################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-05-10 23:16:21 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-05-10 23:16:21", "1810458", "robodomain.sbs", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "ErrTraffic", "0", "Gi7w0rm" "2026-05-10 21:36:57", "1810432", "199.247.14.16:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "ChromeExtension,GlassWorm,RAT", "0", "Gi7w0rm" "2026-05-10 21:36:57", "1810433", "199.247.14.16:10000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "ChromeExtension,GlassWorm,RAT", "0", "Gi7w0rm" "2026-05-10 21:36:57", "1810434", "199.247.14.16:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.aikido.dev/blog/glassworm-chrome-extension-rat", "ChromeExtension,GlassWorm,RAT", "0", "Gi7w0rm" "2026-05-10 20:41:05", "1810424", "ok99.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b6badd77d0d32c295b8b9f66afef0437e4a6fdc9db5d8dff50a858b068f1d025/", "asyncrat", "0", "abuse_ch" "2026-05-10 20:20:03", "1810422", "http://marconiliqhting.com/emma/encode.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "False", "None", "Loki", "0", "abuse_ch" "2026-05-10 19:44:55", "1810418", "64.23.231.32:9001", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-10 22:44:36", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 19:44:52", "1810417", "5.78.110.145:7989", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-05-10 22:44:34", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-05-10 19:44:43", "1810416", "46.109.239.103:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:44:26", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 19:44:38", "1810415", "44.206.172.239:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:44:22", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 19:44:31", "1810414", "31.57.184.154:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:44:16", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 19:44:30", "1810413", "24.134.4.221:4714", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-10 22:44:15", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:51", "1810412", "209.99.188.44:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:43:43", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 19:43:45", "1810410", "195.123.240.236:443", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-10 22:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:45", "1810411", "195.123.240.236:8274", "ip:port", "botnet_cc", "win.ransomhub", "None", "RansomHub", "2026-05-10 22:43:38", "75", "False", "None", "drb-ra,RansomHub", "0", "abuse_ch" "2026-05-10 19:43:39", "1810408", "189.34.188.6:5406", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-10 22:43:33", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:39", "1810409", "189.34.188.6:5407", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-10 22:43:33", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-10 19:43:32", "1810407", "178.16.55.171:444", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2026-05-10 22:43:27", "75", "False", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2026-05-10 19:43:31", "1810406", "178.105.40.204:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-10 22:43:26", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-10 19:43:15", "1810405", "138.9.237.106:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-10 22:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-10 19:43:11", "1810404", "130.49.214.74:50194", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:09", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 18:57:10", "1809864", "1net.ro", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:09", "1809865", "1sttxreversemtg.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:08", "1809866", "allstartsealing.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:08", "1809867", "alnuric.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:07", "1809868", "aplikasigerhanatoto1.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:06", "1809869", "av-automotive.be", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:04", "1809870", "ayuntamientodeyecora.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:03", "1809871", "b2b.castorsunglasses.es", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:03", "1809872", "belindabuck.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:02", "1809873", "berylsegerschronicles.com.au", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:01", "1809874", "biopelletuab.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:57:00", "1809875", "boilermill.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:59", "1809876", "buktijpilmu.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:57", "1809877", "centralathleticfoundation.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:56", "1809878", "ciphercodersweb.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:56", "1809879", "cofeusa.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:55", "1809880", "columbusisles.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:54", "1809881", "compraway.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:52", "1809882", "copierondemand.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:51", "1809883", "dipfeed.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:50", "1809884", "diversidadecatolica.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:49", "1809885", "drisdellehomes.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:48", "1809886", "easttechnicalstudio.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:47", "1809887", "eltransistorgranada.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:47", "1809888", "energyarts.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:46", "1809889", "foresightedtech.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:45", "1809890", "gazaltours.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:44", "1809891", "goldenlifemanor.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:43", "1809892", "greyandbold.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:42", "1809893", "gustavogorriaran.com.uy", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:41", "1809894", "heachang.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:41", "1809895", "hijamawala.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:40", "1809896", "hudaaldosari.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:39", "1809897", "hzarchitects.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:39", "1809898", "ianvance.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:38", "1809899", "ideaverdegolf.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:37", "1809900", "infodehrifcam.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:37", "1809901", "inspiredassistance.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:36", "1809902", "jeepbastard.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:35", "1809903", "jessicaassociates.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:35", "1809904", "josdream.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:34", "1809905", "kawamawidows.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:33", "1809906", "kkg-wehofen.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:33", "1809907", "ktgafurov.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:25", "1809909", "lamusedurres.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:24", "1809908", "laforetfestas.com.br", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:22", "1809910", "lifemagazine.nl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:20", "1809911", "lkexcellence.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:18", "1809912", "lombardoautomotive.it", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:17", "1809913", "loveworldvirtualchurch.org.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:17", "1809914", "m1-ma.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:15", "1809915", "makecontractorsgreatagain.net", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:15", "1809916", "mamaspusties.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:14", "1809917", "miariym.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:12", "1809918", "mkscoffee.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:11", "1809919", "mnpermlighting.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:10", "1809920", "njfamilyphotography.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:09", "1809921", "nmv-contruction.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:08", "1809922", "novacarnes.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:06", "1809923", "ontronics.co.uk", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:03", "1809924", "pastquestion.com.ng", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:03", "1809925", "patrafoam.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:02", "1809926", "philadelphiarestorationservices.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:01", "1809927", "pool.sprecher-akademie.at", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:56:00", "1809928", "prediksitaysen88.cloud", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:59", "1809929", "proplayuk.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:58", "1809930", "qblicense.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:57", "1809931", "quotient-capital.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:56", "1809932", "riodomedia.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:55", "1809933", "safa71.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:54", "1809934", "safeguardips.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:52", "1809935", "sapienharvest.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:51", "1809936", "scalp-coiffure.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:51", "1809937", "shivshankarexp.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:50", "1809938", "simicenter.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:49", "1809939", "sinte.cl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:48", "1809940", "staybadparamotor.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:47", "1809941", "tcwaremmien.be", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:47", "1809942", "totaaldiscounter.nl", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:46", "1809943", "tramproject.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:45", "1809944", "viccidinivillas.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:44", "1809945", "vipeshome.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:44", "1809946", "winesportbet.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:43", "1809947", "yogaonthewallkill.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:42", "1809948", "yourgreendreams.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:55:41", "1809949", "zofianatra.com", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:54:13", "1810387", "110.41.76.236:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-10 18:53:34", "1810386", "87.121.89.170:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-10 18:53:28", "1810385", "38.147.170.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-10 18:50:55", "1810384", "zsyp.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:50:54", "1810383", "wplog.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:50:51", "1810382", "roofing.gb.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:50:42", "1810381", "deepsteam.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:50:38", "1810379", "admingdtg.vn", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:50:38", "1810380", "aliexpress.us.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/20da7c750b4c1162896320d3381121eb4bf71a19eee85234e9425d78c92c865c/", "xworm", "0", "abuse_ch" "2026-05-10 18:48:44", "1810378", "api.portimaloter.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "SocGholish", "0", "threatcat_ch" "2026-05-10 18:46:00", "1809847", "aviastore.it", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "True", "", "ClickFix,compromised,etherhiding,Polygon,Vidar,WordPress", "0", "varysz" "2026-05-10 18:42:43", "1809697", "172.233.46.13:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:33:22", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:42", "1809698", "172.235.160.166:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:20:22", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:41", "1809699", "172.239.238.87:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:31:55", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:40", "1809700", "172.239.238.115:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:22:42", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:35", "1809701", "172.239.238.125:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:23:32", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:34", "1809702", "172.239.238.148:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:22:02", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:33", "1809704", "172.239.238.152:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:31:43", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:33", "1809705", "172.235.160.185:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:31:31", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:32", "1809706", "172.233.46.59:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:33:33", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:31", "1809707", "172.239.238.254:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 12:21:50", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:42:29", "1809711", "https://donutsmpcheat.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:27", "1809712", "https://donutsmpcheat.com/downloads/kryptonite-cracked.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:27", "1809713", "https://donutsmpcheat.com/downloads/float-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:26", "1809714", "https://donutsmpcheat.com/downloads/solar-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:25", "1809715", "https://donutsmpcheat.com/downloads/xenon-cracked.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:24", "1809716", "https://donutsmpcheat.com/downloads/meteor-client.jar", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:42:23", "1809816", "bahaisda.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-05-09 22:01:41", "100", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:22", "1809817", "privahtc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:22", "1809818", "brakyfaw.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-05-09 22:01:41", "100", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:21", "1809819", "fourdigs.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-05-09 22:01:42", "100", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:20", "1809820", "straigxo.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-05-09 22:01:42", "100", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:19", "1809823", "honceybl.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:18", "1809824", "mexzicaj.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:18", "1809825", "carytui.vu", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:17", "1809826", "genxetia.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:16", "1809827", "heavywbp.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:15", "1809828", "pomflgf.vu", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "Domain,Lumma,Lumma Stealer,Stealer", "0", "RacWatchin8872" "2026-05-10 18:42:12", "1809980", "129.211.2.123:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:11", "1809981", "64.176.36.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "20473,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:10", "1809982", "193.112.165.165:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "45090,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:09", "1809983", "38.147.170.246:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 18:53:33", "50", "False", "None", "139659,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:09", "1809984", "1.92.101.103:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "55990,c2,censys,cobalt strike", "0", "sojubear" "2026-05-10 18:42:06", "1809985", "51.49.154.73:28080", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-10 18:42:05", "1809986", "18.61.24.85:3260", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-10 18:42:04", "1809987", "15.152.97.87:2405", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-10 18:42:03", "1809988", "3.11.8.247:48294", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-10 18:42:02", "1809989", "49.228.131.165:2423", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "None", "133481,c2,censys,quasar", "0", "sojubear" "2026-05-10 18:42:01", "1809990", "13.53.214.62:2380", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-10 18:42:00", "1809999", "https://menangmulu.jp.net/", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://tria.ge/260508-es5w5agt7j", "exe,NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:41:59", "1810000", "https://www.menangmulu.jp.net/", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://tria.ge/260508-es5w5agt7j", "exe,NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:41:58", "1810013", "https://transactions-service.fr/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/transactions-service.fr", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:41:07", "1810046", "38.210.210.16:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "banker,brazilian-banker,dotnet,hetzner,mexico,sky_blackrock,skywalker", "0", "Lenny_3BO" "2026-05-10 18:41:05", "1810047", "65.109.55.181:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "banker,brazilian-banker,dotnet,hetzner,mexico,sky_blackrock,skywalker", "0", "Lenny_3BO" "2026-05-10 18:41:04", "1810048", "178.156.225.48:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "banker,brazilian-banker,dotnet,hetzner,mexico,sky_blackrock,skywalker", "0", "Lenny_3BO" "2026-05-10 18:40:59", "1810066", "http://8.218.254.115:9999/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,AS45102,supershell", "0", "antiphishorg" "2026-05-10 18:40:58", "1810067", "8.218.254.115:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "Alibaba (US) Technology Co. Ltd.,AS45102,supershell", "0", "antiphishorg" "2026-05-10 18:40:56", "1810247", "172.235.182.55:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:33:57", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:55", "1810246", "172.235.182.77:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:33:32", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:54", "1810245", "172.233.43.79:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:33:21", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:53", "1810244", "172.235.182.100:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:33:44", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:52", "1810243", "172.233.43.32:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:34:08", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:51", "1810240", "172.235.182.79:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:33:05", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:51", "1810241", "172.235.182.4:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:32:41", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:47", "1810238", "172.235.182.110:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:32:29", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:46", "1810237", "172.235.182.64:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:32:53", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:45", "1810236", "172.235.182.112:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 15:32:17", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:27", "1810257", "https://abkhajjandumrah.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/abkhajjandumrah.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:26", "1810258", "https://aaml.co.uk/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/aaml.co.uk", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:24", "1810265", "https://playgamesonline.in.net:54984", "url", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://www.capesandbox.com/analysis/65405/", "NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:40:20", "1810268", "http://144.48.124.90:5000/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:40:19", "1810269", "144.48.124.90:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:40:17", "1810290", "https://centraldepropaganda.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/centraldepropaganda.com.br", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:16", "1810289", "https://castlebridgeng.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/castlebridgeng.