", "https://136.243.87.131/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:47", "1800908", "https://136.243.87.140/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:26:32", "1800904", "surve-chain.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:27:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:26:31", "1800867", "31.220.80.26:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "75", "False", "", "Sliver", "0", "whoamix302" "2026-04-27 08:26:30", "1800858", "duskmor.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:33:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:29", "1800859", "theorymin.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:43:23", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:29", "1800860", "qdacqez.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:45:54", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:28", "1800861", "trimeshor6.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:50:51", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:28", "1800864", "br4nd-forge.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:12:28", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:27", "1800868", "gent1-lab.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:30:07", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:27", "1800869", "170.75.167.225:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "", "BotManager,Unknown malware", "0", "whoamix302" "2026-04-27 08:26:26", "1800870", "150.139.132.7:10001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-27 08:26:26", "1800873", "gathgolde.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:48:57", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:25", "1800871", "du5k-panel.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:40:11", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:25", "1800877", "broadfilte.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:55:02", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 08:26:24", "1800896", "167.71.65.175:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 16:09:45", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:26:24", "1800901", "161.35.91.164:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 16:16:08", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:26:24", "1800902", "178.62.208.75:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-04-27 16:10:48", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-04-27 08:25:23", "1800903", "107.172.252.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-27 08:23:45", "1800900", "47.111.184.26:8880", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 08:23:19", "1800899", "147.78.2.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-27 08:22:39", "1800898", "45.130.148.102:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-04-27 08:21:13", "1800897", "crawlerstory.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:24:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:13:29", "1800895", "dynvaleis.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:13:48", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 08:07:43", "1800894", "traile-proc.oasis-reimburse.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:10:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 08:00:01", "1800892", "178.104.213.150:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 08:00:01", "1800893", "74.0.42.54:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:51", "1800891", "trimeshum.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 08:00:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:59:41", "1800886", "bom.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800887", "bca.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800888", "tsc.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800889", "gon.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:41", "1800890", "psy.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800882", "https://gon.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800883", "https://psy.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800884", "https://178.104.213.150/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:24", "1800885", "https://74.0.42.54/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800879", "https://bom.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800880", "https://bca.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:23", "1800881", "https://tsc.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:59:22", "1800878", "https://steamcommunity.com/profiles/76561198709529056", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-04-27 07:52:17", "1800876", "https://pillow.riverbridge.site/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:52:07", "1800875", "https://bbs.vi-ler.dk/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:41", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:52:03", "1800874", "bbs.vi-ler.dk", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:46", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-27 07:40:54", "1800872", "wint3-array.exhumat8urgle.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:43:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:23:57", "1800866", "uwfw.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:25:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:18:12", "1800865", "meta-cl1p.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:21:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 07:01:09", "1800863", "norcresta.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 07:02:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:55:47", "1800862", "5qpfwfow.foot-ricochet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:56:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:32:40", "1800857", "streamsol.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:27:41", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:22:33", "1800856", "https://packetswitchings.com.ng/wp-blog-footer.php?data=", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:21:57", "1800855", "vorline8et.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:22:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 06:21:41", "1800854", "https://packetswitchings.com.ng/wp-blog-footer.php?fp=1", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "True", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:15:53", "1800849", "gdxmgmf8.sleazyhe2ded.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:16:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:12:23", "1800848", "https://mdasnmitrot.com/ooaoll.js", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:12:05", "1800847", "mdasnmitrot.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:11:36", "1800846", "https://marketsnows.com/9cG0Kh", "url", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:11:20", "1800845", "marketsnows.com", "domain", "payload_delivery", "js.iclickfix", "None", "IClickFix", "", "100", "False", "", "ClickFix,IClickFix", "0", "HuntYethHounds" "2026-04-27 06:10:29", "1800844", "open-2p.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:12:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 06:06:06", "1800595", "rouge-4v.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:47:59", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:06:05", "1800837", "soft-berg-9.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 06:08:21", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:05:27", "1800839", "https://awesomeisojs.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 06:05:14", "1800838", "awesomeisojs.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 06:04:57", "1800827", "dark-land-8b.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:40:38", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:04:56", "1800832", "rouge-6.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:57:54", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 06:04:17", "1800836", "https://ns-claude-js.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-27 05:51:17", "1800829", "petit-fire-5.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:52:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:46:04", "1800828", "bleu-3.mivis-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:46:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:34:30", "1800763", "haus-1.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:35:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:29:08", "1800696", "holz-baum-7k.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:29:10", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 05:25:03", "1800574", "ax2e.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:02:29", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:02", "1800575", "hen1a.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:05:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:02", "1800579", "5ynt46-node.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:26:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:01", "1800583", "taldra2ex.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:48:55", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800598", "soft-2.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:58:35", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800601", "blue-fire-3w.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:18:26", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:25:00", "1800603", "zeit-land-9.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:32:03", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:59", "1800602", "haus-6.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:28:43", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:59", "1800606", "wald-baum-1.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:42:59", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:58", "1800608", "gold-star-2s.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:56:44", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800610", "holz-berg-3.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:10:30", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800615", "iron-land-9q.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:36:47", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:57", "1800617", "soft-wald-2.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:50:35", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:56", "1800616", "rouge-5.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:47:14", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:55", "1800618", "kalt-8.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:55:57", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:55", "1800619", "safespacesouthwest.com", "domain", "cc_skimming", "js.magecart", "None", "magecart", "", "75", "True", "", "magecart", "0", "localhost" "2026-04-27 05:24:54", "1800628", "petit-star-8z.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:52:37", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:54", "1800629", "vert-1.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:57:42", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:54", "1800630", "holz-berg-5.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:03:27", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:53", "1800631", "bleu-9.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:10:39", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:43", "1800678", "noir-9.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:13:17", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:42", "1800679", "gold-mond-2.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:18:16", "100", "False", "None", "27April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:39", "1800546", "trinexa.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:13:00", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:39", "1800547", "creehid.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:20:35", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:38", "1800550", "kellithis.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:42:14", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:38", "1800551", "resolvercultur.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:48:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:37", "1800552", "warmcon.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:55:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:37", "1800553", "pixellowersoon.top", "domain", "payload_delivery", "js.magecart", "None", "magecart", "2026-04-26 21:34:00", "100", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:36", "1800554", "networkhub.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:01:26", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:35", "1800560", "pixel9-layer.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:24:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:24:35", "1800561", "styledontcryyy.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "2026-04-26 21:34:00", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800563", "styleinfinity.top", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800564", "stylejingle.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800565", "styleoutsperee.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:35", "1800566", "stylebackrooooms.com", "domain", "payload_delivery", "js.magecart", "None", "magecart", "", "50", "False", "", "Magecart", "0", "varysz" "2026-04-27 05:24:30", "1800545", "dibzyqjy.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:06:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-27 05:23:35", "1800680", "vert-4.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:24:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 05:06:14", "1800677", "fast-star-5x.dexon-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 05:10:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:58:46", "1800676", "open-3n.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:59:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:53:17", "1800675", "zeit-berg-8.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:53:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:51:02", "1800674", "u88.store", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/69d57b0812969e8b61619c22196959e88b64df20f691819d565e91ec6e9d0aba/", "nanocore", "0", "abuse_ch" "2026-04-27 04:50:47", "1800673", "kaede.jpn.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/91bd29fbcd1fa40462378d834ff35939be6d97c6c53b9b6a2bd2facb67e12024/", "nanocore", "0", "abuse_ch" "2026-04-27 04:47:42", "1800672", "82.165.179.9:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/dc7926a343bf4a612ebd57924bd5e3a6df997164b090c662855f2f3e6e91c930/", "asyncrat", "0", "abuse_ch" "2026-04-27 04:47:32", "1800671", "kalt-5.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:48:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:46:02", "1800670", "ukschool.uk.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2dd9b9ea3a5afc1f3b0f36dd64b16444fcfa49284c18d34159b1b43b8460554d/", "nanocore", "0", "abuse_ch" "2026-04-27 04:45:44", "1800669", "au88.select", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2dd9b9ea3a5afc1f3b0f36dd64b16444fcfa49284c18d34159b1b43b8460554d/", "nanocore", "0", "abuse_ch" "2026-04-27 04:45:06", "1800668", "158.160.75.185:40553", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-04-27 04:44:47", "1800667", "23.132.164.14:9000", "ip:port", "botnet_cc", "win.raton_rat", "None", "RatonRAT", "", "100", "False", "None", "RatonRAT", "0", "abuse_ch" "2026-04-27 04:44:36", "1800666", "43.132.210.230:884", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:44:18", "1800665", "43.132.210.230:882", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:43:59", "1800664", "103.12.148.79:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-27 04:43:30", "1800663", "175.24.201.23:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "None", "Meterpreter", "0", "abuse_ch" "2026-04-27 04:43:14", "1800662", "http://196.199.55.26:7777/b367c5ea.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-04-27 04:42:29", "1800661", "144.31.61.121:31505", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2026-04-27 04:42:10", "1800660", "soft-land-1.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:43:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:42:02", "1800659", "http://kingspy.dynv6.net:797/Vre", "url", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "False", "None", "Vjw0rm", "0", "abuse_ch" "2026-04-27 04:41:49", "1800658", "104.21.50.237:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:41:31", "1800657", "172.67.213.218:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:41:12", "1800656", "160.191.89.201:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:40:58", "1800655", "104.21.88.201:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:40:08", "1800652", "172.67.152.162:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-27 04:36:34", "1800651", "rouge-4.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:39:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:28:55", "1800647", "iron-fire-6s.noven-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:29:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:23:19", "1800634", "haus-2x.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:24:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 04:15:50", "1800632", "dark-wald-3.sylor-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 04:16:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:43:35", "1800627", "open-6.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:44:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:38:14", "1800626", "gold-land-4m.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:38:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:30:25", "1800625", "noir-2.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:30:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:25:00", "1800624", "fast-fire-9.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:26:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:19:26", "1800623", "zeit-5.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:19:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:13:26", "1800622", "blue-mond-3k.raxen-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:14:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:08:16", "1800621", "haus-7v.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:12:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 03:00:30", "1800620", "dark-berg-1.zexis-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 03:04:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:25:39", "1800614", "open-1x.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:25:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:20:22", "1800613", "petit-zeit-4.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:20:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:14:36", "1800612", "noir-6.