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:15", "1810288", "https://blumennorden.cl/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/blumennorden.cl", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:14", "1810272", "176.65.139.183:9506", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-05-10 18:40:10", "1810312", "https://engetrina.com.br/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/engetrina.com.br", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:09", "1810313", "https://eduagentic.ai/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/eduagentic.ai", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:08", "1810314", "https://drdservices.ca/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/drdservices.ca", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:40:07", "1810316", "193.221.201.244:33334", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "False", "https://x.com/K_N1kolenko/status/2049721442468585777", "redline", "0", "Silentium" "2026-05-10 18:40:02", "1810320", "172.235.166.249:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:40:29", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:01", "1810321", "172.239.233.188:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:38:35", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:40:00", "1810322", "172.233.44.73:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:40:41", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:58", "1810323", "172.239.233.203:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:40:05", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:57", "1810325", "172.233.61.175:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:38:11", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:56", "1810326", "172.233.61.189:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:39:52", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:55", "1810327", "172.239.233.162:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:40:18", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:54", "1810329", "172.233.49.140:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:39:41", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:53", "1810330", "172.235.166.230:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:38:22", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:51", "1810331", "7d7948005af45b2fbc59a20c266ffd70f584d0fba1a28e048bd9994ad9353bdb", "sha256_hash", "payload", "win.vshell", "None", "VShell", "", "90", "False", "None", "c2,loader,vshell", "0", "Lenny_3BO" "2026-05-10 18:39:50", "1810332", "http://43.142.51.69:8002", "url", "botnet_cc", "win.vshell", "None", "VShell", "", "90", "False", "None", "c2,loader,vshell", "0", "Lenny_3BO" "2026-05-10 18:39:49", "1810333", "43.142.51.69:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "90", "False", "None", "c2,loader,vshell", "0", "Lenny_3BO" "2026-05-10 18:39:48", "1810340", "172.233.45.171:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-10 18:37:58", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:47", "1810362", "https://gimarystore.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/gimarystore.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:46", "1810363", "https://forttis-courtage.ch/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/forttis-courtage.ch", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:45", "1810364", "https://www.gmi-industries.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/www.gmi-industries.com", "ClickFix", "0", "CarsonWilliams" "2026-05-10 18:39:34", "1809696", "donutsmpcheat.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:39:33", "1809692", "462da039980a8f166fbd27d15437fa093ab9c369ba13055d7fad90bf3b9d1627", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "50", "False", "https://app.any.run/tasks/76e24134-e54a-4eb1-a7c6-c0c0bc246708", "exe,NanoCore,RAT", "0", "cleanabuseweb" "2026-05-10 18:39:31", "1809680", "helper.zulipchat.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "49", "False", "https://www.cryptika.com/new-zichatbot-malware-uses-zulip-rest-apis-as-command-and-control-server/", "ZiChatBot", "0", "johannes" "2026-05-10 18:39:14", "1809573", "172.235.175.47:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:14:17", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:13", "1809571", "172.235.175.137:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:10:31", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:13", "1809572", "http://108.59.252.214/9290546939c94eebbdb2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2026-05-10 23:21:22", "100", "False", "None", "c2,loader,modo,StealC,stealer", "0", "Bitsight" "2026-05-10 18:39:09", "1809570", "172.235.175.121:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:10:24", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:08", "1809569", "172.233.46.84:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:10:56", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:07", "1809568", "172.235.175.103:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:11:32", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:05", "1809567", "172.235.175.67:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:14:29", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:04", "1809564", "172.235.175.53:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:11:20", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:03", "1809563", "172.235.175.62:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 15:10:07", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-10 18:39:01", "1809523", "https://www.paperrig.store/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "WeedHack", "0", "burger" "2026-05-10 18:39:01", "1809536", "cruch.online", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/de6469b14f8aa4f5dd95465b83dcaed70025aec980b1d7110b7a23b3e1d93ef8/", "c2", "0", "burger" "2026-05-10 18:39:01", "1809537", "178.208.87.109:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://bazaar.abuse.ch/sample/de6469b14f8aa4f5dd95465b83dcaed70025aec980b1d7110b7a23b3e1d93ef8/", "c2", "0", "burger" "2026-05-10 18:39:00", "1809520", "9be2cd1308cfbb403db283c6fa1ac0aa37cdbe301e3768804170420c4a3ae38b", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260501-fbdxraby4z", "eazfuscator,keylogger,nanocore,persistence,rat,spreader,stealer,vbnet", "0", "LucasADI" "2026-05-10 18:38:53", "1809511", "144.48.124.94:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:38:52", "1809510", "http://144.48.124.94:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:38:51", "1809508", "http://144.48.124.92:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:38:51", "1809509", "144.48.124.92:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS132839,POWER LINE DATACENTER,supershell", "0", "antiphishorg" "2026-05-10 18:20:55", "1810377", "mestizo.co.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/00e6af4b4e3df4c09673e4492483f3cec7bb27b4565bdd112973fb4952ad897c/", "quasar", "0", "abuse_ch" "2026-05-10 18:20:46", "1810376", "7mcn.cyou", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/00e6af4b4e3df4c09673e4492483f3cec7bb27b4565bdd112973fb4952ad897c/", "quasar", "0", "abuse_ch" "2026-05-10 18:05:49", "1810375", "situsslotqris.jp.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7aec4effc2510ab05eb930205f91c33d46a6272d1c305660cc593467c5e6f208/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:05:48", "1810374", "qh88sun.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7aec4effc2510ab05eb930205f91c33d46a6272d1c305660cc593467c5e6f208/", "asyncrat", "0", "abuse_ch" "2026-05-10 18:05:34", "1810373", "123b-jp.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7aec4effc2510ab05eb930205f91c33d46a6272d1c305660cc593467c5e6f208/", "asyncrat", "0", "abuse_ch" "2026-05-10 17:47:47", "1810372", "opsmgr.data-core-logic.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:47:54", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:46:21", "1810371", "extnetprox.devharbor.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:47:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 17:43:23", "1810370", "cpuprocessormgr.data-core-logic.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:43:26", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:41:51", "1810369", "pkgrunstat.devharbor.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:42:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 17:38:55", "1810368", "vpsrun.data-core-logic.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:38:59", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:37:25", "1810367", "modbusdata.devharbor.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:37:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 17:34:30", "1810366", "dnswebsrvs.data-core-logic.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:34:33", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:32:55", "1810365", "srcgetproc.devharbor.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:33:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 17:30:00", "1810361", "devbits.global-net-admin-service.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:30:07", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:27:48", "1810360", "ftpsrv.pixelmesh.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:28:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:23:24", "1810359", "libsyspathview.pixelmesh.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:24:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:21:07", "1810358", "api.global-net-admin-service.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:21:13", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:18:56", "1810357", "jobadm.pixelmesh.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:19:40", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:15:43", "1810356", "webcdnstat.global-net-admin-service.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:15:45", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:15:06", "1810355", "https://peoples-bridge.job-bank.co.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "2026-05-10 19:31:05", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-10 17:14:31", "1810354", "rawdatamapping.pixelmesh.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:14:37", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:11:17", "1810353", "srvnode.global-net-admin-service.wiki", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:11:22", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:10:06", "1810352", "zipark.pixelmesh.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:11:20", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:06:55", "1810351", "ftpsrv.framevector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:07:22", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 17:04:19", "1810350", "metaltscfgmgr.logicframe.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:07:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 17:01:08", "1810349", "libsyspathview.framevector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 17:01:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:56:36", "1810348", "apidocserv.logicframe.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:57:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:55:34", "1810347", "jobadm.framevector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:56:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:51:34", "1810346", "dbinst.logicframe.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:52:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:50:30", "1810345", "rawdatamapping.framevector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:51:31", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:46:00", "1810344", "skyvpnnodehub.logicframe.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:46:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:44:40", "1810343", "zipark.framevector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:46:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:39:41", "1810342", "cmdset.logicframe.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:40:06", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:39:18", "1810341", "metaltscfgmgr.systemforge.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:39:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:34:14", "1810339", "sshbin.cloudstack.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:36:27", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:34:03", "1810338", "apidocserv.systemforge.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:34:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:28:46", "1810337", "sslkeybasepoint.cloudstack.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:33:19", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:27:58", "1810336", "dbinst.systemforge.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:28:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:23:18", "1810335", "getcfghub.cloudstack.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:23:52", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:22:11", "1810334", "skyvpnnodehub.systemforge.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:23:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:17:45", "1810328", "ipnodeclisys.cloudstack.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:20:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:16:40", "1810324", "cmdset.systemforge.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:18:20", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 16:12:26", "1810319", "hotfix.cloudstack.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:16:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:11:19", "1810318", "sshbin.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:12:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 16:06:41", "1810315", "topsvc.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:07:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:51:18", "1810310", "run.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:52:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:50:12", "1810309", "fix.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:50:18", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:48:44", "1810308", "opsmgr.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:01:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:48:36", "1810307", "sslkeybasepoint.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:06:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:44:30", "1810306", "cpuprocessormgr.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:56:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 15:43:22", "1810305", "getcfghub.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 16:01:02", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:39:50", "1810304", "vpsrun.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:40:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:38:47", "1810303", "ipnodeclisys.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:55:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:34:28", "1810302", "hotfix.cryptowave.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:34:33", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:34:24", "1810301", "dnswebsrvs.bytevector.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:34:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 15:30:07", "1810300", "devbits.kernelshift.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:30:24", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:28:59", "1810299", "topsvc.datashift.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:30:04", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:24:39", "1810298", "logmanagementsys.kernelshift.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:24:56", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:24:32", "1810297", "opsmgr.datashift.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:24:38", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:20:10", "1810296", "api.kernelshift.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:21:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:20:05", "1810295", "cpuprocessormgr.datashift.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:20:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:13:42", "1810294", "webcdnstat.kernelshift.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:14:09", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 15:13:40", "1810293", "vpsrun.datashift.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:06:56", "1810292", "srvnode.kernelshift.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:08:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:06:48", "1810291", "dnswebsrvs.datashift.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:07:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 15:00:23", "1810287", "optirni-cast.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 15:00:45", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 14:58:23", "1810286", "devbits.stackpulse.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:58:36", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 14:53:40", "1810285", "civicvehicl.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:54:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:51:52", "1810284", "logmanagementsys.stackpulse.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:52:05", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 14:47:15", "1810283", "designdepot.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:47:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:44:41", "1810282", "api.stackpulse.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:45:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:41:02", "1810280", "vita-not.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:41:27", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 14:41:02", "1810281", "vita-not.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:38:11", "1810279", "webcdnstat.stackpulse.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:38:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:34:30", "1810278", "n0df7.kernelgrid.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:35:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:31:45", "1810277", "srvnode.stackpulse.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:32:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:27:38", "1810276", "dynmark0on.kernelgrid.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:32:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:21:37", "1810275", "sol-tideen.kernelgrid.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:21:58", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 14:16:06", "1810274", "businessland.io", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0aabc0bcec0c5a5d1f9c61dd2f6e31f2881cbcb4431597f6031e298379e1262c/", "nanocore", "0", "abuse_ch" "2026-05-10 14:14:35", "1810273", "v1si-sync.kernelgrid.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:16:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:07:56", "1810271", "2784kns.kernelgrid.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:08:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 14:01:28", "1810270", "2qjub.logicstack.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:02:19", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 13:56:03", "1810267", "macroloop.logicstack.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:56:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 13:51:59", "1810266", "njrwmhh.cyberframe.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 14:09:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:48:31", "1810264", "ftscfs.logicstack.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:49:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:45:35", "1810263", "m3rg0-sync.cyberframe.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:45:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 13:42:13", "1810262", "beartrend.logicstack.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:42:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 13:39:02", "1810261", "pipelinegrim.cyberframe.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:39:09", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 13:35:13", "1810260", "wamemd.logicstack.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:36:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:32:28", "1810259", "velmeshix.cyberframe.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:32:31", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 13:28:49", "1810256", "solnex3et.cybernode.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:30:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:25:38", "1810255", "tal-valeum.cyberframe.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:30:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:22:28", "1810254", "netvvork-hinge.cybernode.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:22:46", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 13:19:48", "1810253", "b4nne-hinge.kernelwave.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:15:31", "1810252", "swanresolver.cybernode.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:17:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:12:35", "1810251", "ancientshadow.kernelwave.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:13:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:08:42", "1810250", "networ2-forge.scriptmesh.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:10:27", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 13:06:27", "1810249", "vorcore2ix.kernelwave.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:12:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 13:02:16", "1810248", "traminve.cloudvector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:59:34", "1810242", "h04c.kernelwave.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 13:12:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:53:24", "1810239", "geo-illurne.cloudvector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:53:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:52:37", "1810235", "78fm.kernelwave.