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:15:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 02:12:36", "1800611", "ultimatecircleislandtour.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 02:03:39", "1800609", "vert-8.qivor-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 02:07:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:50:12", "1800607", "fast-7.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:54:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:38:51", "1800605", "brandyparfums.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-27 01:36:36", "1800604", "bleu-4k.mivon-data.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:37:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:11:56", "1800600", "iron-8.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:12:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 01:06:12", "1800599", "petit-mond-5.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 01:07:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:53:02", "1800597", "kalt-berg-7.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:53:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:51:07", "1800596", "31.57.184.186:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/39c0135a0e8d46053fbcaa4efe6cbc83d33cf8e7be43efbca1622b2f77c7b9c6/", "remcos", "0", "abuse_ch" "2026-04-27 00:41:25", "1800594", "dark-star-1.bexis-cloud.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:42:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:35:50", "1800593", "open-9.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:36:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:30:04", "1800592", "holz-baum-4.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:30:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:24:26", "1800591", "vert-1k.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:24:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:19:06", "1800590", "gold-land-8.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:19:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-27 00:13:26", "1800589", "noir-5.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:13:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-27 00:08:05", "1800588", "fast-zeit-2.vortex-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-27 00:08:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 23:10:54", "1800587", "hglj.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 23:11:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 23:05:12", "1800586", "7xekivp.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 23:05:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 22:59:24", "1800585", "m3rge-mark.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:59:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:54:09", "1800584", "4ppcd.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:54:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:42:38", "1800582", "neo-rnead.nov2sirel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:42:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 22:37:24", "1800581", "lfixa2ax.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:38:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:31:24", "1800580", "cl1e-panel.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:31:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:20:02", "1800578", "quorcresten1.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:22:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:14:50", "1800577", "9hq5.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:15:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 22:08:52", "1800576", "vfge.kyl6varet.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 22:09:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:52:47", "1800573", "9al62yq7.souf1atwindow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-04-26 21:52:27", "1800572", "503yy20v.souf1atwindow.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:52:16", "1800571", "ar1hcfxy.gushchina-kriz.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:51:45", "1800570", "mernex1ar.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:52:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:46:41", "1800569", "54lzq.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:46:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:41:02", "1800568", "quor-valeix.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:41:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:35:49", "1800567", "harbquarr.tov1maren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:35:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:29:39", "1800562", "uxmidt.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:30:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:18:07", "1800559", "vel-draex.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:18:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:12:34", "1800558", "soundatom.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:12:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 21:06:53", "1800557", "10ya0-dock.syke8liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 21:07:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 21:01:03", "1800556", "https://bbs.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:31", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 21:01:00", "1800555", "bbs.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 08:18:35", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 20:35:05", "1800549", "stead5-switch.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:35:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 20:26:19", "1800548", "48oni.rax3vomen.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:26:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:59:29", "1800543", "clustchoru.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 20:00:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:52:52", "1800542", "railspark.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:53:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:46:18", "1800540", "ark-valeen.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:47:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:39:36", "1800539", "ve1ve-loop.zun5larek.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:40:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 19:33:59", "1800538", "joerass.icu", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/72b7b27fc9d3d590d41efcff44172d81915a30e2c3d19ec158010501f20bf8f5/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:33:42", "1800533", "royapuls.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:21:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:42", "1800535", "brigh-gold.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:24:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:42", "1800536", "tfoq2qdi.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:33:28", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:33:24", "1800537", "motivate.starkmond.cfd", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/b3810ca5f17d8f617252b5460eafbed27e85722e794e394b2fbcb760ecf3d2a3/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:21:58", "1800534", "85.239.144.97:7754", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d401cfe9de20d46c8cc86aafa2448aa38c94c1911aa7f27d7ca2d84a88f09685/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2026-04-26 19:15:06", "1800529", "pwq.scoffatop.icu", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cabf923be13af3f5a125def5f8ee8bb43d1a9c63e78d146e27298d95f76fa5ce/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:15:06", "1800530", "ootip.submergejunkie.life", "domain", "botnet_cc", "win.acr_stealer", "None", "ACR Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cabf923be13af3f5a125def5f8ee8bb43d1a9c63e78d146e27298d95f76fa5ce/", "ACRStealer", "0", "abuse_ch" "2026-04-26 19:14:37", "1800519", "mer-lithor.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:56:00", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:14:36", "1800523", "http://91.92.242.236/oPvjr94jfe/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "None", "amadey,AS202412,Omegatech LTD", "0", "antiphishorg" "2026-04-26 19:14:36", "1800527", "boos-gri.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:10:16", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 19:14:08", "1800528", "http://pillow.riverbridge.site", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:12:54", "75", "False", "None", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 19:02:11", "1800526", "warm-senso.qor9mital.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 19:02:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 19:01:16", "1800525", "18.162.233.94:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/03dd84f426cbd201f949da44f1d36d034b75033738bb52b7a6e9e65d7c5b7ffc/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 19:01:13", "1800524", "xzcgtffdlmn.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/03dd84f426cbd201f949da44f1d36d034b75033738bb52b7a6e9e65d7c5b7ffc/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:59:58", "1800522", "192.109.200.9:4444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/2ffaa635caf56eba07b1049bab35e1eff7211c35b38a40f71029581b266924b4/", "RAT", "0", "abuse_ch" "2026-04-26 18:57:03", "1800521", "95.40.185.56:8880", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/ba21e24714ffd32c23812ec4d3fabdca99331afbf58e9a5344652107a8643873/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:56:59", "1800520", "vgrdshuyyg.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/ba21e24714ffd32c23812ec4d3fabdca99331afbf58e9a5344652107a8643873/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:50:47", "1800518", "203.91.75.211:2207", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/588aa05bf5ea03f491ad646b4bffa3c0fa023c0325fdadd38b23d064ffdece37/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:50:12", "1800517", "jdjj.cc", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/588aa05bf5ea03f491ad646b4bffa3c0fa023c0325fdadd38b23d064ffdece37/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:49:34", "1800516", "oone8de.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/60090a7079a37d7c55ec6aff11e52d37a1d032d06d21954d655dfa4acd7cedd3/", "RAT,ValleyRAT", "0", "abuse_ch" "2026-04-26 18:48:20", "1800515", "wo0hv.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:49:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:39:46", "1800514", "xzgik.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:44:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:36:03", "1800513", "91.92.242.236:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-27 23:00:06", "50", "False", "https://tracker.viriback.com/index.php?q=91.92.242.236", "Amadey,ViriBack", "0", "abuse_ch" "2026-04-26 18:33:04", "1800512", "l1chen-hold.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:36:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:27:59", "1800511", "kye.venloc.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://bazaar.abuse.ch/sample/df15eaf4f30afa77031861ce664291dc880977506b09e747a065edf41a6faf3b/", "Vidar", "0", "abuse_ch" "2026-04-26 18:24:12", "1800510", "wildsai.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:26:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:19:19", "1800509", "pillow.riverbridge.site", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 22:12:56", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800507", "https://t.me/periotival", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:23", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:18:46", "1800508", "https://telegram.me/b8bz11", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-27 07:59:22", "100", "False", "https://bazaar.abuse.ch/sample/2199baf11d50dd10555f8aec122178e03b62570fc0d4614a8e928978dc547154/", "ipocalur,Vidar", "0", "abuse_ch" "2026-04-26 18:13:37", "1800506", "fldenmd.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:14:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:11:52", "1800058", "portalpitch.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:33:02", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:51", "1800059", "fund-ancho.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:40:45", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:51", "1800062", "fast-zeit-4.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:58:44", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:50", "1800061", "crestsud.pav3lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 16:54:33", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:50", "1800065", "vert-5.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:25:37", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800066", "holz-baum-3.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 17:29:15", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800083", "fast-1.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 18:59:35", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:49", "1800107", "iron-land-1q.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 19:47:00", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:48", "1800116", "dark-berg-2c.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:14:19", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:48", "1800129", "zeit-2.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:26:52", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800138", "fast-fire-5.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:37:55", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800144", "noir-1.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:40:40", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:46", "1800151", "gold-land-3m.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 20:48:27", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800156", "vert-4.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:04:26", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800163", "bleu-2.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:22:54", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:45", "1800172", "iron-fire-7s.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 21:44:19", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:44", "1800178", "kalt-5.nov2liren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:09:49", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:43", "1800184", "gold-mond-8.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:36:07", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:42", "1800197", "open-2.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:33:55", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:42", "1800505", "8.148.229.106:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:11:41", "1800204", "manngua.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:11:57", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:41", "1800211", "poditt0j.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:52:03", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800212", "estrqmi.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:56:36", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800213", "lichxz.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:02:53", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800220", "fine7t.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:38:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:40", "1800504", "35.212.248.36:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:29:25", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:11:39", "1800225", "kopf-wkeu.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:07:47", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:39", "1800226", "etoi-fbll.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:12:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:39", "1800231", "soci-84i6.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:24:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:38", "1800234", "piedmg3.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:43:06", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:37", "1800237", "fire-02k6.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:59:38", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:37", "1800239", "pes-ghj0.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:23:12", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:36", "1800238", "freur6r.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:06:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:35", "1800240", "homb-1h.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:28:12", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:34", "1800243", "spia-vo.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:49:42", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:34", "1800245", "aguarw2y.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:04:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:31", "1800110", "https://nxbrew.me/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "False", "https://app.any.run/tasks/6d1ebc90-3f8e-4320-9471-15fa92f5fdb6", "RenPyLoader,Vidar", "0", "rifteyy" "2026-04-26 18:11:31", "1800503", "180.76.185.146:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2026-04-26 18:11:30", "1800154", "64.118.135.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:29:29", "100", "False", "", "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "0", "whoamix302" "2026-04-26 18:11:30", "1800165", "http://62.60.226.159/xvzpjyddlu/login.php", "url", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "", "100", "False", "None", "AS214351,FEMO IT SOLUTIONS LIMITED,tinyloader", "0", "antiphishorg" "2026-04-26 18:11:27", "1800185", "rosrefurboss.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-26 00:35:54", "50", "False", "", "None", "0", "varysz" "2026-04-26 18:11:26", "1800187", "holz-baum-5k.miv8soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 22:46:17", "100", "False", "None", "25April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:26", "1800188", "trafluxo.xyz", "domain", "payload_delivery", "unknown_webinject", "None", "Unknown Webinject", "", "75", "True", "", "None", "0", "varysz" "2026-04-26 18:11:24", "1800246", "163.61.39.140:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-04-26 18:11:24", "1800249", "paniwcfh.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:25:38", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800252", "landem.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:41:08", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800255", "homo-ph.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:03:56", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:23", "1800267", "breagc.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:17:37", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:22", "1800268", "mund4c.