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:53:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:46:57", "1810234", "vvh3el-crest.cloudvector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:47:13", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:45:42", "1810233", "tracke-signal.cryptostack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:46:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:39:58", "1810232", "heathergent.cloudvector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:40:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:39:06", "1810231", "conv-wagon.cryptostack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:39:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:32:34", "1810230", "wlr33mz.cloudvector.ink", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:33:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:32:25", "1810229", "tre75.cryptostack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:36:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:29:19", "1810228", "7dml.netstack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:29:52", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:26:05", "1810227", "5md3.netstack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:26:40", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:23:24", "1810226", "thornbanner.cryptostack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:23:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 12:19:37", "1810225", "5ccj6.netstack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:19:50", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:16:21", "1810224", "trimark5ar.cryptostack.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:17:26", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:13:03", "1810223", "forefern.pixelnode.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:13:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:09:48", "1810222", "lkkgv50r.logicbyte.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:10:54", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:06:32", "1810221", "coreshield.pixelnode.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:07:08", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 12:04:11", "1810220", "hyper-c0ra.logicbyte.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:04:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 12:00:00", "1810219", "aghw.pixelnode.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:01:30", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:56:45", "1810218", "2t1ridv.logicbyte.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:00:27", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:53:31", "1810217", "vocalpro.pixelnode.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:56:30", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:50:18", "1810216", "curio-garde.logicbyte.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 12:00:09", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:47:00", "1810215", "dynven3um.pixelnode.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:47:58", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:43:45", "1810214", "vornexal5.logicbyte.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:45:52", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:42:52", "1810213", "quortideis.cloudmesh.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:44:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 11:37:12", "1810212", "northglyp.devmatrix.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:38:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:35:31", "1810211", "videosparrow.cloudmesh.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:36:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 11:30:39", "1810210", "offermedia.devmatrix.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:32:14", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:29:23", "1810209", "bay-loyal.cloudmesh.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:29:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 11:24:37", "1810208", "proto-s0uth.cloudmesh.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:25:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 11:24:03", "1810207", "woodcora.devmatrix.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:28:48", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:17:42", "1810206", "hyper-w4ve.cloudmesh.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:20:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:17:28", "1810205", "torrentlabel.devmatrix.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:17:42", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:16:15", "1810204", "protecttar.bytegrid.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:17:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 11:10:51", "1810203", "ht7sq.devmatrix.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:12:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 11:10:18", "1810202", "lfmfi.bytegrid.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:11:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 11:04:01", "1810201", "sercresta.mongofixcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:05:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 11:03:25", "1810200", "narr-isl.bytegrid.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:05:54", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 11:01:00", "1810199", "5pruce-hold.bytegrid.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 11:01:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:57:53", "1810198", "aligalpha.mongofixcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:58:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:54:31", "1810197", "dynmarkal.codeflux.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:54:59", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:51:00", "1810196", "kelven7or.mongofixcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:51:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:47:47", "1810195", "cryptovault.codeflux.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:48:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:45:37", "1810194", "142.171.172.100:17443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 22:45:13", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 10:45:13", "1810193", "api.apifox.top", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 22:44:49", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-10 10:44:24", "1810192", "pway7.mongofixcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:44:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:41:32", "1810191", "zirviss9.codeflux.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:41:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:37:48", "1810190", "5tone-mesh.mongofixcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:38:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:34:49", "1810189", "queu-scan.codeflux.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:35:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:31:21", "1810188", "gentletide.setqueueat.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:32:00", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:28:38", "1810187", "lvbj1i51.codeflux.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:29:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:25:03", "1810184", "bloom7-hinge.setqueueat.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:25:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:21:57", "1810183", "shipdem.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:22:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:20:28", "1810182", "perspectives-family.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/206d7631a04e49e9536eb6249293651c76c8911dfc08cd33dff8df887344e7c2/", "nanocore", "0", "abuse_ch" "2026-05-10 10:18:13", "1810181", "si1e-branch.setqueueat.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:18:54", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:15:10", "1810180", "script1-gate.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:15:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:11:59", "1810179", "oakbalancer.setqueueat.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:12:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 10:08:46", "1810178", "boosmars.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:10:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 10:05:47", "1810177", "anchorfreigh.setqueueat.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:06:13", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 10:02:00", "1810176", "98ykbe5.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 10:02:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:59:13", "1810175", "solspireex3.queuedimsys.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:59:33", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:55:32", "1810174", "quer-graph.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:56:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:52:39", "1810173", "assetprotect.queuedimsys.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:52:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:49:28", "1810172", "r3age8-index.lipshellcore.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:50:04", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:45:23", "1810171", "sub-vit4.queuedimsys.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:47:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:44:56", "1810170", "57.158.27.132:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-05-10 22:44:35", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-05-10 09:44:39", "1810169", "43.133.149.36:18080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:44:21", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:50", "1810168", "207.56.2.25:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:43:42", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:47", "1810167", "198.23.185.234:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 09:43:45", "1810166", "194.26.192.229:50", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-10 09:43:41", "1810165", "192.159.99.183:8080", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-10 22:43:35", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-10 09:43:33", "1810164", "179.43.134.189:9968", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-10 22:43:27", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-10 09:43:31", "1810163", "175.27.164.136:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:43:26", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-10 09:43:27", "1810162", "172.245.152.57:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-05-10 22:43:23", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-05-10 09:42:29", "1810161", "casual-trail.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:43:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 09:36:37", "1810160", "arktide8ex.queuedimsys.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:37:09", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 09:35:47", "1810159", "warmhar.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:37:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:29:43", "1810158", "209id.queuedimsys.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:30:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:29:25", "1810157", "not1fie-mesh.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:34:17", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:23:51", "1810156", "rainstudio.userssawtone.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:24:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:22:42", "1810155", "bandwid-route.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:23:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:16:31", "1810154", "talnex5on.userssawtone.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:17:37", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:16:24", "1810152", "granitebroad.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:16:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:16:24", "1810153", "granitebroad.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:10:05", "1810151", "gxyuad.userssawtone.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:11:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 09:09:36", "1810150", "tide6-well.mixzipcore64.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:09:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 09:03:27", "1810149", "mervaleet.userssawtone.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:04:33", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 09:03:16", "1810148", "cry5t4-stream.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 09:03:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:57:13", "1810147", "gr1m-mark.userssawtone.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:57:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:56:42", "1810146", "quormark2et.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:57:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 08:49:49", "1810145", "channe-grid.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:50:54", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:47:00", "1810144", "optwebnode.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:47:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:44:23", "1810143", "5pr0-span.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:44:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 08:40:25", "1810142", "usrgrpstat.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:41:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:36:48", "1810141", "banb3.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:38:01", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:34:25", "1810140", "vmlistview.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:35:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:30:18", "1810139", "honestshape.wetshardauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:30:38", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:27:49", "1810138", "sshproserv.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:28:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:23:48", "1810137", "vel-fluxix.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:24:54", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:20:32", "1810136", "tcpconpath.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:21:37", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:17:17", "1810135", "sens-ring.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:18:16", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:14:00", "1810134", "netmanproc.softnetworkset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:15:07", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:10:43", "1810133", "gey5-reach.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:11:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:07:31", "1810132", "syskeypath.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:07:43", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 08:04:07", "1810131", "hz1v.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:09:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 08:01:00", "1810130", "webdocserv.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 08:01:22", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:57:37", "1810129", "sermesh7um.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:58:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:54:29", "1810128", "appsrchcli.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:54:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:52:22", "1810127", "ujkj.didoprotecauth.lat", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:56:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:49:04", "1810126", "logbinnode.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:50:18", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:46:55", "1810125", "xml.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:46:57", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:43:32", "1810124", "apiopsstat.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:44:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:41:26", "1810123", "proc.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:41:30", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:38:23", "1810122", "gitlabhubs.logicstackhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:38:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:35:49", "1810121", "proxysserv.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:36:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:30:03", "1810120", "tmpdirsetsys.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:31:08", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:29:54", "1810119", "lanhoppath.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:30:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:24:34", "1810118", "sshbin.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:24:38", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:24:12", "1810117", "subclidata.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:24:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 07:18:32", "1810116", "bitkitmaps.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:18:46", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 07:13:20", "1810115", "getcfghub.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:13:24", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:12:13", "1810114", "envsetproc.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:13:20", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:06:51", "1810113", "ipnodeclisys.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:07:55", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:06:43", "1810112", "doclabutil.infrapointbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:07:16", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:01:24", "1810111", "hotfix.webdatapoint.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:01:27", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 07:01:00", "1810110", "syncitnode.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 07:01:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 06:54:48", "1810109", "ioflowpath.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:56:04", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:49:12", "1810108", "taskidview.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:49:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 06:43:31", "1810107", "comwebstat.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:44:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 06:37:21", "1810106", "refidcorex.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:38:41", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:31:51", "1810105", "autboxserv.cloudprocmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:33:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:25:52", "1810104", "domregutil.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:27:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 06:20:58", "1810103", "׏}", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:19:51", "1810102", "pwrlogview.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:21:12", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:14:45", "1810101", "extnetprox.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:15:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 06:08:27", "1810100", "pkgrunstat.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:09:52", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 06:02:37", "1810099", "modbusdata.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:03:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 05:57:08", "1810098", "srcgetproc.datalinkservice.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:57:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 05:50:55", "1810097", "uidmapbits.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:51:13", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:44:22", "1810096", "ftpsrvnode.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:46:55", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:38:53", "1810095", "libsyspath.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:39:22", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:33:25", "1810094", "jobadmmgrs.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:34:46", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:27:56", "1810093", "rawdatamap.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:28:38", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:22:31", "1810092", "ziparkview.webstackengine.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:23:40", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 05:16:44", "1810091", "osbasesyst.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:17:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 05:15:46", "1810089", "hm88athen.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/81217e658ac13b1a180f23b6da3b01c072956d509e4a5b77f9b73db50e34cae7/", "asyncrat", "0", "abuse_ch" "2026-05-10 05:15:46", "1810090", "jogoforuma.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/81217e658ac13b1a180f23b6da3b01c072956d509e4a5b77f9b73db50e34cae7/", "asyncrat", "0", "abuse_ch" "2026-05-10 05:11:10", "1810088", "metaltscfg.