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:24:40", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:21", "1800277", "04wp.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:11:48", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:20", "1800281", "5hor-mount.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:33:39", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:19", "1800282", "rela1-graph.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:40:01", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:19", "1800287", "3xpos-route.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:06:51", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:18", "1800288", "imagesil.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:14:21", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:17", "1800293", "crestsync.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:20:30", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:17", "1800304", "37.107.161.214:11", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-26 18:11:16", "1800305", "37.107.163.217:9069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "100", "False", "", "ExtRat,Xtreme RAT", "0", "whoamix302" "2026-04-26 18:11:16", "1800306", "209.99.185.174:8889", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "", "Remcos,RemcosRAT,Remvio,Socmer", "0", "whoamix302" "2026-04-26 18:11:16", "1800307", "47.239.106.95:8443", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "75", "False", "", "GobRAT", "0", "whoamix302" "2026-04-26 18:11:15", "1800309", "189.150.109.130:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "75", "False", "", "Breut,DarkComet,Fynloski,klovbot", "0", "whoamix302" "2026-04-26 18:11:14", "1800338", "lanedev.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:33:19", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:13", "1800359", "http://199.68.217.18:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS979,NetLab Global,supershell", "0", "antiphishorg" "2026-04-26 18:11:13", "1800360", "199.68.217.18:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-04-26 12:26:31", "100", "False", "None", "AS979,NetLab Global,supershell", "0", "antiphishorg" "2026-04-26 18:11:12", "1800364", "st4ge-pulse.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:25:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:12", "1800375", "vaultink.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:51:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:11", "1800376", "talnexos5.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:58:05", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:10", "1800378", "bluysbweb.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:09", "1800379", "blyuserbwrbs.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:08", "1800380", "parcelquick.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:11:48", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:08", "1800383", "sub-h11l.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:19:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:07", "1800384", "puresthomes.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/cca6a5ed0923cbb7539836f7865bf0bed07037bb453374022be5217ef03fd40f/", "c2", "0", "burger" "2026-04-26 18:11:07", "1800385", "187.77.255.235:5252", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/cca6a5ed0923cbb7539836f7865bf0bed07037bb453374022be5217ef03fd40f/", "c2", "0", "burger" "2026-04-26 18:11:07", "1800389", "tiruet.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/119722e6e370e280de412860f429a037caf0d86d19d88100510423334638ea1b/", "c2", "0", "burger" "2026-04-26 18:11:06", "1800390", "143.198.228.219:5632", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/119722e6e370e280de412860f429a037caf0d86d19d88100510423334638ea1b/", "c2", "0", "burger" "2026-04-26 18:11:06", "1800397", "project-info-world.info", "domain", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "", "c2", "0", "burger" "2026-04-26 18:11:06", "1800399", "39hwegfg.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:58:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:05", "1800400", "sthj.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:04:58", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:05", "1800401", "lumennix.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "None", "0", "burger" "2026-04-26 18:11:04", "1800404", "lum-lineon.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:26:09", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:04", "1800405", "66.163.123.111:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "whoamix302" "2026-04-26 18:11:02", "1800406", "91.92.242.57:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "", "Stealc", "0", "whoamix302" "2026-04-26 18:11:02", "1800407", "alphsummer.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:39:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:02", "1800408", "studi-fores.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:42:09", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:01", "1800409", "3vnp4.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:49:40", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:01", "1800410", "vocalatomic.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:56:14", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:11:00", "1800411", "http://91.92.242.236/oPvjr94jfe/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-04-27 22:10:10", "100", "False", "None", "54e64e,amadey,c2", "0", "Bitsight" "2026-04-26 18:11:00", "1800418", "tigmjuy.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:29:42", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800420", "ion-cra.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:45:15", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800421", "peak7-frame.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:51:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:59", "1800422", "iswear.thisisafalsepositive.ru", "domain", "payload_delivery", "py.empyrean", "None", "Empyrean", "2026-04-26 13:56:38", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800423", "titaniumclient.com", "domain", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800425", "cbd34e6a8274c62f1d0e4f183dafc17b305e0988b2e5e46cd4a94ef680e7f405", "sha256_hash", "payload", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:58", "1800426", "172.67.214.234:443", "ip:port", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:57", "1800427", "104.21.91.94:443", "ip:port", "payload_delivery", "py.empyrean", "None", "Empyrean", "", "50", "False", "", "stealer minecraft polygon-c2 java-loader", "1", "Dr_Markuse" "2026-04-26 18:10:56", "1800431", "analysis-one-orpin.vercel.app", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://app.any.run/tasks/e17c767a-b8b7-45aa-b03b-8e8a55cb3c73", "c2", "0", "burger" "2026-04-26 18:10:55", "1800433", "sandbhar.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:33:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:55", "1800435", "quarrytrav.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:39:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:54", "1800437", "runt11-drive.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:50:34", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:54", "1800440", "webdisk.housecleaninggrovecityohio.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:53", "1800442", "shop.steadycompanion.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:52", "1800443", "samples.addisgraphix.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "75", "True", "", "SocGholish", "0", "varysz" "2026-04-26 18:10:52", "1800444", "exposerv.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:16:33", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:52", "1800446", "144.31.204.136:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:51", "1800447", "64.188.70.194:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:51", "1800448", "94.228.161.88:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:50", "1800449", "77.110.117.204:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:50", "1800450", "84.201.4.120:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:49", "1800451", "172.245.112.202:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:48", "1800452", "206.245.157.177:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800453", "193.23.211.29:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800454", "77.239.121.3:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:47", "1800456", "77.239.120.249:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:46", "1800455", "93.185.159.90:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:44", "1800457", "77.110.117.211:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:44", "1800458", "144.31.139.203:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:43", "1800459", "144.31.139.201:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:43", "1800460", "144.31.204.145:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "", "75", "False", "", "GhostSocks", "0", "whoamix302" "2026-04-26 18:10:42", "1800461", "insivisual.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:21:44", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:42", "1800462", "medi4-spark.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:29:11", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:41", "1800464", "46.149.73.232:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "", "1xxbot,ArechClient,SectopRAT", "0", "whoamix302" "2026-04-26 18:10:40", "1800470", "foplq.