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:11:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 05:06:05", "1810087", "apidocserv.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:06:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 05:00:19", "1810086", "dbinstlist.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:00:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 04:55:07", "1810085", "skyvpnnode.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:55:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 04:48:45", "1810084", "cmdsetproc.nodesystemcore.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:49:37", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:43:15", "1810083", "tmpdirsets.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:44:35", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:37:53", "1810082", "syslink.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:56:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:37:08", "1810081", "sshbinpath.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:40:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 04:29:40", "1810080", "cmd.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:50:31", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 04:29:09", "1810079", "sslkeybase.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:30:39", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:23:48", "1810078", "metaviewhub.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:44:49", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:23:31", "1810077", "getcfghubs.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:23:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 04:18:20", "1810076", "sync.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:38:32", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:18:00", "1810075", "ipnodeclis.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:18:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 04:15:05", "1810074", "https://eltahdamexploration.com/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-10 04:12:54", "1810073", "flowmaster.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:34:36", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:11:47", "1810072", "hotfixpack.techopsruntime.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:12:22", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:06:50", "1810071", "cloud.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:31:47", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 04:06:13", "1810070", "bitfoxcore.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:07:05", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 04:01:24", "1810069", "bitfoxcoreunit.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 04:00:32", "1810068", "topsvcutil.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:00:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 03:55:20", "1810065", "topsvc.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:17:24", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 03:54:14", "1810064", "opsmgrsvcs.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:55:34", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:48:52", "1810063", "opsmgr.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:14:26", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:48:17", "1810062", "cpuprosmgr.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:48:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 03:43:28", "1810061", "cpuprocessormgr.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 06:03:05", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:42:44", "1810060", "vpsrunproc.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:44:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 03:40:31", "1810059", "hm888.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/846a2e3a606c07e5497cda85364879b8ff31009a4526d75a7d1ab0d06c71b948/", "asyncrat", "0", "abuse_ch" "2026-05-10 03:37:46", "1810058", "vpsrun.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:57:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 03:36:45", "1810057", "dnswebsrvs.coderworkflow.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:37:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 03:31:28", "1810056", "dnswebsrvs.cloudflowops.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:56:29", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:31:21", "1810055", "appboxdata.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:32:09", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:26:02", "1810054", "xmlbase.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:47:36", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:24:55", "1810053", "devbitscfg.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:25:16", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:19:37", "1810052", "git.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:44:30", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:19:30", "1810051", "logviewsys.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:22:10", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:14:09", "1810050", "proxyservmgr.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:35:46", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:13:57", "1810049", "netapiprot.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:18:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 03:08:13", "1810044", "net.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:29:09", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 03:07:34", "1810037", "webcdnstat.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:08:31", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 03:02:09", "1810036", "vpsentry.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:28:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 03:02:03", "1810035", "srvnodehub.devlogicmaster.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 03:02:33", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:56:47", "1810034", "corestack.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:18:16", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:56:31", "1810033", "gitlabhubs.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:57:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:51:11", "1810032", "appboxdatacent.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:11:44", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:50:04", "1810031", "apiopsstat.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:55:06", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:44:42", "1810030", "logbinnode.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:45:00", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:44:33", "1810029", "devbits.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:06:36", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:39:13", "1810028", "appsrchcli.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:40:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:39:08", "1810027", "logmanagementsys.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 05:01:26", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:33:43", "1810026", "webdocserv.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:34:53", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:33:03", "1810025", "api.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:55:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 02:28:19", "1810024", "syskeypath.coderlogicbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:29:13", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:28:11", "1810023", "webcdnstat.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:50:42", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:22:46", "1810022", "srvnode.netlogicstack.co", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 04:47:34", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:22:27", "1810021", "netmanproc.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:23:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:21:36", "1810020", "proxys.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:22:10", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:17:18", "1810019", "tcpconpath.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:17:47", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 02:16:08", "1810018", "lanhoppathsys.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:16:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:11:21", "1810017", "sshproserv.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:11:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:10:38", "1810016", "subcli.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:10:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 02:05:45", "1810015", "vmlistview.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:08:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 02:05:08", "1810014", "bitkitmapsmgr.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:05:31", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 02:00:16", "1810012", "usrgrpstat.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:05:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:59:37", "1810011", "envset.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 02:00:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 01:54:16", "1810010", "optwebnode.infraworkspace.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:55:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:53:33", "1810009", "doclabutil.infrasettopview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:55:18", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:49:08", "1810008", "proxysserv.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:49:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:47:05", "1810007", "syncitnodesys.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:47:49", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:43:47", "1810006", "lanhoppath.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:44:20", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:41:33", "1810005", "ioflow.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:41:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 01:38:09", "1810004", "subclidata.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:38:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:36:14", "1810003", "taskidviewhub.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:36:42", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:31:56", "1810002", "bitkitmaps.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:33:01", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:30:39", "1810001", "comweb.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:31:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:26:25", "1809998", "envsetproc.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:27:43", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:25:11", "1809997", "refidcorex.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:25:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 01:20:58", "1809996", "doclabutil.openapiservicex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:24:42", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:19:36", "1809995", "autbox.globtechnodebase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:20:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:15:31", "1809994", "syncitnode.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:15:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:13:53", "1809993", "domreg.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:14:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 01:10:05", "1809992", "ioflowpath.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:10:43", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 01:08:20", "1809991", "pwrlogviewsys.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:09:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:04:57", "1809979", "taskidview.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:06:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 01:03:12", "1809978", "extnet.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:03:31", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 00:58:25", "1809977", "comwebstat.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 01:03:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:57:41", "1809976", "pkgrunstatlog.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:57:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-10 00:52:43", "1809975", "refidcorex.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:53:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:52:25", "1809974", "modbus.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:52:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:47:13", "1809973", "autboxserv.fastnetgatehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:48:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:46:55", "1809972", "srcgetproc.openapiservicedata.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:49:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:41:38", "1809971", "domregutil.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:42:12", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 00:38:47", "1809970", "uidmapbitsys.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:39:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:36:43", "1809969", "pwrlogview.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:37:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:32:59", "1809968", "ftpsrv.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:34:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:30:36", "1809967", "extnetprox.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:31:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:27:40", "1809966", "libsyspathview.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:27:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:25:07", "1809965", "pkgrunstat.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:25:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:21:56", "1809964", "jobadm.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:23:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:20:06", "1809963", "modbusdata.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:20:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:16:56", "1809962", "rawdatamapping.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:18:50", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 00:13:44", "1809961", "srcgetproc.systemcoreunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:14:49", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 00:11:23", "1809960", "zipark.fastnetgateview.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:16:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:08:19", "1809959", "uidmapbits.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:09:26", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-10 00:05:24", "1809958", "osbase.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:06:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-10 00:03:14", "1809957", "ftpsrvnode.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:04:16", "100", "False", "None", "10May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:59:59", "1809956", "metaltscfgmgr.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-10 00:00:20", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:57:24", "1809955", "libsyspath.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:57:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 23:54:32", "1809954", "apidocserv.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:54:40", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:51:56", "1809953", "jobadmmgrs.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:53:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:49:01", "1809952", "dbinst.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:49:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:47:28", "1809951", "isobougie.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-05-09 23:46:34", "1809950", "rawdatamap.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:46:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 23:41:01", "1809863", "skyvpnnodehub.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:41:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 23:40:25", "1809862", "ziparkview.datalinkcenter.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:42:00", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:35:04", "1809861", "cmdset.systemcorelinkx.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:35:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 23:34:58", "1809860", "osbasesyst.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:35:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:29:31", "1809859", "tmpdirsetsys.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:30:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:28:56", "1809858", "metaltscfg.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:29:27", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:23:25", "1809857", "sshbin.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:23:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:23:20", "1809856", "apidocserv.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:25:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 23:18:06", "1809855", "sslkeybasepoint.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:18:30", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:16:59", "1809854", "dbinstlist.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:22:08", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:11:38", "1809853", "getcfghub.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:12:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:11:31", "1809852", "skyvpnnode.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:11:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:06:11", "1809851", "ipnodeclisys.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:06:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:06:01", "1809850", "cmdsetproc.cloudstackproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:06:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 23:00:42", "1809849", "hotfix.cloudstacklogic.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:03:43", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:59:30", "1809848", "tmpdirsets.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 23:03:32", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:54:14", "1809846", "bitfoxcoreunit.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:54:58", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:53:24", "1809845", "sshbinpath.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:54:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:48:33", "1809844", "topsvc.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:50:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:47:36", "1809843", "sslkeybase.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:49:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:42:09", "1809842", "opsmgr.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:47:00", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:41:45", "1809841", "getcfghubs.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:42:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:36:40", "1809840", "cpuprocessormgr.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:37:06", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:36:27", "1809839", "ipnodeclis.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:39:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:31:07", "1809838", "vpsrun.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:31:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:29:58", "1809837", "hotfixpack.webcfgmanager.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:35:16", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:24:37", "1809836", "dnswebsrvs.webdataprocunit.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:25:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:24:18", "1809835", "bitfoxcore.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:25:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:19:10", "1809834", "appboxdatacent.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:19:33", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:18:36", "1809833", "topsvcutil.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:19:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:13:02", "1809832", "devbits.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:13:42", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 22:12:53", "1809831", "opsmgrsvcs.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:13:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:07:29", "1809830", "logmanagementsys.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:08:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:06:53", "1809829", "cpuprosmgr.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:07:24", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 22:01:25", "1809822", "api.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:02:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 22:01:04", "1809821", "vpsrunproc.