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:54:43", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:39", "1800471", "aa5sf.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:07:23", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:39", "1800474", "zazsvrye.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:27:04", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800475", "temmodul.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:31:59", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800476", "thor-hinge.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:43:20", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:38", "1800481", "sand-tar.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:14:52", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:37", "1800477", "vqq7jll.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:48:29", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800482", "okqgg.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:18:28", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800483", "fembiq.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:29:50", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:36", "1800484", "minorclosed.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:38:30", "100", "False", "None", "26April2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-04-26 18:10:21", "1800502", "https://tabbysbakescodes.ws/mnlinmwv/insirs.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:10:20", "1800501", "https://tommysbakescodes.ws/mnlinmwv/insris.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:44", "1800499", "tommysbakescodes.ws", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:44", "1800500", "tommysbakescodes.cv", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/a7148992783e92579b859694d3ade3b059df53cf666cc6d0e52786fdd120672f/", "CNBackdoor", "0", "abuse_ch" "2026-04-26 18:09:40", "1800498", "8.149.139.253:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:24:27", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:09:26", "1800497", "107.172.252.244:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 08:23:39", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-04-26 18:08:56", "1800496", "2.26.133.54:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:26", "1800495", "103.195.190.251:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:08:20", "1800494", "103.230.15.38:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-04-26 18:06:56", "1800493", "edit8-grid.sivla2ken.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:08:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 18:01:03", "1800492", "https://bom.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 20:13:57", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 18:01:00", "1800491", "bom.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "2026-04-26 20:13:59", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 18:00:18", "1800490", "snovv8-mesh.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 18:00:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 17:59:14", "1800488", "peafamqe.cyou", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/b73edda46a91349b37f219d3056dff65a545ba458f4c4a93eddd6fae3b99c38b/", "CountLoader", "0", "abuse_ch" "2026-04-26 17:59:14", "1800489", "snconor.vg", "domain", "botnet_cc", "win.count_loader", "None", "CountLoader", "", "100", "False", "https://bazaar.abuse.ch/sample/b73edda46a91349b37f219d3056dff65a545ba458f4c4a93eddd6fae3b99c38b/", "CountLoader", "0", "abuse_ch" "2026-04-26 17:53:29", "1800487", "8ltu2.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:54:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:47:15", "1800486", "ofdqgn.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:48:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:40:18", "1800485", "ughckpku.vel7ramon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:41:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 17:03:06", "1800480", "marshform.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 17:03:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 17:01:56", "1800479", "trishnacolleges.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 16:54:09", "1800478", "gl0ss-vault.tor4nexil.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:58:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 16:18:38", "1800473", "sermarken.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:23:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 16:11:52", "1800472", "geo-ca5t.vex4moral.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 16:11:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:47:40", "1800469", "norcorear3.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:48:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:43:51", "1800468", "ns-claude-js.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:42:58", "1800467", "https://ntsnsdns.beer/api/css.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:42:43", "1800466", "ntsnsdns.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,ErrTraffic", "0", "HuntYethHounds" "2026-04-26 15:41:26", "1800465", "alt-rnetr.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:41:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:34:23", "1800463", "rklpwx.pav7lorex.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:35:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:17:15", "1800445", "janadiscovery.creativepreflight.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 15:07:47", "1800441", "lightinn.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:12:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 15:01:05", "1800439", "3eums.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 15:02:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:54:51", "1800438", "uy2qx.to6varon.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:59:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:42:16", "1800436", "imgnyc.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 14:37:52", "1800434", "iframeshop.fietsenco.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 14:25:39", "1800432", "ridgegentle.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:30:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:19:02", "1800430", "qkkrhea.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:19:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:10:33", "1800429", "r4vxeem.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:11:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 14:03:42", "1800428", "loose-bun.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 14:04:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:57:03", "1800424", "zentideor.sylo1mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:58:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:35:08", "1800419", "zenmeshix1.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:36:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:21:56", "1800417", "glolab.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:22:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:15:36", "1800416", "cargoquery.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:15:45", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 13:08:41", "1800415", "arkmesh7al.rax8pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:09:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 13:02:05", "1800414", "gr1m-index.zex2liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 13:02:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 13:01:02", "1800413", "https://bca.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 13:00:59", "1800412", "bca.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 12:18:02", "1800403", "zenmesh9en.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:18:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 12:11:20", "1800402", "5ob0.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 12:12:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:51:35", "1800398", "compressout.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:52:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:44:53", "1800396", "5pruc7-mount.qiv7moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:45:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:39:32", "1800395", "https://scalarview.shop/t.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:38:06", "1800394", "vorline5is.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:38:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:35:34", "1800393", "https://scalarview.shop/ext.0ff2555835d3.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:35:09", "1800392", "https://scalarview.shop/ext-b.58316c304236.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:33:55", "1800391", "https://scalarview.shop/t.188cfd3975db.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:31:28", "1800388", "calm-spool.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:32:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 11:31:22", "1800387", "scalarview.shop", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ClickFix,EXT", "0", "HuntYethHounds" "2026-04-26 11:24:49", "1800386", "echogate.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:24:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 11:12:37", "1800382", "https://ra7tel.digital/script.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-26 11:12:26", "1800381", "ra7tel.digital", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "macOS", "0", "HuntYethHounds" "2026-04-26 11:04:50", "1800377", "solflux6ix.bexla3rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 11:05:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:44:54", "1800374", "bajbvqgz.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:45:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 10:38:05", "1800373", "loadtin.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:38:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:31:35", "1800372", "jloj7ws.dex4lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:32:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:30:36", "1800371", "updatedata.us", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe,Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:29:39", "1800370", "http://pixeldrain.com/api/file/HDAhDKwK", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 10:28:38", "1800369", "https://pixeldrain.com/api/file/FQiVU7kw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:28:11", "1800368", "https://updatedata.us/msoft/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:27:10", "1800367", "https://pixeldrain.com/api/file/Xb8wt515", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:26:48", "1800366", "https://updatedata.us/cloud/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Microsoft Teams", "0", "HuntYethHounds" "2026-04-26 10:25:26", "1800365", "https://updatedata.us/acrobat/windows/adobe.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Adobe", "0", "HuntYethHounds" "2026-04-26 10:18:10", "1800363", "bin4ry-trail.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:22:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:09:20", "1800362", "fre5h-logic.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:14:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 10:02:42", "1800361", "g4th-sheet.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 10:03:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:59:05", "1800358", "https://livemeetinggatgoogllemeet.top/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:58:42", "1800357", "https://livemeetinggatgoogllemeet.top/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:58:30", "1800356", "livemeetinggatgoogllemeet.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:56:32", "1800355", "otter0-field.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:57:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:55:02", "1800354", "https://googlemetingninviit.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:54:39", "1800353", "https://googlemetingninviit.click/meet/567/Windows/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:54:26", "1800352", "googlemetingninviit.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:49:54", "1800351", "40l627.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:50:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:46:38", "1800350", "05327t.miv9soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:47:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:44:00", "1800349", "https://googlemeet.meeting-live.site/update/GoogleMeetInstaller.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:31", "1800348", "https://meeting-live.site/googlemeet/process.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:43:04", "1800347", "https://meeting-live.site/googlemeet/update.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:42:40", "1800346", "https://meeting-live.site/googlemeet/meeting.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:40:12", "1800345", "ark-spireix.sylo3mer.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:40:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:38:47", "1800344", "https://googlemeeettinvitee.click/meet/567/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2026-04-26 09:39:07", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:26", "1800343", "https://googlemeeettinvitee.click/meet/567/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:38:15", "1800342", "googlemeeettinvitee.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:16", "1800341", "https://gooogglemeets.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:35:01", "1800340", "https://gooogglemeets.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:34:25", "1800339", "gooogglemeets.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:17", "1800337", "https://goooggle.click/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:32:04", "1800336", "https://goooggle.click", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:31:02", "1800335", "goooggle.click", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:27:51", "1800334", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/install-guide.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:27:02", "1800333", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:26:20", "1800332", "segmentreagent.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:26:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:25:17", "1800331", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/ms-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:57", "1800330", "https://quantumsignaturecertificationgatewayhub.top/Docusign/1/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:40", "1800329", "dortmevsimhotel.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-04-27 22:36:53", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 09:24:24", "1800328", "https://quantumsignaturecertificationgatewayhub.top/D/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:24:00", "1800327", "https://quantumsignaturecertificationgatewayhub.top/D/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:23:36", "1800326", "https://quantumsignaturecertificationgatewayhub.top/12/download.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:23:12", "1800325", "quantumsignaturecertificationgatewayhub.top", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:22:55", "1800324", "https://quantumsignaturecertificationgatewayhub.top/12/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake DocuSign", "0", "HuntYethHounds" "2026-04-26 09:20:11", "1800323", "track8-line.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:16:39", "1800322", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/microsoft-store.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:16:07", "1800321", "https://cloudo4meetup.com/auth/jj/joiningmeeting/gmeet/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:16:05", "1800320", "dhariwalsecuritasindia.in.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0c74741774b4c897f607b6ff684ce3ddd8ea00af5fa723877d1e8bab3b6d53d8/", "nanocore", "0", "abuse_ch" "2026-04-26 09:15:55", "1800319", "cloudo4meetup.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "Fake Google Meet", "0", "HuntYethHounds" "2026-04-26 09:15:52", "1800318", "app.slot365.biz", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c702ec4d3e248d3a70d1458ff658048bb4c81c39f4eba94449f13dc8df11a91c/", "nanocore", "0", "abuse_ch" "2026-04-26 09:13:17", "1800317", "alt-rnodul.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:13:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:11:22", "1800316", "91.92.34.113:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-04-26 09:11:05", "1800315", "45.227.254.10:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch" "2026-04-26 09:10:24", "1800312", "104.21.22.216:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-26 09:10:08", "1800311", "172.67.207.32:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-04-26 09:07:32", "1800310", "pqruqv.rax7pavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 09:07:09", "1800308", "domaine-equestre-du-somaret.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-04-27 22:24:05", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 09:00:25", "1800303", "4eon.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 09:00:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:53:47", "1800302", "yo04.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:54:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:48:33", "1800301", "156.245.147.98:53", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:48:29", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:46:41", "1800300", "endpoi1-chain.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:43:33", "1800299", "dd.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:43:34", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:43:30", "1800298", "d2.googleos-js.vip", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-04-27 22:43:30", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-04-26 08:39:49", "1800297", "r3pa-path.zex1liron.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:40:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:36:04", "1800296", "dienmaykynguyenco.vn", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-04-27 21:53:16", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 08:33:13", "1800295", "subt18-beam.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:33:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:26:28", "1800294", "defen2-forge.qiv5moren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 08:16:02", "1800290", "77.110.117.174:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:36", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:02", "1800291", "194.28.225.230:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:02", "1800292", "64.188.104.2:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:16:01", "1800289", "64.188.104.35:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:36", "100", "False", "", "None", "0", "Rony" "2026-04-26 08:05:07", "1800286", "dev.berrapack.