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 22:01:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:55:37", "1809815", "webcdnstat.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:56:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:55:10", "1809814", "dnswebsrvs.technodesupply.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:56:07", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:49:46", "1809813", "srvnode.netinfrahubsys.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:50:32", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:49:21", "1809812", "appboxdata.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:52:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:44:07", "1809811", "main.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:44:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 21:43:49", "1809810", "devbitscfg.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:48:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:38:30", "1809809", "api.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:39:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:37:43", "1809808", "logviewsys.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:39:02", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:32:21", "1809807", "web.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:33:24", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:31:52", "1809806", "netapiprot.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:32:54", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:26:33", "1809805", "run.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:27:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:26:28", "1809804", "webcdnstat.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:27:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:22:15", "1809803", "tech.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:22:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:21:14", "1809802", "srvnodehub.globalnetviewer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:24:17", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:15:57", "1809801", "code.coderlaptechnical.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:17:29", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:13:37", "1809800", "cache.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:14:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:11:26", "1809799", "core.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:14:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 21:08:50", "1809798", "out.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:09:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 21:04:32", "1809797", "base.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:04:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 21:04:22", "1809796", "flush.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:04:45", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 21:00:20", "1809795", "setup.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:00:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:59:36", "1809794", "sync.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 21:00:11", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:55:19", "1809793", "net.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:56:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:55:06", "1809792", "io.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:55:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 20:50:52", "1809791", "sys.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:51:31", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:50:24", "1809790", "get.flushgot.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:51:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:46:24", "1809789", "infra.infrastructurerun.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:47:00", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 20:45:52", "1809788", "io.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:47:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:44:40", "1809787", "39nasm720z98q.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 22:44:48", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-09 20:42:02", "1809786", "dns.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:42:47", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:41:15", "1809785", "car.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:41:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:37:38", "1809784", "map.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:38:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:36:50", "1809783", "bus.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:37:36", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:32:44", "1809782", "hub.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:33:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:32:31", "1809781", "proc.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:32:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:28:10", "1809780", "view.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:28:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:27:38", "1809779", "chip.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:28:02", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:23:50", "1809778", "node.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:24:25", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 20:23:12", "1809777", "cpu.intelcar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:24:26", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:22:54", "1809776", "6uifuv9c.radio-legitdown.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-09 20:21:55", "1809775", "mrtaesh2.radio-legitdown.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:22:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:20:53", "1809774", "mel2vrax.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:20:58", "100", "False", "None", "9May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-09 20:19:16", "1809773", "glob.globalnodeviewset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:20:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:18:32", "1809772", "box.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:19:10", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:18:12", "1809771", "sinhvienstore.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-05-09 20:14:08", "1809770", "call.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:16:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:14:01", "1809769", "mx.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:09:13", "1809768", "json.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:09:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 20:08:25", "1809767", "imap.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:09:24", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:04:06", "1809766", "rest.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:04:44", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 20:03:58", "1809765", "pop.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:05:38", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:59:14", "1809764", "serv.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 20:00:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:59:02", "1809763", "smtp.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:59:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:54:51", "1809762", "open.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:56:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:54:02", "1809761", "mail.mailban.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:54:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:49:35", "1809760", "api.openapiservicehub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:50:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:49:25", "1809759", "next.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:50:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:44:46", "1809758", "82.25.35.113:2177", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-05-10 22:44:41", "75", "False", "None", "DCRat,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:44:41", "1809757", "path.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:45:47", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:44:38", "1809756", "5.180.46.180:2030", "ip:port", "botnet_cc", "elf.evilginx", "None", "Evilginx", "2026-05-10 22:44:33", "75", "False", "None", "drb-ra,Evilginx,EvilGoPhish", "0", "abuse_ch" "2026-05-09 19:44:34", "1809755", "flow.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:45:22", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:43:46", "1809754", "213.130.25.141:44333", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-05-10 22:43:44", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch" "2026-05-09 19:43:41", "1809753", "198.167.212.165:73", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:39", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:40", "1809751", "194.26.192.229:100", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:40", "1809752", "194.26.192.229:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-05-10 22:43:37", "75", "False", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2026-05-09 19:43:24", "1809750", "168.144.89.48:8443", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-05-10 22:43:22", "75", "False", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2026-05-09 19:43:23", "1809749", "167.99.151.149:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-05-10 22:43:22", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-05-09 19:43:13", "1809747", "138.9.223.13:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-10 22:43:12", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-09 19:43:13", "1809748", "138.9.41.254:8015", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-05-10 22:43:13", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2026-05-09 19:40:15", "1809746", "url.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:40:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:40:09", "1809745", "back.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:40:40", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:35:48", "1809744", "run.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:37:40", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:35:10", "1809743", "cycle.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:37:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:30:24", "1809742", "base.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:30:35", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:30:06", "1809741", "loop.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:30:23", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:26:00", "1809740", "link.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:27:37", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:24:53", "1809739", "rim.looprim.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:25:35", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:19:30", "1809738", "tab.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:19:52", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:18:05", "1809737", "fast.fastlinkprovider.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:18:25", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:14:56", "1809736", "key.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:15:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:13:49", "1809735", "json.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:14:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:10:01", "1809734", "idx.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:10:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 19:09:27", "1809733", "xml.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:09:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:05:11", "1809732", "dbms.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:06:17", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 19:04:59", "1809731", "base.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:05:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 19:00:47", "1809730", "lock.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:01:01", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:59:26", "1809729", "proc.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 19:00:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:56:16", "1809728", "row.rowlocks.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:57:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:54:51", "1809727", "data.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:54:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:51:54", "1809726", "val.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:52:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:50:28", "1809725", "web.webdataprocess.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:50:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:47:19", "1809724", "test.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:48:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:45:54", "1809723", "proc.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:46:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:43:06", "1809722", "main.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:43:40", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:40:53", "1809721", "main.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:41:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:38:18", "1809720", "proc.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:39:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:36:14", "1809719", "logic.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:37:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:34:14", "1809718", "list.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:34:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:31:35", "1809717", "core.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:32:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:29:44", "1809710", "arg.argsleg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:30:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:27:21", "1809709", "log.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:27:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:24:23", "1809708", "path.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:25:26", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:22:44", "1809703", "sys.systemlogicops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:23:15", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 18:19:56", "1809695", "core.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:20:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:18:39", "1809694", "link.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:20:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 18:15:29", "1809693", "node.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:15:53", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:13:17", "1809691", "edge.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:17:18", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:11:03", "1809690", "meta.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:11:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:06:45", "1809689", "cloud.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:07:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 18:06:37", "1809688", "run.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:07:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:58:31", "1809687", "proxy.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 18:00:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:57:58", "1809686", "fld.fielddie.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:58:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:53:53", "1809685", "host.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:54:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:52:47", "1809684", "xml.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:55:06", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:49:30", "1809683", "cdn.cloudproxyserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:49:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:48:20", "1809682", "set.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:51:27", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:44:56", "1809681", "sync.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:45:24", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:41:41", "1809679", "sys.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:41:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:39:32", "1809678", "layer.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:41:12", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:37:18", "1809677", "vps.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:38:09", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:35:07", "1809676", "ipv.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:36:03", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:32:46", "1809675", "base.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:34:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:30:41", "1809674", "stack.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:31:46", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:28:13", "1809673", "doc.docsbed.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:29:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:26:15", "1809672", "tcp.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:27:04", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:23:36", "1809671", "data.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:24:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 17:21:38", "1809670", "net.networkstackmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:22:17", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 17:18:12", "1809669", "hub.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:18:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:16:57", "1809668", "git.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:17:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:13:45", "1809667", "info.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:14:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:12:25", "1809666", "dev.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:13:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:09:21", "1809665", "cdn.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:09:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:08:09", "1809664", "logs.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:08:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 17:04:37", "1809663", "web.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:05:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 17:03:44", "1809662", "api.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:04:10", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:59:51", "1809661", "txt.textits.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 17:00:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:58:53", "1809660", "bin.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:59:19", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 16:55:36", "1809659", "u88o.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/6591fffaa8da18ce4d83b3f63b1382b35d28d899c1d691ecaad00cd838e72e96/", "nanocore", "0", "abuse_ch" "2026-05-09 16:55:29", "1809658", "git.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:56:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:51:32", "1809657", "srv.serverdatahub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:56:13", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:50:39", "1809656", "u888co.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/a1ca02180a356786ddd54955faff2f5b0193321cde73014511058dea28ee28a9/", "nanocore", "0", "abuse_ch" "2026-05-09 16:50:03", "1809654", "dev.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:50:27", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 16:50:03", "1809655", "5.102.97.149:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-05-09 16:45:44", "1809653", "pal3t0-gate.stormgrid-media.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:46:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:44:10", "1809652", "logs.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:45:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:40:45", "1809651", "mtkhx.stormgrid-media.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:40:34", "1809650", "1u888com.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/a2900dc080580e42d966628820b43de46f74397d89187b3072a2d8f9a0c93ba5/", "nanocore", "0", "abuse_ch" "2026-05-09 16:39:09", "1809649", "api.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:39:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:34:32", "1809648", "dawncrest.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:35:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:33:45", "1809647", "bin.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:34:22", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:29:24", "1809646", "711zam.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:31:07", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:27:46", "1809645", "srv.coderlap.