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-04-27 21:15:58", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:59:51", "1800285", "8etttd19.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 08:00:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:53:23", "1800284", "cinf.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:47:04", "1800283", "freightstitch.bexla8rin.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:47:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:26:45", "1800280", "hyper-rnead0.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:26:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:19:59", "1800279", "lum-nexal.dex2lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 07:18:56", "1800278", "77.110.117.201:443", "ip:port", "botnet_cc", "win.ghostsocks", "None", "GhostSocks", "2026-04-26 15:20:37", "100", "False", "", "helper", "0", "Rony" "2026-04-26 07:11:24", "1800276", "universalgrowing.cl", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:05:04", "1800275", "whitecubs.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 07:02:30", "1800274", "dynline6os.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 07:03:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:58:58", "1800273", "monofurniture.co", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "2026-04-27 20:15:44", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 06:56:17", "1800272", "primeshore.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:57:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:49:23", "1800271", "ultra-enzyrn.miv6soren.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:52:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:40:55", "1800270", "neroc5j.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:41:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 06:34:29", "1800269", "voit-wjw.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:35:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:10:10", "1800266", "fami-wp.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:10:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 06:03:14", "1800265", "sunhq.dexor-host.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 06:03:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:54:35", "1800264", "voxx1.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:55:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:47:50", "1800263", "cuer-e30q.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:49:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:37:16", "1800262", "casa-zw9e.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:38:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:30:49", "1800261", "engagemen.es", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 05:30:39", "1800260", "homm6uc.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:31:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:23:52", "1800259", "alph-qhj.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:24:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 05:21:42", "1800258", "clearviewandpalisade.co.za", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 05:17:47", "1800257", "proc-256.mivon-hub.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:18:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 05:10:34", "1800256", "eart-l4.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 05:11:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:57:24", "1800254", "mar-jlk.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:58:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:49:07", "1800253", "lebe6wwf.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:52:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:37:47", "1800251", "opulent.ro", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 04:33:30", "1800250", "stra-j2.noven-sys.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:36:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:18:24", "1800248", "amic-po1.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:18:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 04:09:19", "1800247", "meer-in.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:10:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:55:50", "1800244", "etab-0d.sylonix-web.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 04:00:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:40:40", "1800242", "ocul-xq7.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:41:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 03:34:11", "1800241", "mati-ns3w.raxen-tech.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 03:34:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:53:48", "1800236", "acti-cmf.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:54:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 02:47:51", "1800235", "ocche0o.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:48:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:36:32", "1800233", "travb7.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:37:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:31:05", "1800232", "fuss-kx01.zexon-plus.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:33:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:17:42", "1800230", "filo-8ao.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 02:18:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 02:15:59", "1800229", "dzonebcp.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 02:15:53", "1800228", "chessboard25.pakasak.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 02:15:45", "1800227", "32asinc.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0729f408d5386d401f611358b5b7080afc070d352ad0fbbc45df1e901fb92a57/", "asyncrat", "0", "abuse_ch" "2026-04-26 01:58:47", "1800224", "ami-mfs.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:59:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:53:16", "1800223", "koerhl.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:53:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:47:48", "1800222", "trab-7t.qivon-store.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:48:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:39:55", "1800221", "pieqt.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:42:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:26:38", "1800219", "treexw.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:30:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:23:24", "1800218", "emceeterrence.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 01:19:05", "1800217", "day-g6qh.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:19:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-26 01:13:10", "1800216", "plag59o.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:13:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:07:34", "1800215", "terr-53p.bexlor-net.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 01:08:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 01:07:11", "1800214", "depozit-siemens.ro", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 00:40:55", "1800210", "fore-k6mz.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:41:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:35:31", "1800209", "mens-tu.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:36:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:31:03", "1800208", "https://tsc.gessoflex.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 00:31:00", "1800207", "tsc.gessoflex.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "True", "None", "vidar", "0", "crep1x" "2026-04-26 00:28:53", "1800206", "c0007.bizhomepass.kr", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-04-26 00:19:13", "1800205", "fleuytfp.dexon-node.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:24:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-26 00:05:44", "1800203", "etaknqgp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:09:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:56:11", "1800202", "enfa1p13.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-26 00:01:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:50:48", "1800201", "haus-mp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:50:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 23:44:45", "1800200", "onli6sp.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:45:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:39:31", "1800199", "comp-os4d.mivonex-serv.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:38:23", "1800198", "87.106.168.15:7004", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/322f73c3a68b09cab469ace2c2b71cba547ca330f3e5db297cf7b923811d44e6/", "xworm", "0", "abuse_ch" "2026-04-25 23:28:00", "1800196", "soft-berg-6p.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:29:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:22:43", "1800195", "rouge-9.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:23:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-04-25 23:12:40", "1800194", "petit-fire-1.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:13:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-04-25 23:07:14", "1800193", "bleu-4.dex1lavel.in.net", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-04-25 23:08:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 811