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:29:27", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 16:23:52", "1809644", "0xqme.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:26:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:18:30", "1809643", "oyrmhd1i.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:18:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:15:33", "1809642", "j88t2.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/cc6f82015fc2e26a65da84db2dc0e41cc63f5ca735150a5ad55b9f474f0673f3/", "nanocore", "0", "abuse_ch" "2026-05-09 16:12:49", "1809641", "nimbtimber.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:13:11", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:11:59", "1809640", "ion-rich.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:13:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:07:24", "1809639", "binarymode.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:07:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 16:06:17", "1809638", "major-pur.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:06:50", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:00:53", "1809637", "te5t-hinge.vexa2-flow.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:01:28", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 16:00:39", "1809636", "nimbleshoal.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 16:01:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:55:08", "1809635", "target1-loop.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:55:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:55:02", "1809634", "quorlithix3.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:55:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:49:20", "1809633", "arkcoreos4.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:49:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:48:47", "1809632", "quooasis.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:50:19", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:43:26", "1809631", "utf28.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:44:32", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:43:18", "1809630", "klhadsd.adi8hesplayer.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:44:07", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:38:05", "1809629", "vrml.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:38:12", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 15:37:49", "1809628", "92vm44.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:38:20", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:32:00", "1809627", "5dc3.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:32:41", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 15:31:19", "1809626", "llm325.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:32:26", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:26:08", "1809625", "twdhpaua.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:27:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:25:50", "1809624", "harvestultr.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:28:34", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:19:57", "1809623", "wildmemory.frostmirelens.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:23:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:18:13", "1809622", "d35ign4-vault.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:18:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:12:52", "1809621", "compi-canva.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:13:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:12:26", "1809620", "pipelin6-crest.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:12:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 15:07:26", "1809619", "xmbf.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:07:52", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:07:18", "1809618", "canvas-port.qu2ntitative-tenero.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:08:02", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:01:55", "1809617", "reagentshield.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:03:03", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 15:01:48", "1809616", "dynamicregi.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 15:02:08", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:56:27", "1809615", "3xtend7-node.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:56:28", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 14:56:21", "1809614", "manifestvita.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:59:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:49:10", "1809613", "loaddesign.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:49:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:48:11", "1809612", "6sluw.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:48:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:43:16", "1809611", "ubiywot.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:43:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:42:41", "1809610", "tzqmbji.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:43:57", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:37:36", "1809609", "emberpetal.zen-5lora.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:38:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:37:13", "1809608", "ulks.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:38:00", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:32:42", "1809607", "quor-meshos.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:33:18", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:31:44", "1809606", "truepartner.great-insue.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:32:33", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:26:24", "1809605", "cppzbrx.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:27:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:26:16", "1809604", "azwxo.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:26:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 14:21:05", "1809603", "zfjlna0p.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:21:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 14:20:53", "1809602", "proto-qu4rr.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:23:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:15:43", "1809601", "jcko.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:16:39", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:15:31", "1809600", "deepion.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:20:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:09:53", "1809599", "tran5m0-phase.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:10:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:09:43", "1809598", "covcalm.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:10:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:04:30", "1809597", "kelnexet4.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:05:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 14:03:49", "1809596", "v0cal-hold.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 14:04:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 14:00:53", "1809595", "https://milnleny.cyou", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/80d0658fe84de7066bd8115804e75c6ac5aa7562fbcd3321e21f6c609a596448/", "lumma", "0", "abuse_ch" "2026-05-09 13:58:49", "1809594", "crawlerhidden.qorivault.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:59:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:58:36", "1809593", "cell1-line.narrownessoutri8ht.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:59:04", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 13:53:22", "1809592", "trimarkex6.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:54:20", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:53:15", "1809591", "352xm1.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:53:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:48:04", "1809590", "rur4-vector.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:48:49", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:47:02", "1809589", "organideman.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:47:54", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:42:41", "1809588", "z07gqmv.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:43:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:41:31", "1809587", "u8813.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:42:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:36:37", "1809586", "falconnorth.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:37:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:36:03", "1809585", "stri7-leaf.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:37:19", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:31:45", "1809583", "velvetstream.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:32:14", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:30:37", "1809582", "alt-cu1ture.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:34:27", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:26:31", "1809581", "syncdusk.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:27:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 13:23:00", "1809580", "spesurv.biograph-discoball.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:25:21", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:19:48", "1809579", "tallithix9.mirelax9.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:21:13", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:17:32", "1809578", "80ro65f.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:18:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:14:23", "1809577", "u1tr6-drive.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:14:58", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:11:55", "1809576", "drivescrip.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:13:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:08:55", "1809575", "mjgbgt.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:09:05", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:06:15", "1809574", "kbyoix.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:07:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 13:01:17", "1809566", "clusterend.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:05:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 13:01:03", "1809565", "bindspru.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 13:01:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 12:54:48", "1809562", "quorven5a.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:56:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:54:40", "1809561", "arkcrestex1.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:55:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:49:35", "1809560", "jjn76gwl.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:54:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:49:27", "1809559", "dynnex9os.div0rceskis5ing.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:49:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:43:30", "1809558", "ve5j.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:44:10", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:43:23", "1809557", "qxaeex.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:43:44", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 12:37:27", "1809556", "lum-forgeon.3lunavex.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:38:14", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:37:02", "1809555", "stilabel.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:37:44", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:33:11", "1809554", "fetestjs.beer", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "None", "ClickFix", "0", "threatcat_ch" "2026-05-09 12:31:40", "1809553", "oasis1-span.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:31:55", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:31:33", "1809552", "microb3-layer.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:33:13", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:26:13", "1809551", "p1ne-track.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:26:47", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:25:22", "1809550", "cl1n0-mark.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:26:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:20:40", "1809549", "brook-mesh.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:22:19", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:19:32", "1809548", "hill-forge.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:21:26", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:17:09", "1809547", "213.177.179.94:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "SocGholish", "0", "threatcat_ch" "2026-05-09 12:17:07", "1809546", "api.yuretemelo.com", "domain", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "SocGholish", "0", "threatcat_ch" "2026-05-09 12:14:33", "1809545", "zenline1al.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:18:55", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:14:02", "1809544", "iyneagxn.cloak-custody.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:18:30", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:08:37", "1809543", "zenlineon3.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:08:59", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:08:30", "1809542", "layoutoptics.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:08:51", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 12:03:01", "1809541", "ultra-r3c0r.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:03:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 12:01:59", "1809540", "zenline2ar.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 12:03:13", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 11:56:36", "1809539", "cqrsjc6.pixel-harbor.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:57:03", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 11:56:30", "1809538", "suddenhar.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:58:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 11:43:16", "1809535", "laye-zone.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:43:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 11:42:52", "1809534", "r26pytag.ama1gamb1ast.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "clearfake", "1", "ttakvam" "2026-05-09 11:42:26", "1809533", "vel-tideal.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:42:54", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 11:41:51", "1809532", "8407yzrd.ama1gamb1ast.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:42:23", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 11:31:27", "1809531", "buffervoice.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:31:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 11:31:18", "1809530", "sol-venor.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:32:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 11:19:44", "1809529", "optic-ivor.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:21:03", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 11:19:36", "1809528", "taltideis8.currencysn0ut.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:24:15", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 11:07:48", "1809527", "fundverify.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:09:03", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 11:07:42", "1809526", "sub-wo1f.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 11:08:24", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 10:55:54", "1809525", "voicemacro.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:56:22", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 10:55:35", "1809524", "pal3t8-loop.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:56:38", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 10:44:10", "1809522", "03f7.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:47:37", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 10:44:02", "1809521", "voyagefroz.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:47:23", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 10:32:21", "1809519", "fcbxn.nova7frame.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:32:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 10:31:56", "1809518", "gene-track.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:32:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 10:20:17", "1809517", "74l3it.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:25:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 10:19:34", "1809516", "3e30omav.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:20:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 10:16:31", "1809515", "98yn.messy-zamai.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:17:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 10:12:35", "1809514", "meta-1nspect.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:12:57", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 10:05:28", "1809513", "steri-data.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:05:38", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 10:01:11", "1809512", "67b0njwj.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 10:06:20", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:53:41", "1809507", "wildmerg.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:54:23", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:49:22", "1809506", "iscx3.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:50:31", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:46:05", "1809505", "sorix8el.digital", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:46:10", "100", "False", "None", "9May2026,ClearFake,Commandline,MacOS", "0", "Gi7w0rm" "2026-05-09 09:41:46", "1809504", "fox-glow.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:41:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 09:40:38", "1809503", "j88vm.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/d4e6409a8cb4c6fee2be053a96b5d999357100545b580d459dd7ddde9f7de329/", "nanocore", "0", "abuse_ch" "2026-05-09 09:37:33", "1809502", "geo-gu1d3.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:39:16", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:30:05", "1809501", "fllegi2j.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:31:11", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:26:46", "1809500", "mramn.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:27:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:18:41", "1809499", "9rtfhxav.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:19:21", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 09:14:58", "1809498", "mercore7is.velorix.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:15:36", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 09:07:38", "1809497", "memory-tone.nanovo5kull.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 09:03:16", "1809496", "dsff.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 09:03:44", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 08:55:27", "1809495", "sshpro.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:56:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 08:44:05", "1809494", "tcp.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:45:34", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 08:32:19", "1809493", "netman.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:32:58", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 08:30:16", "1809492", "git.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:35:11", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 08:20:35", "1809491", "sys.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:21:40", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 08:19:02", "1809490", "ops.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:19:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 08:09:26", "1809489", "webdoc.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:09:52", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 08:07:24", "1809488", "bin.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:07:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 08:03:47", "1809487", "app.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:04:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 08:02:04", "1809486", "cli.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 08:02:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:58:13", "1809485", "logbin.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:58:55", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:56:10", "1809484", "win.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:56:39", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:52:47", "1809483", "apiops.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:53:28", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:50:54", "1809482", "sys.softwincli.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:51:22", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:46:59", "1809481", "git.softnetlink.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:48:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:45:02", "1809480", "pro.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:45:01", "1809479", "pro.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:43:10", "1809478", "877zsa.earoauth.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:43:40", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:39:17", "1809477", "tcp.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:40:22", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:38:04", "1809476", "ultra-sh4p3.earoauth.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:38:18", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:33:48", "1809475", "ssh.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:34:57", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:33:40", "1809474", "0dptx.earoauth.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:33:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:28:21", "1809473", "doc.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:29:27", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:28:10", "1809472", "c4che-pulse.earoauth.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:30:20", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:22:51", "1809471", "usr.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:23:43", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:22:42", "1809470", "yuo7qefc.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:27:16", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:17:20", "1809469", "opt.skyprodoc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:18:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:17:10", "1809468", "retailvelvet.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:17:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:11:43", "1809467", "prox.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:11:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 07:08:36", "1809466", "lensabhayangkara.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-05-09 07:07:28", "1809465", "net.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:07:57", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 07:06:44", "1809464", "nor-venix.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:07:25", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:03:21", "1809463", "sajnrfcj.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 07:03:01", "1809462", "sub.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 07:03:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:59:29", "1809288", "154.94.233.234:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-09 06:56:40", "50", "False", "None", "35916,c2,censys,cobalt strike", "0", "sojubear" "2026-05-09 06:59:28", "1809289", "44.201.9.76:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "14618,c2,censys,cobalt strike", "0", "sojubear" "2026-05-09 06:59:28", "1809290", "89.124.120.221:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "None", "c2,censys,cobalt strike", "0", "sojubear" "2026-05-09 06:59:28", "1809292", "54.190.138.40:42977", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-09 06:59:27", "1809293", "13.60.227.214:2281", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "50", "False", "None", "16509,c2,censys,metasploit", "0", "sojubear" "2026-05-09 06:59:27", "1809381", "ad7b8b26efc32208989b25ee5eb281333326e7cf6ef92360e4fc21af96f14e52", "sha256_hash", "payload", "win.xmrig", "None", "xmrig", "", "90", "False", "None", "autoit-injector,charmap-hollow,cryptominer,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:25", "1809382", "79ede42f58b0f72e5953c4fc0cbd250012e045d99704ac0e2e1ebf554a5a2d6e", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:25", "1809383", "aeac25a227301aedd78e3cd3937b73986750041e3295f178d365ae61c8ac64d9", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:25", "1809384", "194cda2a1d2c7c2b151e27d20c0429c22108f39540e4036d3b5056bbbea16fff", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:24", "1809387", "4a5d9078e6d4485a6aa89e35ca83cd743e038d74eb826bde725c5b2737e41a8a", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:23", "1809385", "1bcd3b49399526a3fb42330d89b123bf11ed8f27118a93e4187a64ad15e0a2eb", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:23", "1809386", "07a1be5f57473bdde2084ad0d04f9419e674a789790652f7e8e3a8e696d49e08", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:22", "1809389", "e43b38b314acef0d158e99884cd5710f", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:21", "1809388", "4a1dd2bf737357ff4c32df5b739cc5d8bb0003bcb35fbacc3174d36b2ef77cc0", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "autoit-injector,dbatloader-style,freepascal-rc4-rcdata,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:21", "1809390", "https://d.tmpfile.link/public/2026-05-09/4614e117-d7bb-46b1-9541-484fbe7315ff/ghhjgr.png", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "date-keyed-uuid,paste-host-abuse,png-masquerade-ps,tmpfile-link,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:20", "1809391", "d.tmpfile.link", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "date-keyed-uuid,paste-host-abuse,png-masquerade-ps,tmpfile-link,xmrig", "0", "Lenny_3BO" "2026-05-09 06:59:17", "1809262", "http://gotextileltd.com/gotextileltd.zip", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:17", "1809263", "gotextileltd.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:16", "1809264", "jensydesign.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:16", "1809265", "5a2b957a011901a7e88b8f96028ff004cad590455a36c4816d0f40007323cd01", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:16", "1809266", "68e81ce966ca0c016bb638d0d29b106a0da7eab2ddf70438d8182fa89baf5d78", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:15", "1809267", "d4c620b8fc7aca439861ce67b6f9132b89c2869887ac3f6a1b3008099e43b976", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:15", "1809268", "f488edb3c0e3e81d7a1d1a4721dc9817a04f65f1939a645172ba8197b8358b41", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "75", "False", "None", "a0backdoor-style,clickfix,nativeaot,sideload,t1574002", "0", "Lenny_3BO" "2026-05-09 06:59:14", "1809271", "https://crackedsoftware.doxbin.cy/windows", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/crackedsoftware.doxbin.cy", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:59:12", "1809246", "172.235.174.99:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:08:49", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:11", "1809248", "172.235.174.37:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:11:12", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:11", "1809249", "172.235.174.105:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:10:50", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:11", "1809250", "172.235.174.81:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:12:07", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:10", "1809253", "172.235.174.150:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:03:08", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:10", "1809254", "172.235.174.21:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:09:13", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:10", "1809256", "172.235.174.91:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:12:20", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:09", "1809257", "172.235.174.143:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:09:25", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:09", "1809258", "172.235.174.114:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:09:01", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:59:07", "1809245", "172.235.174.138:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-09 11:11:55", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:44", "1809224", "mpd.hidayahnetwork.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:44", "1809225", "https://steamcommunity.com/profiles/76561198707628078", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:43", "1809226", "https://telegram.me/hgo9tx", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:43", "1809227", "2872ea2e8dcde72e2d906895d62d646961111519ffacd5832dcd2234f7f087d1", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "90", "False", "None", "garble,gcleaner,go,loader,lumma_stealer,m1m1y6,vidar-style-deaddrop", "0", "Lenny_3BO" "2026-05-09 06:58:41", "1809235", "https://servicehstcmon.com/4b1786e5eb1812f6b3b01ac77deca041/hsts_mont.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:40", "1809236", "http://servicehstcmon.com/step2.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:40", "1809237", "http://servicehstcmon.com/step1.txt", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:39", "1809238", "45.9.148.81:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:39", "1809239", "servicehstcmon.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:38", "1809240", "46ebb08f2d47fa214d73507b34a5fec5", "md5_hash", "payload", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:38", "1809241", "f417187e20bddd4706df23cd04c5e100bf07bfc8014038e19e2f38a437956691", "sha256_hash", "payload", "unknown", "None", "Unknown malware", "", "85", "False", "None", "dll-search-order-hijack,fsutil,hollow-host,loader,powershell,trojanized-signed,two-stage", "0", "Lenny_3BO" "2026-05-09 06:58:36", "1809461", "sys.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:58:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:58:35", "1809118", "zai.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:35", "1809119", "claudecode.li", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:34", "1809120", "chewy.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:34", "1809121", "openrouter.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:33", "1809122", "lowes.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:33", "1809123", "cursor.li", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:33", "1809124", "deepseek.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:32", "1809125", "iaca.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:31", "1809126", "lmstudio.co.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:31", "1809127", "qwen.co.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:30", "1809128", "monerogui.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:30", "1809129", "gui.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:30", "1809130", "en-mymonero.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:29", "1809131", "monero.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "2026-05-08 21:38:19", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:29", "1809132", "en-cakewallet.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:28", "1809133", "minimax.gr.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:28", "1809134", "stackwallet.co.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "", "infostealer", "0", "ninjacatcher" "2026-05-09 06:58:12", "1809109", "https://anakondabob.club/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/anakondabob.club", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:12", "1809110", "https://chubrik.sbs/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/chubrik.sbs", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:09", "1808999", "188.166.75.9:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:21:38", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:08", "1809000", "206.189.110.191:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:21:15", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:08", "1809001", "64.227.74.157:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:22:26", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:08", "1809002", "161.35.93.146:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:42:46", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:08", "1809003", "152.42.135.190:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:22:14", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:07", "1809004", "165.22.198.24:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:21:50", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:07", "1809005", "164.90.206.123:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:42:30", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:06", "1809006", "161.35.153.147:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:22:14", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:06", "1809007", "165.232.92.26:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:22:38", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:05", "1809008", "167.172.37.243:25001", "ip:port", "botnet_cc", "apk.kimwolf", "None", "Kimwolf", "2026-05-08 19:22:02", "100", "False", "None", "c2,Kimwolf", "0", "Bitsight" "2026-05-09 06:58:05", "1809071", "217.60.245.90:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-05-09 06:58:03", "1808939", "fontanf.lol", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:22", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:03", "1808940", "https://fontanf.lol/t", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:23", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808941", "https://fontanf.lol/g", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:24", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808942", "https://fontanf.lol/c", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 02:11:25", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:02", "1808952", "https://corppop.shop/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/corppop.shop", "ClickFix", "0", "CarsonWilliams" "2026-05-09 06:58:01", "1808938", "https://fontanf.lol/file.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-05-09 01:08:31", "100", "True", "https://infosec.exchange/@monitorsg/116540054335649885", "KongTuke", "0", "monitorsg" "2026-05-09 06:58:00", "1808930", "137.184.76.141:9000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://urlquery.net/report/d1495baf-cd8a-4c6d-8eda-0a7f56328e9b", "ObsidianStrikeC2,Panel", "0", "BlinkzSec" "2026-05-09 06:58:00", "1808933", "137.184.217.241:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://urlscan.io/result/019d3671-074e-7588-a3d2-4a47c5ea4cb7/", "Panel,SkywatchC2", "0", "BlinkzSec" "2026-05-09 06:57:59", "1808912", "files.dsbaux.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/116539828134553502", "SocGholish", "0", "monitorsg" "2026-05-09 06:57:29", "1809460", "jpmfljz3.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:58:07", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:56:58", "1809457", "47.95.211.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-09 06:56:58", "1809458", "118.145.185.128:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2026-05-09 06:56:58", "1809459", "139.226.191.247:2082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-05-09 06:56:45", "1809456", "8.141.116.149:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-1234567890", "0", "abuse_ch" "2026-05-09 06:53:31", "1809455", "env.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:54:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:53:04", "1809454", "ly1p.mixruby.life", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:53:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:49:41", "1809453", "doc.vpssysnet.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:50:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:48:41", "1809452", "vmlist.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:49:23", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:44:22", "1809451", "sync.clouditapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:44:44", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:44:07", "1809450", "usr.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:44:37", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 06:39:39", "1809449", "io.clouditapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:40:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:39:32", "1809448", "opt.skynodecfg.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:40:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:34:41", "1809447", "app.clouditapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:35:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:34:19", "1809446", "proxy.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:35:06", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:29:59", "1809445", "web.clouditapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:31:31", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:29:51", "1809444", "lan.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:30:32", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:25:13", "1809443", "sub.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:25:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:18:39", "1809442", "aut.clouditapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:25:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:18:30", "1809441", "bit.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:19:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:15:03", "1809440", "https://allweathercontractorsltd.co.uk/", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "75", "True", "None", "ClickFix,compromised,EtherHiding,Polygon,Vidar,WordPress", "1", "m_govcert_ch" "2026-05-09 06:14:08", "1809439", "open.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:14:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:13:24", "1809438", "envset.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:14:01", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:09:44", "1809437", "logs.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:10:32", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:08:55", "1809436", "doc.vpsgateway.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:10:38", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:05:29", "1809435", "net.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:05:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 06:04:30", "1809434", "syncit.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:05:19", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 06:00:40", "1809433", "mgr.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:01:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:59:54", "1809432", "io.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 06:00:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 05:55:45", "1809431", "mod.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:57:21", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:55:37", "1809430", "taskid.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:56:31", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:51:18", "1809429", "src.openlogmgr.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:51:45", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:51:10", "1809428", "web.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:52:17", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:46:51", "1809427", "bit.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:47:00", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:45:40", "1809426", "refid.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:46:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:41:21", "1809425", "ftp.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:42:27", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:41:14", "1809424", "aut.bitflowapp.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:41:37", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:36:45", "1809423", "dom.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:36:51", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:36:29", "1809422", "box.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:37:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 05:35:33", "1809421", "m-u88.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b3a73f1e60eb11ca697316528c85c214e37b734452e8701619a3c3dd3d35be39/", "nanocore", "0", "abuse_ch" "2026-05-09 05:31:30", "1809420", "adm.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:32:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:31:22", "1809419", "pwrlog.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:32:14", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:30:04", "1809418", "185.170.76.249:443", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "None", "NanoCore,RAT", "0", "abuse_ch" "2026-05-09 05:26:55", "1809417", "raw.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:27:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:26:48", "1809416", "extnet.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:27:37", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:21:37", "1809415", "zip.fastbitbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:22:02", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:20:54", "1809414", "run.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:21:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 05:16:51", "1809413", "link.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:17:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:16:03", "1809412", "modbus.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:16:34", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:11:19", "1809411", "run.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:11:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 05:10:38", "1809410", "src.openapiserv.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:12:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 05:06:14", "1809409", "ops.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:06:31", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:05:58", "1809408", "uid.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:06:40", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 05:01:23", "1809407", "db.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:01:53", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 05:00:43", "1809406", "ftp.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 05:01:47", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:56:33", "1809405", "sky.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:57:35", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:56:28", "1809404", "lib.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:56:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:51:38", "1809403", "cmd.linkrunops.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:52:01", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 04:51:01", "1809402", "jobadm.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:52:05", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:46:44", "1809401", "data.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:46:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:46:36", "1809400", "raw.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:46:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:41:51", "1809399", "bin.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:42:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:41:38", "1809398", "zip.fastrunbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:42:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:37:25", "1809397", "ssl.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:37:56", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 04:36:41", "1809396", "os.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:37:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:32:14", "1809395", "hub.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:33:58", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:32:03", "1809394", "metal.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:32:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:27:34", "1809393", "node.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:30:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:27:08", "1809392", "api.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:27:29", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 04:22:27", "1809380", "dbinst.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:22:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:20:30", "1809379", "fix.datasrvhub.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:21:18", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:17:14", "1809378", "skyvpn.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:18:29", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:16:14", "1809377", "cfg.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:16:33", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 04:12:48", "1809376", "cmd.linkdataproc.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:13:23", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:11:37", "1809375", "top.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:11:44", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:08:20", "1809374", "tmp.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:09:25", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:06:49", "1809373", "mgr.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 04:03:37", "1809372", "bin.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:04:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 04:02:22", "1809371", "cpu.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 04:03:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:59:14", "1809370", "ssl.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:59:52", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:58:29", "1809369", "vps.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:58:42", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:54:50", "1809368", "getcfg.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:55:56", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:53:34", "1809367", "dns.webcfgbase.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:54:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:50:17", "1809366", "ipnode.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:50:50", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 03:48:40", "1809365", "nodes.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:49:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 03:45:36", "1809364", "fix.cloudviewtop.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:46:56", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:44:51", "1809363", "dbit.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:45:17", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:41:16", "1809362", "bitfox.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:41:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:39:23", "1809361", "logs.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:40:10", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:37:02", "1809360", "top.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:37:45", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:35:02", "1809359", "api.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:35:42", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:31:46", "1809358", "opsmgr.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:32:51", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:30:23", "1809357", "cdnx.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:31:07", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 03:27:22", "1809356", "cpu.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:27:33", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:26:00", "1809355", "srv.netnodeset.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:26:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:22:55", "1809354", "vpsrun.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:23:30", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:21:46", "1809353", "gitlabhubs.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:22:12", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:18:29", "1809352", "dns.websyncbox.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:19:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:16:58", "1809351", "apiopsstat.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:17:26", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:13:47", "1809350", "appbox.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:14:19", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:12:23", "1809349", "logbinnode.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:13:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:09:33", "1809348", "dbit.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:10:02", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:07:32", "1809347", "appsrchcli.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:09:08", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 03:04:56", "1809346", "logs.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:05:22", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:03:09", "1809345", "webdocserv.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:03:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 03:00:49", "1809344", "netapi.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 03:00:54", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:58:38", "1809343", "syskeypath.sorix2en.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:59:16", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:55:39", "1809342", "cdnx.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:56:27", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:54:07", "1809341", "netmanproc.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:54:50", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:51:01", "1809340", "srv.netloghubs.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:52:02", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:49:47", "1809339", "tcpconpath.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:50:33", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:46:32", "1809338", "gitlabhubs.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:47:01", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:45:17", "1809337", "sshproserv.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:45:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:42:07", "1809336", "apiopsstat.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:42:12", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:40:33", "1809335", "vmlistview.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:41:01", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:37:33", "1809334", "logbinnode.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:38:34", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:35:55", "1809333", "usrgrpstat.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:36:29", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:33:05", "1809332", "appsrchcli.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:34:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:31:32", "1809331", "optwebnode.9doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:32:04", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:28:16", "1809330", "webdocserv.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:29:41", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:26:55", "1809329", "proxysserv.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:27:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:23:57", "1809328", "syskeypath.sorix1ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:25:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:22:26", "1809327", "lanhoppath.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:23:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:20:04", "1809326", "netmanproc.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:20:29", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:17:53", "1809325", "subclidata.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:19:10", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:14:40", "1809324", "tcpconpath.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:14:47", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 02:13:26", "1809323", "bitkitmaps.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:14:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:10:19", "1809322", "sshproserv.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:11:11", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 02:08:47", "1809321", "envsetproc.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:09:15", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:05:45", "1809320", "vmlistview.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:06:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:04:29", "1809319", "doclabutil.vexon4ar.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:04:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 02:01:12", "1809318", "usrgrpstat.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:01:34", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 02:00:05", "1809317", "syncitnode.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 02:00:46", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:56:04", "1809316", "optwebnode.6doreval.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:57:09", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:55:53", "1809315", "ioflowpath.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:56:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:51:38", "1809314", "proxysserv.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:52:12", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:50:30", "1809313", "taskidview.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:51:13", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:47:13", "1809312", "lanhoppath.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:47:54", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:46:29", "1809311", "comwebstat.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:46:35", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 01:42:43", "1809310", "subclidata.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:43:53", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:41:34", "1809309", "refid-core.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:42:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:38:01", "1809308", "bitkitmaps.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:38:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:37:12", "1809307", "autboxserv.pav6mirex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:37:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:33:56", "1809306", "envsetproc.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:34:01", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:32:42", "1809305", "domregutil.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:33:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:29:29", "1809304", "doclabutil.vexon3ix.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:29:38", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:28:20", "1809303", "pwrlogview.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:28:48", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:24:34", "1809302", "syncitnode.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:25:09", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:23:22", "1809301", "extnetprox.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:24:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:19:58", "1809300", "ioflowpath.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:20:41", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:19:17", "1809299", "pkgrunstat.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:19:32", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 01:15:19", "1809298", "taskidview.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:16:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:14:15", "1809297", "modbusdata.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:15:06", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:10:44", "1809296", "comwebstat.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:11:49", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:10:10", "1809295", "srcgetproc.xamir1ol.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:11:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:06:20", "1809294", "refid-core.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:06:54", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:05:08", "1809291", "uidmapbits.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:06:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 01:01:45", "1809287", "autboxserv.pav8mirel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:02:08", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 01:00:41", "1809286", "ftpsrvnode.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 01:01:15", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:57:07", "1809285", "domregutil.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:57:30", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:56:35", "1809284", "libsyspath.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:57:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:52:41", "1809283", "pwrlogview.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:53:33", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:51:34", "1809281", "jobadmmgrs.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:52:04", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:48:09", "1809280", "extnetprox.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:48:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:47:08", "1809279", "rawdatamap.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:47:36", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 00:43:32", "1809278", "pkgrunstat.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:45:00", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:43:00", "1809277", "ziparkview.tavro8xel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:43:22", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:39:16", "1809276", "modbusdata.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:39:47", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:38:01", "1809275", "osbasesyst.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:39:07", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:34:52", "1809274", "srcgetproc.xamir4al.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:35:17", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:33:30", "1809273", "metaltscfg.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:34:08", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-09 00:31:34", "1809272", "friendsonfuture.com", "domain", "payload_delivery", "win.strelastealer", "None", "StrelaStealer", "", "100", "True", "None", "StrelaStealer", "0", "threatcat_ch" "2026-05-09 00:29:47", "1809270", "uidmapbits.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:30:52", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:28:54", "1809269", "apidocserv.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:29:44", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:25:25", "1809261", "ftpsrvnode.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:25:31", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:24:53", "1809260", "dbinstlist.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:25:21", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:20:57", "1809259", "libsyspath.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:22:16", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:19:50", "1809255", "skyvpnnode.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:20:25", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:16:34", "1809252", "jobadmmgrs.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:16:53", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:15:30", "1809251", "cmdsetproc.2zorevin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:15:47", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:12:08", "1809247", "rawdatamap.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:13:57", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:11:02", "1809244", "tmpdirsets.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:12:03", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:07:46", "1809243", "ziparkview.tavro5xen.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:07:59", "100", "False", "None", "9May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-09 00:06:38", "1809242", "sshbinpath.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:06:43", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:03:01", "1809234", "osbasesyst.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:03:48", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-09 00:02:13", "1809233", "sslkeybase.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-09 00:02:18", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-08 23:58:10", "1809232", "metaltscfg.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:58:57", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-08 23:57:17", "1809231", "getcfghubs.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:57:49", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-08 23:53:29", "1809229", "apidocserv.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:54:55", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:52:36", "1809228", "ipnodeclis.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:53:17", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-08 23:49:06", "1809223", "dbinstlist.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:49:55", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:47:57", "1809222", "hotfixpack.qen3larex.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:48:13", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:44:52", "1809219", "139.196.50.117:9930", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 22:45:12", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 23:44:44", "1809218", "106.53.82.117:18443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-05-10 22:44:59", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-05-08 23:44:31", "1809217", "skyvpnnode.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:45:05", "100", "False", "None", "ClearFake", "1", "ttakvam" "2026-05-08 23:43:35", "1809216", "bitfoxcore.mav7voren.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:43:50", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:39:54", "1809215", "cmdsetproc.1zarelin.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:40:25", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-08 23:39:09", "1809214", "topsvcutil.mav7voren.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:39:35", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:35:30", "1809213", "tmpdirsets.qen9vorel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:35:57", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-05-08 23:34:43", "1809212", "opsmgrsvcs.mav7voren.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:35:34", "100", "False", "None", "8May2026,ClearFake,Commandline,Windows", "0", "Gi7w0rm" "2026-05-08 23:31:12", "1809210", "sshbinpath.qen9vorel.pics", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2026-05-08 23:31:52", "100", "False", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 1221